ueue0\x00', 0x9bbf}) 04:10:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x3f00000000000000, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) 04:10:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40087602, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0xfdfdffff00000000, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) 04:10:50 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="056304400000000018f48f1e7e23035f9c287bb2c3bf3e7660a143a86c74cf6b034cbf71434dace9eb7e33bbb9b1ebd8536a06d5348aa75837fd4851aa9c9a3047864a8178fdc36314deab01"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) 04:10:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4018620d, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2433.974059][T30984] binder: 30978:30984 ioctl 40087602 20000240 returned -22 [ 2434.001620][T30987] binder: 30979 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2434.001633][T30987] binder: 30979:30987 ioctl c018620c 20000240 returned -22 04:10:50 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc020660b, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2434.056837][T30987] binder: 30979 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2434.056850][T30987] binder: 30979:30987 ioctl c018620c 20000240 returned -22 [ 2434.110255][T30996] binder: BINDER_SET_CONTEXT_MGR already set [ 2434.154501][T30996] binder: 30994:30996 ioctl 4018620d 20000240 returned -16 [ 2434.156504][T30998] binder: BINDER_SET_CONTEXT_MGR already set [ 2434.180253][T30998] binder: 30995:30998 ioctl 40046207 0 returned -16 [ 2434.188084][T30998] binder: BINDER_SET_CONTEXT_MGR already set 04:10:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\vc'], 0x0, 0x0, 0x0}) 04:10:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:10:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{0xffffffffffffffff, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2434.243649][T30998] binder: 30995:30998 ioctl 40046207 0 returned -16 04:10:51 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) 04:10:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4020940d, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2434.342277][T31011] binder: 31007:31011 ERROR: BC_REGISTER_LOOPER called without request [ 2434.405467][T31017] binder: 31008 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2434.405480][T31017] binder: 31008:31017 ioctl c018620c 20000240 returned -22 [ 2434.410644][T31018] binder: BINDER_SET_CONTEXT_MGR already set 04:10:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x80086601, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) [ 2434.451913][T31018] binder: 31010:31018 ioctl 40046207 0 returned -16 04:10:51 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x5, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2434.499777][T31026] binder: 31025:31026 ioctl 80086601 20000240 returned -22 04:10:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\fc'], 0x0, 0x0, 0x0}) 04:10:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x80087601, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2434.548719][T31028] binder: BINDER_SET_CONTEXT_MGR already set [ 2434.563800][T31028] binder: 31027:31028 ioctl 40046207 0 returned -16 [ 2434.623346][T31037] binder: 31035:31037 ioctl 80087601 20000240 returned -22 [ 2434.633338][T31038] binder: 31034 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2434.633351][T31038] binder: 31034:31038 ioctl c018620c 20000240 returned -22 [ 2434.668528][T31029] binder: 31027:31029 Acquire 1 refcount change on invalid ref 0 ret -22 04:10:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="056304278c4694347c07b2928e31ae2969fbb640000000009fd9e82f5d417b6661678056072d2bf6b9d7d4ee372103315b24fa665eea222a6f1c9899c6df3e809c886583cb880762cc1126c7142e800a91034848153080c778dd71c9c43b3805fd890a6c219a0f06ecdb254a5fe80370e40dadd34e"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 04:10:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0045878, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2434.768131][T31046] binder: 31044:31046 unknown command 654598917 [ 2434.790135][T31046] binder: 31044:31046 ioctl c0306201 20000140 returned -22 [ 2434.813103][T31046] binder: 31044:31046 unknown command 0 [ 2434.819008][T31046] binder: 31044:31046 ioctl c0306201 20000240 returned -22 [ 2434.835055][T31046] binder: BINDER_SET_CONTEXT_MGR already set [ 2434.843435][T31051] binder: 31044:31051 unknown command 654598917 [ 2434.844348][T31046] binder: 31044:31046 ioctl 40046207 0 returned -16 [ 2434.851329][T31051] binder: 31044:31051 ioctl c0306201 20000140 returned -22 [ 2434.864423][T31046] binder: 31044:31046 unknown command 0 [ 2434.871043][T31046] binder: 31044:31046 ioctl c0306201 20000240 returned -22 04:10:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{0xffffffffffffffff, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:10:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x6, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:10:51 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0xfdfdffff, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1263"], 0x0, 0x0, 0x0}) 04:10:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0045878, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$adsp(&(0x7f00000001c0)='/dev/adsp#\x00', 0x1, 0x2000) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x80400, 0x0) ioctl$IOC_PR_RESERVE(r2, 0x401070c9, &(0x7f0000000100)={0x17f0, 0x61, 0x1}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=[@acquire], 0x0, 0x0, 0x0}) listen(r2, 0xfffffffffffff4ea) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0563044029cf23b59f5807b2b06eed00f90b2a3549e41d096413dfc5119951212974246df768db5c65562bc3e51ddc2fd4503d037cb4867c5408b6265d11f6db86eb96457b4c903e6bdd92f44763ffcec3b89dc1c4eb80e76cc7fd0de36cb8376b6a41b3a0fe8000b44333e3d9b2302e829c536cd42a642ff31f584d08428729103a42739178037bf2b00e8a32b845a73d000ba678264ff5ea49db1e59748032ca039d552653ebc439d93a44f2a2890b80f4d9eb9ce05b483c54f829e8d691bcd8e035642a52a45017e852c959955f31d7dcc666dd7e4cbf9df430c521b73d7be504e5aeee8fa6e72054ec8953d0383f947f2c6f5bc2c435cd8799161f8e69c712f2c56a53fc25a2882aad325014d8b72c3adde2ac73231c645095acd65a610242b6d66bbd696b23f71f3f5cd958c3d92ef4ca96badd6306b373b35b328aea3c4bc69d186a1c9cb51e82bb9f590eb5256d10d22da75a49b78623c9698ec281d008cf1e3176cf8eb32e0e41f7422bf5ae5342007d7690177355c848597c5e776b39d16fe026c9d881fd218ad0a42d30628777506c60d33472b7543b3f127103bf61f3feac6c6f046927a9f267940520f666e5f2ca82c1e1ac8d015ed3e93b43fd6176426b9c9ee2d055ba882af10479c973f406195b5556ab62e73f977f20a1af8e7de2f5d5ff3b48f7d67009c5ee3f1e30bd7675465cb394bc4f1509ef3112e7ac3e380c31a9e647e524a716958104d81ae63d19284c4b0ff4000000000000000000000000"], 0x0, 0x0, 0x0}) ioctl$BLKRAGET(r2, 0x1263, &(0x7f0000000180)) [ 2435.273248][T31058] binder: 31053:31058 unknown command 25362 [ 2435.282131][T31059] binder: 31057:31059 Acquire 1 refcount change on invalid ref -1255944407 ret -22 [ 2435.287088][T31058] binder: 31053:31058 ioctl c0306201 20000240 returned -22 [ 2435.303809][T31061] binder: 31054 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2435.303822][T31061] binder: 31054:31061 ioctl c018620c 20000240 returned -22 04:10:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0xfffffdfd, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x7, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:10:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0263"], 0x0, 0x0, 0x0}) [ 2435.360456][T31059] binder: BINDER_SET_CONTEXT_MGR already set [ 2435.388905][T31059] binder: 31057:31059 ioctl 40046207 0 returned -16 [ 2435.464001][T31076] binder: 31070:31076 unknown command 25346 [ 2435.476051][T31073] binder: 31057:31073 Acquire 1 refcount change on invalid ref -1255944407 ret -22 04:10:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620b, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2435.515660][T31076] binder: 31070:31076 ioctl c0306201 20000240 returned -22 [ 2435.527749][T31082] binder: 31078 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2435.527761][T31082] binder: 31078:31082 ioctl c018620c 20000240 returned -22 04:10:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0463"], 0x0, 0x0, 0x0}) 04:10:52 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{0xffffffffffffffff, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:10:52 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xc100, 0x0) bind$ax25(r0, &(0x7f0000000180)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x2}, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @null]}, 0x48) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) 04:10:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x48, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:10:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0xfdfdffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018624f, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2436.205110][T31101] binder: 31097:31101 ioctl c018624f 20000240 returned -22 [ 2436.211417][T31102] binder: 31095 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2436.211429][T31102] binder: 31095:31102 ioctl c018620c 20000240 returned -22 [ 2436.222961][T31103] binder: 31096:31103 unknown command 25348 04:10:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0189436, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0}) 04:10:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2436.257265][T31104] binder: BINDER_SET_CONTEXT_MGR already set [ 2436.282752][T31104] binder: 31098:31104 ioctl 40046207 0 returned -16 [ 2436.289687][T31103] binder: 31096:31103 ioctl c0306201 20000240 returned -22 04:10:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\ac'], 0x0, 0x0, 0x0}) 04:10:53 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x1) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="002bc4720ce0c2426210ffe01cc6563c06000000132280254ad93540546ea9565d5fe524cbbd418a386365d6ad894754f92dcf9b35723de4737f5bd7b77d994c4bc723448299b299d52e8f85153df44d47ea7688c53755e6790029ca3abaf5f5a1ceefc7dfca52348f9b9e04714b1773fa8d4c6fd82b322af86430ce672de1a623a3498362"], 0x0, 0x0, 0x0}) r1 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x4, 0x4080) ioctl$DRM_IOCTL_SET_VERSION(r1, 0xc0106407, &(0x7f00000000c0)={0x9, 0x7, 0x3, 0x20}) signalfd4(r0, &(0x7f0000000000)={0x80000001}, 0x8, 0x80000) 04:10:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0xfdfdffff, 0x0, 0x0, 0x0, 0x0}) [ 2436.427578][T31120] binder: 31118 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2436.427591][T31120] binder: 31118:31120 ioctl c018620c 20000240 returned -22 [ 2436.449393][ C1] net_ratelimit: 22 callbacks suppressed [ 2436.449401][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2436.460855][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2436.466745][T31122] binder: 31119:31122 unknown command 25351 04:10:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x60, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2436.472715][T31122] binder: 31119:31122 ioctl c0306201 20000240 returned -22 [ 2436.498299][T31124] binder: 31123:31124 unknown command 1925458688 [ 2436.509521][T31124] binder: 31123:31124 ioctl c0306201 20000240 returned -22 [ 2436.529397][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2436.535212][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2436.554344][T31124] binder: BINDER_SET_CONTEXT_MGR already set [ 2436.579497][T31132] binder: 31128 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2436.579509][T31132] binder: 31128:31132 ioctl c018620c 20000240 returned -22 [ 2436.583197][T31129] binder: 31123:31129 unknown command 1925458688 [ 2436.611201][T31124] binder: 31123:31124 ioctl 40046207 0 returned -16 [ 2436.615477][T31132] binder: 31128 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2436.615488][T31132] binder: 31128:31132 ioctl c018620c 20000240 returned -22 [ 2436.619072][T31129] binder: 31123:31129 ioctl c0306201 20000240 returned -22 04:10:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0363"], 0x0, 0x0, 0x0}) 04:10:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc020660b, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x0}) 04:10:53 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000100)=0x0) write$cgroup_pid(r0, &(0x7f0000000180)=r1, 0x12) r2 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) 04:10:53 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:10:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x68, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2437.121479][T31144] binder: 31140:31144 unknown command 25347 [ 2437.128122][T31147] binder: 31142 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2437.128134][T31147] binder: 31142:31147 ioctl c018620c 20000240 returned -22 [ 2437.153275][T31151] binder: BINDER_SET_CONTEXT_MGR already set [ 2437.159288][T31151] binder: 31141:31151 ioctl 40046207 0 returned -16 04:10:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0}) 04:10:53 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x3294c0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x117, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) [ 2437.159439][T31144] binder: 31140:31144 ioctl c0306201 20000240 returned -22 04:10:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x6c, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:10:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\nc'], 0x0, 0x0, 0x0}) 04:10:54 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0xfdfdffff00000000, 0x0, 0x0, 0x0, 0x0}) 04:10:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2437.301259][T31161] binder: 31158:31161 unknown command 0 [ 2437.306863][T31161] binder: 31158:31161 ioctl c0306201 20000240 returned -22 [ 2437.360141][T31165] binder: BINDER_SET_CONTEXT_MGR already set [ 2437.398066][T31169] binder: 31167:31169 unknown command 25354 [ 2437.414587][T31165] binder: 31158:31165 ioctl 40046207 0 returned -16 [ 2437.428765][T31174] binder: 31164 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2437.428779][T31174] binder: 31164:31174 ioctl c018620c 20000240 returned -22 [ 2437.433191][T31169] binder: 31167:31169 ioctl c0306201 20000240 returned -22 [ 2437.442382][T31173] binder: 31158:31173 unknown command 0 04:10:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x74, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:10:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1063"], 0x0, 0x0, 0x0}) 04:10:54 executing program 0: r0 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400800) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f00000001c0)={0x0}) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000200)={r1}) ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f0000000100)=""/64) r2 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x1) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000080)={0x48bd, 0x0, 0x10001, 0x1}) ioctl$DRM_IOCTL_SG_ALLOC(r0, 0xc0106438, &(0x7f00000002c0)={0x21, r3}) setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000180)=0x100000000, 0x4) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="006327c200000000"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0xff25, 0x0, 0x0}) [ 2437.468589][T31175] binder: 31172:31175 ioctl c018620c 20000240 returned -1 [ 2437.478914][T31175] binder: 31172:31175 ioctl c018620c 20000240 returned -1 [ 2437.490460][T31173] binder: 31158:31173 ioctl c0306201 20000240 returned -22 [ 2437.566322][T31181] binder: 31179:31181 unknown command 25360 [ 2437.582234][T31183] binder: 31180 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2437.582247][T31183] binder: 31180:31183 ioctl c018620c 20000240 returned -22 [ 2437.586825][T31181] binder: 31179:31181 ioctl c0306201 20000240 returned -22 [ 2437.610593][T31184] binder: 31182:31184 unknown command -1037606144 [ 2437.628626][T31184] binder: 31182:31184 ioctl c0306201 20000140 returned -22 [ 2437.645071][T31184] binder: 31182:31184 ioctl c0306201 20000240 returned -14 [ 2437.652419][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2437.652473][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2437.692460][T31184] binder: BINDER_SET_CONTEXT_MGR already set [ 2437.702250][T31184] binder: 31182:31184 ioctl 40046207 0 returned -16 [ 2437.709621][T31187] binder: 31182:31187 unknown command -1037606144 [ 2437.716410][T31190] binder: 31182:31190 ioctl c0306201 20000240 returned -14 [ 2437.724569][T31187] binder: 31182:31187 ioctl c0306201 20000140 returned -22 [ 2437.731919][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2437.731966][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:10:54 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:10:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:54 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0}) 04:10:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x7a, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:10:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0e63"], 0x0, 0x0, 0x0}) 04:10:54 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x200000, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') sendmsg$TIPC_CMD_GET_LINKS(r1, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r2, 0x800, 0x3ff, 0x25dfdbff, {{}, 0x0, 0x4, 0x0, {0x8, 0x11, 0x684f}}}, 0x24}, 0x1, 0x0, 0x0, 0x2400c080}, 0x1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) [ 2437.969437][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2437.975360][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:10:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2438.020286][T31195] binder: 31191:31195 ioctl c018620c 20000240 returned -1 [ 2438.059841][T31199] binder: 31196:31199 unknown command 25358 [ 2438.075668][T31200] binder: 31193 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2438.075679][T31200] binder: 31193:31200 ioctl c018620c 20000240 returned -22 [ 2438.104188][T31198] binder: BINDER_SET_CONTEXT_MGR already set [ 2438.113973][T31199] binder: 31196:31199 ioctl c0306201 20000240 returned -22 04:10:54 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0xfdfdffff, 0x0, 0x0}) [ 2438.135105][T31198] binder: 31197:31198 ioctl 40046207 0 returned -16 [ 2438.135243][T31206] binder: 31204:31206 ioctl c018620c 20000240 returned -1 04:10:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x5, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f63"], 0x0, 0x0, 0x0}) [ 2438.183462][T31200] binder: 31193 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2438.183476][T31200] binder: 31193:31200 ioctl c018620c 20000240 returned -22 04:10:55 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="4e4179621502c46f"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="05630440449c3ab07b1f7190a5a3efa7ee"], 0x0, 0x0, 0x0}) r1 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0x150, r0, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4, 0x1010, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x70, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0d63000000634040020000000000000000000000000000000000000011000000000000000000000058000000000000002800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="85616466000000000a0000000000000004000000000000002c000000000000008561646600000000070000000000000003000000000000003100000000000000852a627300010000", @ANYRES64=r1, @ANYBLOB="0100000000000000"], @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="000000000000000030000000000000003800000000000000200000000000000058000051502fbaaff7301c7df151316e209b2bd129d46942c273fcd493b215a74095adb38d4ebb0e6a78dd69623a0515a5bb0777b6ec573f8390e6f1f3defc6d21aef60b7666689b82a7abd3cde49b1bbc8f721f1154decd17b186fab1598f62c392bdc705cb5b8ebb7613c75aa5a3d3aefb645675b841538c2c31938a4f0f01f1fa3ecb6d32c6f3891a41273724d1e171814401d906abf49c904e806d030a4e907ee37b8512a73f428dc5e52f93dc0cb72516c2533590e6fdf85e1bb779b75ddf8a3ad594e1cd4bd29e3c53473ee43bb92ad95ba07e3c4009a57a6a2d"], @ANYBLOB="056304400000000009631040", @ANYRES64=r2, @ANYBLOB="020000000000000005630440040000000d630000"], 0x1000, 0x0, &(0x7f0000000300)="b8402af5d4a58d1d5800f6b485f7249aa8dec34ec881f46aebfbc6fff7744694cebab2d10bd806e01cce344e6b4e167f3451890b0d5c96865583432beafc5c6bfb0f291d52534d66f639997db20c41f3616d7fd6e73d6e996fe38e3eb390ed777b75ae0d29bc2982331e385870c094d9497413b7f94b6af34234f88044781f53faccb301fd706a3558749f84aac3fe3c81beb50d42db169203e14d4805edb4618d9824a0a3b210f4f49f8515000d95703b5dd8af54fcb946f1c462ff24c2b0458bc5be4b5f441cd3e39104feca8a899442a12526c59e4acb2549a140187587afd5962a9a6c500a3949b73bfe4a994f0131a615e8661caf80f778799faeb7dbb61e1b0c3771fe8437e46092d81a458c58071dd9ac1a9dfe7d24ee288c407b273593fae20272e23d0e005cb93f75b0d16773012f0c436bc561b861c8f9923466c157c10c5f166dece20d72bee38ab722ed500f18d732aa81c2640198b64bdd8e0d7c06e6b9a4c2d0073d50cc074ba9c3b1f17dd127351388d3f27908669b8971f07b894210be6ff9faf2c3e58c9be067150015ad85179e69765cee430e1ebd9788038ea37ac9768338f381ad9e801ae2916bfcfd2b06e82898b1829b530d515be3d05a64b3b57a77afa9433ed19fbe795e765dd45d20b3b2c7bdc8965f389478cf5270bcbed9e12e6f9a2d32b38c1e123f26f8da60dff28d574b462c06d535a66d9e9531ec9faf1fa637b5d0a3ae65a5d27bbfeb55b53abe5243b9611036b8b04eec9077bf7629dcdf3263d8369ccd9c23804540dbe365ecbf096120ac47860833f99d4b195f42172296bcd9ecb53b2f4cd25b306e59c41600915c1d27336572da2d7a05ed7cc0c7d9c35ab61dad707736ec3f55af3a982dbc030350c37c913e926ba44fdd003cf3a4a126c874b4b109a64105954f6d54f54e7e35eed089f74c62252a3300d8640460b0f66cf61b60b1f9f682648bb73810f31b81c0612e6d915e07190a27e7306a5bb6eada0b13a22ba558e3115efe1f6dbae4a2c48349bf11732b295fd1ce8be90a3c5c4d402337d1f98e077eff99f0743250e77538a040809fd84a987e12efe682f6d05b2d146aa6e1cb764586e958f5116a99b4f5665eab3098390a4a99d20da1e447b72b9ac04cf3ef12b63d5ec0f40229d3a3f1ac247c71b9abe0ad2ced9f3576445f6b46978739da0f85b2350fc30f9a0f5c87a390f14d68df93a16cddfcfa612434386cbfbd79f806271f8b7b3decc8ece7f799d5a50b30ce41c79178a72d19bd43c5744df8b1939bb09248c59eac05691f5ba91a7360684e65abbd5a3702c13c197888abe49c723e0265aa5a27686249acb7d3a96d2d00dc3b084d883f4d44e8890b0af21f83dbd840403a70035dd5bf5075958592a62f9af4cfcdf8195f7dca2e5f63b1d51289d9ae766f370145f97f6b6cfebabfd488328248751d2867b3fe85f55383d2eb9cd6769e663a8798049124697f704d763b2f2afa0060089f55a96b54b4dfbd218e6c962afe4b9aca6a7aa6f0c0128f9e63abd0901f8c308e2f5c863010be63a269940cc09fb944eb7ba34b34a1ec0426cf0bfc246155b5fac46bb30aed49636c0c543449dc2b303fb4c2346bf01d0da90a6fc59e48685a6f4fa12384c435f8265171aa242d7d37b08f3a6a8b4c7c81f24fdfb410d560e83469df56d596d86745bc99bcbe70d35ac95fde634cddfa861217782c7f257233ebc3186659284bdf5a6d558b76a17a44435195ac059c48848a272bb6407c2d14a5839e3304279f2bd3abc4ea6224c24698946c9ab757b013fb3dbdd987db7497b13b657586cdafb4b657ecbd3980861144e8745fb463e5e1d904a6fd5ecfd1963e82df9d370baa15a55a4d8e29196d1aec42192cb513c653e94aed3e64b5e756d627b8bbc927910c1ea6e2aa6a8193be8175a5942771905e3ced01121eb0863c3bbcd7d1609f47cecf9d1492e57d57662094786119699879fba5179ecd1beacd14866beecf2b3d10fcbbc1ad235f3d6a8442f392cfa841a6b2d2311fd611ccb3aef5eea6b022d3b65b01d591ea1f996f8243c567f9668725d0254f3b299c6dcebced9416d00c9b747f183f97b7fa635efbd7ab10002fcd561028ae1d1dee49a85d00955a205395fa1825d7befe061ad91a0ea3f9dc1f9aff94221070a7bc5cc507d4ade522633c4c86393f2383e103ddf9fae71d482f3bddb49293f50ac1c0d4552c72806aa68268bdb245e637ced32e6bfdd25533bd9d50453f4f1d5b2133cc98b670799066e9d8ddc2f964ae9cb72c4f559225b984e7669550292a2088aafa727ffb9be8ab437cfa1264a07859381e41cde04050d0ecbe0affc70e924585f7bbc9ffcd15f926ba08673c429c19b6b5388f2d5caee1bbdc73a88c52ccb08fcb9ae0c924a28e0ce41046def1bf9056b72f524023479d27f98567fefaf33fd59334eef7cf5442c9f3322459981755ccac827e220007ed1a457eefdedde01f54d2ae9dfa2fd53528f4a782d3d34a9b26f937986a20a79cd58749f7dae8935eee4f42f9647890b586e0bc2ddfcfe07a172525e638fac31dea4e63fe65be49f615eea112614145930f954a091e0a9785060325ead9771db32a0d8fe868866365e378b20930d77dd3e971fc0929b1411e67cb61045128d0407ae4169b9c814022336968b5cb19f269389dbe820d62aaa799eee3e7dfafffcd8c1d81a10fc2704aef76a0206b184cfae69218578df028ff607239d4f6b4e1db4d1004f5a5a1f884708cdcf04af6833feeda835553f7d35f6e10413f75f19533ec48d21159fda245cd92740623a0c38e6bf69699f9e3774aa5f527ac4f1138edbcc4994ac327b40222e133ee6cf12c44fd1601409c023c1d89d915a22fcad716dcdac6d8a1aae5174ed5ee263e1b427a5331891f89c4072dce719308605ede17da57050c68096b4d49d313b9fd08065e916967a2961cb8ac5411c64c22617113ea20bdf9273bf9e02e6403ba45facbb2ad423267a6678d7e3ffd8755020df617d27d930d79d16d9ee36f9f0eea738c0d8d001d55be206243ff2d6450d214482d46ed30517818246b7bef1b5667495582354acfc788479043785b7373759fd5e94b2bd26874e9115bccf929aa4e871bcab42ad2fe5a533dafb1bfe26f15047a6ba5832aac80747f7d5ae1903cdb5d9cd9afe75a36b2d256da640e5f54477471b04c75f65ea88c29fd4261bf277a640a5fa7c42cd58c60416ab75a70604a1bd3e82171bf8e9268b3cbe923b9dfc6d158e4fbec21a4ca613a3ccf7d282f4a85b96974d89888197c03ddc0025f8ad7b5a1a80b0d7c5fa4805e38facb5235ba04f620a410584680773c0d7e03aec17bf897990791a291cd71d720da65fc6edbec97a03af73a0d4f3ac67ccd82f7ecce93c27df88faa72dd5a4c84c40856d809ad90775cf1ff831407167832a040c69117a758c290f74f5c0f9e2a6ea1daf4cd84fd7f8fc532384debad73bc2a64a44af272be5a4835fc19b60779272dfd7ad31fc895aecac66f7f9a7671191974ad88086db3086406380f2b1b186c3ec86febdb2b29f6318869f8231c4651052ecb6c936e574265cd844ed18c8a707b36b6dc5b40586facbad27684e4b1f7944bbb57ce5ac2c2a4c7128566c722dc2a632fd05b04442ccdfe7aa16da708ce43844bcf0d1424600b72926b90c7a9d3e7afae9b10a25e6da5573f86598280192ebabe27e649f337a550f549bc95c5e694a5dd8b530f7374ce6a443bb38925f6c98c3a8a1e67ead1c416c3d1576794ed608a584aadab9dd4fe9b127b48a89558d7c254e0100b22e1c39496a0cdb36b89f8ed6328022b9178808a1e8b55f0cc8e725b1fee9837aac2c22dd99fdb6aec71438067b2410a453bee56afcd8755ebe9c63ce8ed602c5596cc20848fe2dd769e7d6947c1d135b3a139b57e5133969607879430b9415d6073c6f810b1896695a1c578a46a417dba8314cd416e602c58839926843df725f58242aa1426b4349571d90360bfd2390046ed50478604e422036c673f8d6d35b42c8603b04df8470b162e97cbc041bd619a57691b1f958e090b920f2913a66f4a23997be39fc8c439db898e05daface6a65f633e35dfc887ee9a0736bafe3370a5f957234a576ef58a31ef8d6c04388dcc26a4c303fd53428964ceb620eec55b6aa505d4092d980a261aa0d7c58d631b0323a0a140ddcdb326e38b9685bbf9c32231a1157906276ca328ae1370c853871a2fccf7c146557376e692f4ffa75be03d4e5613309190b19f43f9f45957ed788469650358ba55a1017df44fb5f6929f8449888128def5d0437e17c62b4b6c1ec26a6fe46fc5efd23bf056ac397dc00d803b811e7f875d953858113f9a3058dd4c048b12aaf9c254daee5878c692c8542644c256073a11d5060ccdc531ab8962be5b4f0fcd4693e981044fa045f2e9800c668dbb8ecab1ffe854149eb8454fedff6dd6cf1688379bbcd2645e6d334bc900f2c09b849241e64a94ccf44c7b32863d85d1014a14c7ebe9c276ac7e3d468e8e835fcb8c0067f071045fb8772b04ac25c0290e499145a9ad01b693462a2ca6955822f53d0a2a2c2c7131544bb6a3210008d5f4d0a19886c94bec56b55746f0a35b9bfa1d47bf94498f9c17afca51293016ff8dc7cb1ae64f1b6937f56a1a0b94cdb2cf0023f10e30804426cfd8afba179cfb613677ebcec7793016bfbeb6183ae537f9e21664a6f66406d1c04a2223cc65967de6e4d61c31ac269015ad05b24a0e0cd400c8c13c3cb182c495d9fe0277c1aca7793093824d8f5fc959477190af1ddc5a2863afee05d89e96446dce91c1494a949181903a397abc687e3aa498121a1f292a69c19ea95d18604b80d35027e5f748fbd2d4722d1118b5db2fc6754eadc0e5e0ce95894ec33f32a09a135034051501b4e4f108a9a1f6e0f2ee2fa6d5cd7e52fac5e4e35235f21432f310c305f88658c5058218b623a7ec528f37592a673c205c3fa712b8a8c9485afdd51327482e9ff7609a49091845bcf67525cbde45eaf8bb6fd540f0eff33ec568751d2f357ef39cddd727f1cc26c9d2b9abd1ebc8a264676dd49ee7758ca0ef1345d04807dd09303789eb9d8968f6791c2a5f622278d71f77a665502b908fe7f3258a2baf01659e6669d2aa20f138bb3869725bf052c5866f10e6f065457b14c55633fb0f023c200845ebee6c74c804146b5ecd5267ba2bff26d8924aba56a8c707e0acad3cba12fcbeac8d01d5df0313e509a4ea3c0e831da7ea7eead64a61548274c08dbd8e2c74b8269d9e7385359a2a1fc6b1c0a3cc66d4d95cce40bf3632cc1f14bc8c94eb3261a1c5b6945f578ecc21b5c6941aeb16ebdcad7327f467850574df0b788645142b80e53f554785a18c63967713aaa06f610b4d58d0bce80b114b8bf744249a01197252b7734968f21f0a75522aac0dc6f9f3992320728085eabbeab1bd8315ffe4addad3cc41f83613e93bd401fa40ffdbd37b39a118b0da456a6661a040923a6de580b96395ea020eba57de7e11899f74aa62ee57c1116af2811f4761894d623dd860208c0529dadd912922f8e45294bf3c4fe53e4512263837c463c04e9ef20b5884b8dacff3ae8941eeb9814d72e428fb6e0fd67ba8f1165ccb4191a53f269ff569deb43f81d2e53192ace7d5f1dc62ce0f2c24b7e3042beb69015662355ca10e541936bee9dadaee3923e5a6febcc11b0eee26dfe02adef407bd1f8fedcf8908edb638f3142e0a44229ff15954daad6a541471f5d1a8f1b068bb78d"}) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x0, 0x0) 04:10:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x300, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2438.302545][T31218] binder: 31215:31218 ioctl c018620c 20000240 returned -1 [ 2438.311606][T31219] binder: 31216:31219 unknown command 25359 [ 2438.330378][T31219] binder: 31216:31219 ioctl c0306201 20000240 returned -22 [ 2438.347291][T31219] binder: 31216:31219 unknown command 25359 [ 2438.365634][T31219] binder: 31216:31219 ioctl c0306201 20000240 returned -22 [ 2438.385378][T31221] binder: 31220:31221 unknown command 1652113742 [ 2438.392699][T31221] binder: 31220:31221 ioctl c0306201 20000140 returned -22 [ 2438.424995][T31226] binder: 31224 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2438.425009][T31226] binder: 31224:31226 ioctl c018620c 20000240 returned -22 [ 2438.447527][T31221] binder: 31220:31221 Acquire 1 refcount change on invalid ref -1338336188 ret -22 [ 2438.458136][T31221] binder: 31220:31221 got transaction to invalid handle [ 2438.469439][T31221] binder: 31220:31221 transaction failed 29201/-22, size 88-40 line 2994 [ 2438.479053][T31226] binder: 31224 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2438.479071][T31226] binder: 31224:31226 ioctl c018620c 20000240 returned -22 [ 2438.480934][T31221] binder: BINDER_SET_CONTEXT_MGR already set [ 2438.501756][T31227] binder: 31220:31227 unknown command 1652113742 [ 2438.509908][T31227] binder: 31220:31227 ioctl c0306201 20000140 returned -22 [ 2438.517904][T31227] binder: 31220:31227 Acquire 1 refcount change on invalid ref -1338336188 ret -22 [ 2438.520489][T31221] binder: 31220:31221 ioctl 40046207 0 returned -16 [ 2438.529259][T31229] binder: 31220:31229 got transaction to invalid handle [ 2438.541937][T31229] binder: 31220:31229 transaction failed 29201/-22, size 88-40 line 2994 04:10:55 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:10:55 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0}) 04:10:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:55 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\bc'], 0x0, 0x0, 0x0}) 04:10:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x500, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:10:55 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_ENUM_FREQ_BANDS(r1, 0xc0405665, &(0x7f00000002c0)={0x3, 0x7, 0x547498c3, 0x208, 0xffffffffffffffc0, 0x4, 0x2}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$admmidi(&(0x7f0000000180)='/dev/admmidi#\x00', 0x8, 0x10000) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000ffb000/0x4000)=nil, 0x4000}, &(0x7f0000000200)=0x10) r3 = open(&(0x7f0000000000)='./file0\x00', 0x8080, 0x10) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r3, 0xc0305615, &(0x7f0000000040)={0x0, {0x9, 0x9}}) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000300)={0x6, 0x1}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x3036a0e4645ef500, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="056302e0f53d1510000000000000000000000000"], 0xff88, 0x0, 0x0}) [ 2439.013587][T31238] binder: 31234:31238 unknown command 25352 [ 2439.017094][T31240] binder: 31236:31240 unknown command -536714491 [ 2439.029787][T31241] binder: 31235:31241 ioctl c018620c 20000240 returned -22 [ 2439.040074][T31243] binder: 31233:31243 ioctl c018620c 20000240 returned -1 [ 2439.040690][T31240] binder: 31236:31240 ioctl c0306201 20000240 returned -22 [ 2439.047937][T31238] binder: 31234:31238 ioctl c0306201 20000240 returned -22 04:10:55 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0}) 04:10:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2439.065099][T31241] binder: 31235:31241 ioctl c018620c 20000240 returned -22 [ 2439.094955][T31240] binder: BINDER_SET_CONTEXT_MGR already set 04:10:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x600, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:10:55 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\tc'], 0x0, 0x0, 0x0}) [ 2439.133102][T31248] binder: 31236:31248 unknown command -536714491 04:10:55 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x0}) [ 2439.215315][T31240] binder: 31236:31240 ioctl 40046207 0 returned -16 [ 2439.249505][T31245] binder: 31236:31245 Acquire 1 refcount change on invalid ref 0 ret -22 [ 2439.255586][T31254] binder: 31251:31254 ioctl c018620c 20000240 returned -1 04:10:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2439.288920][T31258] binder: 31256:31258 unknown command 25353 [ 2439.299300][T31259] binder: 31257:31259 ioctl c018620c 20000240 returned -22 [ 2439.299654][T31248] binder: 31236:31248 ioctl c0306201 20000240 returned -22 [ 2439.315508][T31258] binder: 31256:31258 ioctl c0306201 20000240 returned -22 04:10:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x48, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:56 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x55, 0x44c001) ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000100)={0x0, 0x3ff, 0x0, &(0x7f0000000040)=0x3}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) 04:10:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x700, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2439.370457][T31258] binder: 31256:31258 unknown command 25353 [ 2439.397432][T31258] binder: 31256:31258 ioctl c0306201 20000240 returned -22 04:10:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0}) 04:10:56 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00c'], 0x0, 0x0, 0x0}) [ 2439.489163][T31270] binder: 31267:31270 ioctl c018620c 20000240 returned -1 04:10:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x4c, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2439.579820][T31277] binder: 31274:31277 ioctl c018620c 20000240 returned -22 [ 2439.587851][T31272] binder: 31269:31272 unknown command 1986356271 [ 2439.617524][T31272] binder: 31269:31272 ioctl c0306201 20000240 returned -22 04:10:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xfdfdffff, 0x0}) [ 2439.636938][T31280] binder: 31278:31280 unknown command 25344 [ 2439.647953][T31277] binder: 31274:31277 ioctl c018620c 20000240 returned -22 [ 2439.657031][T31281] binder: BINDER_SET_CONTEXT_MGR already set 04:10:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2439.684311][T31280] binder: 31278:31280 ioctl c0306201 20000240 returned -22 [ 2439.700199][T31281] binder: 31269:31281 ioctl 40046207 0 returned -16 [ 2439.724262][T31285] binder: 31283:31285 ioctl c018620c 20000240 returned -1 04:10:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x2000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:10:56 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0163"], 0x0, 0x0, 0x0}) 04:10:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x60, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2439.742951][T31282] binder: 31269:31282 Acquire 1 refcount change on invalid ref 0 ret -22 04:10:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0}) [ 2439.837964][T31296] binder: 31293:31296 unknown command 25345 [ 2439.846196][T31297] binder: 31294:31297 ioctl c018620c 20000240 returned -22 [ 2439.876193][T31296] binder: 31293:31296 ioctl c0306201 20000240 returned -22 04:10:56 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/mls\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000180)={0x10, @tick=0x3c0, 0x7, {0x7fffffff, 0xd4}, 0x100000001}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x1, 0x0) ioctl$KDSETLED(r2, 0x4b32, 0xfff) [ 2439.887201][T31300] binder: 31299:31300 ioctl c018620c 20000240 returned -1 04:10:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x3f00, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2439.929304][T31300] binder: 31299:31300 ioctl c018620c 20000240 returned -1 04:10:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x68, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:56 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1163"], 0x0, 0x0, 0x0}) [ 2440.033425][T31307] binder: BINDER_SET_CONTEXT_MGR already set [ 2440.045937][T31310] binder: 31308:31310 ioctl c018620c 20000240 returned -22 04:10:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:10:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0}) 04:10:56 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) fcntl$getflags(r0, 0x40a) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0xfffffffffffffdcc, 0x0, &(0x7f0000000040)=[@acquire={0x40046305, 0x3}], 0x0, 0x0, 0x0}) 04:10:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x4800, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2440.107601][T31307] binder: 31304:31307 ioctl 40046207 0 returned -16 [ 2440.120776][T31316] binder: 31313:31316 ioctl c018620c 20000240 returned -1 [ 2440.177412][T31320] binder: 31317:31320 unknown command 25361 04:10:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x6c, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2440.246890][T31320] binder: 31317:31320 ioctl c0306201 20000240 returned -22 [ 2440.249744][T31327] binder: BINDER_SET_CONTEXT_MGR already set [ 2440.261965][T31329] binder: 31325:31329 ioctl c018620c 20000240 returned -22 04:10:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x4c00, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2440.297494][T31327] binder: 31324:31327 ioctl 40046207 0 returned -16 04:10:57 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1263"], 0x0, 0x0, 0x0}) 04:10:57 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0}) 04:10:57 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = msgget$private(0x0, 0x100) msgctl$MSG_STAT(r1, 0xb, &(0x7f0000000180)=""/188) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) [ 2440.367866][T31334] binder: 31333:31334 ioctl c018620c 20000240 returned -1 04:10:57 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:10:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x74, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2440.490287][T31343] binder: 31339:31343 ioctl c018620c 20000240 returned -22 [ 2440.524961][T31347] binder: 31342:31347 unknown command 25362 [ 2440.531584][T31343] binder: 31339:31343 ioctl c018620c 20000240 returned -22 [ 2440.533279][T31346] binder: BINDER_SET_CONTEXT_MGR already set 04:10:57 executing program 4: r0 = syz_open_dev$vbi(&(0x7f0000000180)='/dev/vbi#\x00', 0x0, 0x2) ioctl$VIDIOC_STREAMOFF(r0, 0x40045613, &(0x7f00000001c0)=0x3) r1 = syz_open_dev$binder(&(0x7f0000000280)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) ioctl$sock_ax25_SIOCDELRT(r2, 0x890c, &(0x7f0000000100)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x4, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) fcntl$getownex(r1, 0x10, &(0x7f0000000200)) io_setup(0x4, &(0x7f00000000c0)=0x0) io_destroy(r3) getsockopt$IP6T_SO_GET_REVISION_MATCH(r2, 0x29, 0x44, &(0x7f0000000300)={'ah\x00'}, &(0x7f0000000340)=0x1e) syz_open_dev$admmidi(&(0x7f00000002c0)='/dev/admmidi#\x00', 0xcd, 0x400) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000040)={{0x2, 0x4e21, @broadcast}, {0x307}, 0x4, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x27}}, 'team0\x00'}) 04:10:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x6000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2440.574350][T31347] binder: 31342:31347 ioctl c0306201 20000240 returned -22 04:10:57 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x3f00, 0x0, 0x0}) [ 2440.630059][T31346] binder: 31341:31346 ioctl 40046207 0 returned -16 [ 2440.630807][T31351] binder: 31349:31351 ioctl c018620c 20000240 returned -1 04:10:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x7a, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:57 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) socket$nl_xfrm(0x10, 0x3, 0x6) [ 2440.764120][T31366] binder: 31364:31366 ioctl c018620c 20000240 returned -22 [ 2440.782140][T31369] binder: BINDER_SET_CONTEXT_MGR already set [ 2440.791271][T31371] binder: 31365:31371 ioctl c0306201 20000240 returned -14 [ 2440.803538][T31369] binder: 31363:31369 ioctl 40046207 0 returned -16 04:10:57 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x1000000, 0x0, 0x0}) 04:10:57 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000000)={0x96, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x40402, 0x0) write$FUSE_IOCTL(r1, &(0x7f0000000080)={0x20, 0x0, 0x3, {0xbc, 0x0, 0x80, 0x5}}, 0x20) 04:10:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x6800, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2440.814393][T31373] binder: 31368:31373 ioctl c018620c 20000240 returned -1 04:10:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x300, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:57 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r1) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r1, r3, &(0x7f0000d83ff8), 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="056304400000000073d93afc526868504789e7c6f1dec880d4ad6dde5d32061088a841d18ea50c1a457b291f5844b565bdafea514e2854afcf0d723cbdd4dff32bf1658f0c5d891e03b4b708404457310597287dae6f39dd4aa1fa79a0e43f69a1047dd2d3f5c3fc2fef2f64169b5e611a90372eec2fa705cf930a5cfa1ae07869fed2b49d0cbaa84cc93fb57feb70533f2666b2e03a6d110b1cc2eacdad72ff2153d2d9b27cb993ed5dce335a24bc6fa2ad7ca19bf36820d173ef81a583a3ba0fea559e52bb35ab3083e539949195e5be6fb689"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) [ 2440.944586][T31382] binder: 31378:31382 ioctl c0306201 20000240 returned -14 [ 2440.968875][T31385] binder: 31380:31385 ioctl c018620c 20000240 returned -1 [ 2440.977433][T31386] binder: 31381:31386 ioctl c018620c 20000240 returned -22 [ 2441.080849][T31392] binder: 31383:31392 Acquire 1 refcount change on invalid ref 826217020 ret -22 [ 2441.122047][T31388] binder: BINDER_SET_CONTEXT_MGR already set [ 2441.129424][T31388] binder: 31383:31388 ioctl 40046207 0 returned -16 [ 2441.136254][T31388] binder: 31383:31388 Acquire 1 refcount change on invalid ref 826217020 ret -22 04:10:58 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x3f000000, 0x0, 0x0}) 04:10:58 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/mcfilter\x00') ioctl$VT_GETMODE(r1, 0x5601, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0xfe4d, 0x0, 0x0}) 04:10:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x6c00, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:10:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x500, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:58 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:10:58 executing program 0: ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x203, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xb8, r1, 0x120, 0x70bd26, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x60, 0x2, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x8}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@broadcast}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@loopback}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@local}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x101}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_SERVICE={0x34, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x20, 0x2}}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'fo\x00'}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x3e}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x10}, 0x4000) [ 2441.402960][T31400] binder: 31395:31400 ioctl c0306201 20000240 returned -14 [ 2441.417352][T31403] binder: 31399:31403 ioctl c018620c 20000240 returned -1 [ 2441.431063][T31401] binder_ioctl_get_node_info_for_ref: 12 callbacks suppressed [ 2441.431071][T31401] binder: 31396 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2441.431082][T31401] binder: 31396:31401 ioctl c018620c 20000240 returned -22 04:10:58 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0xfdfdffff, 0x0, 0x0}) 04:10:58 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x0, 0x0) ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, &(0x7f0000000180)=&(0x7f0000000100)) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) 04:10:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x600, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:58 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = request_key(&(0x7f0000000000)='blacklist\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='/dev/binder#\x00', 0xfffffffffffffffb) r2 = add_key(&(0x7f0000002380)='user\x00', &(0x7f00000023c0)={'syz', 0x1}, &(0x7f0000002400)="798817ccaf8f5778b42a1b8e006395b6027541aeea003a2f4f4e5a7b118e16bb5d79084761036c22aea0115ffd1e60d4d01f8d3b9288b6c9bc3ee9d496d247772c985b1372e4e23a5f4efe11dc63c6ff4194badb282e92a0274550612b454966ade584c8ba0233046743c7c0ef4f6f7caf932bc0e7691dbbdcf41acdd5864db29e08ad364cfaca83e8d3fdc87675b6982f59242995c5cc373c4fe5477126a5c21a61c63c39edbed24d5a9eab22ad2c5ad13bd6169a03e58f0e03ab2df12519faccf7a7164d0cc45d210b4548bf45c4a1b2bf9021dfd2009badf231c6f91431e6821b5f281f88e911fed4b2ffc3b275777c5dfad28ae2d9728b033feda7", 0xfd, 0xfffffffffffffff8) keyctl$instantiate_iov(0x14, r1, &(0x7f0000000200)=[{&(0x7f0000000280)="543071851979599da90fe2736b06d04b06b4aab1a7e13f817652460a2e0b2a40d0d0e562c0bae669845e1040822a23e979957e4b45e3eef0d3ef4fa2f984c9c7de5fcdd27a79e9c43f9ea76a8ad22aea7f986c8f67ad8d4ecbd7e7cf8f063f79213ff9353fd68fc2d12d39b6465bccbf88a37d1306378e8371e231d9b89e1eebf6f5ff076bc0e11b78c769c93358dac2817eaf2fe0303650d520c3b6f133384058adaa138832f7462b7dcba0fa1394fbdd64d7abcc9599f6a3a31405508a549da6909666fad33e1370ddd9928802b5f86829b1487d41306043bdb2ef9cb0dad037750c8e4a10db575b2f8d358345a7ec37ca73abe4c5fd6820423b6933cec89ca315f73b00ae9cc08fb2cd0fc80e24eb4cb36223d73ac8f5b1bf097eb4618e228777e8dcc12653b663a9703f60e23376ffe1714804604b5360bede283b31bc1cb9d329730cee5b9850c6723563046849e11eb3e6cd9b419e6242d9a110fbcd74d65f106de8bb12022dcc745e82bdb245823a557c5bc5f31273cc62eae604f257afea63763d594e83075a7c7c128b0e551b7cb351917f07d8516b1a0e17fa6cc4db4a59f7f9b2709a5653fff0bcf897a524a30ff6d847f42778621abc21d8015d12fd29d3cb4eb3f61975b32b6dc13a5cf134bfa79e71d269c377095a626465edd304bcb13910b2aa97e71d55cbcb696d67047e57b4c29929526a5718e60448343988cbec3f00726581c0cae4610ba3584f6b02f58263469849e46fb460d5f21c4a818bed36b189369c3cb7e563a0cd7b6e4f8f0832a3aa00336130b5f5a76d0144ba78dd4373a40e61d89fa6f3d381ee9a3366b06464675efd527af73ec368bd7953a3cd602638eaae44b544a8e047d4298010b84e283c895574d7a269adfd8215679c1536422f7771830ce5150aed6cec2d36a8592c4a217256fd7501dc53edb4e84f2dcb7a444776f9d6a5e141e4eb5c48d9c0a587013c713d238ff7fb72b9e41ed94ecd680ac555b2196117ed97890090102f0b59d224d84b4e6bca8bac3152f13c2a67808d4a312c413cb23c26e76b83339de26f6088ca5a9e0f89030cc21b1218068aac09c5a71e0b512c7bff269811349781d9f7150995c51a6eb5a84ae9e5d1fdc9c176b7762276f8b716cd5b46fbc9082e6712ccf44f2b53953e7104f17bdeda190efb0530c196b4fa9d94a4cbb7655da340dbc4519c42d374bc6f2404926e665e0025f711cb61420663aeb570dc767b07291ceaa9b8c26aa63703ce4b115cd2dfa2df9f32c5b437859c23fd6386b0a175829590354fab4817d127a63f16a04396b5c49be8e48c60796926340b68cf1cc90d19a689509be6a1aeb6ba4b6db5c27bb78a2f09e69ca64ca940f4f33a9a3414c07a7d92b89dff650a44477364074e8959ddd97f54c861f7d9e1c8ae0542cda96f59deb64b3a58371f010231c47b2c50530ab6dcca4a5b0720a931652a08f14e7ed48228c1da2c2a2dd81224c1e5ffe635cf108abcc133dca9129a7fa88c706f9b2a3a2f7f7dd95d1c03a15f03ad0318e111a9b412a4f71fffacd9096fd3929db2384d7088d97cb843d1ce2d96a3a45d15a55d851b80a3de1814bf900787f1c9a5996edb8180c217f980f937fbc9ad2c905fb826609d260a73b2711eda1a8f7689a31300637aaadff29e67b7dc64f3141a90f669d5f59f1b98c0c2daa6c705a7fe14c2ed62dcca23e2269f87af352f4301f8c8ea3f9544c7e882df3b5c2604ebb841dfa3e18905534a2c555c904fd0764338ec019e9eb30a53773174aa0c617ad47b50307ccac93d4ac695b1fd320e48edb7d0d78cf11b9a1b0b5d4b0b8520b3518f7bf4ff59415679d98e4f3f79d659594429344122f219c1b6d9a235f0f059b859a85bd9278bbf89db648bbbd3f4f1fce55b6770bc301584036e2493a09072796adc0353212efb2bc1c7eb22765d3fa678df6b7bd905f8b86a69e0612e257d542baff34b36ef588662fea4620450b3405c0f91527a37d8e554c6f50104f8143e5d540752b433647c77a3edfcb5339d718ed3d49718754774976a1f1d390734f0dfe193aba9695b8bbdc554490d2505cdf5258e4ea5e22dd298977cfe2a3c5860eba180ada93b7bcab6cef1982f05a6cb5774a458180ea2774790dc0c31c5520cd46e3cade6b58431fab64814eda3163e6f6334bcdd4433637ed1fd801afb1c62944120737392ca50d657cb00ce01d83d80996290a5a5eb976eccc8e9738d97d4d6d6e2d24188fd5e092a3daa837a493691d8fd233a1e64a0518969ce897d644adb9ca7a1c9f450168735329fbff0e47c2f46a64dae284fa45d27f2f413c4dc1328a0a146a80332d1ca8e2bc560145a4d65b66bb47f12996b21e2a731d374ecde7b8b8f0f2bd753dc87b4c9a2041dda25e71166ac49d33211558113c08f52e6d5befe5bae14d1b91842c401c2c1971cda4d64fc134e8782704a4eccdb3ad6ca9f3bd1a70e11bddcadcbcf9245ab57cdb81912021ed3b4af2d3cd5a90b27a58e49de58d71f02f80141dffe6d40ff46e0e3033d44314c024e45f3d45c0f1995a12b015cc6118701275a03068033b05dfd142a7f80b6b73a7b4d2f11b4f104bab9191d247aeb96f9ef18edca5c17baead1cfc0d87580854bdb748f7dd44a0bfd4ec586c255c7ed77682a3602879cddd26a1c1ab32998bd630f5c74d240b8c0734273f82446ff8f05a22932ac666bca6d1d203d5de2c439c2c5e9aa6dc41bb5baccb3f6c18f923f3e9b74cfac9d7a26c570d23ae2fc4c3f415b574aac476a3376964401ea6587db44fef3d940a3891dcef85eb52a7a35b30c89238222262fe83feb478941b03203a70ee46eefb1d12cee1727aecd242146eaa33074c0d0973ebf952a0d2164b651383027d12ad25e3fc5161d1db2efef95496c99abfe1ba6473437bfc496e8ed9ba88d0b0a471d69351f62975090ab6cf4b4d3bff17f04ab7009bee9b6ab2c2af13205321b20a9e3f7ab85118dc27c93fa397037a9c9d68edd0cf6a53efd855c360a7cd62bd892c1ed223cbd29bb7f330c20dbe7fc3383a198f934fe5d3b269c2b87b3e5b340d20fb998b1c20d5bb5eca47b9c10f5fa96d9f96241f4f71f30234d3620ce13e8174796fff05e8cf3e5c9b1a3deedfe397a26f78b104c6ee183c5408f58e38c7d4b075a17f3c58ba73813b02ae85c1acb35b74efae121ff57702239e6dd54b2ade78743428d51fdf4f52f459c122fc61521844518cc93b23edc4ff99ac62ae53e63d4b418e47d3c73cdad89834985a8e4ea61b0269bd51b796104c04e62ae5dacc1dd3e630e8524c1aa37741d19d85ad723584000be9e69f89fbc29d0629f8e84c4af023dc2d7fcb8ca00dea15f4107c52cd18986f5636965e27f8bfb7a4f361609d6d5bdeffae2822fd25e844f6faa88e7ac578f4d3e1af0cd0634337adeed7d6734ff960d5f7eddf1ddd7a6d5e3f76732d7c972b1cfe787464be5949389db521250c4ca3102cd6ca0b56f29abb04ce8322345e4c57721e2bbd24119ce14f085d557f862a72aff977a412850ebccb5cd350c7a9d8becead1a7c71853531a088137ff246c1a1f7fe11ba9e4fecf88c176c99d4110f683128d87356de111e2db6490484ab6eb0675af8a1c9155f111d62ca8964b4a5ce668a1faa9f1887722c64c6e0830a98451ff95af14104a71e5d184dba91d2aab98c6d4f4aede820288c80ba84f4658276d6b8d19e5a7cc01d75f5e1b036e9868cff8606f1c380ec8316cd9236b97a0a31316595577c8f794254d52bd500a0c7db491cb6fca7aec905ab7c7f21dccb9269ecec65cc1bb08f26b5ef128d73ebd80c30baa07e30fdcd8f003a14b29834e833f91641a418555cc3c52b1e1ef5dbb706fff52c9d6bfecffd688dfaa204582a2ee33a015c7f21d01ca4874276e502d6104662533a6c9dc369f0d88ddefa42c5f98479fbe4c43b56349149f5b30626661113eaf0469df05cde370d9be5f9c326e8377f75639d94cce0f1b568b88d35a0259e8f974cbabe9387e8f223303ae3e10e78ea0b5abd3dae492edfb03bd0212ca83a86fb8e8fbed9e2393b90b1fecaa7ba98dbb04394af1b2c99eea90ee6813ebdaab48dd137f6df7e615c232cf1b5315a543c60ef8a081947015563bd4913275be8d775d16c52ba6f2d10e2ffbb41991a1753b02e3e894c5ea31da20331d8b578f966e8386921ea781ef23a12b1501957c7cd5aae6846f1edfb63073d5af78b2eda473e3a63cffa502525c88b6ad4db553f22e24285a0f5ca95e708b01af92c0bdde00a64afb6cfbee48b0a826045e8cdfe257030a4c9ebf2d073f5fa66156fb47208eeba3e0d63e3f9c26ef1ffb93682e7edf6474928ab519cba3fc034461aa906632c99852a761bf95f1ad83ea7a8502f1623a9d1b97b6ed4cc52eaea03a2bfab93568cdfe27f4ed1325fb27291d314965c4189de6cb7560995c564d30e32e8e3615f0721b5cd38d2e2e32daa45319608936646e68717fcd13be597e1977397d463d6f008117a45abc845f6b7d168374543c8c6e6036107877adb84d2560b257766ae9e166eb1c8ef5d92a668b45f8c31db0532a5394f507e00a260fc37dd08ddcebf2e2f54ca08ab9d99c0a75528bc847f9eaac9dd124f3540fac92c22a01461e61f99f14ea691371508d57bad6308f833bc26252eed75ae07087e7e48421988aea3b13e7258fc3cf5268e2f5e5958cab3bcf70f9ad1391f07e164dda6b03688147b5246091613ef875c34186e750dd307bfabbb55472aa33bc60feb14c7feb28250903795136c37529b4d2da00d373997781ab836270098c6f555d8d8b2e70f8692df8a2b4aee63a58bcf3809f66a5858d4ec9bfea6cefe4b9b70534a7ad015afe011057a1ef0ef046c108bc295fc71efbe943da66aa9156c041627e479a2ce40d24875cff5aa33183cda4f8a1093f137ba334d218b5bb7885c79379771fa40bfac3d3984a7b0bca13da4163d9221354eae4926489bdb6e1f5ad2d3cea11183fa40fb0d744c4f602830b61ac54cb77822145e234dad49aed9183aae31166c6fd06c25580fa70c77d829c9ce879009d6e34d0c083050545f34227185ba7d33a008fe10c6f9faf66ee7834c39a90bff597a66f0f34bc3abfae847673d447a42fded7c5f628b143ba5adce3645d3e2c62432b2f55a2397f3e02d5d01628d647f301841b6282c2a10d307c8e51f1f6baac4f5ddebf8358ce7a89375c01552a2fccd84f26a17120a901e1913da280b9a99e64949b1da80d8e3bd31ef56242e82318fc87c9e76acf53beb651e76b7faf91fff0fcaa0a52d260f40088d0fd87262f405504edbf90a6a6e3e9aa5f6ce693d8a9db70682c4417188eca2391f4b89c576951c4ea65aa08e47a3a40612a44c05e6655cb1370e7e8bc3ba4bad130c15fab42e16c02abce5168ca7418f80ff0dbd58376513015e9760150d2a392601ab807dd896017c50c248fbe1e8f4c9c6be66f1a33eb3b7fde949203759a0bf7ed9cd6de57914584fa9dcfab103bdc314904d6276ba13918e4000b232be2c3c7e97fd6b64c7e3f177a31fc4e916bb7c5fcbe63f32fd1f4150f9554928b46c969bdf45f3bf404823e50e496c6ef4d79e2e8a5085f48d20bdcf5e4cbdcbe4190eeeeffa4d1c36d98156fdfd1046588f1cf62165bbd907d334c4adbd9e02d0cae75f6ae208a691df54dbf01b89a4cbd7b509deeccb5cea3ceaca9fc958a9da1b09314949532a7dd81c0cd342508d58c2c4e1d176476653b07c5cc549a3a3a7ca3df72deec427479536f70418ceebe71", 0x1000}, {&(0x7f0000000100)="cb9ebfbd85a0d4c4830ce04f3cab71870f80e17e3a24c8606482cb63ade4f5393ccc5bc86df37c4fcada70b3ccbd89877dffafbf439b12c3a28a948781fcb84cb91459ff9c747a5ece38bd3d94e6bf43afcbd42d2df6b91354c888a6c77eab41ea1d44ea1d3fc21c8076f090b884136dcff8638210de64b4befb420bbf0a64f97ceaf7e16314b6fa8ba4444b66c04d298cd4e6360ec8338d389e26b8a1a5ee2c1a62e8fdf3c33a4eee1dd4da359e19a6aa0a5d41abe0b50fece8095dbc5da06cb05b6fe847dd79a58d7b42d2a8bfd17bccbb", 0xd2}, {&(0x7f0000001280)="443fcd52fe761cda43304dbe32f9c743fa29ce5c70f927caee6f36413060fd2e2271942013518b22e7238e04dedc3f1e84a641d0368c768f6fe7ef010cf4c3aa44317b6b67f58bafa892055fb95c51e76669e078f34ceff4a19c9191a61e1fb3d39d84334415b114f70249e5e3557bd2b482fa80de2e4f58b2be17f7fcf6c5014842cbc798acd535a4d69b183342255e43df3015a59a2b3828986448c8a6a502e24ce6ac3e9580dd55effadde92c4ebd8fbcf847c171dd17b7f701d05a418827e70e54ca37b58027980952ffb43f877027ad33995cca087c688f6d02d0ae673c0a3e6c4b3dae3f92fb9ad7099d392f36c0ef4b63", 0xf4}, {&(0x7f0000001380)="26251a95ccec4f746a852e5d3b546b8f4b8ba776832c03760fd03a23992fbcb8adc83130f28ff56760586a089f60d581189a508592ffc0de307b6d4c6d00405d3a97ded1af8e48fa356b43a7fa6b824af2df0cd5bbb6da979157ee2e10f604963c43bd269a926139d2a7349d0581c8d81c42beb4f5070b5927789ff21e6d7e9154f46ae1362857cece4124c3866e9ca0ae21848ab6b7b97c66d60dc6d7a8e8e881a72be61bf9b17c4a27a344b2e00847102d61d530a49013987e3116c11df2623e66dd6cfa8ca870e9cf535f82db49f2d9d003b1152959defda145dc8c88744966e6dbb91dd4e26d7d293a02fb2102928727a9798a47bbcba6ff27bee33bce67c4a5696ad06c1f4a0d9a75ad47a58a335a8b1e977fc3cdb2882180b9027f9fd24f99b4344b6962123f435e72c2bfe85d5d9bf54c92da8de92b9aa65825733a0b203140fa90ef416cbee68a5935775dfdbbda048f2c1e778fd8ae10d0223c3d2b09c45ad9905fbbcfdcd124402c8712deda6c907b589459a434fc75900dffa893c78b7900e556043a7c990dbf0570f9a07977836ebf136876527483f4fa13e52b0f95118696aa7a64c19851782ecd33979113ac8b9f774b98e3b3071c37ffd0fde8adbef37b4fc443e63502655ad7ce075a40afc3504f087b246ccad33db12ba1a498e7fbad0cee5b26406d0d75395daaed3d82f4ec5ffa40b05d5a4fa7964d3aba1f8bf24230ecbdaef2e5d3fd79bcabbdb49f4654fcbbdddac992bc6fb982a1ea528deff1c14cf59a96754bf1b700c76a59ebb4e88bf1d339ed77f7ce8cc864c6ed08f81c4141caf36907f196d3b3cc07bb094a98c91e772cae32edd7a8c78422d56fd07b7c92e115060c4c248dcb89b6b13ade0594d6cba016f5bd6fe93fc0a70b9d830b4efcbafd9e0415f1e281c02d17110cffa53535b5e9e67bc046cd3438574932fd070d9de2961c7d607c5ed80b1b6bcc3c71420cbcafc6626e32646fdb4e39471d01b11e4017500d9e00d8ec40a761b4fa87a8ebbc852721d3d96923fcc422e6eba81dd7bc492f5142d951dac329229eb367885531330644b55e21df5119239ded9edb446854a10d30b0de5d671cf5bc96d244843be008a7f0f0dbfa119a2099d3fc6ca5ad2d281598b9ac5b71ee03a2184b9f4997e07302d3660166ad45120888cbf86ffc73f07319d11e4f8b7067933fd70de8c91a28ea2d643b78727025d9b7b8142c12a15c7a9262db2210416def94492f1a0396c00eccc45f1b226be5864768a6160eff89b77d58479d5b9d57305d98372754a3f72a892ceea1f26e12a1fb4011f31c40431bf21d44890f3ce676507497e64bf3673eba9da8689c66f4fc2cf8411edee1eff3e981113edc6bc991db77a6e51ab5a85d0c46939f78b9a8470affc12584c9452d91cd79e29b7f33e1f9541f704b403e296427056070d4afb9492dcc49ed82ac3511e9f6b3f2fea4c3153936bff76f70d90d01adc70b260f710b5a162aba3e45637ebff8353bc15d71e8db779011770066c6c35a51f359eab1af07a6c68904ede93c3110eea32f3afe67820ba8cc57c39709670cd96f1762a9c42c95bbdaafee2563e90ff82c11b679d57295eef5a55dcc331403c6749d305eb1e03fc9b179e1b1c6cc8bc9740d1fce11393be00485f6584445bc0d8b649574719f622b915c958dfe3cf9f55dfcb8aa6b1ab83ea24e2d1bc3baa2665f7f0d62f2e356adec583f8ccc86265f19d744fa9103c3e235d49e5fdc2941b9497aeed4e0d731a3831fcb99408d07c1b78ac5a8ec4034770f6b4505745f01b23ae5b131e907f1010668bd9ea6c300107cdca1eb2b8b3a88f8b3e51a687658d1012b46c1c4c75777d7487c0edae5eeed6e6cdb09f8b446d3b0e160193ce7e3f4fa5da7481a05b234d941c9423f179e1e7a16f89d18375cd8f99049a2475e106207c7cd289d43c673fc6e64f448e8c473f564d4f97c08b0d19ce356de153fe421924daa89764218421b1ebaf585df7075b4784049aa5129d6aa247cb417c733390f8616a7990aa83854f4f810296394487df2f8d54c7e882c45b946c3f239b46b6582d56f638047cbdffec8c07d9fdcb2a8cc6ea1ab22fd5a43ac660b502ba149caff5d8c62381ad1e1be8b1cb724c79d57a1aa4c6d17fe86477a4954c52e2ff930ca2cc1e9fe3350b752863723b8e810ef205b01a581ed3df56da6783b4f2b9c7671d8cde46daa1969e8a7cf9c7ab4353dcbbd21396aac712c7fa589556e8567a717b3e609bad9cb9df60ff2e6b6c97e732d3fa09d3976fe74186b2d6a44770ef229d041cbe4814a5ba6c55a8b3d110261ac8ae361d402bee36d4771f5f5afd09a05d5e05392336a10e247d59e0e7520e2efbe9264eed329ba1c8480b9e03064ce9f29ef505017b3db970eb8e528b6d7694a857d2aa5b3748f178c0277353c045fe09cbc02e13a62db34dfaaad0231e07c1cfcabe2f86e3c703dcafbd580655050d92a2081ebecafd3255e2dd8dbf51557e9ce6fc59d181e57d816d06273315202ed151becd04290e2dc084791be238cf6e87598dca13cd69fe46d4af1c61f4790fc834ee4fc2ed99534f972fe62af4473bb6b6ad1a74fe0ed084784f8de34feaf2ba09df96a0e3090f818e6175c2f3cf16dbfa0263e31e936e2fc8451e7690364245e29a88e3b7c6632b612f06a55f4ea9315fbcd066c79fe40c12ed1e40e132da76d4fabb94bda06607c2257e3e31e3c760fce949a66e34c70fb84bc81026f7e8a38d9981723ad6b835fc49857feaa7ac63c4127ad291144243a5516f68bbe9e377222c1f119b0e2f40bd4ea3ca9326834d918c4b2b2d6463212f4ea9223c32e27a673eefa3b8a5b2a3350db45f51ac99022d571abc196d44fda76f40b15059c6d9167796dd56c124fe84034f7bcaf45fac2619a74fc884929a0fa814529890fcb57d818236c1cd467a5eae9cd79c713fe9d2e70e2577286fc404a9e9fab7943d147cda2eb79319e7924ffa8c07b8b9f5a780db5f8f155abda4cdd1446565f061d2fa89e5a8fe83bbc191f3c3af85824bf2604aa95cc30ea0daaf2611b06cc65c361f968781fd662a50f5da8851a4bdeebc9a6ba572a7859ace9d290dc4a8a35f05c18886e6503da5c62e13b8600759dbd2bd5130f1597c5d6b1c9091066f0d44b080726a8f784b70a7ec69328f8ec6a291ad3f7c4affd1d2a6501ca9a0c44373e142dabf81dc3b88e07b0035fb206b3ecba0b62c123f5a6e0abec300caac4b9f27f7325885f9c2de208c09fabe27e4f21ebbb0d2ce265849e525f7671fb1c90e1b7c443d4d7d8bc28d44dfcb326a5a60c7739d08660dc5a9f637a6b4e1ec9a13e1e1f1a5d922a98e529182694b5026312400d6bba09d009b54a8772da127e78b57664ddf888d432b322dd9c38d34c487bb50b4adb302ecda8060be65c828954a70e0b01d96f6165e47fa95410607a87d02d32a1b8580ddea92a083bdc83c9777e88c211c888bb707292012fc0193cf8f5918256b9579ce6d6e0b4c9a48a6499fbe7d3644e8c7bca7be8a2335e045184e946d50e9322f5c4783850aaa13b2693d879c58c429eb65d9a4dbce5adb849ba470da8c711dc6a33b312c43205cf3190ebc65222856e8e7905a443442eb7258bf634a6214f99a3c068371eb62a6981b5c244acac26dcc5598f733d9b20a3645069f97c77f6aa1d0bcf1dbfdf207754cd4c8065340c11bc078def3fc06169e759c4138fcbdbf3667a725c1e243b995170f479ba7b41271c20f1f67e7e2f8a57793b1710d8da81d1fed2aea323c5c2e318a054cd2fb6f705967293f0d95f249687f2d67fed584cf55ea52f1e48008aa44ccf9ed01d1ae9f78603a8d2c8b7672324f08b3eba031e3396bc50a74785201f59279d30dce5a29359fff61defc2fcaf24c0009268307f7688756d4abd3a2a6914e5e3af4d2d69849bd4d6e1d5c4ed19115c7f331db7baf862476cdd993038ee3a165f96172d15b6c796954d4b327a6cefbcc0d962371d33652acfad53aa1f8b7093fe5a4f19d351ad3f2eca46af16d4aad0963b715c23faf0bf903dd7a764dba26497a57495b963ac1380201f92262a418757e2265701b79cb27a1f4b6a2522dad83839182a7821488232fbc906bae9735bb087e65ea6abbb72506cef794b1a3930ff5ae5afb33ef9d220aa574a6b68ef90da2454909351a4faedff3ef728c5d5a611f0dc8083e4db87be55b2fe03edb68cdc0a8b27eaf3add08a1baddb35e0d99a55693642d751e7b89aece01bd2689b0f33e80b0d146f3b600bdc7a724b515732cb016bd792e45b081ec15b1eb5b23a42178468a53a482ec5dc12bd598e65989a1f90fca5732a6af5489b9eb26c30e3cb99b64f6fcafb8ca84b5ef2d5961468d68f2427eeb3e8ae4dcc030c58fba375b7680ced710f98cae68fd86c82d5aaac2496237e0f1281953d7c76ea8ff11f22b00c5eb65000ec16bed7b225eec3b71507da796895e67bbd41f6be4e038fb1190e7f5989b2cd398980a1e92533876facb8085caec323003b2eafec8c93dd9b8432ac775090cdbe0d1791ffcbce9f38b46ff60e30654c9bdf9439ad60a8df8289e936ddcccfe6fd5637a6e2904c5073e13047584bb2440ae4a34e084a3733ae1bf0aa2d44b714d523955cbdb2a3feeb09efdd639e0312aae1cf50e43b9e08d3442db2b959b7cdf08a8a2767c2e6c20181d912359e529dc14bd798a5c9257db25524d8d9931bd909e7ba9d9021bed2c65781fb769bf10223fb83c63a21ef84bbd46868f855a7643c5d1b988a3e36c210895866b63a57f5aa6ca0c7659d5a9ce7072b57b4db380775c8011b15a6227e2b368246248ccb06c783ab0c22e5a05bb274d6e03cb185c84ba58dee4a696e8e00441769ce735c047b78b74be8983c07324042f479b8d2be13bfcc6b8794f16f80ff1bd7200d0af37ad18e37b192f2f8e0c00c521d65321de94e59b4851886cbba5bc1234f0744f12f8089326fe94a36c3cf91b72db6f25eff7d35103e8295526cdf1b4b90ddf7f50ea84440b3071e0bed7be31431f33254b7a4cfce8fdc6463de7a561e8e39dc9ca87849dfd965c5d3798e5ee49d5d89454a91d6f34580ff05564caa8e0e1c6b6cc0c282a77eabf4276ed58b690783af603e83065f40ad6c40dbed9f69d4d0e78cc0447bddf4a8f3e8fc52a1dccf5c749f247049b284be2cbf348127bb545a4e63726a109db9c8125361f6cf38959356c7936fce0afff87bb5c38803fb082a646d77997290fba2641204b7ac23564082f5ce610890b76a6de7b356d7657288cb5353513b425617851092300c7a8e700df60939a9405d9f55a90ee89a85bab24caedb2a44180288a837e4c8da1bac01d57d7aaf227258a271bae27cd7ee66f1daf2992d2d219cd15f31d79f8b929b20abb503253a430b81a756c05d72f1459740cd344cde7c2f37bbe6edc7b133ea5e1fdaf2df1e2c7026b639b5a9d5b62f50a19329ede0de3e7db3ae2047f7d8d2c6304090551e3f5921aadf305db2ee080a965a420dd3ea9bdeb64085099f58c38b9dd7174b6be3a0da6bf56ad664d67b21f936eafb09ee7caa3cde15595a004f7033584b2d08a1be779ad8abe2f246d4879579c21635092bee7d37892cf1fc50b08fa0cb9332fdce3164749b5c1e625dad362d626f286e2e110754efdeae8b40ab90401c546c50e87995b046147630075a77d57ab545cc25fdfb071de4c9d6373f7a975368198f817017a87bfb31a98e090550f632fa0a0a94a9a4fb247050a738afedb16599b4b68e41df30", 0x1000}], 0x4, r2) [ 2441.594991][T31415] binder: 31413:31415 ioctl c0306201 20000240 returned -14 04:10:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x7400, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:10:58 executing program 0: ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r0 = eventfd(0x5) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) 04:10:58 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = msgget(0x2, 0x0) msgctl$MSG_INFO(r1, 0xc, &(0x7f0000000000)=""/82) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2441.647199][T31422] binder: 31418:31422 ioctl c018620c 20000240 returned -1 04:10:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x700, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:58 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0xfffffdfd, 0x0, 0x0}) [ 2441.756956][T31432] binder: 31425 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2441.756968][T31432] binder: 31425:31432 ioctl c018620c 20000240 returned -22 [ 2441.799933][T31436] binder: 31434:31436 ioctl c018620c 20000240 returned -1 [ 2441.804283][T31438] binder: 31431:31438 ioctl c0306201 20000240 returned -14 [ 2441.819392][ C1] net_ratelimit: 18 callbacks suppressed [ 2441.819401][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2441.830881][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2441.889434][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2441.895262][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2442.129409][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2442.135289][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:10:59 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:10:59 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=[@acquire], 0x0, 0x0, 0x0}) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000040)=0x5, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) 04:10:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x2000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x7a00, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:10:59 executing program 4: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x100000000000000, 0x0, 0x0}) [ 2442.289398][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2442.295244][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2442.364863][T31452] binder: 31449 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2442.364875][T31452] binder: 31449:31452 ioctl c018620c 20000240 returned -22 [ 2442.390410][T31454] binder: 31448:31454 ioctl c0306201 20000240 returned -14 [ 2442.399639][T31455] binder: 31445:31455 ioctl c018620c 20000240 returned -1 [ 2442.408090][T31456] binder: BINDER_SET_CONTEXT_MGR already set 04:10:59 executing program 4: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0046209, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x3f00000000000000, 0x0, 0x0}) 04:10:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x4800, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2442.452035][T31456] binder: 31446:31456 ioctl 40046207 0 returned -16 04:10:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x1000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2442.575102][T31467] binder: 31466:31467 ioctl c018620c 20000240 returned -1 [ 2442.575815][T31469] binder: 31465:31469 ioctl c0306201 20000240 returned -14 [ 2442.611872][T31471] binder: 31470 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. 04:10:59 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1f63044000000000"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000280)={0x0, @in={{0x2, 0x4e23, @loopback}}, [0x110, 0xfff, 0x2, 0xfffffffffffffffb, 0x7ff, 0x8, 0x6, 0x8, 0x3, 0x9, 0x6, 0xfff, 0x6957, 0x200, 0x8]}, &(0x7f0000000040)=0x100) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000100)={r1, 0xfffffffffffff1ed}, &(0x7f0000000180)=0x8) [ 2442.614337][T31471] binder: 31470:31471 ioctl c018620c 20000240 returned -22 04:10:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x4c00, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:59 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:10:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000000)={0x2cb, 0x0, 0x0, 0x37c, 0x0, 0x0}) 04:10:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0xfdfdffff00000000, 0x0, 0x0}) 04:10:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x2000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2442.689405][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2442.695287][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2442.713768][T31474] binder: 31473:31474 unknown command 1074029343 [ 2442.720863][T31474] binder: 31473:31474 ioctl c0306201 20000140 returned -22 [ 2442.730534][T31474] binder: BINDER_SET_CONTEXT_MGR already set [ 2442.737527][T31475] binder: 31473:31475 unknown command 1074029343 [ 2442.745761][T31474] binder: 31473:31474 ioctl 40046207 0 returned -16 [ 2442.753694][T31475] binder: 31473:31475 ioctl c0306201 20000140 returned -22 [ 2442.806325][T31485] binder: 31477:31485 ioctl c018620c 20000240 returned -1 [ 2442.840764][T31487] binder: 31481 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2442.840778][T31487] binder: 31481:31487 ioctl c018620c 20000240 returned -22 04:10:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x2) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000100)={0x0, 0x0, 0x0, 0xffffffffffffff9b, 0x0, 0x0}) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x10000, 0x0) ioctl$IMGETDEVINFO(r1, 0x80044944, &(0x7f0000000040)={0x6}) [ 2442.856784][T31488] binder: 31483:31488 ioctl c0306201 20000240 returned -14 04:10:59 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) 04:10:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x3f00, 0x0}) 04:10:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x6000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x3000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2443.054260][T31503] binder: 31499:31503 ioctl c018620c 20000240 returned -1 [ 2443.070154][T31502] binder: BINDER_SET_CONTEXT_MGR already set [ 2443.090273][T31502] binder: 31495:31502 ioctl 40046207 0 returned -16 04:10:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x1000000, 0x0}) 04:10:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$RTC_PLL_SET(r0, 0x40207012, &(0x7f0000000000)={0x8, 0x1ff, 0x8, 0x4, 0x400, 0x8, 0xffffffffffffffd6}) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2443.102161][T31507] binder: 31505 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2443.102173][T31507] binder: 31505:31507 ioctl c018620c 20000240 returned -22 04:10:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x6800, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:10:59 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:10:59 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = add_key(&(0x7f0000000040)='blacklist\x00', &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffa) r2 = request_key(&(0x7f0000000200)='blacklist\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)='#,posix_acl_accessvmnet1!-\x00', 0xfffffffffffffff9) keyctl$search(0xa, r1, &(0x7f0000000180)='blacklist\x00', &(0x7f00000001c0)={'syz', 0x2}, r2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="47a2f316a8a00b77"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) [ 2443.151130][T31507] binder: 31505 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2443.151143][T31507] binder: 31505:31507 ioctl c018620c 20000240 returned -22 [ 2443.222339][T31514] binder: 31509:31514 ioctl 40207012 20000000 returned -22 04:11:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x4000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x3f000000, 0x0}) 04:11:00 executing program 4: r0 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x4, 0x800) sendto$netrom(r0, &(0x7f0000000280)="f60a1b07fc64a77c9934a54f0e0227063a1b633bbc80ae259427a57c2dd4ac98f10984639bfd658147ea67bfe021bff689698a60f7215ab16b4a508379dc0c65889a4c95b8", 0x45, 0x10, &(0x7f0000000300)={{0x3, @default}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast]}, 0x48) r1 = syz_open_dev$binder(&(0x7f0000000200)='/dev/binder#\x00', 0xffffffffffffffff, 0x100000) ioctl$BINDER_WRITE_READ(r1, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffb000/0x3000)=nil, 0x3000}) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000140)={0x43, 0x2, 0x1}, 0x10) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e23, @multicast2}}, 0xfffffffffffffbff, 0x3, 0x8389, 0x918, 0xffff}, &(0x7f00000001c0)=0x98) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000440)={0x0, 0x0, 0x4, 0x8, 0xfffffffffffffff9, 0x4, 0x9f, 0xbe40, {0x0, @in={{0x2, 0x4e23, @rand_addr=0x2}}, 0x3, 0x200, 0x0, 0xfffffffffffffffa}}, &(0x7f0000000500)=0xb0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000080)={r2, 0x7}, &(0x7f0000000100)=0x202) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000040)={0x10001, 0x1000000000000, 0x2005, 0x9, 0x80, 0xddb, 0x8, 0x1, r3}, 0x20) [ 2443.275144][T31514] binder: 31509:31514 ioctl 40207012 20000000 returned -22 [ 2443.281645][T31518] binder: 31511:31518 ioctl c018620c 20000240 returned -1 [ 2443.288933][T31521] binder: 31517:31521 unknown command 385065543 [ 2443.304284][T31521] binder: 31517:31521 ioctl c0306201 20000140 returned -22 04:11:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x6c00, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2443.367930][T31525] binder: BINDER_SET_CONTEXT_MGR already set [ 2443.397035][T31528] binder: 31524 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2443.397047][T31528] binder: 31524:31528 ioctl c018620c 20000240 returned -22 [ 2443.416442][T31525] binder: 31517:31525 ioctl 40046207 0 returned -16 [ 2443.447668][T31521] binder: 31517:31521 unknown command 385065543 [ 2443.462383][T31521] binder: 31517:31521 ioctl c0306201 20000140 returned -22 04:11:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0xfdfdffff, 0x0}) 04:11:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x5000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:00 executing program 4: r0 = dup2(0xffffffffffffffff, 0xffffffffffffff9c) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000640)={'hwsim0\x00', 0x0}) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000680)={@local, @empty, r1}, 0xc) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x650000, 0x0) r2 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2443.493757][T31539] binder: 31534:31539 ioctl c018620c 20000240 returned -1 04:11:00 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0xfffffffffffffe15, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x9d, 0x0, 0x0}) 04:11:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x7400, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2443.611611][T31546] binder: 31542 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2443.611624][T31546] binder: 31542:31546 ioctl c018620c 20000240 returned -22 04:11:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x6000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2443.666648][T31552] binder: 31548:31552 ioctl c0306201 20000040 returned -14 [ 2443.689087][T31554] binder: 31551:31554 ioctl c018620c 20000240 returned -1 [ 2443.739726][T31552] binder: BINDER_SET_CONTEXT_MGR already set [ 2443.749216][T31552] binder: 31548:31552 ioctl 40046207 0 returned -16 [ 2443.776367][T31559] binder: 31556 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2443.776379][T31559] binder: 31556:31559 ioctl c018620c 20000240 returned -22 [ 2443.818016][T31559] binder: 31556:31559 ioctl c018620c 20000240 returned -22 04:11:00 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:11:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0xfffffdfd, 0x0}) 04:11:00 executing program 4: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x440, 0x0) setsockopt$TIPC_MCAST_REPLICAST(r0, 0x10f, 0x86) ioctl$ASHMEM_GET_SIZE(r0, 0x7704, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0046209, &(0x7f0000000240)={0xffa7, 0x0, 0x0, 0x269, 0x0, 0x0}) ioctl$PERF_EVENT_IOC_ID(r0, 0x80082407, &(0x7f0000000040)) syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x3ff, 0x0) 04:11:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x7a00, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:00 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$radio(&(0x7f00000001c0)='/dev/radio#\x00', 0x3, 0x2) getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0x41, &(0x7f0000000580)={'security\x00', 0xfb, "76e0dc4ea7aa58e9674b80991b1a5456a712798735bc33d494af39c27f3aa78daf62f1c84c24610482d14d0951e217a99f624268c738e49aa1684b12406e376914ddec207fc33225a544d92ded7572088079cd2dc1bd6e83c66b1ceab819b041573470a78e3b3f4a95a60a64ae2b8f8579df9c170a685439c77b33108cb2e75321e9d431c5e50ba5c1cbf1239396c7706b85594521b5565b79a0aabb539d866d867814c3c7229543cf0cdc9271756cb1951c8d5ce60256d647bcba37fd911b17aac9cfc30b01ebe49b1345462f16e9ec0788a2500daaa039f18fb2d6d98960df55f09f02e863103a2098ad8d375575f0e2098ca622d392419d388a"}, &(0x7f0000000000)=0x11f) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@ipv4={[], [], @dev}, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@remote}}, &(0x7f0000000200)=0xe8) r3 = getgid() mount$fuseblk(&(0x7f0000000040)='/dev/loop0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='fuseblk\x00', 0x1000802, &(0x7f0000000400)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xf000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1000}}, {@default_permissions='default_permissions'}, {@blksize={'blksize', 0x3d, 0x400}}], [{@smackfsdef={'smackfsdef', 0x3d, '/dev/binder#\x00'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '\x10'}}, {@fowner_lt={'fowner<'}}, {@pcr={'pcr', 0x3d, 0x39}}, {@obj_role={'obj_role', 0x3d, 'bdev&ppp0%'}}, {@obj_type={'obj_type', 0x3d, '/dev/binder#\x00'}}]}}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="2d0c550cdd94c138"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}) 04:11:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x7000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2444.172164][T31569] binder: 31563:31569 ioctl c018620c 20000240 returned -22 [ 2444.180252][T31571] binder: 31566:31571 unknown command 206900269 [ 2444.201448][T31574] binder: 31565:31574 ioctl c018620c 20000240 returned -1 [ 2444.205729][T31569] binder: 31563:31569 ioctl c018620c 20000240 returned -22 04:11:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x100000000000000, 0x0}) 04:11:00 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = accept(0xffffffffffffff9c, &(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000080)=0x80) ioctl$SIOCRSGCAUSE(r1, 0x89e0, &(0x7f0000000100)) [ 2444.221399][T31571] binder: 31566:31571 ioctl c0306201 20000140 returned -22 [ 2444.235326][T31574] binder: 31565:31574 ioctl c018620c 20000240 returned -1 [ 2444.263495][T31578] binder: 31566:31578 unknown command 287 [ 2444.269239][T31578] binder: 31566:31578 ioctl c0306201 20000240 returned -22 04:11:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x20000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x3f00000000000000, 0x0}) [ 2444.327713][T31578] binder: BINDER_SET_CONTEXT_MGR already set [ 2444.358033][T31578] binder: 31566:31578 ioctl 40046207 0 returned -16 04:11:01 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x2) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2444.390049][T31578] binder: 31566:31578 unknown command 287 [ 2444.394509][T31571] binder: 31566:31571 unknown command 206900269 [ 2444.412387][T31589] binder: 31588:31589 ioctl c018620c 20000240 returned -1 [ 2444.415122][T31578] binder: 31566:31578 ioctl c0306201 20000240 returned -22 [ 2444.454576][T31589] binder: 31588:31589 ioctl c018620c 20000240 returned -1 [ 2444.487645][T31571] binder: 31566:31571 ioctl c0306201 20000140 returned -22 [ 2444.497359][T31595] binder: 31591:31595 ioctl c018620c 20000240 returned -22 04:11:01 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:11:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0xfdfdffff00000000, 0x0}) 04:11:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x3f000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:01 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="05612c9ebc88a866"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) 04:11:01 executing program 4: r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1, 0x2000) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000080)={0x0, r1, 0x2, 0x3f, 0x6, 0x5e0e}) r2 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0046209, &(0x7f0000000240)={0x1f0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet6_MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000100)={0x5, 0x1, 0x2000000, 0x8, 0x6}, 0xc) [ 2445.096954][T31610] binder: 31606:31610 ioctl c018620c 20000240 returned -1 [ 2445.104378][T31608] binder: 31604:31608 ioctl c018620c 20000240 returned -22 [ 2445.123792][T31612] binder: 31607:31612 unknown command -1641258747 [ 2445.139527][T31608] binder: 31604:31608 ioctl c018620c 20000240 returned -22 04:11:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc70f, 0x100) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e21, @rand_addr=0x5}, {0x2, 0x4e22, @remote}, {0x2, 0x4e24, @multicast1}, 0x20, 0x0, 0x0, 0x0, 0x5aa, &(0x7f0000000080)='ip_vti0\x00', 0x101, 0x7}) [ 2445.146790][T31612] binder: 31607:31612 ioctl c0306201 20000140 returned -22 [ 2445.150466][T31612] binder: BINDER_SET_CONTEXT_MGR already set [ 2445.187104][T31615] binder: 31607:31615 unknown command -1641258747 04:11:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:01 executing program 4: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x4000, 0x0) setsockopt$netrom_NETROM_N2(r0, 0x103, 0x3, &(0x7f0000000040)=0x6c4, 0x4) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2445.216611][T31615] binder: 31607:31615 ioctl c0306201 20000140 returned -22 [ 2445.246949][T31612] binder: 31607:31612 ioctl 40046207 0 returned -16 04:11:02 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r1) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r1, r3, &(0x7f0000d83ff8), 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="056304400000000073d93afc526868504789e7c6f1dec880d4ad6dde5d32061088a841d18ea50c1a457b291f5844b565bdafea514e2854afcf0d723cbdd4dff32bf1658f0c5d891e03b4b708404457310597287dae6f39dd4aa1fa79a0e43f69a1047dd2d3f5c3fc2fef2f64169b5e611a90372eec2fa705cf930a5cfa1ae07869fed2b49d0cbaa84cc93fb57feb70533f2666b2e03a6d110b1cc2eacdad72ff2153d2d9b27cb993ed5dce335a24bc6fa2ad7ca19bf36820d173ef81a583a3ba0fea559e52bb35ab3083e539949195e5be6fb689"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) 04:11:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x48000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2445.314426][T31661] binder: 31642:31661 ioctl c018620c 20000240 returned -1 [ 2445.435518][T31735] binder: 31704:31735 ioctl c018620c 20000240 returned -22 [ 2445.447077][T31736] binder: 31734:31736 ioctl c018620c 20000240 returned -1 [ 2445.460412][T31735] binder: 31704:31735 ioctl c018620c 20000240 returned -22 [ 2445.499265][T31706] binder: 31688:31706 Acquire 1 refcount change on invalid ref 826217020 ret -22 04:11:02 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:11:02 executing program 4: r0 = accept4$ax25(0xffffffffffffff9c, &(0x7f0000000040)={{0x3, @bcast}, [@rose, @netrom, @netrom, @netrom, @null, @rose, @bcast, @netrom]}, &(0x7f0000000100)=0x48, 0x80800) ioctl$int_out(r0, 0x5460, &(0x7f0000000140)) r1 = syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0046209, &(0x7f0000000240)={0xfffffffffffffee9, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x3, 0x2) 04:11:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0d6391594b2d4342b2ab24343075ccfb0b347d8771afdad5a4b94974"], 0x0, 0x0, 0x0}) 04:11:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x5000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x4c000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:02 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r1) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r1, r3, &(0x7f0000d83ff8), 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="056304400000000073d93afc526868504789e7c6f1dec880d4ad6dde5d32061088a841d18ea50c1a457b291f5844b565bdafea514e2854afcf0d723cbdd4dff32bf1658f0c5d891e03b4b708404457310597287dae6f39dd4aa1fa79a0e43f69a1047dd2d3f5c3fc2fef2f64169b5e611a90372eec2fa705cf930a5cfa1ae07869fed2b49d0cbaa84cc93fb57feb70533f2666b2e03a6d110b1cc2eacdad72ff2153d2d9b27cb993ed5dce335a24bc6fa2ad7ca19bf36820d173ef81a583a3ba0fea559e52bb35ab3083e539949195e5be6fb689"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) 04:11:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="fbff11a4e4b43d322d0c4e51f5e2e0d25714304c0802474b52c9ae21709e3c9ee8e613a60b826e5a91f7871d23a7132b4d9ba597500869a82571e9c219630779f3e8b4d9bab7cec4896b0d5d143052d2badeb25d01df14d1ca45066a1d933fc7d4101c86b63f5579e7ef5559c62f41dfa511d09bde1e4ddee77bf1e34e692f9e9ce360767aebbd7dd67ee6134088044b04fe20456d7dbd52f1e0"], 0x0, 0x0, 0x0}) [ 2446.022379][T31748] binder: 31742:31748 unknown command 1502700301 [ 2446.022910][T31746] binder: 31744:31746 ioctl c018620c 20000240 returned -22 [ 2446.028756][T31748] binder: 31742:31748 ioctl c0306201 20000240 returned -22 [ 2446.060275][T31749] binder: 31743:31749 ioctl c018620c 20000240 returned -1 04:11:02 executing program 4: r0 = syz_open_dev$cec(&(0x7f00000000c0)='/dev/cec#\x00', 0x2, 0x2) ioctl$VIDIOC_G_MODULATOR(r0, 0xc0445636, &(0x7f0000000100)={0x3, "d77266ff364e062cc48053db2fd153b5ebbf30d25b097f4cc625720379315f99", 0x2, 0x7, 0x7, 0xa, 0x3}) r1 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) ioctl$TIOCMBIS(r2, 0x5416, &(0x7f0000000040)=0xa2) ioctl$BINDER_WRITE_READ(r1, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x6000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x60000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2446.163720][T31747] binder: 31745:31747 Acquire 1 refcount change on invalid ref 826217020 ret -22 [ 2446.173445][T31758] binder: 31755:31758 unknown command -1542324229 [ 2446.206141][T31758] binder: 31755:31758 ioctl c0306201 20000240 returned -22 04:11:03 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x14000, 0x24040) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000340)={'veth1\x00', {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r2, 0x520, 0x70bd27, 0x25dfdbfb, {{}, 0x0, 0x4102, 0x0, {0x10, 0x13, @udp='udp:syz1\x00'}}, [""]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x4000) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f00000002c0)={{0xa, 0x4e23, 0x5, @loopback, 0x200}, {0xa, 0x4e23, 0x200, @local, 0x1}, 0x0, [0x2, 0x1ff, 0x8, 0x9, 0x10000, 0x200, 0x7, 0x5]}, 0x5c) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0)={0x0}, &(0x7f0000000200)=0xc) fcntl$setownex(r0, 0xf, &(0x7f0000000280)={0x2, r3}) 04:11:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) [ 2446.291908][T31768] binder: 31764:31768 ioctl c018620c 20000240 returned -1 [ 2446.292606][T31767] binder: 31765:31767 ioctl c018620c 20000240 returned -22 [ 2446.402732][T31773] binder: 31771:31773 ioctl 8916 20000340 returned -22 [ 2446.446970][T31773] binder: 31771:31773 ioctl 8916 20000340 returned -22 04:11:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x7000000, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2446.849411][ C1] net_ratelimit: 22 callbacks suppressed [ 2446.849430][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2446.860884][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:11:03 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r1) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r1, r3, &(0x7f0000d83ff8), 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="056304400000000073d93afc526868504789e7c6f1dec880d4ad6dde5d32061088a841d18ea50c1a457b291f5844b565bdafea514e2854afcf0d723cbdd4dff32bf1658f0c5d891e03b4b708404457310597287dae6f39dd4aa1fa79a0e43f69a1047dd2d3f5c3fc2fef2f64169b5e611a90372eec2fa705cf930a5cfa1ae07869fed2b49d0cbaa84cc93fb57feb70533f2666b2e03a6d110b1cc2eacdad72ff2153d2d9b27cb993ed5dce335a24bc6fa2ad7ca19bf36820d173ef81a583a3ba0fea559e52bb35ab3083e539949195e5be6fb689"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) 04:11:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x68000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) fchdir(r0) r1 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_S_PARM(r1, 0xc0cc5616, &(0x7f0000000100)={0xe, @raw_data="641fe22586323aee749477848db2ddd5f232e25c88629c22e8febc752425a2efe25e926b1f2a80531fe73a50f68157e20ee1fd385bd9e4b8c4244cb8c1f90ef1715379b00dd0b49049f4ef90bd36b5236e9d6055a26aeb79212841a95a67a36f96a0fb0d0a43575803199dad20b471362150935647185508003254c81990d1e599c4f7ebd72eb5feaf2215fd510dc2ffb4d69da5b693b714a571b3ec9697143ed517c9f39aaba8a470aa6ce05d3aa1b35b4cf400722a4f7470ebfc1c4b5534acc0025b67095a029e"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) 04:11:03 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:11:03 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x880) socket$rds(0x15, 0x5, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/mls\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r1, 0xc0505350, &(0x7f0000000080)={{0x3, 0x9}, {0x1, 0x3}, 0x3, 0x4, 0x5}) [ 2446.929392][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2446.935221][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2446.953436][T31786] binder: 31783:31786 ioctl c018620c 20000240 returned -1 [ 2446.976004][T31787] binder_ioctl_get_node_info_for_ref: 10 callbacks suppressed [ 2446.976011][T31787] binder: 31784 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2446.976022][T31787] binder: 31784:31787 ioctl c018620c 20000240 returned -22 [ 2446.995579][T31786] binder: 31783:31786 ioctl c018620c 20000240 returned -1 04:11:03 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0x10, &(0x7f00000001c0)=',^mime_typeGPL*\x00'}, 0x30) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000240)=0x0) kcmp(r1, r2, 0x7, r0, r0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r3 = socket$inet(0x10, 0xfffffffffffffffb, 0x3) sendmsg(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="24000000010207031dfffd946fa2830020200a0009000200001d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) r4 = dup2(0xffffffffffffffff, 0xffffffffffffff9c) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000180)='cdg\x00', 0x4) r5 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x802) r6 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vfio/vfio\x00', 0x2100, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r6, 0x894b, &(0x7f00000000c0)) getsockopt$inet_sctp6_SCTP_EVENTS(r6, 0x84, 0xb, &(0x7f0000000100), &(0x7f0000000140)=0xb) dup3(r6, r0, 0x80000) ioctl$BINDER_WRITE_READ(r5, 0xc0046209, &(0x7f0000000000)={0xfffffffffffffcd2, 0x0, 0x0, 0x1a02a3679b88a927, 0x0, 0x0}) openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self/attr/exec\x00', 0x2, 0x0) 04:11:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x6c000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2447.081285][T31822] binder: 31781:31822 Acquire 1 refcount change on invalid ref 826217020 ret -22 04:11:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x1, 0x800) ioctl$PPPOEIOCDFWD(r1, 0xb101, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\r\x00'], 0x0, 0x0, 0x0}) [ 2447.158669][T31901] binder: 31896:31901 ioctl c018620c 20000240 returned -1 [ 2447.198736][T31905] binder: 31903 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. 04:11:03 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r1) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r1, r3, &(0x7f0000d83ff8), 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="056304400000000073d93afc526868504789e7c6f1dec880d4ad6dde5d32061088a841d18ea50c1a457b291f5844b565bdafea514e2854afcf0d723cbdd4dff32bf1658f0c5d891e03b4b708404457310597287dae6f39dd4aa1fa79a0e43f69a1047dd2d3f5c3fc2fef2f64169b5e611a90372eec2fa705cf930a5cfa1ae07869fed2b49d0cbaa84cc93fb57feb70533f2666b2e03a6d110b1cc2eacdad72ff2153d2d9b27cb993ed5dce335a24bc6fa2ad7ca19bf36820d173ef81a583a3ba0fea559e52bb35ab3083e539949195e5be6fb689"], 0x0, 0x0, 0x0}) 04:11:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x48000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:03 executing program 4: r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$RNDGETENTCNT(r0, 0x80045200, &(0x7f0000000040)) getitimer(0x2, &(0x7f0000000080)) write$P9_RMKDIR(r0, &(0x7f00000001c0)={0x14, 0x49, 0x2, {0x4, 0x4}}, 0x14) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f0000000140)={0x0, 0x3, 0x5, &(0x7f0000000100)}) ioctl$BINDER_WRITE_READ(r1, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2447.198750][T31905] binder: 31903:31905 ioctl c018620c 20000240 returned -22 [ 2447.275866][T31909] binder: 31906:31909 unknown command 13 [ 2447.294599][T31909] binder: 31906:31909 ioctl c0306201 20000240 returned -22 04:11:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x74000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2447.331975][T31926] binder: 31914:31926 ioctl c018620c 20000240 returned -1 04:11:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x4c000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="a670379bf4f66d1542fe28d049d61f572a8e7653a708c5cec10ff4b0cbcc28001b3a95004481eef324389d156ced93fc2e51ccf0e882499dcf878b47232869f87fec9b06381301f57abeee2136e5813a84b04a3d7163a6540f808ef20c86676e59ae9d926a1f"], 0x0, 0x0, 0x0}) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000000)) [ 2447.446891][T32024] binder: 32022:32024 ioctl c018620c 20000240 returned -1 [ 2447.469826][T32027] binder: 32023 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2447.469841][T32027] binder: 32023:32027 ioctl c018620c 20000240 returned -22 [ 2447.502084][T32028] binder: 32025:32028 unknown command -1690865498 [ 2447.512510][T32028] binder: 32025:32028 ioctl c0306201 20000240 returned -22 [ 2447.521133][T32028] binder: 32025:32028 unknown command -1690865498 [ 2447.535415][T32028] binder: 32025:32028 ioctl c0306201 20000240 returned -22 04:11:04 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:11:04 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r1) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r1, r3, &(0x7f0000d83ff8), 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) 04:11:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) prctl$PR_SET_FPEMU(0xa, 0x3) ioctl$FICLONE(r0, 0x40049409, r0) 04:11:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x7a000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:04 executing program 3: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000b40)='/dev/cachefiles\x00', 0x0, 0x0) r1 = openat(r0, &(0x7f0000000040)='./file0\x00', 0x2000, 0x90) ioctl$VIDIOC_QUERY_DV_TIMINGS(r0, 0x80845663, &(0x7f0000000100)={0x0, @reserved}) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000001c0)=@broute={'broute\x00', 0x20, 0x4, 0x898, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000080), &(0x7f0000000280)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x5, 0x44, 0x809f, 'erspan0\x00', 'gretap0\x00', 'team_slave_1\x00', 'veth1_to_hsr\x00', @empty, [0x0, 0x0, 0xff, 0xff, 0xff], @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}, [0xff, 0x0, 0xff, 0x0, 0xff], 0x138, 0x268, 0x2b0, [@ip6={'ip6\x00', 0x50, {{@dev={0xfe, 0x80, [], 0x27}, @rand_addr="f365fb9e89205856be0f9ce316315462", [0xffffffff, 0xffffff00, 0xff000000, 0xffffffff], [0xffffffff, 0xff, 0x0, 0xff000000], 0x60f00000000000, 0x7f, 0x12, 0x20, 0x4e20, 0x4e20, 0x4e22, 0x4e20}}}, @nfacct={'nfacct\x00', 0x28, {{'syz0\x00', 0x5}}}]}, [@common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0x9, 'system_u:object_r:selinux_config_t:s0\x00'}}}]}, @common=@RATEEST={'RATEEST\x00', 0x20, {{'syz1\x00', 0x8a, 0xffffffff, 0x6400e466}}}}, {{{0x5, 0x12, 0x80f3, 'eql\x00', 'veth1_to_hsr\x00', 'syzkaller1\x00', 'vlan0\x00', @dev={[], 0xa}, [0xff, 0x0, 0xff, 0xff, 0xff, 0xff], @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, [0xff, 0x0, 0x0, 0x0, 0xff], 0xa0, 0xd8, 0x208, [@cgroup0={'cgroup\x00', 0x8, {{0x2f7, 0x1}}}]}, [@common=@dnat={'dnat\x00', 0x10, {{@local, 0xffffffffffffffff}}}]}, @common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0x40, 'system_u:object_r:null_device_t:s0\x00'}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff, 0x2, [{{{0x3, 0x0, 0x88e5, 'veth1_to_bridge\x00', 'vcan0\x00', 'veth0_to_team\x00', 'nr0\x00', @random="6af59d01ca4f", [0xff, 0xff, 0x0, 0x0, 0xff, 0xff], @dev={[], 0x10}, [0x0, 0xff, 0xff, 0xff, 0x0, 0xff], 0xa0, 0x138, 0x188, [@pkttype={'pkttype\x00', 0x8, {{0x7, 0x1}}}]}, [@common=@ERROR={'ERROR\x00', 0x20, {"16ee0ac179f23dcf490ddaceccfeff07b47b015b219f081a357c5d8d41cf"}}, @common=@log={'log\x00', 0x28, {{0x2, "558a04186bc2a7dc99e3f004d8398cc1881d06be5bc6067a6d9044f93015", 0x4}}}]}, @common=@IDLETIMER={'IDLETIMER\x00', 0x28, {{0x100000000, 'syz1\x00', 0xfffffffffffffffe}}}}, {{{0x9, 0x1d, 0xffff, 'bond_slave_1\x00', 'ipddp0\x00', 'ifb0\x00', 'bridge0\x00', @dev={[], 0x1d}, [0x0, 0x0, 0x0, 0xff, 0xff], @empty, [0x62be3ce5d72e4252, 0xff, 0x0, 0xff, 0xff], 0xe8, 0x120, 0x198, [@ip6={'ip6\x00', 0x50, {{@dev={0xfe, 0x80, [], 0x26}, @mcast2, [0xffffffff, 0xffffffff, 0x0, 0xffffffff], [0xff000000, 0xffffffff, 0x0, 0xffffffff], 0x9f, 0x8, 0x0, 0xa, 0x4e24, 0x4e20, 0x3f, 0x4e21}}}]}, [@common=@dnat={'dnat\x00', 0x10, {{@broadcast, 0xfffffffffffffffc}}}]}, @common=@NFLOG={'NFLOG\x00', 0x50, {{0x9, 0x31e0, 0xed9a, 0x0, 0x0, "62f4b5849a8391be7c1b5fb9cd1b368a4a9cf926a57f8a718be7a1076e0d2334355fc3c5c59c3548ca15d9f3b3d0ec68d651b1e73667fff2045730375d549869"}}}}]}, {0x0, '\x00', 0x4, 0xfffffffffffffffe}, {0x0, '\x00', 0x4, 0xfffffffffffffffe}]}, 0x910) r2 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) 04:11:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x1) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x101000, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x3e3, 0x0, 0x0}) [ 2447.892208][T32140] binder: 32135:32140 ioctl c018620c 20000240 returned -1 [ 2447.894442][T32145] binder: 32136 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2447.894465][T32145] binder: 32136:32145 ioctl c018620c 20000240 returned -22 [ 2447.910355][T32140] binder: 32135:32140 ioctl c018620c 20000240 returned -1 04:11:04 executing program 3: r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/status\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x34a) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0) write$P9_RUNLINKAT(r1, &(0x7f0000000080)={0x7, 0x4d, 0x1}, 0x7) r2 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rfkill\x00', 0x100, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) 04:11:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x100000000000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x68000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:04 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2448.049429][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2448.055278][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:11:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000200)='/dev/binder#\x00', 0xffffffffffffffff, 0x100000000000) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fcntl$getownex(r0, 0x10, &(0x7f0000000040)) gettid() ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-monitor\x00', 0x20000, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffff9c, 0x84, 0x10, &(0x7f0000000340)=@assoc_value={0x0, 0x80}, &(0x7f0000000380)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f00000003c0)={0x8, 0x207, 0x0, 0xdff9, r2}, &(0x7f0000000400)=0x10) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0\x00', 0x14000, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={r3, &(0x7f0000000100)='Cy', &(0x7f0000000140)=""/114}, 0x18) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r3, 0xc0a85320, &(0x7f0000000280)={{0xca1, 0x6}, 'port0\x00', 0x2, 0x12080c, 0x7fffffff, 0x1b90eb7a, 0x9, 0x7, 0x20, 0x0, 0x5, 0x9}) [ 2448.130907][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2448.136808][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2448.143393][T32258] binder: 32253 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2448.143405][T32258] binder: 32253:32258 ioctl c018620c 20000240 returned -22 [ 2448.178511][T32261] binder: 32260:32261 ioctl c018620c 20000240 returned -1 [ 2448.191304][T32261] binder: 32260:32261 ioctl c018620c 20000240 returned -1 [ 2448.369510][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2448.375317][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:11:05 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:11:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x200000000000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x3fffffe) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x6c000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:05 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:05 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$kcm(0x29, 0x200000000000002, 0x0) r2 = dup3(r1, r0, 0x0) r3 = memfd_create(&(0x7f0000000280)='\x00', 0x0) pwritev(r3, &(0x7f0000000040)=[{&(0x7f0000000080)="da", 0x1}], 0x1, 0x0) sendfile(r1, r3, 0x0, 0x1ffe00) iopl(0x4) sendmsg$tipc(r2, &(0x7f0000001880)={0x0, 0x0, &(0x7f0000001700)=[{&(0x7f00000002c0)="d7", 0x1}], 0x1}, 0x0) r4 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0xfffffffffffffffb) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rk'], 0x0, 0x0, 0x0}) 04:11:05 executing program 4: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x4000, 0x0) write$eventfd(r0, &(0x7f0000000100)=0x7ff, 0x8) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000200)={0x0, 0x10000, 0x800, 0x1000}, &(0x7f0000000280)=0x10) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f00000002c0)={r1, 0x7}, 0x8) r2 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) bind$unix(r0, &(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e) ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f00000001c0)) r3 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="57000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x99, &(0x7f0000000180)=""/153}, 0x48) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x0, 0xe, 0x0, &(0x7f00000002c0)="8d06ec8863eefa6ea3adb3ce86dd", 0x0, 0x8000a0}, 0x28) ioctl$KVM_CHECK_EXTENSION_VM(r0, 0xae03, 0xfb) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f0000000180)) userfaultfd(0x80000) r4 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/mls\x00', 0x0, 0x0) ioctl$EVIOCRMFF(r4, 0x40044581, &(0x7f0000000040)=0x9) ioctl$BINDER_WRITE_READ(r2, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2448.785909][T32377] binder: 32372:32377 ioctl c018620c 20000240 returned -1 [ 2448.800720][T32380] binder: 32375 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2448.800733][T32380] binder: 32375:32380 ioctl c018620c 20000240 returned -22 [ 2448.818714][T32377] binder: 32372:32377 ioctl c018620c 20000240 returned -1 04:11:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x74000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x300000000000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) syz_mount_image$nfs4(&(0x7f0000000040)='nfs4\x00', &(0x7f0000000080)='./file0\x00', 0x90e0, 0xa, &(0x7f00000017c0)=[{&(0x7f0000000140)="ea0e7f56d567ddfb42fac28a9917ab51de9f71927efd6e3dc16b175dc7fe0cd140449c41951b4a296e78c9f1ad1a1cc7d3521e2dfcb2e1459e707ce9ef91718662ee257588ac5132566737e68caf31a7eaed7634868f02417ef9f3c8b30c074dcfdb09de5db161766463fe8954056ee165310205e9b871c353f101df275b4c2bc04314351ce195cb9f5c1899a0ec0cc1c338b89f925514545db4b7ca26eb3a3f6970525c7ffffdaf845124b9c76407b6405610ddc4e83ec647ed55", 0xbb, 0x5}, {&(0x7f0000000280)="6cbe09decbacde027b381564782ef02a677f20c1331e048a2daf378c87a85a9681a6d2888979604bd731c6ea89f030c67874156c763049d35afffdaf5513fc047b0e867e4ec1d9d2f193a86b76c188aa24811b4e3a89c10a39f4d16aff51ca72d19d71af2c75c290730a2e76b893542ea691f71ab5cdbb2df4e55067e837fd5e9dba27235760cf10fc638af7007faa972484384e72ee689f314cbf7f63029352c3c7e66ec66a4171fe4af9ea695be538379867fe01d381fa4a122bad487c066218093f7e3896688157bbc4ab27f3ae4fcb13a2512282618b47ba61723f1df470c27b87caa9d89317509374", 0xeb, 0x100}, {&(0x7f0000000380)="e383906a5f1ab931d7c04c53a33f77523f3df2bf08803b9d3adff0a5990a3119cb42ffeab02da92f2150da7f99fe880f67d4cf6ee5c57ede50ac49b4952a07c51d0d46e82686275c78cb1d116a48e68bbe7507d0ae88b80db1e4d1454e8db0aa03f25178474660827a6c09c4d7dc9ed64ae18ce7df68c0ce0898f55d8aa40605ad5eb669c9d375797d7257bf55cb447bd3e15df35c6de9fc37a35cf562d994f0930ab9284e864a33b3ea8d2aedf9ec1649b5e82b29ca646bd142a104e542c554ac87d659cfc54805bbaa9f827acdb3b127704c4bebf82c47751b", 0xda}, {&(0x7f0000000480)="d707e46a464d36318ae1d4c453c0f48478e99872d3699219290b6aa4480b890c28d286e0039f7beb2a56f62e54d62e5048e78ef3b32027133cf14e588cf8e916932ef49f2fdc87c9fb2204dab5ebc7e56a9e17835019b6f1e589921e2b539c64c58886390cb1b91dba1d9c10142a0575a15f6aa1edeb2f12b9212def2f31255106635d12b17c5bff07cf3e04586b7b57e2f4cdb05daad9b16a967143f89dd2f54f6cb99716f44776632f76035d2c8f7e0ea98e9a8fbdfe69ae39cf346b38baab1cb4b7", 0xc3, 0x100000000}, {&(0x7f0000000580)="e857e3b26cddabbcf6f2c1f53b94b2ab0848279f0abf211ffb3563bc9bb473a257f2f2c96e184a63fd3b019910d9461471e7697fe39d41313c5f147e73796cdfb738138093e70348f53e4db5dc210558fda132e2ed181ae53253cd94ac7ccf328ab6d1f44d99d1d0d9ee09d7d1638e8f9652d702d24331a01e6168a41a9e0a58970b30807e1486b064da037a774aed187c070e4947f6e6d1e4c259d3e5554b0ea5f5fd75f7ddd919adaa0c340a0a13c0ddef0e88050bbe855a1ec2ef5e0cc56d6781706344c66bde4d4fb73aefac6948357137bd56cca5fa5a8ccc2a8cea3070cb0805a6c4be527f15f445f4c018c4a10b23499dc5f6cf15c2eb36ca86c0a3181bf7f730b3ec633faa67ce23e179f764b4935bd504e424f11c796c2dfeff6c8e49df92092cf29e8ae0ca3dfcb1f93f17a85ca05080d7e11dd876b973f0d02f1158edba4adcd6f9af1a3897b8db69dc4674a8cb1e3abc358a9329f13743060fff4513ebe7cb1842e5499d240f36b16112f8de6259caa6699619deaab47654dd5b434779484f1e2f29cd66d684733f2e1f14b8cf0787637ecdfe9a0c8d5b4b0f41d8708c8732df68b93b77db82df50fa94192f0225477dbdddb92996378a013867960c40567093ff71a58232ffe1ad6551655098039139659abad418b25cf4871f34fc56a15c6e50f514107db2b31e085bc4676cca2f4af75e31cf11ff115c28d9cb1198ebfd2f97bd00f1feefecb4afd2494049fe9310ff14bc0666d5f3207e4fd02feb3dcad295829cf62bd7c47042652c1bd4e276e689b57f2841a12b28fd9d4338dbaefa0e7271dad7e067adc0049a4a1399d7ff94c953cc5948cb61b26dc59e575b37fbe5782c7c541e2dccf5b118476cb3f5a7ed383d1aad5ac0c4a953b804eaa8d171140a66d21b78bb8dbc684f43adc75de5904f6c89e2e549fde01fe658283962ee8bac730b4b50e8af61a40de30b53799f4dc59a0c090c87feae83844beb234fbf184e96ccc200689a1991cfba6e0f139aa1341ed20d264c9eeb05fc5c95d0161718eaca74be4f8ffd4a0d032742459d97424035b76de46307ff2dae51c1dd63a70864a5083d031c09251d06c8d99a9df7bbb4f2dbc3e15dfcb1211654baa38dc4feef4c64734056815d68b3c107ed410a6fccf00e6820b7c1f4e00e6d32c299a0c8659fa9c41c01b9f0ca09c08dd6a0a4ca23345d11a1662750d91f9142434cc462d474bb9a7d2a4559172159f92d5f1c20d795a6e9821d2d3983fbf7da75dfe84677180758a90cb903c0fc15a43b29a95331e2dd8b8e698cbdcec13cfef8a433de3f6aa4209ac0b2da26938f2346731f24153f9dfd8393efbe60e920cef21e91e1320f383118423960c07b63ae44eef628af6775767777bc7875d41734b65f31c9cb0185a9919a8ccd0b1ab42b9c587a96e5e865814baadb0d8ce674b3c9787d00fc7cac93f0c3b3029347de53e724e165e61dce9f758e1d428db41309300a31f72d59740ec2c30a61038767ecbd35c72a99a9217c259d4b087c9caf18a949af5a65e1008c1ad4d6ca50a576dafcf1e49726966ebbc42e5ee2c9961a5879d3d03c8724265b008e1bd7232260da40d75dc377907a226f704ac3a9e8514437f731b2a2738bd1c1468d6f9eb017ccbcecc571fbf74049f9d534b6a10434f05235381bc40cb9bef33c29915719d4d5d6f738fc320bc4edecfc73209fc5ebea5b415997509294bb2a5088a1d6a756d3c4990bc91f4cbc92f1dcec8c18c5660c7fb602008f8182ed32053425c8b881de919cef813555e36af28f7aabb36342ed8e8be3260af034b569fb0c801a6ff1c82d68c5439a0885b91bee723687df3202a3a63d2ffbb2e0cf0710a7ae114723231ccaac661500679a5b60af105e601c3803d54db1f50d67700c23e8590ca3dff5b6418cef8f1d4fe5ef22d30379a167533da4fa483c2fd472d8cd547ce99270b4f6708f852e63e708b8fc403ded78dc046805d64c10dc04ba78f1ceb3776af03e854167fea2b1dcac89823b6e7e0be2d9655db42b11a5bb5d4bb3c5ffbf61920a91f7ff5c50211d5b241b8c03b1e95c18229a5a0d70eda6411832558b41f9be18497862312df77c16d857890c9cce82ccb3ace083e227a4669eaae0ac882e69a135280a34e36c0d1156bec203e604b77a83c47a2fecda767e2aa569a13e43878961adaff966a7eeb74858ba6d6a3a3ee4e7bf49f752d2399dfc544f32b2ea8d77f09aceec9770295747c4881c83287bda824e9477679ba9f934e72eba2b138bb9907e6c32995a8eb31be830743f8156a86d3341886b3cb03fa8a324674a57f54e781f09e0660bce4900f510e230fd9ba1be2867bcdfa271aacbc35e43c455659a3930306ff531582a58c4fa4a5027829988359ccce0a33ef7805f4d8b14f4e5dfcb4af4dac18061808ca9968f95daba0bde62338680777d1eea40f2b02511c49cef7f5ed29deb0f15b262f5fe73923df50f7b2a05a5b9c93d5d66c727bdb49b3eb8791edb7a23709e3bd36181b1bd1ebcd76d44ce419d2a004d804f1a1dbada8d71bbc1ad3bb0c8627a9dc50966292de3cabb45008cfa621807d1fa9014c00e027ef38868430e642b7ae8e167f719f70d2ef29a5d6e1a5d5b5c7ce950d505070d7672d0c9cc4b059b88af92e21e6d001a4474a57623cd0ff8ae27684ae4304a84113277db91f0f6cc2e1bdaab467d5998f4b64e059346dbd65aa8a422295421b86b6a8e7dbc463dcd0b7ad3bca3e18d697087e1257d5da1654d401d07ed2f1c38da14252ce92f882e1a5463c62c7b482384c593310996f2394de0268022068eb07c6de762ea677f351b2a7de02802152da2c5cc6eaea2a5880680166c6963d1c337767acdb6816552c098d546339f8e019b6ca42f813680bb5201d221e343c8b0b4d7c994f05ff94f1bda83000479d2fc28ccc9329ae1f2e094d02807022541775b2dec73f708113b7091de975f978dc1af5e766b8fe87503d55a956a9561bb2d3638277dca7b2cb4191f80cf558d7f8ad1f0a2bca442ca3041f250d125a5f762c8f46d0b1d118558516894d384221431435b29c9aeca8ef2207d4d8d96d4f44a33c3a2e575bc9d239ae2c5284ba52ea40600e2f618653f72b43935fecf2f9a1de7dcba7b7f0b11bc4d7db45c8844d88a6c1b9c90699a6f31d23ebbad1e22c9c1428ea6f93dd8dff32f5ec2577ebda74dd9e429c6055b114bf8796d42358e9d4f5dd335c29f07ccfd4c00cb6693ecfd59f9d3435b71f579e6b20d23e93b197e5a4b904766b0e2b60c65e99168fb9d4fa612e75e4a0c6e7de3900e8aa811c816c27c869e661daaf7a5438acf9c9a401a51f38632912cc0466ea138b89b4bfad5453acd3af18e0087b1d637dc4627b41d929a7a07681bf57b7a3468399d89301bf146929ede6c6ca544ce07fbb7fb5288c11d0ef4fa06802a8d2a4bf9a99393259324ccc36dd813f608da02e545a68ee1233ccd211100d317faa083339b2d53b2a416d7caaf421e01c822471b536cd049df918c52dd498f04c0e3b6c8998dd3c8e9bce4f72d815f669e4dacea022b78babe779193393f19ae3a9cd481ecab9f7613b86761e60d42291cc5cc361123c3f70dd63ef8b21f406c1a3e6907b995b025d86d1eff2c8afa23933b15d45065833c031fdec251fca31c04ed8b69b36e894ecb14f94a48b18ba4990e0eefb3ab27f6b88849f54d09c232fe2659f738006c0451c86d54e91392130606777eeb3bdafb71b2dffdbb270ebbdab2a958bf8af065d269640ff8c714459754b7683e165c2d44be0fc538c05f4c3a15f60efedc3dc9e4ef0a81ec0317bb9a1e09e259402154d4f19a3753564d16cb626f6c7ba761bb175b644bec8c2c87301a20528928acdd8495b9936ef20c4e42ba731940f8633212d4ff9870efcee7552878894dbba2040b44e6ada6f80f51871b9b3981d61fc2ee811a7709f6dd3c491d61fccc92d9437d139a5e7a4c4cb5de56fbcb0540bee1deea90ba78be31fcb998f3c690fd6e3a92f30aae68c6fa2cf5d2f6c3f2722e447f91c6d70029dc974c62afe2e77115d627af3ec04fa4c3d79c127b5124414976538cbd0b9454d6c07efff1c08b25fdc5fd250bc8c5de8c78c5132a60b904ba344602f945ae9edd1b20c34411535cda9777b9c8af1b6645f7d6a5df607a062d1ea9ca5c76e2e2b70490c4e493a93ff78ebc6a219badad49865dd3d6a42e5316668fa22b8bc553defeed033fb6942fc4f4569262cc66e208a7bb9953bddcba439e2417339700da97511c4ab62a149281255020c9f99ef01a5c11a122221de0e13528d7085486b9ee182c8901e0e00fb842ffbba32b77dc0dd7ddcc50fc291f457d5a54dd49a0984d15d725714e38d58a9e736b3d6e0307c2f1e070608c5463c657f776eb3830c82c9879a2bdf9ee6b2dedbc1125001619d8163320e39c8e86e7298f8f1124cd92cde09c69498c75e838574c92846f2bd4c0f0ffe807aa563b4ad5331b253853c00220b3dbe77ac53d41bd5425c44a4151bbe108ab2cf77fdcaba5ac71041060a70ade05e494930ca2fde6a6f2bfaa80a514b62aeabc1d93154349572abe0aaf3fc04f8dd451c2e0094f88196ea0e6b3d40fb8b1965bfe418495975dbaa15a947a27a0fb730291d438e7875c34dc6b585f27d2661359b506525c65145ba1b5fdb6acb57a1a837c623e34b526c30f5babd4d0ba7b9cf57c8741cad09e63078fb7a4643ef1fd1fda25d6fdc91313e74c3cace790d04a3fb1479c089c727203ae5dd2ee171a59f9ad48f668d29bdd2392314019b3b414dc3ed00e2d1b6fd6882ef6f4562133951cb02e67ca653c29ed8c701a47ab3798354ecd33c91741dd4dfd2d5cd17a88f2af98a8c476dcc93dca8efe4decf8f2aa9fdaecf482c14f1bfcc4741ee80744b88e146895b3d255ea3153b4247ea7f18135b9d45518507264fe54fe566593b51baa474290db406e63f384e93cb88663b7350ac79a3d968a12b44e8590f02f7bf5a7ae5b1b1c0c512669bdc1d972fe46dbd37d9801569152b9abbe4e0f63b8964ba602f4fee018d036f74f62463c098851bfb2d079a4c458524fd5af89d2bdbdba5289ac4c35206201306e71c04b1fd845bbfb94687522e146abe727d3fe03da86745444c8c259bd3b6ca19e782f00b93d7b168d292c90aaa332aa4c1f58463db5f5bc4e88512dd71201ff0b04cc33ee849146cf74e524b91a738e24be2f1fd1a8e66d2457d23c827f4b5004f04db2eae97f03fc6e1b6d52b576fa562be6669ab0a48e4519e13ed2741b13de4c341b2828541c9b50be4362660fffe582051b103a0eaaa20dac65e3f7d42929bf46657cbdc600838d660e5b939b4645eb5c6c624a31fb47095792bb4e5df5a04072f9dba8ed278b06c1c87e5536ca64cbb778e3db6edf1f96e7fd8412632b6363c68ea253693a18384738438f41a68f2295c9ddd9149fbb1f01be32f93902a9be41845419b8940e41e393db035cc4e999604792dbd78f337cf0d156beb203474ea56516333c7ba6a02ed6b45ef16a584a2daa1b3cb9de54c2df5354b9ffdd7e1cdad3e232327dfe1958ef91dea2b9a46f43bd300d5fb71dcd3ef838a166af3b0b4eff69105a2d0a2cf445af862da923f307670be496c7fa6440b74b7647a73b70df9b7a77ee749d733550145aa21207346e68b144d8838465b5fb6c50f280192d2d3cb34688dcde6b24ed4230f40285fa3acf572b556ec5f9692f4c26229a9431e44f1701251eefc9caa6adb813d1148848b7b16abc55bd3fd9", 0x1000, 0x101}, {&(0x7f0000001580)="fa1894433438e65a6182676281c9f77caa4d9aaccbf378b59b36132ae247a9f88113e4db3af9b58bd0e647be939aeebd7afcc714af2b4e34b945c01d9d5c98a622665870918a0d438b027c0113ab073cb0bd35307987b9fe0dabae53b09454b5fbdbef8957f98637a5a38eaf6751da988d35bcdec9333abaf1c14d1379ef8f1b03ec08f42092ef1f3fe3888d83390f2886de659ef6cc86b1811c28cb2152f4c0a486fa24f126f5ea5b", 0xa9, 0xfff}, {&(0x7f0000001640)="333dfceea00c63165aad16d3685cec438ba8f8698a6e15e0de173e484cfee599b3ad33b1a8a76c8e81f8f2d3ad25b8d62f51dce067bce4c22178c67b987effbb906b38d1089d1bc8ccf21d48a470df068657a67c823c7dc2af8e6df5fe83e309c33750e19dca5135ab9022c82e733970", 0x70, 0x4}, {&(0x7f00000016c0)="367d58163eb40b43b20e2ce4918b71da2ddce8fe0593c9656724531b71f3cc89f01025e855d47b819146780679879156ee2de064d939a9901af74e69c1bffc8d4e523d76455e318f10", 0x49, 0x3}, {&(0x7f00000000c0)="dea6386ea8d52fb146c9cb1fadc715be4d8536adda3621f6db7b3c70106345def1e6d0dc299e265bc25a0b3e24a23a10", 0x30, 0xffff}, {&(0x7f0000001740)="654fe7d07949a45b5b9eafa266984f83ed315655de31eb05cffe1d5a91996a4cfaa8753662c20f7b9019238c48b60f3fc7bdd928f6582d9937a5ecfa3ab8094f9e2ab51d98b3322c6a5ce8a51613f5ee302dde6d221cf7bddbd4278cb1", 0x5d, 0xfffffffffffffffb}], 0x2000002, &(0x7f0000000200)='/dev/binder#\x00') r1 = openat$vfio(0xffffffffffffff9c, &(0x7f00000018c0)='/dev/vfio/vfio\x00', 0x800, 0x0) sendmsg$nl_crypto(r1, &(0x7f0000001a80)={&(0x7f0000001900)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000001a40)={&(0x7f0000001940)=@getstat={0xe0, 0x15, 0x400, 0x70bd29, 0x25dfdbfc, {{'ecb(cast6-generic)\x00'}, [], [], 0x2400, 0x400}, ["", ""]}, 0xe0}, 0x1, 0x0, 0x0, 0x8000}, 0x48891) 04:11:05 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2448.973221][T32493] binder: 32489:32493 ioctl c018620c 20000240 returned -1 04:11:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fsync(r0) r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_stats\x00', 0x0, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000040)={&(0x7f0000ff1000/0xe000)=nil, 0xe000}) ioctl$RTC_ALM_SET(r1, 0x40247007, &(0x7f0000000080)={0x19, 0x16, 0x9, 0x9, 0x3, 0x0, 0x6, 0x6d, 0xffffffffffffffff}) [ 2449.028475][T32498] binder: 32496 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2449.028489][T32498] binder: 32496:32498 ioctl c018620c 20000240 returned -22 [ 2449.054404][T32498] binder: 32496 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2449.054431][T32498] binder: 32496:32498 ioctl c018620c 20000240 returned -22 04:11:06 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:11:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x7a000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x400000000000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:06 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x1, 0x2) getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0x41, &(0x7f0000000100)={'filter\x00', 0x80, "59884f4b0dc67d54ee485bf2f97be3664fe391f3d492f822b0e6bec636146a04f8ebede7bd496d081fed320ac3f08a3af4cd0b61b7659010cff3381949eeac75958572401a3a6456a1a59809145333b5ce9474ddbd895fd97874556559f7e0bbdf3f04748f50aa08f33153bf31ef9ec26783292b2c1b7f798533526bf1a88fe8"}, &(0x7f00000001c0)=0xa4) lgetxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000280)=@random={'user.', '/dev/swradio#\x00'}, &(0x7f00000002c0)=""/125, 0x7d) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="df0d"], 0x0, 0x0, 0x0}) 04:11:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x10001, 0x0) ioctl$TIOCSTI(r1, 0x5412, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, 0x1f) [ 2449.686318][T32613] binder: 32611 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2449.686332][T32613] binder: 32611:32613 ioctl c018620c 20000240 returned -22 [ 2449.694335][T32618] binder: 32612:32618 ioctl c018620c 20000240 returned -1 [ 2449.704745][T32613] binder: 32611 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2449.704756][T32613] binder: 32611:32613 ioctl c018620c 20000240 returned -22 04:11:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x500000000000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2449.755823][T32620] binder: 32615:32620 ioctl 40046205 1f returned -22 [ 2449.763653][T32617] binder: 32614:32617 unknown command 3551 [ 2449.778997][T32617] binder: 32614:32617 ioctl c0306201 20000240 returned -22 [ 2449.856480][T32681] binder: 32615:32681 ioctl 40046205 1f returned -22 [ 2449.867977][T32724] binder: 32680:32724 ioctl c018620c 20000240 returned -22 [ 2449.895684][T32724] binder: 32680:32724 ioctl c018620c 20000240 returned -22 04:11:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000400)='/dev/null\x00', 0x240, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000480)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x1c, r2, 0x200, 0x70bd2b, 0x25dfdbfe, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x800) timer_create(0x0, &(0x7f0000000040)={0x0, 0x2b, 0x4, @thr={&(0x7f0000000100)="879dd409cffe4c5302f6e01d3915b79c4bba7a635d153106692cc149f506dee2d8574d245c4db7241fc04d7378d9cf8f54454900f443b5c191b0fa8f74382b8292539fd04630d0c0b67d609b3f6526cbb74fcd75eaea3a6c716ba4527967c102ebcec752864e0faadd763b57d3b48df66adbdf5c9551f5affe38fb3d7c739c930866989016002739fd936a796b", &(0x7f0000000280)="3a96d781642da6ce1c796ec62425ce6c7001afb02b9eaa34928c68e53df1591190ef801ce22c9ae9ebfbd57ca8f4f0b83da4535b5fcaf4ac4f8df26fd3563612eb705b8282fab0648a0251894c3a2953ea93e8d6b9d70ada086084ac0d59bea956133bf3404aa349d5a5212a243ff18ba0fbf996d88c3292727b78cc3da3366f7bb7cab376f21b4411ddca07a9eb6b6c55d6c537bfd504bd77abf57de427b7a74fbdf9f0992b2db26a57f1d8d0105f6e1d335861a35592b02d62c2848a020438eb635195807f6afaafb56ed1e2fcaa5aee75315f6a7391b79f4d6bacad78365418bf49773f5a3723672f26e6"}}, &(0x7f0000000080)=0x0) timer_settime(r3, 0x2, &(0x7f00000005c0)={{0x77359400}}, &(0x7f0000000200)) r4 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) ioctl$SIOCX25SCUDMATCHLEN(r4, 0x89e7, &(0x7f00000003c0)={0x2}) openat$autofs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/autofs\x00', 0x10000, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="c110cdef01700000"], 0x0, 0x0, 0x0}) 04:11:06 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x2) 04:11:06 executing program 4: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x2000, 0x0) setsockopt$RDS_GET_MR(r0, 0x114, 0x2, &(0x7f00000001c0)={{&(0x7f0000000140)}, &(0x7f0000000180)}, 0x20) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0046209, &(0x7f0000000240)={0x72, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = semget(0x2, 0x3, 0xb0) semctl$GETZCNT(r2, 0x7, 0xf, &(0x7f0000000000)=""/190) syz_open_dev$video4linux(&(0x7f0000000140)='/dev/v4l-subdev#\x00', 0x100, 0x101000) ioctl$SCSI_IOCTL_STOP_UNIT(r0, 0x6) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x421000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f2ff0000", @ANYRES16=r3, @ANYBLOB="00002abd7000fddbdf250d0000000c0003000800040004000000080006000400000008000600000000000c0001000800060073680000240002000800fffffeffffffffff02004e220000080002004e22000008000b0002000000"], 0x60}, 0x1, 0x0, 0x0, 0x24000010}, 0x20004005) 04:11:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x600000000000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2449.928574][T32735] binder: 32734:32735 ioctl c018620c 20000240 returned -22 [ 2450.018718][T32740] binder: 32738:32740 unknown command -271773503 [ 2450.030600][T32742] binder: 32739:32742 ioctl c018620c 20000240 returned -22 [ 2450.059125][T32740] binder: 32738:32740 ioctl c0306201 200001c0 returned -22 04:11:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x700000000000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:07 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x2) 04:11:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0xa000, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r1, &(0x7f0000000040), &(0x7f0000000100)="d966c1f51ba83206d871ba8f7a54e5f7808edd1cf5e0cb382a9c8e264e2ad2b77c0932c72e9cf24765af2cf694c05031b0ac7bc16ca4fb635c600d158a0f0ba112ec0d736049a2d10156", 0x2}, 0x20) 04:11:07 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:11:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x3, 0x501000) getsockopt$bt_sco_SCO_CONNINFO(r1, 0x11, 0x2, &(0x7f0000000100)=""/246, &(0x7f0000000200)=0xf6) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f00000002c0)={0x0, {0x2, 0x4e23, @multicast1}, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x19}}, {0x2, 0x4e20, @multicast1}, 0x243, 0x0, 0x0, 0x0, 0x80, &(0x7f0000000280)='netdevsim0\x00', 0xffffffffffffffff, 0x101, 0x8}) [ 2450.610809][ T390] binder: 385:390 ioctl c018620c 20000240 returned -22 [ 2450.629130][ T392] binder: 386:392 ioctl c018620c 20000240 returned -22 04:11:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x300000000000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x2000000000000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:07 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x2) 04:11:07 executing program 3: r0 = syz_open_dev$radio(&(0x7f0000000100)='/dev/radio#\x00', 0x1, 0x2) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x100, 0x0) ioctl$KDGKBLED(r2, 0x4b64, &(0x7f0000000080)) ioctl$VHOST_GET_FEATURES(r0, 0x8008af00, &(0x7f0000000140)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0563"], 0x0, 0x0, 0x0}) [ 2450.814075][ T506] binder: 503:506 ioctl c018620c 20000240 returned -22 [ 2450.859942][ T510] binder: 505:510 ioctl c018620c 20000240 returned -22 [ 2450.878735][ T506] binder: 503:506 ioctl c018620c 20000240 returned -22 04:11:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x2) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0xb00, 0x0) accept4$packet(0xffffffffffffff9c, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000080)=0x14, 0x80000) connect$can_bcm(r1, &(0x7f0000000100)={0x1d, r2}, 0x10) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:07 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x3f00000000000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:07 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2450.909971][ T513] binder: 511:513 unknown command 25349 [ 2450.931062][ T513] binder: 511:513 ioctl c0306201 20000240 returned -22 04:11:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x1, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) ioctl$SIOCRSGCAUSE(r1, 0x89e0, &(0x7f0000000080)) 04:11:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) [ 2451.080307][ T626] binder: 568:626 ioctl c018620c 20000240 returned -22 [ 2451.103542][ T629] binder: 563:629 ioctl c018620c 20000240 returned -22 [ 2451.120251][ T626] binder: 568:626 ioctl c018620c 20000240 returned -22 04:11:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x4800000000000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x500000000000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:07 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2451.284939][ T644] binder: 639:644 ioctl c018620c 20000240 returned -22 [ 2451.307364][ T659] binder: 637:659 ioctl c018620c 20000240 returned -22 04:11:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) exit(0x490) fsetxattr(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f73f1ecd50b01c738a90396eef6f300000000000000000000000000"], &(0x7f0000000040)='/\'system\x94bdev]bdev\'+-:securitywlan1&-posix_acl_accessGPL\x00', 0x39, 0x3) 04:11:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x600000000000000, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2451.334885][ T659] binder: 637:659 ioctl c018620c 20000240 returned -22 04:11:08 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:08 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:11:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x7fc) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) 04:11:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x4c00000000000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2451.486248][ T755] binder: 750:755 ioctl c018620c 20000240 returned -22 04:11:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x700000000000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = getpgrp(0xffffffffffffffff) syz_open_procfs(r1, &(0x7f0000000000)='net/mcfilter6\x00') ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000040)=ANY=[@ANYRES64], 0x0, 0x0, 0x0}) [ 2451.562787][ T764] binder: 761:764 ioctl c018620c 20000240 returned -22 04:11:08 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x6000000000000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2451.666529][ T770] binder: 768:770 ioctl c018620c 20000240 returned -22 [ 2451.687694][ T772] binder: 769:772 unknown command -1 04:11:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x6800000000000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2451.723934][ T772] binder: 769:772 ioctl c0306201 20000240 returned -22 [ 2451.740104][ T776] binder: 774:776 ioctl c018620c 20000240 returned -22 [ 2451.750602][ T776] binder: 774:776 ioctl c018620c 20000240 returned -22 [ 2451.856473][ T884] binder: 845:884 ioctl c018620c 20000240 returned -22 [ 2451.871095][ T885] binder: 883:885 ioctl c018620c 20000240 returned -22 [ 2452.209401][ C1] net_ratelimit: 18 callbacks suppressed [ 2452.209410][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2452.220860][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:11:09 executing program 4: r0 = syz_open_dev$sndpcmc(&(0x7f0000000200)='/dev/snd/pcmC#D#c\x00', 0x7ff, 0x200000) ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000240)) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x7fd) ioctl$BINDER_WRITE_READ(r1, 0xc0046209, &(0x7f0000000100)={0xe4b871bdde2ccfde, 0x0, 0x0, 0x268, 0x0, 0x0}) openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000280)='/selinux/status\x00', 0x0, 0x0) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x103000, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r2, 0xc008ae05, &(0x7f0000000080)=""/95) ioctl$EVIOCGBITKEY(r2, 0x80404521, &(0x7f0000000140)=""/168) exit(0x401) 04:11:09 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0d6363795af0a6dadd7c896a33abcca6577ed1f3aae9add58d73af1ff1d51f22ccd4e9f8a4fba19acf92e4bdc12a48863b45e2d9bb6bf5b2e418094e558b436592766e49e1526ed99f878f9e22c0296ffb4eeffb60909a8eb18f8231dcbbdcb8a41d661132055328234d6ab06647eb5d7da57426b752814386a88ebe98601baac3bed49dbbaf6dba0d7715e35aeafdbeeb09584ed9d490c2bfc1550b76773b05b165b8cf6fac6045609f54fbd63e8137813952fe166c2941ba9a8d0aa5304452b53df8ac4937fe980cb32785a5d48afea86219aa87f2a59e283bdd7d6fab9e46b9c8218a39d77ca8838bfd889747c9e726b0315af69f784069dd8455336e164481d4a859"], 0x0, 0x0, 0x0}) get_mempolicy(&(0x7f0000000000), &(0x7f0000000040), 0x400, &(0x7f0000ffe000/0x1000)=nil, 0x0) [ 2452.289415][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2452.295241][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:11:09 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:11:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x4800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x6c00000000000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2452.346495][ T892] binder: 890:892 unknown command 2036556557 [ 2452.384679][ T897] binder_ioctl_get_node_info_for_ref: 22 callbacks suppressed [ 2452.384687][ T897] binder: 894 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2452.384700][ T897] binder: 894:897 ioctl c018620c 20000240 returned -22 [ 2452.390265][ T892] binder: 890:892 ioctl c0306201 20000240 returned -22 [ 2452.417050][ T901] binder: 895 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2452.417063][ T901] binder: 895:901 ioctl c018620c 20000240 returned -22 [ 2452.436621][ T902] QAT: Invalid ioctl 04:11:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x7400000000000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:09 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x4c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2452.444356][ T897] binder: 894 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2452.444367][ T897] binder: 894:897 ioctl c018620c 20000240 returned -22 [ 2452.472257][ T902] QAT: Invalid ioctl [ 2452.529427][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2452.535258][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:11:09 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) open_by_handle_at(r0, &(0x7f0000000040)={0x43, 0xffffffff7fffffff, "5113eaadcf260e15c1466e5144453d2d71113a1ea5260d4c0a11344f0a505b0addd6a8959bedb0c0eb653166fb65b7502aa42b8bcd9327a57be887"}, 0x801) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) r2 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/avc/hash_stats\x00', 0x0, 0x0) syncfs(r0) openat$selinux_context(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/context\x00', 0x2, 0x0) rseq(&(0x7f0000000000), 0x20, 0x0, 0x0) rseq(&(0x7f0000000000), 0x41, 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vga_arbiter\x00', 0x101000, 0x0) r3 = semget(0x3, 0x2, 0x20) semctl$SETVAL(r3, 0x7, 0x10, &(0x7f0000000180)=0x1) ioctl$IMCTRLREQ(r2, 0x80044945, &(0x7f0000000200)={0x400b, 0xe3, 0xe93, 0x2}) ioctl$EVIOCGKEY(r2, 0x80404518, &(0x7f0000000140)=""/24) [ 2452.601045][ T1011] binder: 964 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2452.601057][ T1011] binder: 964:1011 ioctl c018620c 20000240 returned -22 [ 2452.646404][ T1013] binder: 1006 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2452.646415][ T1013] binder: 1006:1013 ioctl c018620c 20000240 returned -22 04:11:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x7a00000000000000, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:09 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2452.689441][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2452.695268][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2452.785416][ T1132] binder: 1131 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2452.785428][ T1132] binder: 1131:1132 ioctl c018620c 20000240 returned -22 [ 2453.089397][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2453.095319][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2453.235759][ T1141] QAT: Invalid ioctl [ 2453.239910][ T1140] QAT: Invalid ioctl 04:11:10 executing program 4: r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20\x00', 0x108002, 0x0) ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000040)) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x6000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000040)=ANY=[], 0xffffffffffffff09, 0x0, 0x0}) 04:11:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x2, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:10 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2453.322706][ T1147] binder: 1142:1147 unknown command 0 [ 2453.333393][ T1148] binder: 1145 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2453.333405][ T1148] binder: 1145:1148 ioctl c018620c 20000240 returned -22 [ 2453.364146][ T1147] binder: 1142:1147 ioctl c0306201 20000240 returned -22 [ 2453.376888][ T1153] binder: 1143 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2453.376910][ T1153] binder: 1143:1153 ioctl c018620c 20000240 returned -22 04:11:10 executing program 3: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080)={0xffffffffffffffff}, 0x13f, 0x100f}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000140)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e20, 0x1f, @rand_addr="9f9082c4bb479579757d8ce7b5f057ff", 0x2}, r1}}, 0x30) r2 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x40b, {{0x2, 0x4e22, @remote}}}, 0x88) 04:11:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x6800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:10 executing program 4: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) splice(0xffffffffffffffff, &(0x7f0000000000)=0x58, 0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x6761deb9790671a0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/current\x00', 0x2, 0x0) 04:11:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x3, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:10 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2453.518022][ T1161] binder: 1158 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2453.518043][ T1161] binder: 1158:1161 ioctl c018620c 20000240 returned -22 04:11:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x6c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2453.594003][ T1161] binder: 1158 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2453.594017][ T1161] binder: 1158:1161 ioctl c018620c 20000240 returned -22 [ 2453.619128][ T1223] binder: 1189:1223 ioctl c018620c 20000240 returned -22 04:11:10 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000001540)='/dev/rtc0\x00', 0x0, 0x0) ioctl$sock_netrom_SIOCDELRT(r1, 0x890c, &(0x7f0000001580)={0x0, @null, @rose={'rose', 0x0}, 0x25f7cc95, 'syz1\x00', @default, 0x8, 0x1, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}) syz_mount_image$hfs(&(0x7f0000000040)='hfs\x00', &(0x7f0000000080)='./file0\x00', 0x1, 0x5, &(0x7f0000001400)=[{&(0x7f0000000100)="99527df7c63791c539efb94fda3d1f7d7699ae7c53400c52dd0f7ce7029748109683944a3ae60ba0d1d965ddcb82cc56c8c2c6847eabcb06e930ed9ee1eff16fb514e23cde14353cf818f37bf84dad46996649302c1e78e06a3a2ebf5beeb6ba4a7f87cd4f463929a48b1771b4eef25c49290fa7dacaedb8eb3153e43be35e2bef8fc50739632d8af920864be038935a2ee772b28dda62", 0x97, 0x7fff}, {&(0x7f00000001c0)="86978531aff989cf679ba076f58c6879d657489938e3cb2a2c38efa5a60f0b89033fd83dc86a73707f8071a49e64e18aba33079f016ff4b57261f05980db3218da699f348a3a9ec6be78cae196818cc6cae01c16f2cd75ab0ed6d9e7a14a831135ace92a1907c3f01a", 0x69, 0x9}, {&(0x7f0000000280)="958ffc1f8b35bf9ea157ba10881f7f391dd3afb07c201f51d90082d7c7407721677409556c785cd885db8dd17a06f16a5271679453508eaf0546ee4364dddf36c6e6619da1e727de0693aa65c9a544943a03ac404a5b715a086be8", 0x5b, 0x6}, {&(0x7f0000000300)="8bcf55c00e0225a19035f41eca711a9f48b20e18cb263b84d1b20642dbad2686e8b2110ca42fc2a2bcbd124057d678924381254162cab012ea4bf8fbc9330deb7cce5a168694fc2adee4829211922f12b2c1adafc6e08c99c45e6e5c496300764f68da74601763c94caaeada3706fa393a63e7ccffa2f659696e97897bdbe1feb4ccc385519be83f79035d350aae97de47658ec87bc5eec8b4f9911a1110e16562b92d9bbf5255842e6b04b884756da911b6cdc1b733baf0d5cf0a93651800a85b53dfff7a8bc30a30a6de4a1c3f1fd848a6840594822db44c7677e8017c43c93a677459c2d3e02595af44bb75788843dd27d532ac60cec0e284a2e923bb2ee980008156ad4e6a8452ebeef567466c6ca3c5b56161dfdb8a7e5bb7c1759234e123c75ed91fb4572923b3a2f8b290c108c3c7c647499c47b51db40ac086f13dc1c26f9f9e21cd04dfd14639afb513b394b8cc1594402a20149c92d374ee5bbc3fb98d8b9b67b212df7eff42cd8839f3c57e88cc08fe5a37e9142de37e3565ee6cecc73e49820f9f147754313df20172673063c54d54b93789b66e8fc5afe105e0787f4859f3a8fdde6e5b089ca3154fbaa32b24a10c3fd3c729cdcfe6433ea875481225c1772994aa4956ab3cab3f82a0dce58e7ec638038debc6286b10e6203bee3b74fab0a259069ceec1fbfa37292cf3546f384add56ddbbe8224f170a088562685d94d14db789d06ba32222418edd9afc21a0a7874fec5c192b6517cebb76c10f3e1239e7bb695cf961a92bc7039b767717ed8824fa466c8891822e787622a664aeee264f2ff11be65a4e54c1f5ea020cca11f92938ed357f9cea988d6c3e640d8d239665cbb04991b09de609fb05f1c8a656c1a337e39285421d7aafc0dc788f957037c1fdf4a7276d3b55adf831ed1108a0133222895f6f50fb71ffecef358a7a4ce251e4156e3801a158def3b8a1252e0f397f41c23dddb85200a38b9e237d9f85b96f08207114a806ec3e78e2d830de24636e83fe19e1df26188c3d366ca06ae019ae787c9149fc3319a7c567a17d04efc09f6b0e002d09d30bdc9d8ce621ef2f8b9f618548bfa1a6c485b4193b2f2a14c78b3d8d58dbfe083b23e9ea317afb9b2b6b917f933a6448a536a7041c4615d295669c07dfd4e263266e903e03ebd1dac0694a90f5b14306fbb7bc544a7b965a4ef40f1276becf7e0a83aa75ea8463785f63ae8ad82375043105f90f04196eee0372f04a0c015226301aeb1fcc50a1c50b19cc5a97347df5ae3cb883a33ed7de0d7f761aa8b1e7f42c936fbaa18daf2a6d1811f4cf991e050f2594a4bb4a1eba76026580a741adeffd151ead452cc095c24b5fbfc17faa418cf4690927ef859ee0f0591d4e5593dd6cdaaa64aa167960340382fa534a1ed1278bf46d9931eebf9a51382eeb210eab141f883de6ead6f897be7eda6908caace85b9640b70ac3fc6e5f678b5318a5e4e56dfafc2c61f1a23e5c3687e30318a947bdc3c6cfc0f8c2d42ff87d46bba5742fc57196409040c575ee6d38f6a1cfdc9b4f9b849373231bb71746057818005b11043d1ebca70f67a8067de07d19e0f2c0996144710c240bffae500ba404898dd2ed7bbb1e432ca7d6bedb4d446eaa7eed33b66196e43d29ea065f39e328b7ac6e255e5ee7512dfd2e3d71920103003bb5217d72c76c9ea953a60547736c83b7937b63f8b2486eb51f42b2af1158de93f9f81a1075ec838238f92ff145049d25f04cd0e199bc60bd60dde40044bc90e98b640c9876b3b68d93568de16aa34690d1137a29f8147dd0117e67a666ecc2678a08d7296314f91077d980bbb7225bcb5074f9b9be578f7c6b7680d9a0fb1f92225e50d22c0b865510c15a4f68c32a313685f32f673aa112714dac8ac642eebf1cf42c121345800065e0fc6d66ff74dbb838dc81a583a2afbb199d8fc519bfc4e0c51d784ee7bcd6f3e693d6bc7c211b15a98393bf6da85076912de345084c2ec379f297023315c10e72c6bb2126d1d0ed7e72b94c67befd93349654ea262eb2632a79a9d97dab7bf23e4fe750d1820abf609668f62ae4fe0c0230de6be971b5bc8d8b681220377227108dbeb0647e0eaee418e66016b18e9b0554c625c2f94b61a8cf7320719b6d3cd6f88db12bb1bc7cfb1fad2526dd24a5a54a5d7b89a955b566b8367417cef4d277ff0fe714dcc07da8b51d5623aabb5cd699423b6263e7bfba7e20a943f66f6cc494ce2e33d98b6dcdc2fae9a66cba5892bbad99879551bc2bf38d6155fa3b63a97c97abd5ee02dea43113fde93d18bee3ba667630ac5c364f79938b687f110e22a5f0a86bfea432dbc14ad94089fa32296e77dad52669d9d8705353b72f7d806f0e739eeb7d7bf43510322842f98aaf7caabc5cf0036d208802062c70837615d93a0f6cea823fb6a1483650e8e55482701fcd0031c342a420a508741b35e4ac5c0dd5e3f47643a23849aaab3ec80d30025dd12c5be26c426445aeca9e409c95fb3e37efdd6f6771c006b6c44d6fc9abae68f991b16766defa6de619c4cf30caabedbecafe403cd0195e6a7ee3ccee3685261067c5a8d5b997b82b09d9a6e3b58bc8de46d8875434909c18dd0a01564d51c4d88abe1d64f0796539ada033ff11e5742650df1766653654eba1de260bbaca4fe3846d3d790ab6ce9527f6f9b5f13f9f7189d2fcfcd02f0937eb1be4eb878efc45ecc7fd210382aeee555f9599bb8d78d63a04065deecc07d78df4c9a0ca2cf9d5b68dab997020482377a8435f6bacea10bcd0cbbca5fc09a88acf1f3e8fb269ff292caf6304d419971d0cbfd83a1547dc49224dd9ec27b364761c6bac76da4053de2f2339bd94cf4bddc1ffd77ff7bd7ef8fe2bcfebb51e9216899cd3d02c50285e1d8fd291ea69df3470c96207fa95b9ca13bc26c774626310fec2db33fb8a58a83bb3fcc95c82708bb655f4fec444d774e6d356bad17e1942bb6842e80952eea13f24e8fd0303bc8978783d2d45de76033b7b995f0f278b5f8ac4d9a55c43efaff935cdcc1e6dc90370d3f982b9d936f7602eba21c0d324b8d2b2558c8a81dad4edbabbb74f50b27ae28b50af1c5d2a79c5536aeec67d9795c11aee2c773a125ecf56c288e25a692d88302d4a46c4a4aaa4908a3ea234450db5c0024225136141682d020b1e9095100ae02e6134a3116a27d0e13fc61ef3d7a607f201a98d21b16f8b26b15c7a071ba599ec1b844ddf3f5bab176fcdc7f88ed74caf532ab41a6ffb6c4b58eebb4b0299ffb1ad0b3bbd13e05c4674da20b9c81ac54bd227c896ea8e5561476c7dd77e46e36f3840d16d4d1e7f563512062eae53c386f65c957132575215bb008049b78357fd3d264041cb10a795a803bac80af84223eb963e70286aa25994cdf541502ebb8f84921b0deeef3606e62b88ecaccf5e0a7ea9c941fb9f36e752daecdcfd5fb567e15469c7b25b41ee4b53672ebd7b38d8a274f4e8e9962a43e454ff2a37c8c12cd4a09d8bf27636bcf9dccefc485393eaf799294812e71e9b400c375c3c066ab242e1979c333d65fe3214567bb1f4f568bd5d7a8fd96848d463edb574536d40c27f7980c826b8cd7af3b93408fce5466418145a046ceaf51b38b7f13fa1d236b75b3e3b70ea3bb711476296451b21d88f63170a64e9c244611b8d723dc687f200611a0311b838674188fad1f3f4eaf259497894af9c70583cea045ee4efae2b437db4da8d705d273ecada9296d3535728298e4f9e5f5be2397f11e3ef39d45a4a1d814f0983e5916acef6310640130aef8b0eebc348a2ecff62699b13a202c35dcec3803e27cff5f1b8d1f42e9765a19e7134420a07d7443ef14f10f0a635b9661d81eaf72365308a520ce05fb5fca1668817904d84274303da67a6d16c1b4c16a3d1cf20a940a2405c1330f02eee5cf63cc3bc6b89edf91c4d83c7d05d3c45a4841a88f4552cd3379ae0854a356d5b6c3ab98cde987d7b555d4d2261902c1290aaddb804a9fd7434be6cfcfef461d479dd6f9f7cd8183dc330d8f8a64ffb4f39c40729758cbaa383283a8049e4ce79f4a9ef3bb481445e199e0302ed998dd60dde9757d30b4888c70ab2fdecbb3c5d7e6d31ce4a89dca97f2c86269430d2050533654b627fbca15613a0cbab09ff202d71e6173a98d946d8d64bceaf4c238242305c7b38e2c7f8211268974a676588bab96335b2967ae5b1f1381aabb2ee63dfc5b1760d1aaf6cec42ac181be8e958a5fc5cf11262c6bfc457474d308e718b26f9a3247f3cba2d2a2f635353a1ca25cbbf6d13cbc0e027f41a48ef2e4fe4563e4aa58b6fc7cbdb456fb4b1844c9614e8187802728a806fb78c990bbc13f6992f0dd8447e55cf3974322b496ab524170a2ad426caecc798b440f5c838055e13165b740cd2ba3d166fd88654a99b44640c973e9702ddd58e0771ddaed4b72590f86e29b7626c4ebf52d2d20cfed2dff2ef22389bc4be0164c07efbf19ebef2f3b9bca8a2b98541eef1e1c2cc41b50861681c3eca3425c41dbde485de9233fcff824774f7d072ff1bcfd3a73fc29a3f7dcbbbc40c18a93a04e326714c86f892a9056f94f1a60fbdb8b08b83cfedff09178d6d1450d568fde8ebfe259b51ef433376274c6575f7f3308dbb884e8d4398601734e4676d2129ba8f93ca76f5556527f38f3fac3a9bb5d1e0c50e778794f182c7738daf93460b0acd9480a558ba06fc3269037026d7bb0bc2c36cf8c1b9b55d22479e25c9a599d214dbd8fdb586023abadcf9f5cf0a8e07f4c871e5f627615550da17e096bfb45a63f29f57b2e5e1e9e9272032ec2fb00c28e7f628e3411292cbb2fa084fdfe7a41c9ff5349d2be5709cccda3d44c13235222d7bfae500936bd1285c257bd1c2041fc9d9691b3d0542257045b456eec84745f765cfc360adf1a87183297915d119b9d2d594d850714d5b621297176131020f95245d08c3561116373ede7a82b93ce537b118ffc0040e4af3b977d0910a54fb8ccad1a5500f70a45c3f86fe4e3ecb07d989389bb1c5db9073b01d49341a4bcdf72b15dd5bdd1fe057c4f142b58167c319e0ba2976f7d04779e99bca42b2f74c7aad9b8e4112acf98e5a16d3ed9780630a119c873245db56c66b1d6184d2c401772f2b9e80abcdfa28efc5b5b03283223db79f35db7ea0a0f66586a7619bf9ca18a324a448fac902612992bd6d9e6899c1f3b33bdadb42a0a3f7785d1f185cd648e960e9c242ef9a71f2a5290b59e77518f5b3ff4413a9c745342edfb9e831dca61d830560a112d9640748922c7ccfb923a53987e8f1a55fd229e596c8d523ec8bdfd467b742616f94fdd75518c5f2800b87c21cfab70fcdbedaf763bb71aa1ea803f3ce08216d2b89bded9c94aec738816a5d05a15092b8195410f9fe690d9eaf184bd3da2e9197547fc9c78339fd713f44b10e7004e38f75496a01ff6e31f246e8ceb9338d853e5ccabe03c72a9ef67215fe8ad17489d345f4cf0dc71d253beb589ee01f935c103b2dd93e8b3f6258cced248003a89f5c3ad42a616b81124930b43f33265d45132da6f8cdb26b698e4abdfcdeab452c3205d24f6a7978612c05bab46cf037fd893ec8c11ef6f12c38ae459fe6ebfdfdcb9466c2afb8134eafe6feecdb619a6484de26caee94134b247cfecf68e74a8a39fa96f3774339a4b7af4b897b9a7abc585adb79c47e6cf1c3e1c07dff4c28df2e4ad14298884ee81ffc056cc2af66883829e455c925c09173f8121f30d34a47dd713d14dc65dcf4bf9e512dbe", 0x1000, 0x4}, {&(0x7f0000001300)="25ca1723e07443f09c45288af3a9ec972af9854893959c4c7564811b1bcd53c4edbb3c5468a45fe88ebe42d878f8d49b500e1b262ac144bb4f9a4219e513ccf21e4c9225fec524f350a6fb24d0c059760d59d60d5a83e2cb805e2388f7212c17dfe2d2452b29ebdeb52bf7a5bffcc8703b7faab8e33be54b3df1573eba8d1ba53c01f9db6b3da241e7b2cb8ec3f55b2945f1bbf3a367dae31f91b9f726ba5a1b72e23b358b678533c759013a5be965cd2c8a8ddd64c8a1a31863b04cec628c546116abd266ab63866356dc1a5f50", 0xce, 0x5}], 0x800, &(0x7f0000001480)={[{@part={'part', 0x3d, 0x2}}, {@umask={'umask', 0x3d, 0x8000}}], [{@subj_type={'subj_type', 0x3d, '}#--vboxnet0'}}, {@permit_directio='permit_directio'}, {@context={'context', 0x3d, 'system_u'}}, {@subj_user={'subj_user', 0x3d, '/dev/binder#\x00'}}, {@func={'func', 0x3d, 'MODULE_CHECK'}}, {@dont_hash='dont_hash'}]}) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = dup3(r0, r0, 0x80000) ioctl$BLKIOOPT(r2, 0x1279, &(0x7f0000000000)) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r2, 0x40106614, &(0x7f0000001600)={0x0, @aes256}) 04:11:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x4, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:10 executing program 3: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x2000, 0x0) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x33, r0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) [ 2453.700921][ T1283] binder: 1280:1283 ioctl c018620c 20000240 returned -22 [ 2453.769197][ T1287] hfs: unable to parse mount options 04:11:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x7400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:10 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2453.816739][ T1297] binder: 1294:1297 ioctl c018620c 20000240 returned -22 [ 2453.936958][ T1409] binder: 1406:1409 ioctl c018620c 20000240 returned -22 [ 2453.948176][ T1409] binder: 1406:1409 ioctl c018620c 20000240 returned -22 04:11:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:11:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x5, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:10 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = accept$inet6(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000080)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}, &(0x7f0000000100)=0x10) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x129000, 0x0) ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f0000000180)={0xfffffffffffffffc, 0x3}) dup(r0) 04:11:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0xffffffffffffff19, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000040)={0xffffffffffffff9c}) setsockopt$sock_timeval(r1, 0x1, 0x14, &(0x7f0000000100)={0x0, 0x7530}, 0x10) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000080)=0x3, 0x4) 04:11:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x7a00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:10 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2454.201384][ T1423] binder: 1416:1423 ioctl c018620c 20000240 returned -22 [ 2454.206853][ T1422] binder: 1415:1422 ioctl c018620c 20000240 returned -22 04:11:10 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0xc61, 0x0) mkdirat$cgroup(r1, &(0x7f0000000040)='syz1\x00', 0x1ff) 04:11:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x6, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x2, 0x0, 0x0, 0x0, 0x0}) 04:11:11 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:11 executing program 3: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x80, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x5, &(0x7f0000000080), &(0x7f0000000100)=0x4) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0000ef1291425858d31129dae73d7ea03becd38560340adbee1533b4bb046d457dcb63d3fa738fe6c3da36365ab4d81ed0efc8bd81f37e8d28a0aa1c6910c02044c9e92ee57076ed6d31e44c36a2babb9d263c8c8f978362e52ebe92c9f908570ace9823081583010064aceb2792e24ac236a485032aa2b1fceb5891fec30ed8a89ad2a094a84bf977abc3595b5174070525c88d35e64155acddab20206748b7acb37bd49064b93bfedaaa462f81cbe2bf180fcb43983daeeec0933732b94234f5d065c7d869f0f2eb767aac584da873c96105d1a14cf55811e1a0b51b41fd48e31e187fc1a7557ca9bf485912208600eddd0b17524104f9bf21ef71e920fa091b740add63b1097c47b5c8a441b4d0cb1f55d0b1151042218d97d2cd5d65df76b3499968b4686d825e604e531e65cac39aa2ebab5a1bd6f581f59616f24e02e81119ff03974c227d65294f57da285e6ced8de272651c2b84792bf29a372b68f5353c"], 0x0, 0x0, 0x0}) [ 2454.404180][ T1536] binder: 1534:1536 ioctl c018620c 20000240 returned -22 [ 2454.417491][ T1539] binder: 1537:1539 ioctl c018620c 20000240 returned -22 04:11:11 executing program 4: getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffff9c, 0x84, 0x6, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x4e23, 0x4, @local, 0x1}}}, &(0x7f0000000200)=0x84) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffff9c, 0x84, 0x75, &(0x7f0000000280)={r0, 0x4}, &(0x7f00000002c0)=0x8) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x3}, &(0x7f0000000040)=0x8) semget$private(0x0, 0x7, 0x1) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000080)={r2, 0x7, 0x0, 0x6, 0x4}, &(0x7f0000000100)=0x18) r3 = syz_open_dev$amidi(&(0x7f0000000140)='/dev/amidi#\x00', 0xb41, 0x404000) ioctl$GIO_CMAP(r3, 0x4b70, &(0x7f0000000180)) [ 2454.496608][ T1543] binder: 1541:1543 unknown command 317652992 [ 2454.503409][ T1543] binder: 1541:1543 ioctl c0306201 20000240 returned -22 04:11:11 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:11:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x7, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x3, 0x0, 0x0, 0x0, 0x0}) 04:11:11 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:11 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) setxattr$security_smack_entry(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='security.SMACK64\x00', &(0x7f0000000140)='ppp1\'eth1[]\x00', 0xc, 0x1) bind$pptp(r1, &(0x7f0000000040)={0x18, 0x2, {0x3, @loopback}}, 0x1e) listen(r1, 0x0) 04:11:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$adsp(&(0x7f0000000400)='/dev/adsp#\x00', 0xffff, 0x8080) sendmsg$unix(r1, &(0x7f00000003c0)={&(0x7f0000000100)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000000380)=[{&(0x7f0000000080)="5f3606cd247465700cd79a2b90f155414ba213e1d202d68f329188a657a1a380ab423cd3451538cdbce37b95f13394b04ab1bc", 0x33}, {&(0x7f0000000180)="99c3ea9f1427c821ba7d15d45dcd29cd4532f96f9085563658292688f6eac157e2cd0359bf5ff1367ccace3e1d36728b1167571a4f512faa40b0d00ac7cb2bc9309eb404bb1709f2d112e9c79fb663c63542bffb7fd18ed68ed80f12163b3cc1dce9c9852884915a41e52b29dd7e8aa11da01522dd3b5d6948dca31526202098c9f6f7ee44d1eebdfeada8c50404f5799d810d9cafb010338e76c98a581632d20b245cf22aea9bb8c8", 0xa9}, {&(0x7f0000000280)="3398683c85482866f4e07bcaacd13b987510eb8b30b5318b2b930b74789ca61b660dd0239f3112a15d197ef7da576a04bc0af8c626615b646898ee9fcafedb1e43a8891efb4d3bf5ebe4f7cba8a9a574cf72b9866be4ab68039bfd3aea4163c6854cefd7e5989d95e544a894037995799c8f88f2c6c9fcd203e451a3d567f569213499af17750435120293e707e191a7a70e295e028c14b067f7c5f80b45817256bd233caad153d045b85fed11ea92ab6ef5320d857d9bd21b05d17bb39af061541b35fce2cc5bb2a6238dacce4c", 0xce}], 0x3, 0x0, 0x0, 0x20004010}, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="2de03cac2211eadf9209fb055373000000"], 0x0, 0x0, 0x0}) [ 2455.069050][ T1672] binder: 1669:1672 ioctl c018620c 20000240 returned -22 [ 2455.084216][ T1673] binder: 1670:1673 unknown command -1405296595 [ 2455.097809][ T1672] binder: 1669:1672 ioctl c018620c 20000240 returned -22 [ 2455.102818][ T1674] binder: 1668:1674 ioctl c018620c 20000240 returned -22 04:11:11 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x161000, 0x0) ioctl$KDSKBLED(r1, 0x4b65, 0x3) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x2, 0x80000) ioctl$KDDELIO(r2, 0x4b35, 0xbed3) write$binfmt_script(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="2321202e2fc2911ef4082a4f07dc36fe3f3f0866696c653020202f6465762f646c6d2d6d6f6e69746f7200202f6465762f696e7075742f6d6f75736523000a96cb873031c9e4678796c772c263d1e5006143bad97947af164982ab973a47be4c6498a8e952a94fabcc0021df3fc23246275f26197b8933930df5d1ec820b3bc2d821b25c39f1c1dc825b939e253f33dd286bcd260a99e660a2ee986e8c1b0ba20bfacad2d88c53e3655d554e9f437e0a5af9eec3b08ce48e291cbda898a30686e20535a132d6c80b7a52440784d94eac9ee80118ed368fc17c5f1448550ab1a634df80b8122a375afe9a62169104ce31543d0ce485ab60f0192f264461234bd3de4ccb939992fbbc4e68c48b2813b11ec533a6f630a09487cde9cdfeaa83d1cc"], 0x120) ioctl$TCXONC(r0, 0x540a, 0x0) [ 2455.116724][ T1673] binder: 1670:1673 ioctl c0306201 20000240 returned -22 [ 2455.126725][ T1674] binder: 1668:1674 ioctl c018620c 20000240 returned -22 04:11:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0}) 04:11:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x48, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:12 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(0xffffffffffffffff) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(0xffffffffffffffff, r1, &(0x7f0000d83ff8), 0x2) [ 2455.284645][ T1778] binder: 1748:1778 ioctl c018620c 20000240 returned -22 [ 2455.285580][ T1750] binder: 1723:1750 ioctl 540a 0 returned -22 04:11:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) 04:11:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x4c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2455.342414][ T1796] binder: 1776:1796 ioctl c018620c 20000240 returned -22 [ 2455.466037][ T1807] binder: 1806:1807 ioctl c018620c 20000240 returned -22 04:11:12 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:11:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0}) 04:11:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x20000, 0x0) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000040)={0x0, 0x3, 0xa, [0x6, 0x7ff, 0x233b2293, 0x9, 0xffff, 0xea, 0x1, 0x6, 0x1, 0x4]}, &(0x7f0000000080)=0x1c) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000100)={r2, 0x7}, &(0x7f0000000140)=0x8) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:12 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(0xffffffffffffffff) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(0xffffffffffffffff, r1, &(0x7f0000d83ff8), 0x2) 04:11:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="30635c078c8041722442be121bcc21ba931726cef5d8592f5c608faa7342c672342024b68cd8322ee4d8838cec66534b64e95eec365df416dc7c59bc4a68f7f0185afac27980fad43ec863b09c47c004ed62d2a00000000000"], 0x0, 0x0, 0x0}) r1 = gettid() syz_open_procfs(r1, &(0x7f0000000100)='net/tcp6\x00') 04:11:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x60, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2455.999448][ T1816] binder: 1815:1816 ioctl c018620c 20000240 returned -22 [ 2456.004463][ T1817] binder: 1811:1817 ioctl c018620c 20000240 returned -22 [ 2456.016181][ T1819] binder: 1812:1819 unknown command 123495216 04:11:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x6, 0x0, 0x0, 0x0, 0x0}) 04:11:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x400001, 0x0) ioctl$RNDADDTOENTCNT(r1, 0x40045201, &(0x7f0000000040)=0x6) 04:11:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x68, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:12 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(0xffffffffffffffff) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(0xffffffffffffffff, r1, &(0x7f0000d83ff8), 0x2) [ 2456.070492][ T1819] binder: 1812:1819 ioctl c0306201 20000240 returned -22 [ 2456.165210][ T1904] binder: 1880:1904 ioctl c018620c 20000240 returned -22 [ 2456.179942][ T1907] binder: 1901:1907 ioctl c018620c 20000240 returned -22 04:11:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0xe0000, 0x0) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r1, 0xc0305616, &(0x7f0000000080)={0x0, {0xffffffffffffff01, 0x1}}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="9f0000000000000000000000000000157217c9e698e009761d8ae0c64d000000006b5d1619b4f05fb5139138bc969ae653fc8f500283e58c3860e2f0e89e912764d2d2861592fd"], 0x0, 0x0, 0x0}) 04:11:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x7, 0x0, 0x0, 0x0, 0x0}) [ 2456.285215][ T1941] binder: 1940:1941 unknown command 159 [ 2456.325786][ T1941] binder: 1940:1941 ioctl c0306201 20000240 returned -22 [ 2456.344060][ T1945] binder: 1944:1945 ioctl c018620c 20000240 returned -22 04:11:13 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 04:11:13 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x168, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:13 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x6c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:13 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x48, 0x0, 0x0, 0x0, 0x0}) 04:11:13 executing program 3: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x44800, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffff9c, 0x84, 0x6c, &(0x7f0000000100)={0x0, 0x52, "812a014e0ed3f2ce45aa43eb45ec2d59a000fdb522864b2b623b03f28218d64c03f77c488baa6d54fddab5131c02fd51de7b1a1ae918ca68688e7923752357381b8f4a6d9c2093fef2ae9632676da63f872b"}, &(0x7f0000000080)=0x5a) ioctl$KVM_GET_REGS(r0, 0x8090ae81, &(0x7f0000000280)) setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000180)={r1, 0x7, 0x100, 0x80f, 0x3, 0x1}, 0x14) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x84000) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2456.908438][ T2055] binder: 2050:2055 ioctl c018620c 20000240 returned -22 [ 2456.908805][ T2056] binder: 2052:2056 ioctl c018620c 20000240 returned -22 [ 2456.921148][ T2055] binder: 2050:2055 ioctl c018620c 20000240 returned -22 04:11:13 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x4c, 0x0, 0x0, 0x0, 0x0}) 04:11:13 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0xfffffffffffffffd) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x74, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0xfffffffffffffcc1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='\rc'], 0xffffffffffffffaa, 0x0, 0x0}) 04:11:13 executing program 0: r0 = socket$inet6(0xa, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:13 executing program 4: r0 = socket$unix(0x1, 0x7, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x20, 0x4) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2457.105221][ T2168] binder: 2166:2168 ioctl c018620c 20000240 returned -22 [ 2457.137919][ T2171] binder: 2167:2171 ioctl c018620c 20000240 returned -22 [ 2457.160984][ T2168] binder: 2166:2168 ioctl c018620c 20000240 returned -22 [ 2457.229971][ T2179] binder: 2173:2179 ioctl c0306201 20000240 returned -14 [ 2457.249414][ C1] net_ratelimit: 22 callbacks suppressed [ 2457.249422][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2457.257703][ T2179] binder: 2173:2179 ioctl c0306201 20000240 returned -14 [ 2457.260996][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2457.329486][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2457.335367][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:11:14 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 04:11:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x7a, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x60, 0x0, 0x0, 0x0, 0x0}) 04:11:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="a78dceab469fbe3a326c0259cd0b039d7347e11396dfd3b4fa44ce875f7f5461548ccc8955764f1ab3d2ce2b45687cadd2b3c9d303846afa1f0365b88247582004b7fce0dca65b16d679104e66791b246610eb1b390e68a2380463b31ed83403c8cd9d6eec1a69cc1d4b19febabd5569f9b4d1a391b6969e6a83a0ad52a91996e374d12ae4b95c016eaf5a32afcb13e05aab1ec7b4a32ee35589ff24142309335773071925a0b70dcf6df98d468c985dee320d8566421f106f575684747a06a6461817aa4f81de6b41439ce71c84efec5be2d24f84e64ffa329ca38f38515505d5945bf7a1c1dde7130dd5bf1f1350d73409dca5c1b7c80101000000ed79658d72b309adf412e3b54ec23714666dbfde3d265ec47494f7b0dec05a94f7c6aea9bada155666e169f5f2ec345219fc62aefd1a487bd5838b960cd027371a0675d14f999f6fc2cf9cfc4880bacb8e18"], 0x0, 0x0, 0x0}) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x600002, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r1, 0x4008ae93, &(0x7f0000000000)=0x4000) 04:11:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r1, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0xffffffd7) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000240)=[@in6={0xa, 0x4e24, 0x0, @loopback}, @in={0x2, 0x4e24, @rand_addr=0x1}], 0x2c) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x200, 0x0) ioctl$KDENABIO(r2, 0x4b36) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:14 executing program 0: r0 = socket$inet6(0xa, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x68, 0x0, 0x0, 0x0, 0x0}) [ 2457.850958][ T2195] binder_ioctl_get_node_info_for_ref: 27 callbacks suppressed [ 2457.851025][ T2195] binder: 2189 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2457.851037][ T2195] binder: 2189:2195 ioctl c018620c 20000240 returned -22 [ 2457.855187][ T2194] binder: 2190 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2457.855199][ T2194] binder: 2190:2194 ioctl c018620c 20000240 returned -22 [ 2457.862936][ T2196] binder: 2191:2196 unknown command -1412526681 04:11:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000180)={0xffffff90, 0x0, 0x0, 0xfcf2, 0x0, 0x0}) syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x8, 0x24080) r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0) ioctl$RTC_WIE_ON(r1, 0x700f) syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x600, 0x200) 04:11:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x300, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2457.977421][ T2207] binder: 2205 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2457.977432][ T2207] binder: 2205:2207 ioctl c018620c 20000240 returned -22 [ 2458.027725][ T2196] binder: 2191:2196 ioctl c0306201 20000240 returned -22 04:11:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x6c, 0x0, 0x0, 0x0, 0x0}) 04:11:14 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1, 0x14}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 2458.082378][ T2228] binder: 2215 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2458.082389][ T2228] binder: 2215:2228 ioctl c018620c 20000240 returned -22 04:11:14 executing program 0: r0 = socket$inet6(0xa, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x500, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2458.193006][ T2311] binder: 2296 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2458.193019][ T2311] binder: 2296:2311 ioctl c018620c 20000240 returned -22 04:11:14 executing program 4: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x181200, 0x0) getsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f0000000040), &(0x7f0000000080)=0x4) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x111900, 0x0) ioctl$CAPI_NCCI_OPENCOUNT(r1, 0x80044326, &(0x7f0000000080)=0x4) 04:11:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x74, 0x0, 0x0, 0x0, 0x0}) [ 2458.354560][ T2337] binder: 2334 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2458.354573][ T2337] binder: 2334:2337 ioctl c018620c 20000240 returned -22 [ 2458.402685][ T2345] binder: 2340 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2458.402698][ T2345] binder: 2340:2345 ioctl c018620c 20000240 returned -22 04:11:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x401, 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000180)={0x0, @in6={{0xa, 0x4e23, 0x4, @mcast2, 0x40}}}, &(0x7f0000000280)=0x84) sendmsg$inet_sctp(r1, &(0x7f0000000340)={&(0x7f0000000040)=@in={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000100)="63ff88d086388936f22b05094163007ae908e529c5e5c142ee25a30901c630f645060adfa8ea27b07e6568943be669694bb161adab7fa7f017c327541789c81d62e945371dcbed64e38ba344faafa49848c1457ee573882b4fdc031e83034ce3ca87127ba0e15cd12a8e654d30607536a7dc12d47a614e9a80bcd04ac9c7", 0x7e}], 0x1, &(0x7f00000002c0)=[@dstaddrv6={0x20, 0x84, 0x8, @empty}, @prinfo={0x18, 0x84, 0x5, {0x0, 0xf06a}}, @sndinfo={0x20, 0x84, 0x2, {0x6, 0x1, 0x0, 0x6, r2}}, @dstaddrv6={0x20, 0x84, 0x8, @dev={0xfe, 0x80, [], 0x16}}], 0x78, 0x8000}, 0x40000) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x600, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:15 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x7a, 0x0, 0x0, 0x0, 0x0}) [ 2458.449386][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2458.455190][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2458.529392][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2458.535273][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2458.547419][ T2434] binder: 2413 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2458.547464][ T2434] binder: 2413:2434 ioctl c018620c 20000240 returned -22 [ 2458.564754][ T2437] binder: 2428 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. 04:11:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) r1 = mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x8, 0x810, r0, 0x0) getgroups(0x8, &(0x7f0000000200)=[0xee01, 0xffffffffffffffff, 0xee00, 0xffffffffffffffff, 0xffffffffffffffff, 0xee00, 0x0, 0xffffffffffffffff]) r3 = getgid() setregid(r2, r3) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x38, 0x0, &(0x7f0000000040)=[@increfs={0x40046304, 0x1}, @enter_looper, @increfs={0x40046304, 0x1}, @register_looper, @release={0x40046306, 0x3}, @acquire_done={0x40106309, r1}, @enter_looper], 0xf0, 0x0, &(0x7f0000000100)="f601198e166e6d8aa5894a22047579bd513b77d51233fbe64254fd361e2341c471fcfb5c83d4e9d4e618460f4a39dfa8e4b972057fd7390df79f44e34e65122dd7d36f62ff8344aba106704891f207ade0d7a73e982436b58e95bebec1f47cb9b63a3ab793c5cf6d38fdd504d637782c49e9314814b8418e57fa9c2b6132a6c906259124208f09a3937d740e9a32b1f6443e4d9adfe688cb4be3faa47510c28b80e7a3c7fc1d2f2a78e465d6bd138894bba61dfc78f92a97e9687ca8b5a49376ec0cbfc43d6a5a75559a9ee837ecdf3f840aeac85aa0a46a9bdd7eba96ff776f7fdb86882fad6c82e5dd2bedc747a38b"}) 04:11:15 executing program 4: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair(0x1f, 0x0, 0x101, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0xe7, @remote, 0x4e22, 0x2, 'none\x00', 0x24, 0x6, 0x7b}, 0x2c) [ 2458.564767][ T2437] binder: 2428:2437 ioctl c018620c 20000240 returned -22 [ 2458.617546][ T2434] binder: 2413 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2458.617559][ T2434] binder: 2413:2434 ioctl c018620c 20000240 returned -22 [ 2458.664212][ T2461] binder: 2460:2461 IncRefs 0 refcount change on invalid ref 1 ret -22 [ 2458.710098][ T2461] binder: 2460:2461 IncRefs 0 refcount change on invalid ref 1 ret -22 [ 2458.753214][ T2461] binder: 2460:2461 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 2458.769436][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2458.773040][ T2461] binder: 2460:2461 Release 1 refcount change on invalid ref 3 ret -22 [ 2458.775366][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2458.785727][ T2461] binder: 2460:2461 BC_ACQUIRE_DONE u0000000000000000 no match [ 2458.828122][ T2461] binder: 2460:2461 ERROR: BC_ENTER_LOOPER called after BC_REGISTER_LOOPER 04:11:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x700, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x300, 0x0, 0x0, 0x0, 0x0}) 04:11:15 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',lowerdir=.:file0']) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x0) getdents(r1, &(0x7f0000000080)=""/41, 0x29) getdents(r1, &(0x7f0000000180)=""/192, 0x18) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$KVM_GET_XCRS(r1, 0x8188aea6, &(0x7f0000000040)={0x3, 0x287, [{0xfffffffffffffff8, 0x0, 0x73}, {0x7, 0x0, 0x10001}, {0x4, 0x0, 0x5}]}) 04:11:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0xb6, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="05630440949d232594257f504be6fe4f21e110359a4093731f7318385d4a908b38e5f7a0e4eaed7b6528353132d5a9ea4a70b2e68f549f3944b79eb9010bb5a779605fd4ea5bec480f309e8980716cdc5345e2362b3588bb0e314941bc48d0db2059f0c91ae9b06f26dee28468a0ab22df5dc6423223688e60512a358e473eb6f76ea7f98004971f28e4b2f1331393e83ef5a617d4d7e49bcca85ae2b568422199a0ba2dd0ac7e76fd45ed9e66c48eb80b95ccfac31b"], 0x0, 0x0, 0x0}) [ 2459.084421][ T2473] binder: 2469:2473 ioctl c018620c 20000240 returned -22 [ 2459.095529][ T2474] binder: 2472:2474 ioctl c018620c 20000240 returned -22 04:11:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x2000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:15 executing program 4: r0 = socket(0x40000000015, 0x5, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x0, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev}, 0x1c) r2 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000040)=0x1, 0x4) [ 2459.135082][ T2474] binder: 2472:2474 ioctl c018620c 20000240 returned -22 [ 2459.172923][ T2480] binder: 2479:2480 Acquire 1 refcount change on invalid ref 623091092 ret -22 04:11:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x500, 0x0, 0x0, 0x0, 0x0}) [ 2459.182780][ T2480] binder: 2479:2480 unknown command 1350509972 [ 2459.189666][ T2480] binder: 2479:2480 ioctl c0306201 20000240 returned -22 04:11:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(r1, 0x4070aea0, &(0x7f0000000000)) [ 2459.237770][ T2484] binder: 2481:2484 ioctl c018620c 20000240 returned -22 04:11:16 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2459.295589][ T2492] binder: 2485:2492 ioctl c018620c 20000240 returned -22 04:11:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x600, 0x0, 0x0, 0x0, 0x0}) 04:11:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) r1 = fcntl$dupfd(r0, 0x406, r0) ioctl$GIO_CMAP(r1, 0x4b70, &(0x7f0000000040)) 04:11:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x3f00, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000000)={0xfdd9, 0x0, 0x0, 0xffffffda, 0x0, 0x0}) setxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)='trusted.overlay.upper\x00', &(0x7f0000000100)=ANY=[@ANYBLOB="00fba59200729788351e65d757eafc4b1ddb140697f16c2bb7e3690ddc72801626d9055c40d95bd1ff805df55544e228099255b8289ab2b8a4363044ef6534443de71b3f9b000030ce01bd905854f0edba4989a478cf3e9a8f31324f13488f8ab57ed06547daf8a61269210d1d40cf75e6a8b6e9bdda8de76ebb00cba44ca2ceaa2d668e18783c07e2b33ca04164a156d47ff4d708b6e1ce61091edcff9538cbea15a00000"], 0xa5, 0x3) 04:11:16 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(r1, 0x4070aea0, &(0x7f0000000000)) [ 2459.565884][ T2618] binder: 2613:2618 ioctl c018620c 20000240 returned -22 [ 2459.586299][ T2622] binder: 2612:2622 ioctl c018620c 20000240 returned -22 04:11:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x700, 0x0, 0x0, 0x0, 0x0}) 04:11:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = semget$private(0x0, 0x1, 0x0) semop(r1, &(0x7f0000000140)=[{0x5, 0x100000001, 0x800}, {0x3, 0x20, 0x1800}, {0x3, 0x7, 0x1800}, {0x3, 0x7}, {0x7, 0x80, 0x1800}, {0x4, 0x3, 0x800}, {0x4, 0xfffffffffffffffd, 0x1800}, {0x1, 0x6, 0x1800}, {0x3, 0x0, 0x1800}, {0x0, 0x0, 0x1000}], 0xa) r2 = syz_open_dev$vbi(&(0x7f00000001c0)='/dev/vbi#\x00', 0x1, 0x2) syz_open_pts(r2, 0x101001) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x10000, 0x0) ioctl$SG_GET_NUM_WAITING(r3, 0x227d, &(0x7f0000000080)) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x402000, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r4, 0x84, 0x7c, &(0x7f0000000180)={0x0, 0x7ff, 0x80000000}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000200)={r5, 0x1, 0x350}, 0x8) fremovexattr(r0, &(0x7f0000000000)=@known='trusted.overlay.nlink\x00') 04:11:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(r1, 0x4070aea0, &(0x7f0000000000)) 04:11:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x4800, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2459.630152][ T2626] binder: 2625:2626 ioctl 4b70 20000040 returned -22 04:11:16 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2459.727907][ T2667] binder: 2639:2667 ioctl c018620c 20000240 returned -22 04:11:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x4000, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000180)='cpuset.effective_cpus\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000080)={0x0, 0x8001}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000140)={r3, 0x4, 0x81, 0x7}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="d2d7"], 0x0, 0x0, 0x0}) getsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040), 0x10) 04:11:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x2000, 0x0, 0x0, 0x0, 0x0}) [ 2459.794042][ T2724] binder: 2687:2724 ioctl c018620c 20000240 returned -22 04:11:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x4c00, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x340, 0x0, 0x0}) [ 2459.900803][ T2750] binder: 2748:2750 unknown command 55250 [ 2459.907142][ T2750] binder: 2748:2750 ioctl c0306201 20000240 returned -22 04:11:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(r1, 0x4070aea0, &(0x7f0000000000)) [ 2459.945401][ T2757] binder: 2754:2757 ioctl c018620c 20000240 returned -22 [ 2459.972139][ T2759] binder: 2755:2759 ioctl c018620c 20000240 returned -22 04:11:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x4800, 0x0, 0x0, 0x0, 0x0}) 04:11:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x6000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) fstatfs(r0, &(0x7f0000000000)=""/140) r1 = accept4(0xffffffffffffff9c, 0x0, &(0x7f0000000100), 0x800) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000140), &(0x7f0000000180)=0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:16 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x0, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) 04:11:16 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x802) r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f00000001c0)={0xffffffffffffff72, 0x0, 0x0, 0xfffffffffffffff1, 0x0, 0x0}) r1 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x81, 0x280900) fsetxattr$trusted_overlay_upper(r1, &(0x7f0000000180)='trusted.overlay.upper\x00', &(0x7f0000000480)=ANY=[@ANYBLOB="00fb150001f27f7f008dc7f95c809f92a291065c81a29f5a7f910b53834239a756ab2c23d9e8100e6a8348e46cf2596495ec872b4814284e041e60d2e46e3388f11b12a7971a3e651c4f120a7222959e10e2da5268194efebe575c2bbb9d57927ae34a09eb01da373ebaacee54bdaf0ad73730a5d215da676eddbe201d02a4d3396bd1a9c4daa7ba9fc86c22e5af77c1ec63c253122dfbf3e249ff7079df6725e61652cb1cde5d1be67487b67dcf4a73566cfa12d71ff0b209d7d947030b4001b682f9e97545e25794838d565f11bcd01bd420031cdd18bcab6eb8ff4e2bef72dd19d3d24e47fcca57e11e17587d4abd7667846f89a152b15c6209a13ab0d86c994436d82e8dc4055d0a174ad3bb51c1bb3275b903dfa9cfa9e2e1bc7213b5afdb59a386517c980d02006363bdfd44e0683191d2d14079ba432036b1d392d1cd35f1fc6f02606b493441c0bd8b46ad5442ebf3803d03d31a81cd79be044e3f354448740e35c2cd3abd6e8cf438fc658b8296da7fdd592bf9decb521f52e14ae5b0341e3caf451b648f74d717b331dcc98460ccfc2d752cea784233a815c8005627d56c2177ee83172ff3949ecb8d892961017973d738446041973e4282c48f2b1bd81fd205244eb6ebd5559dd47db857d1b1880b6ca1043e6c9f10b6ab2a7398488a06af9f8e62f4e2d7e7557995837cd8ea8e33cc0892de819b142775c22febffb11f4fcffd91070a7f9f5cd6aad59537b3956f7cec29f56c7e4a6de8f138594fa0015c39e63e52fdbb540dff8e912d26b701a2b37932471fe1b27baa8dab8a23ad64a84781639abdcdc5d7d30b4155bbd68ca6e609aa127d620debcfc47952bdd7de72003d909b14de4d1950a7e04692c50eedb0d41c4ccbc8c2103771a3bb37afb9b467ed67957d27b0bf11ac45dfd238606750d7941f82f047bb85e6bacde4970764176bda49398a4ca6caab6610380127d53ac6ec416e8c1f503b2320040dac0a6475b170821aed86920031ce67624c7ef2e7e08cbd94a9f573a07850f2c2a35a4de6135ba307d8c2f56523eb5ffc0bde18dd9b82443ee2476034e0ba69932ab5ab1229247853085292f6c0368558f9c3f76ebfb09bdfe4c7a26716ab8b17319d0bb55e44bd79fad5a97ea4c2542e6fa41d3952a3e9c1b5baa239ee006e46fa8a50eab0448a293df80af8f54a22f2a71cee499932c0fdc76f0087ac77da9af1aeba34aa0f071c94ace1a7218535853391e252a90d3a7ef59bc02d0556bb9f354b606a49e21e4c2f2b7f0d7b510cecc9818bf4e0a8abb6b3d88351e3797bd1cea762c8bc20c86142aed202333bfdb9d7184567eb865b16b34951f40ae0ab59ad0f5d970701aab0fa81574ca1afa29ae82be8bea1ab4e4e6d0cd9734a177f9b81882e3702441c326bc1a9a47d42d5528fa087c212fdd4e63b81d8be66791235692c550660b3b238d38013eebe0a1b6b0c9e8de356896510914bd45686eb515e77cbc91cbd769b7034829b1f206d7d3da03d09adb99db05d89b080d3f13d0ade341f44ac9c4786c1a90a3337bd6bd959d52e56587c8ec6253d646ecd28e04ad311f6ecebdaa13d3f9c2345ab5d41af8d2f612aa65d9f7c86670195d2df7ad4d6868fcac890fc0af5d2039a4ebe327d72a0d8ffd99c9001ffffaad60db90674b95171c80c587b66787b8bab8e933835515d758e6c72ce9e2a6e2e7e967c86f9d5984a1883f7869a3a64cd99f8d4507271679bbf32b354cc72720ab8c9f05ce651549c93d625362875fe2d1d85b92ae9b8fbe9d906cb22c70c792646905f4a266d5af3b7f39d5b375f33e24c832476b2145d3e661cf3a1213e5823bc370fc217c77671143f53d9a35296234b0625ed4d9edd69b3a9a87b0a4565a722147012302197ed231c085da5891f7f16a4bf503915bd4dfcdf2ee18568090a3f13f226fe040e80407f7df5e2cf78d05b2f03ae3944970965ab9b758021073f8b5b57e959e12a3b1689eb1a18765b107f399434a9437aa3c91d6c7abec0af743d884f2d7977fdf1c2b01d27b93ff809a3cb58dbf81cd63fba623f18792de77c1358066ed2260017a9387b7aeb32d74fd59f1bb10b2d667a9cc291320490d524fb9f4e90f0a7bcc8050914d2a1fc9ef218341bfd49afd3df91747ed0eddc4d827f01ff35fcb8605db1952794830abb4c297acc5c04fe85a05ba379f972eba884d75763d0d05f23bad56e1d9d511cc0b0705de6b15cfff35e2fb5eaa127115f7097961da588cf260ba1b6edc4ae76060f4c9f564665c0c11fb0361add43e00bf83d7c1dd285a24112545c92e01959e91cf8fd1e0d910aa29c639709e305731a4c27e21a550db00f6025222237e5b5a4a25fabc9d426fa1e34e8cf279b77a226dce470779e13dd62bf4f6564f23b68cbe3acfaf328864fa6534a3f3fe44df7a467d7ccaca3af0a13c22b95037c5815512d277099b6fc02872bbe06d8f70052346d21b51af08891bd30432dbe9c27d6946f73bad2cb039180bca2a29a15d2a0a774ffd13a90b79a209ceceaf0e5496967f91112393487592deec9236401bff23939e3a500c5319c499d2353291433d6b9417caca7d64138fae3ec89c2e910c327787961b9cc03b19c863455ec1317263e7df551c1065d84b800126dd8b5d1289d4d9fabea7db3bfb379124d92523c76c3577b62f2d0e6e2e1a82e47feb41f727ca55408c035d5087cb7dbb770ad369c9666534dd068f4eb1ac30acd9e2d7c4b5cc6b6d0bdf9f5bee74250f12dcc2597223c80a4c1b0b4d02a5f9f7e46ea5b44720af69e21f12c95cfe7d3c73421b3c5c80096db7ae5e74613786ec70a849e5f55dc887f59f397273d9db4a920f16e5c63b3a7b6eac3340334874dafa77d5cd64bd1f7c2e74c430082426dc0c95355cbaa4a4058ad33ac8ddadbfe2b02691231e57a5117800c5a8771d627459d4ff897420fd8ff570bf39717e65fb4852ea408fbb4e1ca3c987efe0000ec005c64e6aeb540ac955e037cd7912efbb326d9ef65a8bd7ef486bdbebde26a9539015cbf8c74c6c76c07ef7b385f0f1c8c47043de4fb9aaedf32c3300a9db6174be54fd1df22ed023ab91c34c866ac6dc55998be950c2efd70f259371bf7bc79f8924ca3835ba8660c1622b9b7dd98786bce71ad308f5fb89e774753f5e37ebb315f604344616b0814acb3fccf31337edcaa3a94cd12efe2b1308796f6a7389b91fef0394201b487515380edb65b266ddc459893943948241e55fda196c284ecb1a2e3e527b9f8ccebea6e9bea53cc82aca4164bf9338116edfb5c3dc050057002a85a7f645e0debebce7c0fe1b32fdcff3d9ea22c0464c4f2efdf9db0c85a131e51ac0539776e6eb4964029febba2a286162e048d23b512e725169e9d737d18eb986f42575eb9d0b8280d17ecabab8df9fec14ff8c5586cc831398bc5d5836246a17adbf626774656b574fb2bed8940da35f613f9589c4ebc07bdced14f9a0159d970befd12027fbe7750ddf01b092952ad637440d0fb545089c9e26d30f0e60abd0ae870880bc2ab6f5e2a349e11c6bae67fd3c0e9b573c84a82bb79870deaee89e1d62b34653db3192573b1bab20639be7b3c9609b785454b493ed5f8ab179aa86b30b5d1baede6ce09cdcbf66103339bfe285732b097eddd17046ad12794b6cd57db13f9c95c91d3e2a35138bfcc7b8747b9d440e78c45df65a34d7f68d9fdf0abfb05e0ab1aafb523e2d237160abb9bad83500a6f305600da40ab4128626cda6bfaaed8630ebf1ad1a4787871a91a54aba028d2b0d150c4839588c2d2f12b49f65891079e57c3d324d0a2ab3538e7754683d6ab084283ee3472fb2bda8a9c3e1ca4c9390431adbf84945fff4a4e2733c9d567ba90f6057c360dbf5ab0422baf6cf0e90798675c3f0501427d4d7c2d0ffbefe30b36eaf56e9f68c8ebb55dac09b85ef6adecf02de57f4b2125f4d243874876e35931d5300c50406a6e33aa988661fe973f70c49b6805001b6d7117e60b559bc0158a59642e22ffb04ab2936294df4289c23ac543a0dae7369d4f033ff06224ed03dc7a8d196ad94b8ad450cb6cc08abb89c838e0c5cc1cff73ec441f95843f344d05c96fac56baa45624c7ad9f80d43d48d65a1bc49bc49478c3d4068326642d2fee510a1b5892f47ee8735275d30fff35be9b9fcdd46548b89fd22ecaeb235df5cc9046a270d599fdbf5389947a7ffa4519bcd9c317322d9ece61a1cb42a9c77f4beb57c35e2107dd1835e697762034208a481f129322b96be8aa40ecfe64b64173609895cbcbd7c5df931da8ebf2165a518da06969ca56522b8f93a21db1b792fca8f8eab3509abc264eacb4454588e5d9f04d80ea405b73978657fcfba2cf9293c04e644a73310b547bd4f1f3c623cbd735c8c258569dc2116c79e1679f2c3f350310c65c536e43883e8d20c78d5852418f94b28c1b94fd900e0e46a85794730e0e842903a215ab8b87ec8ac63a11ee3aeb98787922b005595863abc7d806eee0c43833c90695bb0c7aa25e5e3a5ef78c7f24edbfa9cab44b64fa992fa850e6c2037b057121e4b0929cc3d9c5f103080f7b466984420caf077aef3618cb896a7570bcb304c37456003a3c0cc5f1812b8d0b062968d7997987338a91389ef3e4f2db0da3a81be58c5c13f437458f6c54993633bd666e760cfec709632bc19d1e9cd57cd5db65f631dcc7ceb046e6eabbc4aa687c7e1350e50a4e81758aac0019dcde6c838da99a0cb5c335c4ede4a967f9ef0054658df07e88828bd0e0d7d15ab6cca4672b20415320bd7632405d4c193062e98f117d786216ccc5d696aae78a28719be4f2f689c7a72994704540960437a9768a291f1086c27193422686509b479f19ba782a6d6299bcec43ee519a41b42365121affa4e5bf4c6a04824c3d3a721a988ec60a349f0416d0bb24ea31181fa2c847217095d1f4b1324819f93e09d27f289d2429993177b519700b551460c591355778983b372a07bd6271f221707c97265ebb5c5582ecd9a85da037d4b18091a8e108f0d4845f8bdedf5aa28438e4dfd9a493ff6b3560875b83e32607b7da759894070903c4927d92115a0e6636a71b6ec79e86f1681bf1e5f896becd8a62fcf100a6471582b6f6b03328a3261dc79285cc1f3c53cf12a62a76c2f63123e857360e3282726de3b46093e3f7f049c2294d9de0ac3a9fb0c2810b1b1f90c07a75f185254e69214dff268f1214d22ac4860ec1fd5b2a6402976287084a5128d01062721115ec7ece139e54e21b91d044c4eac16688422c234d6c3292db9f7ec906cc24aa5b07c5ad135d7813b85e4026a3cbcbea361b2058e13cf8832ae879f46af8a1c0d42ff389da60e1481143f425fdc4fe5d0e5448b1cc661c9ccfeaadf0a084e5088611a1e7e773d806f01d96b4fb961a03eda066212264a3d05eab94b32b495ee7a0ae73b04fbe734f6d907c2896299d577c5f04ffce8a5802dc3af341ae44d69e38ff789ca5821d9789a2bf66709f991c8bd37296aa2df5c294f7bf54fb50eb3a954951971b0a56386014cef8642c127328b34f35b164a77aceb3b5f32ba6ccb0309245ed32370bb81b386c9fe7f97f2fc05a1ee482c31474bc7bcc1ac5da734eeed9b3e68d67435edaa507f575778d9352680d3c4445deb22e34c2332e53fb3fdeea58f9e92303dc7a66c8f064ebbf1b3422afef4183a2b9aabc96ea9d2ef5eafabcdd91ec23637ed3c530190e2570cc2d37c8b0761d4f32e353f7188a10dffd01f313951cd1e869da095cc7892f4bef3d2515b7b7a397c337093c387d43b88a98be9518536b"], 0x1015, 0x2) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080)={0xffffffffffffffff}, 0x117, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f0000000280), r2, 0x2}}, 0x18) [ 2460.167300][ T2873] binder: 2871:2873 ioctl c018620c 20000240 returned -22 [ 2460.187158][ T2876] binder: 2870:2876 ioctl c018620c 20000240 returned -22 04:11:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x6800, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:17 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REINJECT_CONTROL(r1, 0x4070aea0, &(0x7f0000000000)) 04:11:17 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x4c00, 0x0, 0x0, 0x0, 0x0}) 04:11:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x400000, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'team0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000180)={@remote, @remote, @remote, 0xffffffff7fffffff, 0x8d4195a, 0x6, 0x100, 0xfffffffffffffffe, 0xc3410220, r2}) 04:11:17 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2460.350773][ T2888] binder: 2884:2888 ioctl c018620c 20000240 returned -22 04:11:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x101, 0xd6acc40ff1b711c9) ioctl$KDENABIO(r1, 0x4b36) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/mcfilter\x00') ioctl$sock_inet_SIOCSIFBRDADDR(r2, 0x891a, &(0x7f0000000080)={'vxcan1\x00', {0x2, 0x4e23, @multicast2}}) 04:11:17 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x6000, 0x0, 0x0, 0x0, 0x0}) [ 2460.438478][ T2898] binder: 2890:2898 ioctl c018620c 20000240 returned -22 04:11:17 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REINJECT_CONTROL(r1, 0x4070aea0, &(0x7f0000000000)) 04:11:17 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x6c00, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2460.566356][ T3005] binder: 2999:3005 ioctl c018620c 20000240 returned -22 04:11:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0dff5f63"], 0x0, 0x0, 0x0}) 04:11:17 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x6800, 0x0, 0x0, 0x0, 0x0}) [ 2460.645044][ T3014] binder: 3012:3014 ioctl c018620c 20000240 returned -22 [ 2460.703893][ T3018] binder: 3017:3018 unknown command 1667235597 04:11:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x7400, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:17 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REINJECT_CONTROL(r1, 0x4070aea0, &(0x7f0000000000)) 04:11:17 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2460.758691][ T3023] binder: 3022:3023 ioctl c018620c 20000240 returned -22 [ 2460.766013][ T3018] binder: 3017:3018 ioctl c0306201 20000240 returned -22 04:11:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:17 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x6c00, 0x0, 0x0, 0x0, 0x0}) 04:11:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) [ 2460.872996][ T3028] binder: 3026:3028 ioctl c018620c 20000240 returned -22 04:11:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x7a00, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x801) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x4a000, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(r1, 0xc040564b, &(0x7f0000000040)={0x7f, 0x0, 0x200d, 0x101, 0x80, {0xca, 0x6}}) [ 2460.971432][ T3039] binder: 3037:3039 ioctl c018620c 20000240 returned -22 04:11:17 executing program 3: clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) futex(&(0x7f0000000040)=0x1, 0x1, 0x1, &(0x7f0000000100)={r0, r1+30000000}, &(0x7f0000000140), 0x0) r2 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) 04:11:17 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000000)) [ 2461.025203][ T3044] binder: 3042:3044 ioctl c018620c 20000240 returned -22 [ 2461.055756][ T3039] binder: 3037:3039 ioctl c018620c 20000240 returned -22 [ 2461.072721][ T3044] binder: 3042:3044 ioctl c018620c 20000240 returned -22 04:11:17 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$VIDIOC_SUBDEV_S_SELECTION(r1, 0xc040563e, &(0x7f0000000080)={0x0, 0x0, 0x103, 0x7, {0x2, 0x1319, 0x3, 0x3}}) getsockopt$SO_COOKIE(r0, 0x1, 0x39, &(0x7f0000000000), &(0x7f0000000100)=0x8) r2 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:17 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x7400, 0x0, 0x0, 0x0, 0x0}) 04:11:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x1000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:17 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:17 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000000)) 04:11:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = accept$inet6(0xffffffffffffff9c, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @initdev}}, &(0x7f00000003c0)=0x1c) setsockopt$inet6_MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000400)={0x1, 0x1, 0x10000, 0x6, 0x7}, 0xc) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000580)={0xfffffffffffffe12, 0x0, 0x0, 0x0, 0x0, 0x0}) prctl$PR_SET_FPEXC(0xc, 0x100000) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180)='/dev/zero\x00', 0x0, 0x0) setsockopt$inet6_buf(r2, 0x29, 0x2d, &(0x7f00000005c0)="a19ec7c073c8da1a987cbafe74d08c204d01a7f52d73610235557e8362892ead02b94d8f3fb68f8e59a66a37c3d0ae8a3df4aaabfeda589acb7cb1bfcbf1c13d3dab1bb69ef9bfc0eec0c95cfa85141ea1b924fe6ffd2b9caf1ad912319860efb72f82af7f45b245df4a6c221867a1b0679dcf93e4e865180f8ad69c65b096abf137e5c211b73a6fd4e9ae1e7add857fe90742ec3f04a553f137343baf30bb76bc790d024b96b302c116ed34fa5a22df903b5bb36819a48015442d1d85be8b92bfc1fbd2c1598536dc703e39adc975418c7811b803b40da8e1c340bc0428a21e8572f4d4468b3c2fc9f0a02dc6302a969fce24d5cbc7da547411ccb6d4764aceb972ad11b02701cdf3c94bcb7d9f1a4de327858dd072532f6c30a4bb837afb6b4b1e4bdf43813d70ccdb46923019738fbaba1c1b9d38eab63addf16ed27b9b70f9f49715b97b240e144aa184dea4ceac6c421c981a50520d638b324a8555cabcf33352ea85cb3c7e480968338a8e79a10c666af0111ff9a099a0b9f1e3f91e0cfe2a8e2b633bfd6d6fcecc1c55c7e0e9d354028336211b1dd3da715964ce496d669067f202566f2a8b30a3af928a76e8084c10295ffb4ba73d8ecc3b7bc47ee32d1c36b891fd9015dab81176c4d6a20736fd6483bc80b2f3f7e593fcf991c2a93d6fa2decdda532ba6cab97fb52377d61e7cb460831db29b4342a870d724120ac31586b3adbce32a2d89332306dbe7acd399a8c8a013401c172f50d0eec7a23bf47a98ed1e131957035be246b147a39384572e7601a2e38ad506304d777387e9c5488e7848d883333da4d530e699e1352dfeecb501fd80277194a61321fce8704b33028f61f46bea8a1e8aa61a127617be9b29805ee7ce71d3c68dcabdb93b7c5b5af5a9a7a0ae534703d87dc191835b01a8d58c06bcd5c8e9208e980d17041e94ef0aa07cf6e109de9c376cdf78edea268a8ed7ef2df21e456542d447f27a2d188bfc8f6f11412bf1a9b0e4a31c75e680fcaf1aa1f6159fa0b15577275b81933e1cc0763bf6ef86dca5040eda7e10acb1805ce1e2732e4562da0668b07099344f2c7e00f6361f73b23077a2cbf903a2461fc8efcd513cf96e5aa7b8e1926ea76ecf6c692225491c8c5568fd9964092eb405329ca12cbbfb1b4317e66e53652805792b74013dd2ac7b7533f67ea20927b7ea1d5a3f222df744095aa9a630689aa8da0f9cdc02cb74f1bc5f24b33c4acb97d1c0d201b423d81a2eda0e20167dc236097a6d019b579a4d1959bde33149f536787693e29157e8303872aaf85d027c4f98bd8f082bcbe9138ba56c3cdcc37160b18824f1cf04459510e7bcc2a935e01e797514a22bac3b28ad99cd63c1948694827c0dae69b2dacbab9a93dec12974100e2813559e63846e6dceaa3f074455e7409ff6975614c3614efe68dc24eb773d19725e38529dba75068998f32659a1815f56defc42dd5d017e6cf26749dd31be7cd759ec5d6717b280d16c8e8499a5a5d25328ead41940022052618f5c0d469e56e40076f55761c5d4c3cc09e62a84a4bad9af92b4d815ef23e50b1b90adcd3c3e9eca16234d5a81782d61858edc3c3450a3afb01c1fe2a3428c4deb55773e4530bedfe61b0c2633fc758b55c3a90219647f7b0fe4252ca07d67d0316a1a0f3dc5f0be6b65c4948c05685844d9922f7b3b4ebf8c88533c7db99fc669254d0fa46340ea195cb98e641fb602ce38c0f37b47f9d3fc719d7f01b57756879e3df0e1892c23ad5dbcf9dea3285c25611c2a1ce69a2fcf2a664da5fc05dbc14426d944f2e01cec795ff25f98badde1c90e1202cbf0628c2a71e21fb8dbd08b6e54712d7deec6f03d6dcf07b2630f0fdd2f5d2e6e96794f02fd08c807f8f8c71017d7c165488e1fda5bf6e6062f2ce0a009bfc7fa38c673a53ab93ccb3d733da21a79b023bbd0e6b2278a4666c6b1041f33f3ec042e6b1c521dbbb528300ef3f3364a0ca0bac5d5f939ac380b4026b1f4842b4478cc5f0ba216276a4ae3e4dfbaecaf7b45d981b9e291a0a2d374e5733b91d1f95b1f30e1985c099ee7af0f88ad743b0a8bd82ac258fc44f8dddd5203b3f0e4e06536429e3c34d3bd3e2dd7184bfaf7fcf6b4fb6e530bea995a735b87d0947368571c0fb40445ec31504e20b927de6cc3da75a25a9a1479d84a6842b885b5878acd16d1ebf0bef40346547c8617aa2d8c77e0938e38659990b9853e9220f4e8f4a98a9d2fa218397aa14641d13851406b5681eb17b3876b7596b237000c65fe18615be0e5339dbc44e46f0b50cb1746d839597019115fafc0c564319a96449cd80701b713c30f2909b2592dfae250f26fc35d1ac98469cf3b8694bf928c98db1d60c9a599ee3a3bcc8a6dcf83bf3b2282287943556203dcfc2d17ecca093f906955f56c3591f880c487de90752008cd10972635542ef3dd81cb48349d65eaa98bad3b8847e13a9f86852bc9a87af236149f451d5dab6368d032c9839ac14e145b7c72c4e09480ab68002ba5c6a1dfd239591688747999d2f19aa993fa4c575aa8119a012badd792337711d26705955aebcbb72f2ea57f2314ba4823b4470a2674854adc042bb8674f080f0cddcf10d67221cc37faeb9cf6dca2fe6ba2ee636e26068651167e002d677b72747b27e5aaf0f87d48594426fc54ffc250d55fde1912c89be69a8af47f679b96f09fee087119c7cdf1f4809316dc6cc2680a2a3f7e60063dad1dc68c31d6337f5bd0aa645a4166eee87ff4e52042fbb74d6f8c7e021dbaefece88f1c3fa73aa1558fe582f0b42526db1e5d1c3ee78a38e3afa814f4d23e03428771eaa806b2da3c27d4b0f64a46731182818d72abc6abddbe2ca637aee1ff51bf74d2cdb2b316a83e8670c95935fd2ba67135227fdde69ee05773d92d5889f821d18237baa0a932406f8761e5803c5c5a28f1cf6f11ca148558ea75c0220e566c63783c614291606faf3e071d2981b9300f1651c2c36397dd7143792d8f30803c40d7cd472bc3b893815a26499ba9e0eb2af8d978d0bd2bf931af707707ca693918392943a97b4967808d6a91f25c291e00248438edda281094d7fc1aa365fc940db90db822ad93a15c6babd5e2f25460a43101c8896b806735a97cbb9c47d31c1cb12905b107081987d3573b772a08fe483fdd050c6b3bebd3815bf7b6dc399e2d8625f041b833c5009b84b83059ccc6f040252f9a726dc9c0b0ce5613eb0dffbdbd5afd18962f9cf94e285f282554b4c250cefbcaa0e1b17d17da1e4ea132bd9ef2faaa5e6d5cbfe8258471538dde2714af040303d547972a18130f2109833e94c778549adb728f788eff15053f6c01d0cb496f2bc52c22bdc39a838fed614eb0bb7f52ed682939bd437cd24418a5f9d513c968f0bebe04ebdc0237e39dd58dc2bc2c5089a225318f8b9a3c2e37f90eb83c4de38ccc309172a702f0dccf6155d768738c48fab7f8216a4a1ee6db60e8300396b0b68e508104ca91b25b3308d361d2997c3bfde7a74de09a7539e5a11842190528c802dd68f7a0e51fd75dc592f2c7a7799bfd0b2af4459a22c5a8d1b932436392b2aac35e057ffb8af5dd769352221759aff642172e1af13545fc6b02e5deff56b46606bb1bfb6ce34f140ee3d102f8089c1f2fc6346dccff4529bf8fdaddda84e3421d05d4dcf7c37495154f11bdb5b6dd40fc1b4821635a82328c05cb07733f0078999e36af3de11457fee0d39e7efd86d404b293861dd081bb94d383d23a5d388c4881ac9671d55c3d39767c0dcd6a1122fe2d8c4cc1837440f7fd7f922c3d1a9e287d1b054cbc4b84a45c87f59d9074ed3cdfcf79c42b7195ff706c282a36f0dfd8293b9a98d94e6717a0c0fe4bc1746e22d2db2b132c5b3c1e33cb3a4a693a66f61856be57a140a31eba516c5daea411695df56231d87c017cc6b676009553c40da002f15f3e88c23cde7340fc863f454b1fc9b055dd7c4a3e1bc554eaa0c52f5e78c0aad68e7c191887b30ee3b05dbd7f8d8f7237e30d57125623ae080574d80b03488f6582dc7ec8ed16ffcd1c3d16071ea05895271c415c069037ec50294b09bdcb167776468f3249c226048bd52f1493ed5f0f6506680bc131a299499d678581ca6ea56b71b47833c67d7d98cb944c31a63108c4623a644e258010d13f58ba2946a05be38df87e8cc5f8e7c7198d2ea00c1b1a52fbb7857428d164c956a010f9a36afd5319d3e4b02beb7b189f1918956db86dddf1f361edb489663c8033730daede63f7ca30cae1f0f78bd40c5f9786a4f1fa86d939b2d7f69f4fea7bd5a2dc04f7520da7dd57532e2a03488f0bbc2f0b4c0f461ae8aa6ce209f1b21490c650e95a62b110851da0ed5ed0269dacd7ac585a200f731d315ba0b837abb33a25772d74920f41d2ea051ecb28a3027f02ff48e3b22a2aad38fa317a9280c600750d9e9be38a0593d5af28a8919c466b6237d8bd4bbd73b1921727c27cb9f1dbeb308f59425e7a144cddc429aa3668cd2eb9ef966eeb9531445210a10260dae899200e9ef47c5a7889760cda37ee113c73024aa9fade1519fd4a933837e73fb22b655049fc2ea9fa985912a6ceeb9d5a53a380c03a7f0eaea768826648b3a4e79bc52cde8dc91a2b6addfa82f4775e7e61005a7062d737c12d49731d35a67234dcb38bf0ad450a7d9639cd9330c4d7b7b47256c823c4a3a74ec37c5861f3276834f7c9a4265eae32896a6a2dcb65213762a27bfd87beed2fb8e9db37c80a8c94c42e6aaffc60b392d783c7fe67dbbd1c981bd95f4d0f10bd98a17b1e607b67102004f1a8213aec668bab3b2d00d1c6121f3ebef37960d444af9a03134956cba5e323e2ae4bc7d68c3845260b73d97771687aa3c63d50b68d6b6f8ccc2e1f0e74d1764954194a695e1f5b52debd3f76e2073a78a3c611beb77e1aaef92a60391bfa3f18c220406e4862bf7098c40c17544519c460af0296b5bbc9fbacf06c5222dc1e12262cac3387e26de5fffe1448f11842f634a3f0047f7a8f5e0b5334d019a8a7a0b553efcfb54ef3415ae44e33a1d5e9cea542a9fd90f2be0a325c8665e8b158dd531c3d9787577aaff770000d40fda1b0378118510f1f3df4d1694b9995441081dff452efb710a9e0660cd569241a681f6535d699656acd2317e8e2b05ff99d132c6df4ec6710c7cb7f67f086243f2b5100ee3c2297d36eb42ce015628d62099921a489e5f1e49cf9d339e702a2513b7e02bebfe508e7d9fe5db726149ce896ef35d57e23a092893ab46f319f10741959fb7e44f7a15950d5e45e8340ecefa5d55c2dcca59366a6c23f9571cc9c52d2fc647f94f1005f8a81ec52b6e70285d47207be2917e29280f3a5e2583a81dccbb58011c2de77daf30fe860d9fde21126e0ebb1fd688df5866a95f96570441bf2519a946908ccffe22b784224015f062632cbd3eca496e90465d91df9e1b98b311917d32beb3eefdae0f8ab15e8a8062a803d009c44bced1ac0e948c8c9fa959e81e3b62b141d0184c6160d7f0946d8a559cdab40542f9f376153dbbf9a65d24f6636f0119c3a2b8c202d728e58bb1c09cf775e9c6fac013e9b7f91014cc52fde0721df92b99edbbfd4c1dec67bc6d0bceb7b627252bd8bafd765397443adb8c1f53c44e63bbc420ea89b2fd741bf1565c27b356bab834d947dd5b62596602aae984fbc0110542d69ba0b956016afbf3481482c55202a458595f4c6ca27507d289bb05775b782521f4c22c4f0cd0bf7251fcecb7b20fdd22cd1cc28d7bb041c8ac9a7fc", 0x1000) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f00000001c0)={0xffffffffffffff01, 0x8202, 0x6, 0x7ff, 0x0}, &(0x7f0000000200)=0x10) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet6_dccp_int(r2, 0x21, 0x6, &(0x7f0000000300), &(0x7f0000000340)=0x4) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, &(0x7f0000000280)={r3, 0x2, 0x0, 0x69}, &(0x7f00000002c0)=0x18) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ubi_ctrl\x00', 0x308c7578f0840ade, 0x0) getsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000480)={@multicast2, @dev, 0x0}, &(0x7f00000004c0)=0xc) bind$xdp(r2, &(0x7f0000000500)={0x2c, 0x7, r5, 0x16, r4}, 0x10) ioctl$TIOCLINUX4(r2, 0x541c, &(0x7f0000000440)) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000040)={0x0, 0x5, 0x0, 0x6, 0x4}, &(0x7f0000000080)=0x18) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r4, 0x84, 0xa, &(0x7f0000000100)={0xffffffff7fffffff, 0x1, 0x0, 0x0, 0x101, 0x3000000000000, 0xb5d, 0xffe, r6}, &(0x7f0000000140)=0x20) 04:11:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) fcntl$getown(r0, 0x9) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x8001, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffff9c, 0x84, 0x9, &(0x7f0000000100)={0x0, @in6={{0xa, 0x4e20, 0x6, @loopback, 0x8}}, 0x20, 0x100000000, 0x1, 0x6, 0x41}, &(0x7f0000000080)=0x98) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000001c0)=@sack_info={r2, 0x4, 0xc256}, 0xc) [ 2461.275234][ T3193] binder: 3139:3193 ioctl c018620c 20000240 returned -22 [ 2461.284574][ T3195] binder: 3191:3195 ioctl c018620c 20000240 returned -22 04:11:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x7a00, 0x0, 0x0, 0x0, 0x0}) 04:11:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x2000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:18 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:18 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000000)) [ 2461.420431][ T3210] binder: 3206:3210 ioctl c018620c 20000240 returned -22 04:11:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='attr/exec\x00') ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000080)={0x517, 0x0, 0x0, 0x5a7, 0x0, 0x0}) 04:11:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0}) [ 2461.470095][ T3216] binder: 3214:3216 ioctl c018620c 20000240 returned -22 04:11:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x3000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:18 executing program 5: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(r0, 0x4070aea0, &(0x7f0000000000)) [ 2461.600357][ T3341] binder: 3334:3341 ioctl c018620c 20000240 returned -22 04:11:18 executing program 4: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) getsockopt$SO_COOKIE(r0, 0x1, 0x39, &(0x7f0000000080), &(0x7f0000000100)=0x8) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0046209, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x242, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) [ 2461.673169][ T3341] binder: 3334:3341 ioctl c018620c 20000240 returned -22 [ 2461.683043][ T3359] binder: 3356:3359 ioctl c018620c 20000240 returned -22 04:11:18 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:18 executing program 5: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(r0, 0x4070aea0, &(0x7f0000000000)) 04:11:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0}) 04:11:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x4000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2461.744440][ T3366] binder: 3364:3366 unknown command 0 [ 2461.772128][ T3366] binder: 3364:3366 ioctl c0306201 20000240 returned -22 04:11:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x200000, 0x4) ioctl$TCSETAW(r1, 0x5407, &(0x7f0000000080)={0xdc, 0x66f0, 0x3f, 0x1, 0x12, 0x1000, 0x3, 0xffffffffffff7fff, 0x400, 0x8000}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) [ 2461.860402][ T3377] binder: 3374:3377 ioctl c018620c 20000240 returned -22 [ 2461.871100][ T3379] binder: 3375:3379 ioctl c018620c 20000240 returned -22 04:11:18 executing program 5: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(r0, 0x4070aea0, &(0x7f0000000000)) [ 2461.911184][ T3377] binder: 3374:3377 ioctl c018620c 20000240 returned -22 04:11:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000000)={0x50, 0xfffffffffffffffe, 0x7, {0x7, 0x1c, 0x7, 0x0, 0x3, 0x4, 0x8a, 0x7ff}}, 0x50) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0xfffffe98, 0x0, 0x0, 0x417, 0x0, 0x0}) r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/avc/hash_stats\x00', 0x0, 0x0) getsockopt$inet6_mreq(r1, 0x29, 0x0, &(0x7f0000000340), &(0x7f0000000380)=0x14) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x40, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='/selinux/avc/hash_stats\x00', r2}, 0x10) setsockopt$RDS_GET_MR_FOR_DEST(r2, 0x114, 0x7, &(0x7f0000000280)={@in={0x2, 0x4e21, @remote}, {&(0x7f0000000140)=""/100, 0x64}, &(0x7f00000001c0), 0x1}, 0xa0) r3 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/checkreqprot\x00', 0x1, 0x0) ioctl$UI_SET_ABSBIT(r3, 0x40045567, 0x3) 04:11:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x3000000, 0x0, 0x0, 0x0, 0x0}) 04:11:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x5000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:18 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c12") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2462.065871][ T3431] binder: 3416:3431 ioctl c018620c 20000240 returned -22 04:11:18 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(r1, 0x4070aea0, &(0x7f0000000000)) 04:11:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x6000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2462.140959][ T3497] binder: 3484:3497 ioctl c018620c 20000240 returned -22 04:11:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x400002, 0x0) setsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, &(0x7f0000000080)=0x7f3, 0x4) r2 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x0, 0x0) ioctl$GIO_UNISCRNMAP(r2, 0x4b69, &(0x7f0000000100)=""/136) 04:11:18 executing program 3: ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000, 0xffffffffffffff9c}) dup(r0) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) 04:11:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0}) 04:11:19 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c12") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:19 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(r1, 0x4070aea0, &(0x7f0000000000)) [ 2462.278275][ T3508] binder: 3505:3508 ioctl c018620c 20000240 returned -22 04:11:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x7000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2462.326881][ T3512] binder: 3510:3512 ioctl c018620c 20000240 returned -22 04:11:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x5000000, 0x0, 0x0, 0x0, 0x0}) 04:11:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x290102, 0x180) gettid() gettid() ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000004ec0)) getpgid(0x0) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000004f00)=0x0) r3 = getpgid(r2) getresuid(&(0x7f0000000180), &(0x7f00000001c0)=0x0, &(0x7f0000000200)) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000040)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000080)={'team0\x00', r5}) r6 = getpgrp(0xffffffffffffffff) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000fc0)={0x0, 0x0}, &(0x7f0000001000)=0xc) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000023c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in=@remote}}, &(0x7f00000024c0)=0xe8) r9 = getpgid(0xffffffffffffffff) sendmsg$netlink(r1, &(0x7f0000004e80)={&(0x7f0000000140)=@kern={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000004e00)=[{&(0x7f0000000280)={0x4f0, 0x18, 0x0, 0x70bd2a, 0x25dfdbfd, "", [@generic="2c76f4ec03a17fe250a68bb002de74cd6c79d9a33bff9ee372178abadec44d260404bc8d81525f36dde1d771e6aecf9240ceb4c6e81bba6e5fd424d7b999b259cfeab6dba91dc15e881fd1dca9a2576a365857b4280393952316a6e7cb5608be466a0ecc7dc855e6c9ee594241a2f984f63185477679751e728e07bec8c58a26f748968b032397cdbdda26b79c2abac2679f532c764f837b8be81fa75be9e528a150ba9288", @generic="0df3a2f172e580d67c3ab5c44cd751faf8e1321966aaebef46df51bf2b417b48ac1af18b453f88297b9fa0fca9c9f7d579d1d1d51c8c7c612d745ea974de22ad1712d2de0137460992b8e5cfbefc71b006c761832c66fa08eafc8f2eb93675807fbf698724347633ec1a205eabdde3272e0e56", @nested={0x364, 0x2c, [@generic="7f6e39d0e3ca0b6f75f9b5eefacc924c7df6c7b392956d597d1a5c888adaa77f64a4058ec546f80a9689165a997d9bf107959ad3eabf3fdad3a5b6ba66e4c4b4b98f160d7e0b9883ae0a3d386ccf2968e007df33b228801a44ed79e858c23b681179865ecd3ffed0d7", @generic="8c7ad81efffedda3478428caa4d00c732d27e8cab485bcb03940456eac02a2eff8ccc3d94fd41fb7e588e9e68784f109a598d9549a20cd3562cb4d6d77ee003cedae8dd1aed846c806c3d05124d55e5bf22b8f5849e9cf015ef03e242ffaefee2f1ce32ce7f8c53fddbbef22ccd91bd76fc6ee388acead6bbb316c6a414ce92f374c4f889c17a78522dba6ac4fb5ee376ea4e66399dd5baae61ea4e1d62e9590b6258bdb7fa743b9aeed0cf943e1935f98da2461e0a322f60b260994e16966ab965c0e071ff367411782135ab0c2000b479c1e1bd4583c2583ec9db3a73f1f8f5ea2e463972ca7a0c85cd0e5aab20ff9c5ed22899fbee9b6a498d7", @generic="bb2dae41def5d7704eab3586d8b029a7d2e5d73597997c871eae7ff0268035db286328562a7c5fd79c629805964e2df36db1bb769419bf19c378fa272be26a7eb676511b114f720dafd5f32a91d8936f3797c7f0d2259f6cb26d7fa2ed8a148c75b287687b13d3d4d2eea9bada244dd04ba981b803f59ff5ec68314fa06ff94914d19cbc9e", @generic="b0e08522db5859872c3aee638ecbd148319811671b2fd5ca548e33186ddd3912af2d7f02aa204203a2f3392a04ae8997b91698af245202d69a782e57d69511e76a837a378d049ccb66f6d94f9384889fb2d1c93bb6898d9cdd2069f27a014302669253b66304c0696172ec930b64d1d1fc8b6bd3cb45df60a009c65839a07f66727c", @generic="556a090d460855c0429adcff13f12e916e3a40016b6273279f2e165a086dbfcafa26eb968f48ed0ae30c75e51a6e308944596a2bd981e5de75219f4c75a17a4270cfe4660f398c8423c8f86b7c14f2fb69c0c26ac3129f0fd1247c0ff9f1a86d925b20ffa3d970332f9890850b2fef298626efc04376449153cabfadd2f11a3628f4eb52b9697610396100b712acd38f53475ac319e87c343da31711385ce2b83f05342547b9c370b6c708130e1ebe27da1b31f2d2101d56eba74fd696d187d2f12b1eae0a3f1d906164bf5326b4e6a1ce5186fa9e4229d72f9b2f25d5ad70e7053f7bd34bc44f5613df9fad4db0f8973932"]}, @generic="97786f8b0b148aaa7977cc0f2672c039e3eab91a43a25c", @nested={0x4c, 0x6b, [@typed={0x8, 0x94, @fd=r0}, @typed={0x8, 0x76, @str='\x00'}, @typed={0x8, 0x8c, @ipv4=@multicast1}, @generic="50a210b415ad773e1533f76864f1c7a36e7d340a56f10e79caeff58b11145017825b9416a3a103eda2241093a7"]}]}, 0x4f0}, {&(0x7f0000000780)=ANY=[@ANYBLOB="880400003600080228bd7000ffdbdf25b90a5d506c8d37a7f91cfca1a6aa61a3d57bc5824610d5ab3c3dab22c27ef28b0abaa1d3a9568591da4a6dcccb7be6adb034d6448b99f7bdc8f8e374aa66db738a1313f6e193b707e672f7cc3a3fef4ac7dd5dc3e3149fd848903ffb567dc0e901d0f5a978cdc8363cc8a0bdd094090764312d90258ecc2d505b194a34419c27f822c52a235a9dcacfe5c1eaef91ba7fcb02ad25d7b5305a42a025c68ff3379be580e8d3e8524c8e15de0e5ab43c8283d2fe5dfd8f94580f33db9bb768873d9121740c3f81804383f59498712a4a0143eee3a787a20201ce35f902d21a6a115a1c37932995cf945bdd6512fe0ab4204867a2b34a994eb3114f8e0412cd1604e7f907eb4e614d9a0b96c1a56d2261977f7ef0b803d99fb33443850db99b30599f8d7bb18de99d37a76ce52d41042b198cc650b84f763948ddc8edcb1ec01ee3636fd410a426acf27f09646aaa51b71b2803510014006100fe800000000001800000000000000023140029002f6465762f62696e6465722300000000cbd5e8f498399ceaec7735340c2ea65a529888ce47f85cfcaa2c8ff5ed93cc290c211ce38a56d4dabe56ffabc99ac309b9cb663715a5bd81583952ce91b25a1f0493966271ababae872c91428ad6b24fe1f7c99d36ffb6b8f84d52aa6754d15514041b869040252af8a8d58d06afa67531c7f2901e55aabf9957d68d17b05b078b431c3fd2de9240a4c1264b940af944fa66a7f70900000000000000fe259734c6d015b48946a91152ed2c815897214ab3b2b433a41f5391d6405cb7ff8d6f3bae641400440000000000000000000000ffffffffffff0b7569a3c72db5ecea48f99e05e6635c156cd36bed375fc41ebe41961931ced4865a5dcf9947638a57faa70448a5a164080ab7ef461be07086c2d321d8a48cf7a11a738d8ff765e3cfece09be8a2316e658f6962ff00426ea1f8ca35dcde930769e4fff82a2e1d6bfd5255288a84c4daae74df05dddcfa49f9f622629ab9be513223bcf13ed8fb09a007ce17d40af4eb08f0eb6260221156c21c376c5143631094cf1e34b617da5b52eb75b2cd3e9aadcdad7379f23dfc0b286db49b7265988a0f161a9d08001600", @ANYRES32=r3, @ANYBLOB="629a7050e13609bef95b11e8ac13212225842ab18c1c0dcfecc6cdb42225321ec2cafe97245bf7cb4798531496ed9fb17a505e3e0a1cab057d55f2287b50f7800a9f0b2847fbdc945c8c6fc6599b51eb444e4fb46127731382e59b31c3e0d4464dd1bbf0ce5a6f3fbc55294d4eaf9f4098c2705a11ee8332b6a45762d9504b4539594cd54444f9c8a7225f098daf572f359f6b1e27a89b1e76dbf55083a870bf33eafbe84735690b02f5f0519fe8193e5d8594392629c4723ed513fdbe2e5d8d73d638e4be5ccd3de6b809cb397b4f842c785a740990d6315afdb41075d6f7651405c218377396365df6fe66f5916a2b207187c6487df55329f67fd8999b54784b29bd1abba697665acdc0b66cc665e651904f3a803ce154e8ae28d52ba0e2530e9eee41718c4e7afcbf35722605236778369d252a94b95813eb468549a33971c3a3b3140026002f6465762f62696e646572230000000000000000"], 0x488}, {&(0x7f0000000c40)={0x35c, 0x15, 0x20, 0x70bd2c, 0x25dfdbff, "", [@nested={0x344, 0x67, [@typed={0x8, 0x47, @uid=r4}, @generic="b1e8a28ea05c775631a9966fb9a9af3230276c411e4a23c988fd0a25c67bf741e2810032f0f788f0166098f2059f367b85ec737bb225c0c0bdcb5426aeadb44cedf40c945e1e70fb9fef9dc31cdd3937e401cb6e36b0eee6aacc82b9692c7084a326fcd383b0263f943ab0a6daf30aa0f531bd8f2c80589920b4e29c4fdc63c59f4387955bf80d53e38d875c68368c1e3cccfd5a82923a12facfd7f9b570c505525b9733405d61f513c54daf018117e17f6d9877e7b0", @typed={0x74, 0x2d, @binary="93512c6d4d15d291f7ca25c5f8dea7a13907c0eb388094ef801876f8d60aeb2f8be2933a68ed576d8cfc7675e3c86e85ab84148c44bab3c10467def200a96e2beb4e65e9698feaf9609e7408d36319a7df2d389a0eaafb837f79a4720315351ef989c3be2c6299737dea257e39"}, @typed={0x14, 0x23, @ipv6=@local}, @typed={0xe0, 0x2e, @binary="15c0ca62c500597f3bae389d31e702914b6f6daf69b635f93b720761d601df0761d4fce6071d1c4938a1e111c88ffb7e1b4c572b21e5727f3598ed0f5d16a3ea210f2f159997f6a5481cc30bd2f2ef64b6c66b6ef5cb82401afa33a01b4a7b090ae3138c5e738d4a5403720fe5ce96288df231f56dd7cc0b2a61b5c39a4e5416a3f56de617503942eab0a405591dea88a55664cded6b2d4b4270efb6f96347d16d1bb9f83701b6e5fec88825446c6b6c377ce991c3820e6f508414d20adf12fafe104c792cd9c627cf56299ece99bfa4a679d5af14339c990f38"}, @generic="075ea80c56948eda31c36d91b50221b86b9f12d08b91703e09cde5ff0225f094ed421eee151bb93d0f513a1c7d5e9836c6ee82922a5a64835958b64d2173ed53e3d0a51feccbe4069b5fcc68f51bb69306284b487f1f1faf901b276fff1cd852aa11fbb10b43e01c37460b723b37248be3021666d434efd556624bccf6c97857bfe6fbf815e4db6a94bb1f0337d86cd7004b46784093017208401003bd30e39488f492fb11a3573402127cb10455c0638f8012a5d075c67f37041cde398c07cbf861721e004e7220d0f9b4a8aaa77bd5352f442befaef30a31d08ddfb3394d2b96c803a077d94a86d7485b1f51062bb38a4caa71e6c0a8210498565a4de9fe", @typed={0x10, 0x23, @binary="fec25e08165427380e1f9345"}, @typed={0x8, 0x1e, @ipv4=@broadcast}]}, @typed={0x8, 0x5d, @fd=r0}]}, 0x35c}, {&(0x7f0000001040)={0x11a4, 0x1d, 0x601, 0x70bd2d, 0x25dfdbff, "", [@nested={0x10cc, 0x5f, [@generic="0a51d58c90ec0975e2b8922d7b40a5a89da82c16722e2ea7db0faf5a1e6294339b4699c3bd18d63036f9f02fd59efa0493fb5f5a50316b65c54e91a08df7920a98af6db607ad1b74279b1f8e5278b1e4cef8728f070fdf533cc43da78247159f14b2d6077aa121d5e50e5e", @generic="38a1445ff9ba5c1738896f433ea21114afdb4ac2c5503f39283e7c0c66987b249051c31e1bc1be55f5d16d472253e272bcd415a17a08a0f09fdfccd8f85a468207fe53431bf6ea914276c17c126e5840324dbf10b76f0a7b3a4d3d0e2a33404703ee8d045bbcaf85af36ca3c6ceb3956c86fb5d573883a7167f7acfca8416a478656baf56683c6bccd41abce78fa7c08056ba68593f2db1d5fd4bc71f82bf3a6ba418cc3bc759f60779be520c260127a42cb9932956e3461434961191f01953be0f3ccd20d87454f423195b95349e622c06df1e7de2fff701d364acbeaf16cf5ecaec12bb696024f2d3a94d62c3ab5c178cebc21a3838bb81b233359fb83b2f4834dc3a095d81de17655c4bb64c0c2a94302199c1edfb6542c1c65dad8f9c2144b884721c21197b77abc40ee15a6a87fe1c13457a71054ba669829a14a34cf947711947931fa1a46c115a54b0ffd7725bb93061e3b7c68099290e9e24d0b2300ebd9c99445e6b4356be8404840fac01ffb3c3cb99b24bf50fd89815113b44759a8ce9b685fc033ac5728a0cd004098c4956f54c657516fd8b05be8ecdb76bcdb101cbfcebea1126f6237fd3acc4166590f7a30dd060aa9ec9af084c3ebc8a36e5d0d5f107207c5e0931318dc5c9730c25707c090f422dbb24bfd75f39c4b16a54246f9851aee383f9eb4fdb151fff5ab61f7ff97b846830bc40ff32704a77a5b6a1676e83816b2b960f732e3b41ae647281f945d6353f0f412ac4fb5ea3a5fbcaed7fe79f66f1121baf16bf67b65f0541fe337b5d8cabeb32ca1585f7d681f5a63b0b9a7e6ae1f330da35c6648cc7ce5348cc46a80ab9c3b1ba62403c2ed4ab0c700f300d99893a09201d427855e20d3dc359c8ee58520dc74e7f5a7e0bb1f5171be5b577a5a79b4216ad1a3a4f627032dbd6f167000b0d38b2300982847c29fc3e8b370bc42e3b14f72d8fa5b33b7ef29d02c773dc81d4cbca045276e0c896a489d7f8c99b68f5823642cf1ae251f6cde12e3d298ac792cd73f0fc01dc6deb61812fc2613badea9f3f6cbeded19541c11e9cb8d78f60c98135b25f5dd44a6afecedbabc0d57a7faa7aa30b5871622bd2704480c576c77f602c21152e44955c63af4f1a1e5a9a33325a765a3fed15c1f2aa0bfdca9f6e02f5804bd56e7e75bdc02e10fed4cda1aebedc1788499332a982820d15d2b72673b5641fd58eafbc1ff33f72c5a439d8d1291e06288c484968eb2e19d12e090edc0bdf8dcac2047736b5b24575fa07d3d9a98b5d60b4d893b0013a6160268ce14e04d4b0c1bd7748a9e15c136a1118a4772e8316f10969f6d7e33c907eeec244c7542385425067e34a2c9f265725ef2fe8835fde885222f2c84a684561ab058068de2a4b63fa5f67ec73b7a7b4392cc58d054780d1000b68b73266dd9547882938f05dbe2a764aaf56439d1b8892f8a656fcf1195f236439eb6291dcbc1c6b64341ea2c6d1b7e2b8580cb8614ba141d4c0a091a9e6de9150badcefa85e5c4c15bee309b9b02ef15769f652425dacbe2357fe355b50e56dd92bcd30278c734cfe6defbe0e87c2c148f94ae9f090973de2bc7328924b172d142e91ec75490ad34919fbee0954dc223414566b15a9482f1b2a7b229ee5712109c934f92da30295f30693cf11453746de39eb1cc4efdb087022284aab255e8535abe2bd92cb64cadc662190c3432fde14f347f26c9e18780c4df76175fda83275110d865814af77ece72702ba4c94141809e4301dcd0742a0d28f7b3475b35cdf9ab84ab90ec43439fe4f454113658c3554e5cd9de95975b34e302ddd63edb1b991e356648f5514cd7220f153904fec0ade753a9a96478560f66a6171d1c419d976392af59ac678d49244a19dabc34c8cc24c0ca2198a0a26a4ee5fc89891b4332878830b19ed0d77a49da094a9353fc8c7faa8ebe851edbca8d892b9670934ed2b698f7ab6076ead42d8943db08fbc8987cde106939395168b7472484941e1f426be5258d048a62210aab6f7fd63f6eed9e745f80260a434b1e2bb575ae879e050cbf832a796f17c3586381029c50a9538db657336f53dac057437b95f9b6937002151c38a971744182d753c47f21f792ad352fc421c8341967274636f2527c4293455a04449f890a5b7304cf1fcfc06b0e6dbb4ca1778bb588156364a7d6c541881763c8cabae3d0761b5702ddbc10bd62119ad8a6e74fd50d1ff89b5b332b45546ca9c359bd7ee4f10a5c56c312bf65d3dd0ef2eb79c05d9e9d582adb72bf3cf392991f991b34326f2ac8a4ed3310a86b5941b9e02936464a5b70fb81d7f2b3b69c754f853c621db5b9f647149c18ce9e3cadb2c07dc3f5de4828b1c51d0775667763f62dfa953f9952e22673a995bea88f0bff59e6c0e10460617ed5b4d12ac0a0ed26b4f6f02246ff1431a2c31633b4abc88d9d579adff5e18833756d939371540ae7e1a3e5797f38d8c9581df7d9d6b370b0ba9a241bf4abc6aad690be8ae23f0f60ed81f99e56583c99aa5f351bf3609357b4cca1ac8f052559b7722a7e96e89971994f3dedce954a96618925fac0afe0444f4b7ec2478d7b3186040e2196c892e5d025b6c24538c4c1dc9cb4ca8856497a3883cba7dba552b88c900b6bea7e6dfa362f18a452f2ae8e829ec70e98cc702fb6f54f17344c00067f09cd2fddd1a1370b2d015956609474fa4185d9065f45d9c7db4bc8c4ccd71289b2347c614d9659194dc7e840f723e4e58ee92c363198fc96d065e42595db6b42b6dc1d47d841aad0306009bc0eabf4d2d24051d44e5e734590c17eab729584c5f195cdccab572804882cc86939bd902f3d05107281bd4421320b9cc0a3bc6ce7775f63befb41743a1dbc2ec6632a9de9447d5cfe41c0356a31cc17c90bceeb21496542da778b0dc6cc8ff9101007c2aa61c5b735ee1b09c5730f95304a2a434cf5f92810dce78ab6c38d019a9b51fb537d97bb56c68cb4ad043e1eea8b6fb61459df480fe25a8d19c28e261bdf7471874cfc1ad8a5ca0f71c1e4a1b9b657556448df5025fc953be99ac6c6328b4fddc38fc7304077aa471e5a020e784ffbf0a82687d946af239f9746bf3cd321239b244817075a703f81d3d9ab65859821ff57a5cadcbed0503117ca02d40eed3ac99f535e4776889222d30677ab652d0a2ccbc485f7ee499ee3afa7ae7638a1baaa21debf340a795e17a6c77e0a1191ea83ae36b36b87d677eb3fb672a4eea2ca30167d3508f2c9fb9a5afaffc18f28e20051bb6f3efdec68752c5b531216dd3d70af377c19eda204286561ab85db98447d2f3df4370c3fd5fcacaaec8ecd0913826044cecfdc808da225dadf81ac6045288b110879fb65267a35a6a39577272519164a74d3a9a33a0f5abb6f1d2b40392ce4b2cb93027217635eafafb336034cb9de8a42a0000641e586685d0d54aebdd5e2d1b05df8d35c7a6dd51d47463d10d88d5cf00f308f295c2362ee9be226d9af2b2fb40285c86a75b0eb7dfd583327a49d1eb363a92eff072767e237210ff3b9d26c833b1917bf9e4fd55fce0bf9a2046e519e8b57342366bffa7072430fb3435c555b2181a0d377646db0be023475cf119862ea9c1fd20ebba49a973aca0e0de6f39a7de13473cbcbbb04bbcf3a1cb4d3910d448d5c5fae05eed9fe85ac620361450448c545cb08b1912914be982973ba354d67b9ca84f62fb847ad318a76fbfac0a88dcb1ef5c8bfe109a6e5d7fd2f6d096e07bbbc9b90ab02be6ca0451246637b8c4f4a34b000dbeab5802e3303e38daa6900811d7bdcd66d44dffe604799afd8b3537de790f7a91369f7a8a6a91053798d062385880a7eacf307d3b5f325316ca400f28b1d431fb189097b579861fb28498ca74fd7dc37958c37b3af898bec7d6fd95f3f69e8a1ed2d15c370edb649999cc4b3c35fdef952e3d81d06ea4a2bf52ae43b7bd3bbac7f37449366abd78c745cb592c021a65110d336572433cc75db7421baed51ead9be79a9847493ad61453a1005745647d2436669e9d967e8795889fb8d2b400e55b46411a03f5684e121790ec2235d72d02f9c3aa5a91bd7aa6ea1d53d31b5c3ada15d3650fcba8d7830c89b56c7b850c2bfa298cec7d74eebdc476bf32431c8ebff14d54adeb6c17edf957af14f5d1562866f901873b0332182e17640571a2787c3fb11e911e3a7dd7da88fd30a8ab5d288941557eece35215cf2896c4900bdb121416a2ef8cf096fa63f4da32c9a77ff8ecfb54ab4837c13c7bb4cffbeb3358ce649c33bff6968162f1d6fe0a024f050fefb82c38046cf88f9f69597103dccb3169a29162edf77a71b055b7365d7f61e9a1b196b6c15d7074076e27dfd36d292ce0d2b6a7ec9d1eb283f1e4fb9f47851bbf59bb9772e651ae4815428c412a61c321172638bded53917e4e02fb1910009c626a7215483b2d93c43faae959bc2e081ee9f6f1b792d700d583ef410407168483898005e09a18013adaacfca93840bc77a71d3eb7cabe0f920d4c752d237b6c4fe9a81ade1170683285abfbd570ea78b9a2e2942e76b686ee99b40c44e4ae0cf702d9c5f0dde68850b74adc9d24a97dc2f79ec551e3c3e8f63ae4507daabbf6f8ee1b0403f3285fbf58a82532d7561b40efde94d9810267cc73d6a7a9b8aa3d0c6472482981840c9829b577198ce04b9f5a4286c909a4815001a1a1f1abc78a71d6ddf095310e34c1cf7e690a9f7a8a7a4977003cd11ff51cd1e3254da6e681f06c0dbf30ab64e5b029e5eb9a196657fd0b80ba62e77ffb7a8341887a20bf8ff0b2f794dd609cb64fb205b036c3e7f400bba0ecc2b102736f2d5bad03becd2b3b745c4a3e8ee09e52e122b45fa192fe2f1bc0d940b6ae6bb23b21e251265c77231644b3ad3f50369f4ae00086127eb1ad69edad731c2397f91ea7e1c2f283d44c640d7451a91da094426ccf688fbeb3e05c02a56ec860e3121613b661995093974fd41c4a30a1985fb56d276cfc6abd444d8c06602bd121a76e7d9df698ffbd14527719a80b99208f3079584a2234d9fe2af59072a7696e85856a5e2276a5799cf4d92f7a1b2f63b9f6c641addcbdeb9124c66af13c3b72399bf248008a885775dee4cf47fe0d8bb9dcddde58a6654b2e241c0445c20e56ccbe23e83aaf294600293385276b671f64c3f45555456229229215d58c57e25d1bf6f8533fa8ad99b5a762624a333519d196fd2f1a3cebbdfdf21c48d74d41748037ecc1fbd4cd5247daa343bfa264f680f4b7730cb2e98d9e494f0290f0d0ce84a246091086aee12c2f7f25d8a0bff7c79408019de10a92ce3365b50728a9e324738370c67f14324d6061f33f76c99bbdbf02cceeb255c84aa48e8bd6f84033a5ac3a9a4ae858ba96fc686a17e09403b7536a431ed111b96ff6e6a5805e9287ca333cce3ce82f2bdcd7e0f67e692fca15c0620782dbe478613bba2b133e04259e9e4743ec69d3a6c9bc38da5e199bfacae1b1351f56a5d9475463be404a55da0f9074778702d361bf906c3595c9ce968082353d751afab8a042a00c9ecbecc7110675f5f12cdfe3f00092bb169a8ca41c9a6002f2aa2327d32ca79f435a3851fbb4bc4ac5f0bedc1a0ba15ce43c32f19e661386db522cca5dd895163b3f9ddf79d27d31a3cc42ea3095ee2c632db720809a628cdd087aaf9ccd1c41e6db142f2523411bc05b1c36071a8d9433e7b6fcd45737e312697d335e1e49b2b9ede28bc6ef9163e34b2978ee8f682bcb273edf8e85acb0acc99a06147499eb764b788d225f353", @generic="55e1d6d7b484e9dff36ca3702a54debac1f87ef7d5fbedf4c31d03986d390e36f7bc83548046bb4c663db0", @typed={0x30, 0x2e, @binary="8f62f4b3359387fb7de0f13ba2bce6e0bc9d97ae50a88e8ce99cbdcc18cb530eedd0f38542bfad057a"}]}, @typed={0x8, 0x55, @pid=r6}, @nested={0xc0, 0x2, [@typed={0x8, 0x12, @uid=r7}, @generic="bdcf0260ff71ef2930fafb25e4e2604a83ce3915dbc71924ef2937e27d28705e5758c467b6a74457ac32788fd92257a9230470f3f56752be4f5b612526b58ac190a38235354d1755c4734b11933b7efbbb51e0151f9551ed463708e52ae26dcc8c7c23d91f92cabf5c381d49ecd374baab63593aa628c364340213a60d32e4025739173227270f88123ba4da7d924522de98ff9d2bcc6886b09f0e2f67585f6bbba2046c12efcabf86c0005a6009c98f1be145cb"]}]}, 0x11a4}, {&(0x7f0000002200)={0x19c, 0x27, 0x10, 0x70bd26, 0x25dfdbfc, "", [@typed={0xe8, 0x21, @binary="49df263238892f5b367a485582bd3ce45052b248da655d23d4180b9ad834cd7a7f153e1c7334458fd5a762c39f32af582b3311a17c49cfb7d6c6ba5c0ed992381d4ffc36920cd587f83adfc786e696ff90974190f56f9e5761ef1820500e9975d878be03c48a2655cfe9e72b0bd7dd0aa726d285c07882315e98047911476faad4837f485e4aa199da3178d38f2ee5e35fdcff67a69b6f96da059f526d3cc765de4516bc5b1fb478341d5814da05568637246213e3a863c9e1f17666a37e5657ae230ba3291957bf7c9ac9c9ab91431e98246e9b0bf6f9a4988629c563b8b86f1bcc"}, @generic="6af1632ae383615f2175551cbf0c1214e3dd5e12c5ab29c69832b6c2afc950162d88fa916cd6a8e944ea977bb61834693045b3b0b7c004a2e9fbeda0ac96b7ba4ce5a27ffea86e8e8b6961027a921f0eaed70175b663005b4d8357e6b81cad5f49629a0be4b48a4f931b51e623ca3edfda86ad1e1adc5aaa8051757412d36c807c812abd192e8d411d729a63ff8196b4de1992d38ee2bc396afacaa3d975e53a7e4785"]}, 0x19c}, {&(0x7f0000002500)={0x155c, 0x25, 0x210, 0x70bd2c, 0x25dfdbfb, "", [@generic="e4a91a6f40f4b7686d657e24246b2a84aad32961b8ac5dd9ecd4734be6ff173f8ebc67f1a168415f899ee56a37d59b301ab7f2c94b03c306db6897731c7db718f384bff0d5b8079fd9e64fcd4a9dd10c47c5932488fb2af1f1146c1df5913aecbab1d8d3d7903f410e72f4c58798bc393f2e99e3f9c7e20e779f25d2491fc2a68ac429a9fc4700b65f47d52d2b6e7ca64111beb4d599bb63201b96e9e828b59c09c66e9f08cb5813893ddae3f9", @generic="3457e47665300c5503c80e36bd2767705f18e765a2c7275baed2de9f5643c9b407c10e98f2afa21cf4cbf96eef39365281efe8c225fdb47bf12e0a361e4b4cb918cc357a60bacdf0f9eb686912158e7d7f788e7ee9b4076df9df6454552415b1fef3439048b8b3bb2df78cd3f40e53559082b13408de7ee39a6457a5a97e039150d52b12c625e78abdd4407e44694e6fbf499cd62928032aad76d82d4e221d0986304c25ce1bcec3fbf99bc70267f6e5e74c1b1a5cad5e3ed49a7835fee607a18f39082f82fa9ce26a28cab441226185e4d072b87c1d357e19", @generic="6acf49880a427c99c4c8ac2c59c93838580ef2dd05638713d194a6cd7804f9f5fcaed4de62a1f82561b795a829b6c5d574664b6ec279427bf11b4941bf330dc2e674e86c134814d4054e5dde16fab8811e54ec3842922b709a6d42c12aa3a2fbe3a69c37adcf7340a9de1a62da3b91a5410200d709abe8866083850bcfd37216882cf2e92800ca03f2fc8874ee76608f126e53a3f21b66def3473a496f0c111ea783f10f8efa7d7bd8e153631e19acdc370787f734921896e2808cc61d9fed1b2dfa62e0673ea1b99c", @typed={0x14, 0x81, @ipv6=@rand_addr="8c1986833c29791ebf332ceca1b911ad"}, @typed={0xc, 0x5a, @str=',:+lo\x00'}, @nested={0x12a8, 0x63, [@typed={0x8, 0x75, @fd=r0}, @typed={0x4, 0x57}, @typed={0xc, 0x55, @u64=0x5}, @generic="8f903b75d0b6a0f9a41b1e7c4d6d319f8b9d5c5c3b43d32ac0e0e40657e2a91b73303cf2101c0505bd25eb28e3ef9bfb2d4a0147010a56d162ddc08d8b239843a5fd1c6e7c0c02f1a39fb51e8b1a08dc352fed224db66dd988d3de0a2f3df09d52020f656ccb19573647cd16b6d2dc235a6501b3598e95632f14687a0157ddd672ff77bda3788c5c45922850cb2883c19fc46a0c7851af7085b28609ff30bb77e259f5bc8a6da474265255ffbf314091cef6f731e745cd42b034b54d13ce86817c236a45b6b2449d22af6aed8fdc38a8766b8909f2d07f4e17fbc1ced66bd84c12c5d9adc2e6bf6ad187bfdf30d7652b6e6c59ee026c208f637fae719aeacc0f0286bfb3e4be6d3a5a325a1920d58dd72ac8986af8ca528264cce6d2be6fceb7845b0f14d9597952442f79ae70272b3225b6add5b7d8c8315f875e2480f1e2780190d2141995b0234966d6b58939f877a547f641cf34a1ab1b5a648a93f166769eae7169136900ae98bce1a1f1a4265cb09b16e46abb29f86d30ff4e350bbe1565ed90714ec6d0578dd2b7635ea7f414834273b7668193ee378023cd92cd295aca4bacf06cfcd6bb4059249c912c23a5a0e223f9af86f519639cb3e4122e85e484ea5cd5242e8016b1bc46d3f596bf961077a0e51d9705a8bc3c5c472497642fdc09841feb725d466bb7e8dcfcd1ceb8b35166934ac912325b7bf2cc0a10a767df0f0ce60888f05db8dd9e6ea4c7d66dc9133493799e46b84ea218b94e36fb233521f44202bc247904b45ee85c9bc34af45bf5cdd0197d8a39f6122ff5930f673eefe9fe2883404e45081fe0faaa0c1c1c9a18e224151b49062d88c53cc0d48707e0bdc6f86f2d45c63ad7b1f7c490f113fa0aadace794c18f7dc238839bc0998ded8d26006fc0e61e5958e33dd006ec5f6734917ba49832354e5f4287f6ea9912a0b0efc36873378dec9eafe89aa95e89b76efaa7d9d55f8f1f6354da81ca75a7af4890c4c9de2b6030b26ab7ef51df49859db663ba92af2b1a36472ad36d31968834445eaaf44a3ae48c2770a85804f44615fc719be3e3f8f2c0e80db848b011a90ef100ee3e3985b07bb1fd4ba2755ed640f32bd5caa1926d2bb13c2b4853913359ea45be3c6868b990a89587de728fbe2ae612820a3b74c582355334e8d60fcd09b7b38f844e12f8d642065bbe7ed498deec6b4812a4cef379b9cbc7ba0fa3db4efca19150757b6147a89aca98ff509f4bb5914bf29111ac0c9521c67b154c230fe306263ad8f0092b3360aecde6503ac345ffc9a11f6e7c7ed9d42049077d317c4e272cc8e1990b04e87c7f6e90e109e27f2465148e91f27731a04e10480cfb218164a7886e1c70c054f901de7b11bd94b34cedc24c5c607ee7757604b7cddaf7ec7c33122081e27e94ee1fe8f07309409bc5f2992bcb5eb21ef599022250a13782f94756233c1c8f5215305de99335a2bd77f608a1d539948edf82302660baab6422abec7c5dd8412048fbc159ca321976814b66f8a4c400b43ff9b6bb7b13de16586fc876f25da27f0621ed9c2776615481c6c2dfc904c4e153aec29e8de07ee6745ca6cb816c621e80a1348322d76ec79ae74a9e18931a95de95edcd2144e14e72b5c4f64570946931e4116f7141f0dffd83b073cf023821c66f160cd53939ebc83f18e6288d5d7983e13d65a29514a0634375ce0f21d040a9500775719fcfdaee51aadac869a36ff6313f244316a8ce69f86817ecdfa943f0b99a6b689fe494230cd4e0a5b543bcb87c62641e026c72911566476ee025058bd9b8fa9124f9040338292718690d9ab89ff78cdabe9bdf5ccea7e543a07169d4dfa60499dbc56787562268d288a34c7d316279abfd700f1fb55a1796941f6cf3b52d58e2fe7678217696a1dc30ec715c97feaa0290104fb13c52c168b345b0374fd2ff4635676143bfff478f45b6c22df5242074cdd4a9bc3ffd3839ac1e9e49c9f5c6b77bc1b486d64fb257a83caf1cbd077d8b4b2af4d07cf139bcc8a5e89d1aba203d7bf9a46f81d1c26ba5453f7c85edeba4b326a534dae3e6daa24628403ef1e041f092b532b4b9f12f56c96a0a41505714bc546125e1e3bc87d5fec53571468c4752faaff4a3d15920181309f2bd9feba62be4e35ec42c435c248e18dd0184df969a50939f59f6005273c9a185f9699a0373a31d6917c7bb198f9baee8c9e70388fc400086e43dc35603f56a6ab25ab7c22d8e115549a27ec9517019c281e82f54a3eaed4331d5dcfa15290e8bdca6a16122993b6abaa161008e4fe10b5fba4e4c3a12099708608fdef7055ae194386534e9f3df584b61d58024d395455d1b84db2032f655a9bc5a117acd669a0b23bff8d0f243ffedcff476585d7ba9d37982916a62836499f2e3965e47ab0a8bb7e1979ecf7a6b31609bc72f8798ed3f247bcb229a9a01dba665533dc0c7c975c113b7afb82d9d7c52d2854aeca800f80e719cf60ac616ead7292c1c3e2fa947e1b8ce3831f832a516a15c5939da7909c97525df17ac2376ab54d0b99d12fa1a662675aa3ab4d71528052123b372f28d6eda39d34d926f14f28f24bdff92df28ed2b1a31caa9f9effb2aa30047e523051ec256a6c2b11e2a2a48330d0e289524e60631c0167b03a97844bd1f1bb5e744d637c55b279d7493e1baca0d29078002ec950ce7196ed83eeda3304f61d93a8799d140fa507b357ab4335e237051c6a7d7c7824c3051abb0c153ef31e7c11bc86305be6e4813b9958fab2462caba13a77e7b13a1b914bfb65a5b96dc0e7ffadc8afd17fe0012396b78f0e17df2b48e11609948a0cc57dafe13df1271db0a90bf3b788e78643e04ec2eaa7ac1f9096608759abdc6eadb43082393f1d105dc4a64671e33c7dda07904688247a198b65f67f56d294b854b87065d86f617e1dd50ebfaa81608606d689006585ceb8ebdb442e583978e35737352d07a652282350326b4347d15e0bf4dcb481c42b60a39a3c3f0c5ee3b8920764b6d876cc225eb2a19047ca08154b5d5f9a9cbb786c1a0ae50dedaaa697990b53b4efa4966bb11d0680674924ce8a053160244a625b9cc8c943f5bffcf0ca6c5d7f87d84ce3d33d3afd72b6a6c3a7382818cbb681840729dc169c52858aab3cd5bf68f3a7444d51acef5cab626ab501c1f4638529c37f0133341bfe60bdd585d9a40f815b4133712aa963cba7a96220096592559dfd77616b37f334981bc632cd3e0a503d83da3dde08b07041f4a4e7435ebbaf2397c0f670146febc024248d1da9f2fb2ce3a85f583e2c190c3e586262d6cb0c3b7deab5212ffb157ce35fde9bb628ca248948eb5c2b38179a1554b5e4b7bfc96a4522c7ce4de836daf0d1364646ca4757b9083436c3815a406e7ac9721a03e4009d4200591407a26db352bcafdffcbee6af9b32e1d2b18aef8fbe8a4a8cb73b849f89b3abe9321a55df6e28f4f40a544ed0bdcd1aa579602c2802bd0ef1f2c8a93f7d357b9b509ec81e83d1dfbc549db83cd27b674f82f214ff61f46ae15c19d637bc5d7066402b2cf95838f0ac27687b4767177ad0482b9378612d211ce9e1c8606dadfe9711889eacc42d2c1e9485640a0f33e7ab93ea2929476f9bb7e0508ce93504b5c5c9ea8be330905cf90829700b877ecf1fe5efdbc157bb44acb81ada482c897561d2b615d1bc0853a0c7e229fc26f6b8d8a8e2abc0c39ea1866dd4d9c52fb962a5d7048637d985482de6dcd9b809d91e403114a4a4f8717cde6b3460e32f0ea38da61602a526fb3f4a8965522e7250c0039568287489ebbd1555cb77c27adf513a0c2a6e36b6f3a742231963b7efcc1eff31136861c43add86b825c4e27aea0c27045d18ce2f7763e768cefb07e21ec5c35568a4036bd37c6c67dd09c247c78954ea3989ae0ac5a95a95f2858754c2dde7bf64e9b6fe89a924e699c40800205b7090451c6dd4beacb8f536d59b9d989b715dc84c35d4fc35f7d516196b33db4a83fe1974c4561d1f04ab97a4ca3ad1e412612c4540e50294b08e31ecef1ccaa2db0e569da157316f442e035c0dc94722d92d7a6f77f1b56de60665dfa15d823eac1d40fe71f390dcbbd69b68a402fdb2231629092b2f2ce3f3cd1a64aabe79ed7e2bf148c932161b7fc998180932874cdf96b2546b0789c20a46b4e34ce3a370bb19124b88532591e5df8a54c0add70a9941a64fb2fcabab671b9d5e868fae19f7260c0449981a8197de1feecd26b1bd8d7154cb9397a19167cb796c4d184b32dd75c31c06b01ba3792b4e7c950529aa4adfd9b93828454260861a821f3af0ac1ff2053447dfe37da379357a71d51ad5c4e0bc6d2f2ae3b0af81ae6652c11923ec0015d6c017a4a89a859d52fbe6ab1acd761318d6b8b10e6b1e71cf5117bb38343d9e159d89d5aebc28f98943f6979afb06a1cefede785e4935f663c9abc7ee4451bc1723951dd4027b7a7feed5452dc286366a35d18f48cd1c63749db8b8b37c0da20c39bb7c15fc2d3d15fc297d99c36e07c2908476b2c38aa3e04492b7e91f85ac8400636b3a99ec70a10a339c8c299dc4d31f16f4abffbab95f748a107ce19dc7de193834c99233f555586f9dee4b0bdab10cbb14e8fcdc3ef30dcbda3f53a383f9e28ed6ec1add2da7ee9dd84ec8359e37a5e26d210934a300f7746653a6654e00703bdf977579e9d261db59ffdd236a770882ad7a35d94e27e56bd141da21f97a9c969ecb196e7cb6486196dc8944b41942a3841110679f6f9ab3700004f6ffb113ac620ba46da4092423f592e7991755041722fa8555ed01897452082b40231fa3ad7b3143801b92015237394c1cadf1fc1fdb05b92894e5a3ca1fc92bebfafab052e083f454b13dbf6faccb249852f2f13c503c943e1a2c32c6dc58a829fba919d1e3cae0d6e6a1a99bc5811689e52475c5d15140ffcc120e9c7238996a9c36c6aff3b0829b136d52623c33930a96e2fd362c3886aca8a003d24d1c1a4c5493e312d694b284f448359508a9d605f7ef016c40d122cfc07a8b821e9367da71169acb845300938963bece7eff954ca4f10d1be736b312c870521fe54115e927a41f1314454845b80b4ea7196eb32eed8d023e28069692dab9ce83a464424c60bad95e470d4c5ed42464b46dbadfdeb037e968eed291beefb34424c01594fcdd6f24f794d673bac06ee6a44a16e8e7ad423a975e2ab2e1e66e631a86233951f37e1990c8659b467b90cc5ed4ed3f3ef4d1b371615ba2762412556a97d0f8c2bdf07cd6db0c559db76e12ca51c75f49e8ea8792203d00e74ab05d618a19e2d29118c993a9e3ccbb6fbae753ba34cedfd4c21855f8b0dce61fa1160b25b8414516d0ae795c1855c3c294c9816c007a121ef52869d5aa2f567538eaed7e183f829a08526ca6dabda370cabe281e48312cbd903d9f67740dc9e2fdeddf4b508d6d2ace3931d5796aa86820dfeffe305ce09a346f240c01118748c5d718e67d024718c00bd91a42e3c43ab957a6d26ca9e08406ad368f5031ef6fdba8cb1804101def2063b900645c7b91519e9e14ad38ff63d5f1d261caafb1d2b5cac7e62448e25249e8c96277993f983edff9f70f77ed7b3611adb1d8cd2aa606544c5ee9e42ef0187e258d05b9467f48365b0d8f7a1017c207afd1606242af30d264c28d0772699c9802d363cd1c794c0294aac62690c48d2894a9530c61911375071ce620b9da8524f8e9ed058e23cf00c2d64a509448081cfea5f0467ffff55b95da043a65cb38c70c34c67116081ec4a07e949214a", @generic="3bde7da89b58f572060b7b2cd638440214fea1f112735602a12ee6b24502804557a6c2603487bf31cfc188ca1848d5735c8be9605cf8e6adfc2bc730a261a3c5cba4d12a43ec64b663a3a472b071ec231999fe3cb532eaa17baad50c51eec4c4affb37724fbe37183ef2a86609372e90617ba1067cd215ce436a943267f647810dff91a63f956c2746e494bd8a8449468aafe37a15f0acab1f72ec89466e9816cf81ec4a909c36d0660927c478f3cb9ac76452b22a185e52c8bbb64b4c4a433f62d9655b37adc5688b7d4182a0ede2df10a449987f26d6259e45c25259b8df686549c5", @generic="939a893cf1d1e8", @generic="80b0b8dfdde12bfbd6d395e135042dae74935adbbc655805eba6167332d70a368178aa34a349cd311552f87879f7bda38d21cd02ec24d4095e2643372050ea1506dc03ff8a811fd6f2d762a9ba6acf73cdfe8150b4eba7be8f7f24f0d128886e33777e0837eecfe59ae6b56f4bb34ae39a59759d6c9410de578481a8b93482e11c45a5bef45cbc36fb44c1b20a502a6f5173931693d944a335148e06bf67b4d9253b3bd452d410d94d10829dfef458b23b8dceda78cf7d5d2c6174ca7c4caa281c1549a560a986181b3a981e01d710f2b672606fdd87c5dcb40c4adc6fead7d966db6d5ede25ad64d983fc19350207", @generic="77f3f9e46a9b133d88b153e09b3739c0de2d271e6c437281def24d09c64a0586d4e2d3ea087824a74bbc7bfe855ae5b16522707c8ea3b14e0f22bb056154ccb23fc346da9a3eff785e9521cb474c415e7aaf3fdd30016e042f87b8a120d4740a4302ffe03b7d76357dbf5c46db92bf3510e1d2a135afa7d9a16e61ce0bc44db01f1a612d61d5f015138ca78fb65fe13c4b8710c396b20d3e37c7ab397a", @typed={0xc, 0x1c, @u64=0xaff}, @typed={0x8, 0x8, @uid=r8}]}, @generic="0eea17714b3aca830d6271f908016ec5b9401159245487986397c1c40ac4a1a2563068726d5879dd42f3550847493fb1d3b7"]}, 0x155c}, {&(0x7f0000003a80)={0x18, 0x16, 0x4, 0x70bd26, 0x25dfdbfb, "", [@nested={0x4, 0x18}, @typed={0x4, 0x6f}]}, 0x18}, {&(0x7f0000003ac0)={0x1330, 0x2c, 0x408, 0x70bd2d, 0x25dfdbfd, "", [@generic="109ee571f8154abeea1cff3984c2cab74e0034ac96079115b7d377ba3e5fd518d30591a0842dea21e32adc12510c17b3c48af550261a11cc472aa62155bd4dd3466b048d3cf7e5c3642e5f7728e98e8c8465334480af3f37ace5ccf5d850765717954f80b68bde315c658a81635a2dc943ca5291857c8a88dbb63717c0f3ee1559f0d060f7fdff9d6d909c255a3261cee658cdb2cac0d736171e41c97e8aaa27fa3c222d9fca127bf520cebc08cb77ab", @generic="b9e5016e0cb686978b1cd54ffe198891911f14ccd48004259a04cb0b3f7bf531841f3cbc905c6203bbec83ca441aca14138002ca6c184f760a0de6b8462ef60b5a0010c81785c10ef2dd7eb76382dd97a4c3a1a8ebc27d9abf9d1c0c06b3185ce20e700943a355b813760c741d98e9386d6d7534b8332416ea3b1c5122229a5097275910bd0ceba300b99cc893b149e4da018b3d8149d5cd576f64e009d9a7", @nested={0xf4, 0x53, [@typed={0x8, 0x6d, @ipv4=@multicast1}, @generic="e63af907d82ef9376ac48bfa8ddd1197e301b6e119890f1e5c12c7965e5d291065dff161624fe365b41e11161760cace668c3b6ebf095e9db7afef1648e7f9aed04e07b55155617416aa0d45a4583084acc64017a5728ab6079af4baf17d863ec666886106b76046080f8884938e8a0c78a18c87fe192a93677dbee9c0caf2ce5b0bbd5b4984842b233868079b2e03d91481cfae880e77976979b27aed0a0bdbc9553b1c2f8a1beec1709c454d9d360e71e32ddea3a986fcaacac426fceee832e0c7133eda940a8e54f29379e3fe1722f763848173373bc628ffef6157", @typed={0x8, 0x8d, @ipv4=@dev={0xac, 0x14, 0x14, 0x24}}]}, @generic="2fefee4a4015f0a7be18b8e6893aa5489d37f121b93eccb08c78497c341117528c972599ce20ac348ad8eef1751b7108eda9340ece94dd13046e832cd862a687d032bb9c3e35a8bae8f2f115f6d97b8f29458e75c9fa436f91e1385f2e4ef5cdc5a3a89f7d0d68eab0f5cd35eb7700beba050f206de0e83cdd488d177f42cc34be558659767760a831a7ff0d8822001e2731d3d4ee56e472f746313e9520d7e83397d995688243c1a759c2027b83914ed2961c4c46597b", @typed={0x14, 0x36, @ipv6=@dev={0xfe, 0x80, [], 0x23}}, @nested={0x4, 0x7b, [@generic]}, @nested={0x4, 0x72}, @generic="1ea2d5f45ee5fc4d8d2d044a3dc8a12e47212910b779ddcdfe3b99559110b6ace994f4b9ccf8eb8a51ee8d0b5747c80904a12728f0cdddfa00b0aefe95d7d6b6e9fae6beb1ed443b6877d341ebf14246842100470232275cabed63d0d6614626f8de700e695aac7c5527a2207c470e4f7bba326cd0217779fc883415f479521021068434bfad63d2b4009db078ac069f547580c8c3c98898a1bbbcf139f7f00799ef0f2376dc6cdc9a9d46e8bbc55bc55d4fb81524e8eccf85b36d4194f7b48229a73548877d1986b8829f8fe6bde4b8d8516608a7d3b315fa98d634f1b8e43296b145096b9e0de25708ef4731427b8f1bbc086517f7a5da1afe35feac5247b106353fb4c74aa828acf7ac279462072182570add908ce9d5610ffcb2d34c3f3997c0d4a3fdc284b9965376b5851c2ba46d5a303a07692ffafc341c6bae01cdc4b3cf664e25deb610dac8c4ecd929e1650adb8d5fa2af046732ccfc54b5222c096e8410619f0e22711883c81004a5b3355711037d377611db6c4472e2356deecd6834a1bba7766914b1eeaaee53c029df886a83b845d6fff06ad9996cd024e090784367f5e334d27641d5c98a86170bf5761c1ce7861c643d0f553a841d648044b84e65aeef9f7716141329373cd8664664620764967c4bde2961221d9c4fa895ada5875280a8916e1a0ab84415daf4c17a24c8c44c37d2cb38de6265be91ebac361ac990871816cc0ceed2245591c43ff73873d4d49f33dcbf858d14aad724ae7b445a856021dbbb6b7e5b430b4edb558ae73af52aa252261f7d7f01cfce2fd8244ede9a54d50b8ca373e35488cca185457ed6e6047f2fa2ffa713a26ecf880007e0d0eb459efd92943616391c5751732a9894c8da7ddb20acb2d85a21ba519dc94bcacf76230162caf950c92afd76f26f905d918984706ac560ec3fc52a7712d96e2834a6891168673d1b855d136a64b1788b69280b917d64a4a6a0eccc3e03d4e62b86413298ba64b175b6cc2bb3fbfeeaba35cf6619749f49281eb18ee8884ce896c612f94effdfc7119ac9a2eefc0a2d6e4b1b0940322ad6fcf23b05e18eb08a473ea1b9146d697fc61d2b195748fcee30ee7874e79b80792f661b0913eee72d80fa52ed25ec5f5e1573d28f8ffc00e24d02591436d55442b24dfbef817207cff0a6943785aa2e0ec4b0444b5d4b942cb3f692f9af268ad8718fa7cf7ea7ba84329e31ada7db99abcfa70575f00a5712bd60772e735fa191e8e9855b90e934fe3b928a5e36727423675e774c5fbff7fa85d139a61dfe97e664fecbf7c22ac2d5de83703f944b32894cc569a69081ee66cecae4aaf144356392d0a88a1dd9e9c2da2b774a7caa012cb5ab469f019514d76363fd530e04fed794ab24baf91c2f9fa661ab397bcb624a377cdfda6e70f3cfa1dc9d11e9b8d87933e2bea933674072235280ed7f8208f460820a46fb58aacc71cd5b05f623c2a304e382ab5d0f96619d208ef08bfcafaab16c3e824f7750ee9116769dcc4f4d817cb2c27a243da28834cdaaea8351e00c86c728f0b0fc96cf943cdd6703bd88917483422ff894665ebc3b0ea9c6bb145dfcc6216b0e75e02d59073d658a676126c07a7f29246c4fb1971e8252eadfdefdd5f43861b11ad06ff46535dd8555eff325372ca625830dd695daa74532c0717a3beccb6c7c07a898bce2029fe194f3452cbb94f1a69862be511369e23d867a4b9dae27f9fe48727e8bb4a8526b295cda87d666983dcbe1dfa7da86feb5d8fd4fa1bea89bad68ac8d302fe61ca3412b4e89fda756ed47df1c044766af7a50f6f4fe91f6290ee5dfccdb4b5d126be427ae944c4e484acf3ed652b300f3bf5ad4385ad00f35a75bf951976d87a8642a46d8c862fb260b9c60e7b5a310c59cab165f1b4555b1772f6a11d450d6eb1dad27ddffc2cd0a7f6186de0e35f5f2d46d3c4eae9f9d9a77f483964c35aff645463544c418d0355af5a26127abf56351e9c6769a92090e26244e9cb4f133b8283e22914bd1e3bad3b8eac015889dba87b464b4a46a8289f1b9afc0cc27d3566bbc99e30ae2bc4914368bdb37ed90aa7a7b3fc3ed313185fbfeaa1f1fc941dd41de176335230ab7e23246ad111513dec4df4dc438fe23c55735c667b1e080a4fc4dbf614d6cb56bc56f3e8b10a16e7b68d6cb7814f3a337d8dbadaee7e8f257f3afb488c4a61b1403f8a8b9f75296dabc6d11dc59dbec50dd5ea6a2394f060ef8be3268e37e8a0852d7fb9fb343a60273c6747e54a73d6997fe6b02c352b5f97e75244a42d9ef8819b8a18e63543e566e26a1885f0908c862292ef8ab693beb1596104031304bfba90e5620b7da263af2f4f0e7b0029b20acaae434789e49c2b29f6a42285d0c2e4cc9ad826a5edcb609094ba95873c194b669887ffdf2efa0770f45d837e6997a1e58186cfcdbd09a127f1995aa2c4ecbbff464e5e274531a11dca1003d6c5b55f14ab0423da11c2cbc20dced576e84bcd2b3a13b1346f29834b4d272fb64a54848650c5b415826b2646ec7fa4e19d831726e08fa6e12404f0f5b1cf733a9e44acf3a9affc150ca2fdd6dfb5137eba01a5c7576336e9fa50104194798b3bf732a1bbf3e4e7cc04ebce6f50dd3268c193871ff642bcf995f49449e15fe7bfcfd2bb0771a6f4929012f4a746923db3903fe6df8847cd9c066aa3a95d536d5ae515298a00081acab5dfb46eace6b104166f357a35fee8d3e838a6538ccb84aab29a7bd0d9299d78863e66ec9ff86887d0f845db7da81d2414af96431e64a6b267d41f53c4797b5f3e5c30eb45ef478d580116fa1ee65a1abd116e048c3ddae7a61a8c162568b90d8d7a404d8523c92477b827a3fe764337059446adfb127be3b285774bc73b7c3b0007a4c986876dc7ded9701f826d98215ae916ffe51d2dd0b62ec68fe493fe8febdbbca4f1e0929652fe0487959b9c8032d0c0ef5d1317541a3834da3228748827d6ae151dd7f96d685cb5fe126ef2ffc654b09a6575b40dcf7dfa8af8a74cd3d15c81f0f172af11e33d5075e2501583c80f4dffffd2ec9f74d06f615b27bcf709b23174c722e11c1fe2fb13e423ad0b2ba56b97953b1ea9b49b9cb524313313441f651dab7215f8714c1a5290f55ec8d82e25c931441607706283cfe453ed51098b82005b9465473efe06a2334f301f0defa5a1ff49025c3d02a1fc6c1a640c7e6c40ad02f73e04a9b0e53a596ce2ada9a8a446f1b7b9a9f75c74c28c251c20f27634eb5880a9b7fcfdfc1fd3b71aab25177899271a05d76f80cef1a6422b453afc1108894fbfe2cd622e1cce32cb43b19cf976c4f5c7584bb202af8bc975ae42fea2cebe2289ff9fd7536efde36ce3b1ab11eb3c4d8e33b1ece306b3d674855afc9b9d1a1a674190e6a4db0a9f8870d8d24233b074ad3d669030fa15de651236c5e62da51341a6a12a97b6d49201b7572a03d5ee425ee85ec1aeeef8dbffa1f6fa14bc74c7a3d04d4bbb8307e12ac917d859567d9321d5db3c538c099597feebdcc56c6b6f07b63757421c07b1efe3cbad34df53c8ef4a6c687816ba4e09f5eeb25e4288a05d18bb627cd7fb44fe4c3524cfdd788791f0af1591be53f6e578dc0085343f5a3f9a924d27e27a995930c098b943500f33019c0c51b0994f0648f765f2ce786e975de8867adde7f06cd86698f09d46542765fd59784385874048ce01da7eaa9e2a3f0073660125cef08b4299ac9de12a063c8517232aaa6a1e6ceb5674a872aa156d1d220c65644bf7cf7e61ec70ba47eb1d706766897f091f645c95874424530b002b6b17d695b26ea7f2f7a53340bc675bded5f4d9ef491a298df53f11add7bfc74504bfc14dfbcbc5f6b7947a3238d5635e37c6a42a54b4fc2599d95ac91ca505132ba235ec2f19500e39ccc54f480e7c8696b89d33c4a8f9a60d21fc0244e50f3d577c6c4a5759359b4a59e38da74a11b4481791192e68326b9a426b4f8e80133cb97822a3b2cfbd9701c9b6885551affd260d1c3657fa62bc529914e7c54671ff92be950fd95e14389d07f2177abac4509a82e6f84bfceb44a74603848468c126d283d1a06824e9f16248cc266438218b7535e22641ffe2f18775052e8ae2033a713706e1b505438463ff9bb2887184fddc13a2b79f9132bb8f7a75b06a3ab87f9e7434cc4a5cc0f1461c5c49ebab56b23e0a93900b50a1a695c66355cabc07333234e2bd4c2cdbd4afe07b6f3c0b61a4281b7397c27116b29254be84a97a6649f312d143a2c58dde77dd99df764a1ba54425c81451414025e45771d880eeafa72e5d8d3f357bf013a9e3003e513d43c0ec4675383a09503fb006debb2187876d6fdb1f7233f7801ac4f0bffe61645b4f804571b84ba1ab9a6c7e3525800b98f73f3204ce264bb61fe121ecddc71fa2da67a978e319df4cd686ef909274936636dd627e2be69822100484be8b267507e6b890e7c895e100fa86a6881655feca6ea367a07b8f72c07baadad504519c8e1f9c31d045f7fdfca9872277fa49d66a0b78a9fba32467f7cbbc1cc0c9e7c03801f7d1f9bc0c931ad2dbc4b6ea741aabca284f20628096a33b4333a79d6c07411e566cdf5cdbb918225948531584a92893b08d8fcf9f81ef88af130f067fc6facdb08c81ea6317122365bc01ecea867576bd2acb7a72f93447db27a83e3fdccd759bf83cd6496ef9f552cb90d7ee18725880ad8460f3f00017d42a49078084d5cf3413f56427301d29f42fb9cca3767786f1c63190d19bafd55721bd7d240c923fbfdc65c9771fe1c331dd2431c2d64d0a56c3e3c04c5f7a97307a6d37ec8647be4e7e8bac9428f3cc526fc44d1b49a1c15edb349a98537802c43d2edd7805ebe06bbf9df865e23f1314cfb29a5ad39c10de2141a9a40c2699b17939e2b51e36f49e5fa247900fbcaf01bfa14532b8e70a95c98261e0f6848d1b97eb1b1295a621000a75625273882ab05852327f6f41c2455d4e84522f3d7c21f50adb971996f4b763451f60c24d6ef314d3793128468931e548cc373418683fb205ed983138a38150bac6db24afda1e3e8d62fa37100fba8eb579032533a9d5ce3acce35fcc9a64044546d21ab2a26c82aef281e6cec8d20557a839b50e85079dff3006cf1bcbbcb9da82d221c1943cc90a3e6bd3a3b08d4d0b9b4577339ba6321b856f06972940cc0c2dd9ac8f2a9e1f258ebf73f3a7996de0bf941443b8bd026e35a176893216c093704c33ede470f962aed910fd2b12708dc4342bf21045019d89aa0dadf3ca47145b88e0e2bd89421bae861b4514670c8b98dfb22fb123c04ac7ca4a9fafab7d922852e1f10b3393be4109ecf44998a085f4e522ff32f5956cb3cefd7ede0425a336825ed8c4ae99ff54b1f1250faeb3066987589e098bc3eecb39693a3e6b3ba1555f4206e42cf6ac7a08440b60e2b1b34b6d7e5ff30db5cbe97a3b55766c99db91221b579cf238e3bf761bf38d27e3c3e4d8c19361b56b892eb97ca48f4553ffcacf5be87441097ad9b67c35d8e678245d8c16699cbbd4f74a1b39493fb8ca23550a3f6c9657371a09add15f27d6d52cf02dd9b45344e716b613853327bb8ed217efb13e37e866cf11ac28fd8b084861651bec0935162e7686bb6b40bcf78849f4e425ff23fd6933605ff707f4c7be1750aaf3782327f679f834cdd99382e2b91fb1d38e7220f80d56017c0bee7ae0082a7bdae4c54852712646f5dd600936a8ebd7143603f2b82fb7875b1e4d0f45df4742a8f88a3dd87ca472f8f5b36f40faa", @typed={0x8, 0x40, @pid=r9}]}, 0x1330}], 0x8}, 0x40000) 04:11:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) fcntl$getownex(r0, 0x10, &(0x7f0000000040)={0x0, 0x0}) syz_open_procfs(r1, &(0x7f0000000080)='net/fib_trie\x00') 04:11:19 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(r1, 0x4070aea0, &(0x7f0000000000)) [ 2462.458954][ T3626] binder: 3625:3626 ioctl c018620c 20000240 returned -22 04:11:19 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c12") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2462.540189][ T3630] binder: 3627:3630 ioctl c018620c 20000240 returned -22 [ 2462.552892][ T3626] binder: 3625:3626 ioctl c018620c 20000240 returned -22 04:11:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x6000000, 0x0, 0x0, 0x0, 0x0}) [ 2462.609394][ C1] net_ratelimit: 18 callbacks suppressed [ 2462.609402][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2462.620928][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:11:19 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(r0, 0x4070aea0, &(0x7f0000000000)) 04:11:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x20000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x2) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2462.689440][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2462.695363][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2462.727564][ T3752] binder: 3721:3752 ioctl c018620c 20000240 returned -22 04:11:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0xea, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="e468b29e567caddd4fe53c09e03b121de4cebad00e7e6551e960ce7914ee5177920fa7c6df4c7c7e8ddb28360e448796571bc94f41ddba49bf3c6db95c07119f1348772ed3e84d754a25dae271d1faffffff72564aff09b83eb390d3e6a801425dd9d8f07a21801d4c5aaa53e98056febee3ab0b600be24b26e4b94bc36d277c22774e8140fee0e3a934a5fd25d815ba9aacf411bd1e29ec1fe5e128a87a1fa006c295f951ecb5b028efc18827061f9258faea454cf5ea3220f1907c7d4a828d2916235f6f518be9274c7d04e40dca0ad6f30978a95c93ff1639b429d7099ab01646949bb802f7e8159d"], 0xffffffa2, 0x0, 0x0}) close(r0) [ 2462.780112][ T3757] binder: 3753:3757 ioctl c018620c 20000240 returned -22 04:11:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0}) 04:11:19 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:19 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(r0, 0x4070aea0, &(0x7f0000000000)) 04:11:19 executing program 4: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000040)=0x8) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2462.840029][ T3757] binder: 3753:3757 ioctl c018620c 20000240 returned -22 [ 2462.871844][ T3763] binder: 3762:3763 unknown command -1632474908 04:11:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x3f000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2462.892114][ T3763] binder: 3762:3763 ioctl c0306201 20000040 returned -22 [ 2462.901011][ T3763] binder: 3762:3763 unknown command -1632474908 [ 2462.908664][ T3763] binder: 3762:3763 ioctl c0306201 20000040 returned -22 [ 2462.929418][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2462.935229][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2462.943912][ T3770] binder_ioctl_get_node_info_for_ref: 43 callbacks suppressed [ 2462.943919][ T3770] binder: 3765 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2462.943930][ T3770] binder: 3765:3770 ioctl c018620c 20000240 returned -22 04:11:19 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(r0, 0x4070aea0, &(0x7f0000000000)) [ 2463.025631][ T3860] binder: 3833 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2463.025644][ T3860] binder: 3833:3860 ioctl c018620c 20000240 returned -22 04:11:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0}) 04:11:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) r1 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x2, 0x80003) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001040)={r1, 0x0, 0xb6, 0x6e, &(0x7f0000000f00)="7e7f457fd3c4c0d29dde1fee5cd683419a613975d7c75f949aaf67de157a2108fde6c16361a78ef6e32a1a7749ec7f0e9762014434e5fb0e4d1ee9582ce1321eb02600fbe9833b2b25f70981a28c4ce3677830ae85d4ac349760e8ba2478c41903e2bc2f4b1eb459b50d41a46971d6317b3c2a65ce87ce6f5d2d7809cc0cce3fa28f6b30367ea661f2c68fc9707ab6964533198b47f93600cb79fde06514f95ce61437cc16d7272a8b03efceb06b19840c57a7921b58", &(0x7f0000000fc0)=""/110, 0x1}, 0x28) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x200000, 0x0) ioctl$VIDIOC_G_ENC_INDEX(r2, 0x8818564c, &(0x7f0000000280)) sendmsg$inet_sctp(r2, &(0x7f0000000ec0)={&(0x7f0000000080)=@in6={0xa, 0x4e24, 0x40, @rand_addr="134f1bed57c260817fedcf547fb68543", 0xfe000000}, 0x1c, &(0x7f0000000e00)=[{&(0x7f0000000100)="ab3232e44e3da62d7dbb759a82de7cbec717c79ecff7d11ec05e56310a003a3e8c108eb9175716b2cbb2de90db", 0x2d}, {&(0x7f0000000140)="a73eff9c51d393", 0x7}, {&(0x7f0000000180)="3cfc13d445f755845b40fa9022ec", 0xe}, {&(0x7f0000000ac0)="c20d91f59c7b6f19dd1f4df075c7c1228863f40b6f98028decc546f0b9d5b12917bbca5815e431cea85a8d7f937af4e80617f19da771665f5ccb126f18abce054817283798feefdf6798dc0a37fb939b94514e8551b6e07806680d3c9e4efd3a11b31f861fda6ff0c361e303cea336f4f0c26a6463a57c653aa1185234dd9e99a46ad1a5cfffeb0bda04ae18bf009d2a0b50a34d30b9c2c46b0b2ab29c0272f6e73e5da010ae2d617455adf5c6473d82019d3a29fed3a0069a63567349da", 0xbe}, {&(0x7f0000000b80)="7b05df01786ebe596170b5f4afbeb9567d2c1221bbecf0dd596aa3c6307d7c7f1daae61c66348bae5a1e1aacab1d9f94410434388fce441f2fa9cd7da02604262e33c5d574d3cfdecd24a7464b98884aac34de72a1607ce3e7f541f9ee701eb6877a2ec0996f0b279ddb8d84558eb421ffd167915b550d5cd4c4634d4463af480fad4ff4b271ef5ef9ca", 0x8a}, {&(0x7f00000001c0)}, {&(0x7f0000000c40)="b6ab7c3fe56e09203d9cc309aa2a4d022bff7994d8c1429403214b1f8a95a865767680e64d47fa1115e451a8ed9e94747be6c113b2809ce657362d34a4cfacb8b5fa9cd30c290b037b890a55dfe6102aac65514d6dac0cedd8f0a8a159aed52b0d8fbefb122017b2687c8a4c6ebb815f8bd8a8971f87abc6d0cee4d005c3aefff3dd4b6e0541d25828aa427e366e98127dd3036315d651cd138316cbbd0f039b6d9d842ed5d947dac94875dd0c2d9c8d639584eabdd233dcaecd78fa604856e22176607108a6b71d1c73512501c1330b2828f3a58a69fe4cdbb8140157", 0xdd}, {&(0x7f0000000200)="b7c2b8bad02829237fb48d5837331e8f6677d80fd05bf25f2f68203d5c815fc31d54a5a4790eb1e9", 0x28}, {&(0x7f0000000d40)="abac9a4fd96eab47f8affe4b296e2d118acbcdb3b1f7376f119665ae07daf3da20d1b3ac632fce8c64171cef549f9477cb9cd5a5ab65188e337a12dc67f9c74fd802aa18c4e0ed939bc2eb91a3df86c005e87b7b617931b7072ee6b275fa148ef69e94bf894b93af986b02e478956b4a2e8262ac43caf03c4e1485c24ddf2302c26f9f6719d198ad4a59101bd606406a421b617ae9b5cb03bc26d9415df7c51f183db3f741f80ead325b364d9c88bf0ebd1a8f2e3ac7", 0xb6}], 0x9, 0x0, 0x0, 0x20000000}, 0x80) dup(r2) [ 2463.089428][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2463.095264][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:11:19 executing program 4: ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000000)=0x0) ptrace(0x4208, r0) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0046209, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x48000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2463.177661][ T3888] binder: 3884 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2463.177694][ T3888] binder: 3884:3888 ioctl c018620c 20000240 returned -22 04:11:19 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:19 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(r1, 0x4070aea0, &(0x7f0000000000)) [ 2463.232636][ T3922] binder: 3913 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2463.232661][ T3922] binder: 3913:3922 ioctl c018620c 20000240 returned -22 04:11:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x48000000, 0x0, 0x0, 0x0, 0x0}) 04:11:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x80) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) ioctl$TIOCGPTPEER(r1, 0x5441, 0x5) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x4c000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) socket$bt_rfcomm(0x1f, 0x1, 0x3) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) [ 2463.429665][ T4010] binder: 4001 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2463.429676][ T4010] binder: 4001:4010 ioctl c018620c 20000240 returned -22 [ 2463.450805][ T4012] binder: 4007 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2463.450821][ T4012] binder: 4007:4012 ioctl c018620c 20000240 returned -22 04:11:20 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(r1, 0x4070aea0, &(0x7f0000000000)) [ 2463.489406][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2463.495219][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:11:20 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x4c000000, 0x0, 0x0, 0x0, 0x0}) 04:11:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x10000, 0x0) r2 = semget$private(0x0, 0x3, 0x10) semctl$GETPID(r2, 0xb6b07265894e93dd, 0xb, &(0x7f0000000280)=""/206) ioctl$EVIOCGNAME(r1, 0x80404506, &(0x7f0000000040)=""/1) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000080)={0x0, 0xfff, 0x3, [0x3, 0xed, 0x6]}, &(0x7f0000000100)=0xe) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000140)={r3, 0x3ff}, 0x8) 04:11:20 executing program 3: lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000001400)) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000001480)={{{@in=@multicast1, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@loopback}}, &(0x7f0000001580)=0xe8) syz_mount_image$vfat(&(0x7f00000016c0)='vfat\x00', &(0x7f0000001700)='./file0\x00', 0x0, 0x9, &(0x7f0000003ac0)=[{&(0x7f0000001740)="594f67d64a8e2189134ae8b5039e7779814a71710acba8c7e7e3d1ec550ae46cb1f53581fb7f8e1a3e8274e2bda4e68533e381211fa509bede3a61e2e502d5c4b3800b5ab0d31fd304ca362124c45319f2e0000607e5c37fc079c175f0a09b3067be879ceb8a6dd1a80a664988e3241ea90a57831845965a22bf8cdf07fd17914ef8a52bc728ab19ad98071faaabf674345e76c41077b789d30dbbf403f79df16f625c6f7e63e552bc74858fe431d71140c44f5ca6e462245d80c7183daafaf65a2c4a49ecaee64f47e2856db0ea9753681e9795f6f4c50d1029140134bf4b7aae30b90ec0a702150d4908fc5f04560533f131f469e7470b6c5bc48c7d96716be306b717770e92e0e11ea292ccfe707f0e0c7df94a2eb6b8bb310ecb379e117a79b835b564c21497bca0434bb8a1255413b76862f0f44204e95046268ecae48514bf16b1c81e16f9a977fc3d966050e77d65c05686d8232cfec2889465da6900fc7b9641c6a6436b6f09d0f047d13499a491114091a0cffed7a2c5d1877ab7f79a932d34e2c86590b3cb82effb0750ce8c3434f87c960aee64c74350159e2432525eaebfa674a8fbafca7ada0e1291c4219f8dd9cd05f70a4ea962cc9daa13800d70e2922309c44a1b0f7f1799fce3e98b374ccf4601de7a6f88efc22accd6ab9cc89835dc5f7cac12bb98275a58c96f6228241eded45569cc4a42cd093b633608f22dbd8eabe849b6da5173cbd98bb4c55ee162ddcd3f0295c6efe56c035ecfa91ad54d6e81cc74b2fb74efb0fbfb67b4068760f3085db8bbd7e7704b560105f9370cd7cd4c48024654fdb77603e4a9a20590d76b31160769d981eaf552d2a936e53b0be5a7613777e7778c33dc54eb4b6deda10c6e6d2b4e40f625fb2b3ee68fd9120cc020ba0d804c8483766dffeada1cb54dd9ec8743ca14ad67f2d1cb044f978ee5cc9c6a0fb99ae9671469b717135364b5a56af3687470406b7aaa43f883a83c79643bd7a015b5f2ebafc1c8bc8a64f3fbd7ba64e60aa8ee8714b08e31e1316213f7f11b8c1277a8996d21410a0a128da8ac93e950bacdaf9b1ef84a38d1bf98a282c32612de52d927ffe04da3fa584fd4a1f0cf46ca7df28e1dc5cfe6e110a8ce10c41c87e41b339fd00356c6ee40afcc41348edd9ec6fca8aefc76aa986d144808f51e6b02c4d44774a15c34f62a2c75be1558b45d0be17b4de76fc7b05a1d07e6fd12f7250b6c4de865d1e1b6b3de86399b5f1d6886b2af2a4457cda38123516421052acb928caec72080519ef73c03010324a35ec772124d5bf314aaf0cd7e6cf0e631bac65144c842b849690fee15bdf0c969d1422f4e427e6ab493a9952a5be9d563714561883daf43e78995e9ce193339ae42db86796567b86350b899d6c33d4a17b28d97ea8e647f1a661529dfaa02e07f5455c7be3892539469b8d2341c558e991b34a7bdaeafbc6bd85f9865a77ace75bb411e76d112615a14ddeb72de653beb554a948b8a00af5b1d2ddfeecfef3e8b0fd4de5e6ca7aff38f86758b2cbee1a09836ed5701776bd8d3bc8cf31c5e5febb54592dd82d8d7652624e7ba20a65f0e8eaf7eac54d89c342692bcfbd52600a7bd14f1d85147347afb8c004d07060f1119dc7563aa26ac0bd32be1165ac1dac102b303d705c8257a89aace0a5049056af75b7ee816310495193ac838b082f74f0b3cb146969becef2ea51ad3bc1f27405048ce622b9669b522804ba199c91424a4676b5cb47b95d2c19ca2aaeed340bafac65efce765519380060573c34b80152c5ff489bb5a69ceb1f5fbf67b151199193ebddc28efaa67e7ce6d779e10bd03095ba02168f1a8401415d8fca17e1ae32bae2dce379aceebbf08d8c32c424c469344d1a93c1832908c8040d6e0ea7b5102b86e4b7fadb2b9061c2f221f160f9b6e47d10b4f4bb03d986b5f0eb743703e3d8e6c91becf7cd2bd75f989abf0ed298c803d9c7223bf7d44ce60ccbff1ade5c3f1b4c2dba80e22bbaa58428296e3aed71684235f20d14479e873e90c782cdd86d6fb777861fd1ca4b5208c1fa8fd6376d8d7cccf86f9b4f03741ae36c2791d5b778999ac687ca2a30d2b546f1c3c8fc702f8f8a682640d3645d1afc39ef3e0b73016327c34cd34cafe9fa3ae12779f826cd9ac57da7afb844d847163a97c3bdc7da4bdcc74a3d2dea00ab8e6447ee2db498c005b92a33d117cf9c96174732f486ae3ddd1abd832d5fde3f130db2c5dbfb1289335f0fe1fa358df9c007759fed42b2e600ebb3298a6b65febd8c06ad0a6ca76a6ded3411b71d8514c77adaf2acf16057fbb0cb7899c30d1068985b82c805c043da31f2a91b0a8e8d7eee7dc4273210cc89d217fdcaa23bd2fbbfe7cbcb9a15021698a9c9da93136850163367be4c56d869bcbf9a50105dc8f476c64e22218b37e5050c623408c7041337eb78c12f5852ba56bba1f46ac3216d4366a37324d4fdbe0e0e3782fa45a335b7f2e566b3c66a21f538e3738185c2c719e60f594bb071cfaa2ae57df9808efecb37d6ffb0054efde5c7093354c8635f45af988778dc43b58b863d177f874c7d70d85ce2baaabb897c548c5bd5c1e929276991897b3c79759667e9ace77a8d2c5709526231dae0ff987837e25a9cba2e8808c855ec8b5eaba778ae48ea1acda00ea5a840e64a79f96883a29e9df50ef5c35b0b88570376d71644ccb9e742d7285a369e4daad2b3bd7720ae999896b15193a2e6f8745ca49e1cfb20b5debfa9d1a374f7f7527edcfce1b43a2bad853559b10fea5c3b6d1bdd24c089110601493d2b8aaa1708ea9714dcc23849939151b3120a7440c5091f84f64e9ffeea678f208811b2e29e60f2b83ef029e2288e6dcc93e2d066cf060c6c3f0970720ab0268a59e7be6cc8f33807df7be530cff252798ea17f348d2cc2475d71060cb77fbbcf76d7754ff012670a3d55b06dea34de3e4149c4cd123a3523bfbd37e0b8f0ce13185565148aee543cc269b48986d1b56e53d0f1792fdc906ea738208ccaa1b2f4b65bc69030286815f5e4a68859959931f7ecd36cd9b64033139c54ca5e3a8b263d065f923694d0919499622c982665d4eb20128960241602cd591ae4278266b8c7338029ab5a6d805146858c1bcd6d35d8408f649eccdcba31037b57b0b24cb034a3acebbc8368cc98ad5a5c2e2679e198be42afe75cb4d90785dd32d811104030e631b6519192e1acf409323abd634f0853ed5cf790779b5208cabcf590de73f00ba11cbda77fc91bd95990dfc3b4ad509809dff7f0e83d1441bfee07d4058a550762ae8cefe729030f7570cfd8ecff361a5aaa24fdd0751864d8bab39d7a862126a088938c6c2a5ca330b9767bc7e80917beb0c50cae0e57b7d7be1a05d070a62ac0a18e7eca7625a07b85552df0f8944ed34f6c83ddf3ac22fc161f96030a0a44df8e07954fcc879ff83a8c4753a28fde8fdaceb01a67097e4649a71542ccee4d9244644123ae8b053b7580e1b0eec19f897cb50a061508ff9f6f96e97d7beb808175af18b6353de3a2194cbfb8001b403bf3ef336a7f116557419ef55ec41826fbfd829b1a2bf9b62f75c98962b3e317dea612f62fafeccda9e7e1e48f06b3f04b3fdbd49d694f9c2478423aea9f83ea57dc89c974949994fa6f9228f0e027faaf12ba8f15b50f4c8b438f69972794d94837b7ac64ed67930e5fe85ef96510f8fcf90b17a61f6542570139116a0e78f19d7f8e9fe8ab33dd253b799d0611cfb78477b3fd048d8a3cf8a7a06c8f6f22156f5dde50c627f73bbd230500fd67d0199ed351d39e1b496c90e65aedd44443df01f1c83cb8ff79cf80b13b5a6a6c07f4e30ab922ecdcd0be07cd2b5c73969defc6c220f4bfcae6ab81f61743d6673a982fc9951d1ffbf9af87e8f5301b6568beed5b2bff4bc9d192ae0043c7e5e5167ad27298bfc4ff187381ff6804da39e42ab05c2198add78514aa4708204239e773318a00708670f66249c5a55f2a67573354ea0ca88ede7ccae3d52a8eeb2f4320c6046fe2961d41e3e118961c0a89ae7aaa866f7f681d4aec7f5364afa9c80dd69f99c94a9e11d170d5391d5b9e01b90e55f48982a308183fff4c9207956a1a1a1e4b16fe68f4749d6df4ff3e3a56a9d9877c789c3a18cf3a2af07bb5f6e46684c3fc3db579c9376cbc8d0be20033823ab3b3c13248a67022174483c573f57af457957e34671592aa88f72cf3326383b6a5a80767214494b86c11d30bdd29c15e914530eb7ae57b5230e724083c7ab61dd78c4d7300cc2ef5c5978f083a25aa483cf4f07bbbd369d9cd2a47976a65c396459122a326ce7d5ebd2904bac1b877867f14ad454728dcc08a2b28b90f13d970eff68416858f7085d1e0af12db05e7d8b903f2b2edccb22ed43094d29f066f7f24a537ca61a772a935801de4d022b0aa682d2179ab51d36a5238ecd7539cefec8ca29ff8fa7adf7b58b72d9c525202044e21d926fbf2943ca831878ca7294461f698149b92f2997efd002df02e524158ec420b8e5139555a8dba5a02ed9bbdbecc7ba8a292d16c35cca4dc0557213c8f23cedb7741bde8d7234065edd3ecf70863e63556df9af2b7e602842305021b183e69a51be4ab818d501c8e626aff4f30ac6fa5f7136211288535e811701c8454e1396fdb8e5a38cfdc1085534c8df4bc3a0531a96b3592fa8b0884a203625aa6a10ec41f8ff77c852be87588515f983e4890195d102dd46eb6917f0f2049abf94a8503a4127f3ef87ed710ca8843b4d533d5034e8ccf6f502f17f87ac7a57131f1bd64fcc98a2b0498ad84e82ec45d710699c5cf4120767db16a693f114b1021769d231679e0ed2940fe164803a99556ee4ada67f578bd8811d2c072bbea4a1a76668aaaa8d4e68a97931c3889ccdcfbef5bb163ab9c15d4bdf25a03dafb725d4895b636b46452317ed9f07a07102f8283bd518e7f59fde813c5580b47ee0715437ae4ae5b542850bcd530ce79bedb9294a705df34b3e5bc8ddbd27546d174033cea151fc04adedda58127f84502474818b26ba871fe7c40146fe5f958b7825c51b83998cf0dd01be1b7fbb7059729005eb865e56414bfe8970ee442a222be2983798b84328b800545eaa9ab79e657838587f814704164f49ffddf5ae0328bf1da2450cf11e6a92c8a66bf62e08b4bc6d324608bbb46e8e82dad6846a0a64adc95a3df0ce82de0f0a8ea137852eacc0017faa3b8a5fa76bf09e010f14dfb824e6ae0fdb824b79791b8b6a55f791b697ebfae30fc521b8e2c1aa587fc6b4a67452900c55cc57f06781daac9bd90bae7feffe88ea0b193efaaf89c7642dc09246da45ce45d81039696299b420f249c400dad580677a0e4c32560ead55f20cb07c7e4902557089a1e6366d7eeb0110480307ed58cb7f12c809b7281868f1981917b16e429ad666ad59f908a4db9d64fbfe632971f1933b1c5b61e75db00c920bf6779f3c45a90e5920ff525614f41f1636a892970aef653b4054b3dfc29c80e3b38bce563766ea911411515512be8e4eec5f70bddbbf4b4d124250f18c2d53b31fcc59743e08337cc14c0a335b9a638e4837caf00ff2abc8ca79217e933b20ee416851baeb637d4f2e5962aba993502c0b6236e3f7a878407b6a9a1217d04fa5d6b3c14ab0a868d2016c99f9db6c0c8bb6ddeeec0167d3bfcb7d276d9daf8a0dc5e8c22ff08919ecd20a91ee479fc716012a88ec4d9d64e9ba868ea1dfde97ea6b6643802bf5c877f5ac88d236f2bfdb6e7139603c0f32e6ecc55b", 0x1000, 0x5}, {&(0x7f0000002740)="6351c412c435dff65630b9d9f49042528787299075442e954f8859597dd55036127356a6d6c12829b5f3454bf94c3440e7fc2f90e76921febd79aa820c5f49044ae4930e9c53159867336413c1f5643eb189de574daf925b10b0ea9e36b31307e30a49cc9d4c0c2ec20c62e5a0e4b80a53b8ca7f533106313b4f5e7ec5452680d0833437aaac1d2824bc3531a098269ae8d201f07acd982e365759acbb0f4aada742d416120b0922d691401f840b1308f9ca066416f655dc421e63e5d1b954111adeba8346e3c9591f5ff2cc5c4a0e4493fdba4f3084dd710ba0032657ebfcaf3a636e9916dd0445f1e49871952ed6664a53464dadaa38a0040799ea98332dfe7e8e2c94ff9a67c672f6e7c74937251b154e5cdd50bfe469bebb5d796c3a6b8820cd5f3ac9dfa6c84a6f7ba31e7db026b779ed65f3091737d70be552fc76ca7d433c6cb931cea08f7da87bbbca1067365d1663a6d6a60a3eb1cf25fc2cd8a7d3814c604404a7a99bffeb4d4f9a34173c78d49e85e9f8aef48b7218f4f0965b57479862d9d97431588850437d94fbeeb818da739a73ea01d108e659b5155424f5f02039eb818edfe9834915e7fba76fbb6b83021f64254e5a1362be94d2a4d86d7d37d339e0d743600f9eb9c7731af11f012ad1664c115cead8b39a12ba9db360fe7f60389e5ede3f1cb5335353634e3392310ce7da92489f5809b4e8176be198b0fafbaf1faf17d29adf74a5764f101ceb7ff60053cb188f3410a671d50e20e74b06d775c923c97557055b24906d65f3746e6ac323836635692a4e128d8ae4f4a7e26fb6dce9b59f090dfda52e6be803dd804c9f9f1e94fb9d394433f0e79dca88212828dcb69c616e6aa9198d6f2b2e5baadcd588333df8235945cb25eb6b29b0cf7b7546112263e7d1be124124d7425377294a43fa73eed233d250dcdd00399cace910ed898368046cfa1aab7a93d57fcf77869b14eaef996ee84b9b0faf53c5b4509f6c7153106776485e798bae2b2547b7266be6097eaf6d1d7e0d999bc1a336627c12693980a70de53babe0379b33006fda05378d14977662ef639e11f57667481ef3e3b51e30992939f32a73da62b65e11a5748b5af1fdc5455fcb602bfaa6023de31c2537ef27dc03bce453b3e5055608faa695d5165a2cb2108d1c9f57e20881a128c95819029be34063f02e47ee2f1c61158abaa7a2f896d85b6966920a144c3907e506f284018d6b1503b319e4fe79e7c11f5b1ccce41554f8f74cfcbae5a5b52ffc87689ffc6349d61122a39d346f7e5e48fa6fcd23ba890ba21a7fc0305b18e38af0974dee9c6044145d4f0052c0b6f8c73538296927f3524e1422df137c2d44afeadae7be8280b34c2827643a39981b65df83806b39f5d4e2f5c48721909b9c3e91cef3ebb27afb52b39c16d0d567143b416700c3fa90cfd628bb6cecf169e420105eac5e5d97d3597c797887ac44423ec981ef2efcddcc97f11236f03fe9e9d49bf9aac4385f51ea6255cc0c4e4e3f07fdeb893a96a16f445232453df566d8e6b18b4aae80165ec0afd163cae214e9c72161ceeab24e21fba128439d4fcc78e7249a1b486ee6e97855e5880a67175197191699f6d69c8bfd4fb9f059c89cb137766077f07483b9eb6bbb667e09291b6466b2b7b18aed2dcbb9051254115934fe52076c735125710f809acc5fcf79addf2729dc80de84fd0f9c7e78282e765359369fe242f6961f80a9bfffb59cb06b3dd3431fb2e36decddfcf7a3d9814aba7f4db14192ac5dcc17356dedd1648a0e8b11c4a143c78f7a35ef5f8626be5eea7c3fae611a6e7523a555f733f2870553d3b97f46f8fa6c46261f31c918f41d9752a53fc94da7878cf7bd38c95c5b25f26784091628d2d2fa138e98b7481fb887c0ae0bd0c5e577d80a7752a220432cf4ed7d28ed39111e275437171982bec5c908f7ba8a08deddc2fc5e58875543c358d3d9225f61a73a461573fbe7c6ed843d898641f39cb2baf03fe2540ff9546e31864dd18d2a01019f59434ec3e81f31f3747d694d9af1edde5b13a7352fb526e4eea6f400034bad8fd7a18aaf1899d75fb3d1ac2b6aebf488b028817cf110f096ae760284f897ee8d6b7d63a5a46accadf2a6724083fcba7f0f819a2c1358df93b4ee1ad4fb1bb700e697f69d48ea4815ff235eb23da30ca4d785efb146ddb62620b56917880ec1c338c7340baf20cbb43daea13dc879adb86f4e836b02b00f8377d625aa02437c6982bb455a59f8f864843678f4c8a3cd25aeafa5698daf33f3c927afcfcb55b54d01c6e43e938a284c054b29864bd0e478a3cdaf9fc6c600039389e6e986e6aa74b30f9448c63e2c98f3cc83e798c1f825a96a3f0736142c8b3b74107b893d21ff42712792055f2c54e311977f0e405fc24f2ba718a5fc08f814d54c5400e913e97f84564584fc2d0e0889c23d6fe93525e4bc2a941630eb6f79ca6aa3010677f1d76919da458ec1270c0feef3f97b51daf827e3e2aece863014a55d23ca712985381594ee3e6d8cdee5bc5b8d26218cc6808163556dc297273d29ffde91c2a11b4156fd18e0bd30105cc097ac0d1e2d426df7c6eaa8608b098881ce542036668bb567f25dec4d6b8ed02817b857600f939fefa917bee407847549d7bbbc581d03150d35cc27eb9ab0337789c93e40785aa3f9f9d7c698defb0684912280b8170a97d496c893e45e53a9d35234900e72a232ecd8f1a4eb31941cfce3acb96bbc0bb341228727ee9bed3a4645d56000162c77951448d6315419d20bffd0902d67b3f9674529d76bc610f0cf605432deac1047d80bab88485400e72be823e4a9304a98dfa3f0829b6d74f5babd0755bcf7b6d32c79122fb4bf4874dd9c19f4fa1baa1e46ebcb01e0c1faae7df3f815b84f8598e04ac4a365517b84dabd5fd9d4b063680b307bee45224bf8e95469ca854b5143c2d3ee28d053de875f448f43fbac99bfd09c6b55740d7eaffac25150dbb6750d4f9405b5cce0207debfd13d30e61f52a958df20106f906a7d3fc155fc8fdf58805bf7ca9dd12ba659c8e12d8ff04b022d804a9f7924d1caaa7c15a9c2e7086581b409878a267d629ce7d55770c77f45e774632ea9c50b6ca94f1ac4f87906abb58aab0375ae26514e916102a164e17f25bd4a7d2fe7e5965fc914aa175a50b80a9060cf0d76f599ad7b8e63add535f1fdc20d1eab4e148cd6b1381e4ddced9b5d8e7da04af26a9e90535474477bc3927fabf7f725b09a3590c5dab5a54bd6ad6c55f90c809d8d6d0fad1f3e128a1cf09ee25cfc0d1745a0446172c480ffa952092a047acdab49b16638d5670417622bb5d9d187ceaf860ed75523d0a94d6a4c0a2b24b3adba421230d1d8cc27960ef8aa13ed27242aac6ddd879243460d5e2778eebfab5992d3730a7b28dd800e33f4b851da039d9ee6e7afc499b30054171a8e9c2ac09839bd59d78fbe29102ba26ee4b782ce6e43138fe4087d5b6879f17e4078f0517f121c6ffa250ad056d8aa577f125d29cd10a16dc9eb35551a370f110eb329b40b0f984ddf71e1202b9803ce0177199f04f2a192ced0c49f4ac7f854cf8cdc5bd1b48fd45b017cceca0e9811bd85f0fc9a09c61f02edb96475ba433cf3c4395b0c675dbae59ddeed8c208b6d21bef36fc8e1ac9a6304f03d28e39e9a7159aae1814d25b85ed6afcd579599375c48322e21a4ea955d36ae21367f7494f346fcccc3c326d3e8a8f4738253ff4eaab6eb42bfcd6539f1605334512fff9cfd565e137c4bd2ea09a3753f8e4c43eeda809da3fd7e5262085117d12235127011e7446718db875cdbe8b8c97dc9e00424455172017024bcf5fc94bbd4878c77582502ef8c604ae23fc535ae3177dcaac71fa910c11f8c89afbb7b075026213aa366dceafae8b6fb36ab08b54555493c915942a2d8dcca42c9f52bb407340d95720afea3c582554e7aa4284556ca1ddfd932ab7610dd11392365d67537c0ba4dac6889669ac05b04a063f05ac9672978fa3e315932e1fdad740a47f637dcd8860d827e00e6ce8b4a15f1789e025ee58c5c8e68462f95d9fc7986e4fd9a4520f6b5d9e87d109c338af8b1aaf5acfa11f440eb3e128d5e08c799b36e99bf59015b94a3c37bd04d2a64e700ae75be6e109e8f5a425b3ac1ec175b8c78062f27ae5d18eefb6b4f472fb8aaedb81be89460c849f36f13069eea5eb20fc96216d815fa3f5908ff3c5382658edec8cc51e370268b354c370a28de1879c2088bbb9f9f458986caf2a3a4828704c8990b05941ad99c8d6a7a89d1d056cfc06e19096c6fc7c8bc19eaec9626a1c2781e3bdfa992e24d04c95ce6e9024946f7ff80bf58386e58c9942a982d4d1b5e3e362d4de2282960098246874c2e24efe5b90a91d878382c23e23c68db3fdd1f652a638e3baaea0d172182f398514a1ada80c3660aa3a50938da4a0abf7a250de655af0c3266ee7cb6c67286d6bb3678a21620aff03705b87a464a89db08fe556890eaca3ac6230a88139c5d8cd79d69d74dc7594d0891e82a4bc3a8507a4afe0b49cf9bc85efa954b0d2d0039dc8cff590eee9b5d39541f36c022e62d62c307a6734bb60626c0b12a9bb8cc918d73d5e20319ec51707d8cd958c882dd12d7cbfef196d80f8e69c6272ac860f6169ad81c99bb3028043cb0d0e48356013ebc4f7889dbe2f970941d1a3e2b5b01532cae5733f2b35c10fb075fe455cd31cb421e8ca630f88c030f8df1da553a14b6ecc6d93596536f2cdb903ce48d3f3e4754cfe89b0e6fdb0509817ed6cb19231df9c24b1931a78bd12ce50bcae70558d6cbfe331fd78d83da7ce7b4befb172bf8ad8ae46b9d7fb6800347062d5132e1eb5baa690cef87d9693143e9d3893c87887cf89d5ed8c7a2c0c3b588990a5ad8c6ed8ee27550263ed9651050707b69725ce3d1d2f8e404ccbf14c47dc82dc933b4d53eaa5ebbe8ad517a3f5d594d80eef4fc86664032a4c751bb6484966bf5e6f674847467c187fcefffd7df34938a6ef47e5433f520be765c9748c1827a0f90beb1789028825f90f04e302ff3fb12306fe0bc18da90b3f8f3bfed16196a7eed66d20b672395d63382ac205386fe8e9b5a4514171851d087c18c8658f48df9ccabcbb56fe44b2a7e48b9590ab77e6f0f9507153e01a47adf92cdc5ab69b3514fc4e071e086e8eb3a7e1e31be68a1c017a22dc3edc3cf3fc5f233467bef4728643756dbc101a98f97efe01cd95ca4ad6106db4163739eb80001955536263c647c54a7d22300ed14628ccddad70b8c92ac22d1c80fa5db5ac9e3e29dea9a7b2ad3a76ada2771f5167bab3bcb8af04f04747a2d7744cafeac1fa309f475a7e32889dd4a6527510a7d6afa6c438810f3e8cd74604bc24bb11e909ec81a13a2dce404b9e2799e0390e91d60e1d255fe82a3ec1dae1a877eb3ef88e51f74f052da28750367973f6490a6dab9a4ea78ced5fc0c513cc41e810fe746a10f85892c09cba173163405ade0615ef197b3b1116584006783d84f1b14632ebb098a4d8e0d7f9dbbe47faf09e4adfb63bfe7f3c6b4c4a46c7347b5d33a450c35756e160425d39b59b0ba6a2ecc5b32d5703520c1295bef410e3001676508ac63701d01669be2e4b5c6c3dc71d379bd0993142bf13f6f727626e2eb54b878e59f61d9a5ce10e579781114d7d7336f3546cba74cd5b1972371324f35c4e1bb967ef241e8ec3320efd01496843452d81540f6f3d80ee46aa106d5e7c3f018ad4e3eafe4dc826bdcbfbaf352c11261fff7f5af288", 0x1000, 0x8000}, {&(0x7f0000003740)="2185da822356f9a73b7c668c14c48694367613103247cde3dd3c91d7199ddd7620957f8962e398", 0x27, 0x4}, {&(0x7f0000003780)="12bd0190cc74678eeba1cb678c02fd74a29366c56bde64a69462b20f632c1d01400d17ab5536ceb298e38904ddf8e77fd5a3fcddd91bb40c6015e35922b8677da6b4ba97dd7a865d8f50482c12dd06dd7c2bbff541cbf6bc929aec", 0x5b, 0x7fffffff800}, {&(0x7f0000003800)="5cc8ad47fc59b77ebdb04c580eca30c8adf3e7def5", 0x15, 0x7}, {&(0x7f0000003840)="43ff2e703c11032479e2897a73c0ee8a706f951689d3786840e15de7a4cf340ef44899b769bcbae9d899437bb11880a22ec52e9aaa63d1a146350cf48d8f8f8b1148b3a1c1986e06925180f917302f8ac7d3bd3da8399b305b9dff6abd2b337779883f8e3fdc06fe9783c408638911357ff87143b07aa14b1665da667e6b12ee1ef745264e9b64a84dd824162cca80cecfea99b9f608c819700bb22b29", 0x9d, 0x1}, {&(0x7f0000003900)="fb89057c8df1d13d0dc6792c4b0f3aa72e1db7c686115514715a751fad6a8974695b994e75a41f3685a866b7b32f01ee72deef50ed0343444147385a31d4e45b4731cea8f22db4d8b83458928bfc08e5ae00a08e1ff63575c6b7a1eaa3ee806bc62c2f522a406fba7aaadeaa4294c286c71e714582b398258519", 0x7a, 0x1}, {&(0x7f0000003980)="dbe08afefed56ecaa5e6ab5e7e0ed0b939d323a707e5a0e8ef", 0x19, 0x36e}, {&(0x7f00000039c0)="973e5c6e63bc45da12a0a1a9be5bf55015e9e8010a65aea2c0ba2829f71d07f74acdd5128eb087819232f02fb25d6ac931a680c552cccc5662004d80b2edfa8f92c07648c5fbab1379f2da2f249b638b6518d4d44b58dca7edce69f4ab7fb1b8df641b3be681be76617b7ac0d0f53141f9f37de602935aafa25e1f6ceefc01940317e96eb14fd196b52df3ec57016ae59a44cb2d929866674780a3697c5e80bab87a0541b9e4da9f209db24801db9481b85659d2d9f8416f3ee133d69746e42a92fcee1cf59b5b9dc77d093578264113ac4cf9d638205f98411f0e48e4576fba7295919f02", 0xe5, 0x4}], 0x1800000, &(0x7f0000003bc0)={[{@rodir='rodir'}, {@shortname_lower='shortname=lower'}], [{@obj_role={'obj_role', 0x3d, 'GPL'}}, {@euid_eq={'euid', 0x3d, r0}}]}) syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f0000005e80)='./file0\x00', 0x1e, 0x5, &(0x7f0000005e00)=[{&(0x7f0000004c00)="da5a89d94110debac17f6f329e635bc2f9ef1f1256d1b1fd6f8647d8a7b47ae2c3be7bca2be959ec6c464363742232ded36efb1c919bf7e3848e40c49eb504d85486bc5c2c949cc893a2f5dde611ec047ae2a37baa0b122d47af0c56decfd8661af837fea109b99cd6f4c8c4bdfce16f13c9d9a713a2d0e78f4717fadd7e68d9c43ef08efa534187bcaab7bebf5bf7f813663551e13999714478f0c66aa52fd80ec07c97bd17aed1065821738994679852258c7f788861f44f0c6b3ce71160776bbb090751f172911174b6b7cb837e7f9ed813c8430e8126d3a75dbdb6d9d2e73b5c77f5b4ec37c5785468f9ed3630", 0xef, 0xffffffffffffffc0}, {&(0x7f0000004d00), 0x0, 0x1}, {&(0x7f0000004d40)="f11eebdce976586fea05f5597c45fe36cd849c1d9bc7d7fc2c070222cbc3e97524d33f43af43eb8cddfa8545ae157f20c96e1dfad8fca392bf8fee4a48140a21bd7148c4b35866e4066a267e210d18c01e2f995cfed652f7bd", 0x59}, {&(0x7f0000004dc0)="b21da25ea3d4032f343ef9d92bf15d89ee9c8b6aefd0bc1707a0256f45834eae3c692cdaf49455bde21fdad87026436385d8b7e2692978ddea4810d09293a650d4bb5304bbd5e51823fd5755e1a58cb0968521f8127de8a303485215f06f96faf302c7eb9fe5765ef6e310822556c3af48017037fb3d4974fbf60ffb77f91616e50520936cac8ae0a78e5fd7c3f792b6c1db7d14a8fcee1259fa0cbe53c01029fa9d7c57dfa710885064879cb5cec9e7b58ee668e61fee7fb1fdb14252537d1f9666c6bc2ce4ab2e6ce77a97b36ac6eaba46a3d13343ed9702a933e4be33ea2a0a7937b28d449509138f0c4ccfeb643e6aacda5256f61219af1f78b103adfdf21ba708da6ddc9013772d16564221aa1641d130f82f55d172b67b17a08ea6d421486a66b65448bc295e4a049a917761211c3786bd75ec78d94c22e4788d74fe97ea4234e47605f20c80e025f6e27e9821327836fe10cd022dc82f533624ba0ca6a9ce83c202cb1abf98cb0c0f11d2dfa9c3cda9db8d6fcc06a50edeed018d2f87ed38906a8a3cc4061eb3b4ce567bf1297d1b5701cd061ecf589755ca7cf2cfa1763e723a2c56cef56b7b6d9653ba59624e861cf5df419c5f95bba06fae154535a3be96385a59b000f468b57dc5d1d21bf7a92f09caae0b7fd6c9a5307186510147313b57bd6a0866ec6ba3211befec17698025082bcfb0cffeb356be211b45565d5589c4c8ae66fd1fa578f4f601e4cb77b8c5a4a245d9bd1b794fe1192c97cee98114e03c1be2af6c3bc1c5b60dc69d9066643fb3f7db7cb94c944daf9b991f9364fc3915dcd07e4472a10586a6351cc7839e32bac9fcb0f038bfebddffd04a3ed5d6dad213fd376cc1097f288243fa4234397393bee3215fbd3b52935f801b13f0a79e70e22dae257fe74f1344f1b55fa51bf994031aaf4e2e844762fdcbc6e4d12012d7b21e41ccb0ec367008a36626973684b814fad13dbd905e05e9b44c641671bcda569f9343a53ec6c671c58e3613f59175a3cdacf603643877dce8b721173c9bb5558eb20e36a06828043c13ddc446e454ac7d6260f92af6e12b18e6b5e6d804b03c58013386500b8deb03fae544be6fe3b72e18fad0e7cb4873217a313d75f2884e7445a49511034cdf1751148d52472329b3e459a01f7ff9a038d016c718f2834900ee0bc599643813da04cb6eb7522f28f6809dbc23a4b3839951c4cf5e0c0f4bdd74dd068e020c8815111c6ece062fa486b3b284629725fca38c64a9eb8dbb50e7416b6458cccaf5819d5399ad1d8ae8bc79d109f875c412dcdbf7948992ff86109a8f732466c5fa1efe3e1bcf30e0dae0e67020e610f17cae4c35aa5a3850d2d3929d4acda130e49278190ef2fe2ba65c44a221933f54f5f8b3c7c67d80ce3aaaec5fabd2bab3690565d3791909a1d424e74963001c5bf7a5b3514fff723a22a1e8decd8f7db13a8e676cd1dbb8454c9bedbdd4f6fe21d220a6b97b7d18c894b72280af4ead9d1a8f182460473fa093ce4a0f4ac682899de15e8350e40fb22c909f50fcc13a6ee5b8a2513ccf43c13418ffa26284ba807e6a3859553380019625152616b119a6974f110989740151e808f8ed2de8a72ea356ff92314f0a211253f3ef734918a5eb9a33f2c9e89e8496cca08d00b10768641515014fd2c3fa5b6600ec730f7f1bfa2ea35f96c6445bfb3600d24f5f026596455dd314f5a244dd114ca87a9f0f923477f1816e1dedf733f43350d89c6001b000a568c1ac62e1595581c48971a78445ab5859e2c01184e8e9f81be3f235b77f2fea37f38cf0bcc015f197369a7025fe5ecc4a88d4b78635f4dea66f2b95666586f37dde8eb60ee4e0df92fc9abc6fe76157baaf0df2bc9640ae26e5e8c68985d1b13060fcfd952f45dc81afb2ee87c6b1be23ca3439bc2f8ff0997af3a26687cb6d882a407f7f19354c86f26d11a684784f7d18c4163730ae20e60de2f98dc812804f7e7cfd4fc62ead8eff30348745f56b8ce4787234d5f7ac930ef343b9debcb1fb0abb6ce78585d8662764ea1b4268e183b9a202ebf0dc04bc1018c203b54bf273bea2d68f386f130760516b8a7aa861cca11b2446ca91c4d00b11c40b36c0dc9b6cfbd93ddf745f97a8a46756834d533f16df374a9dd3268bbdfe35b96021a2ece274bf979483796c4049b82fd67d6e0506236ccb9ca786117e468bedd44a9377a5c1248a59c7912873105c7af9dea0016fddba5c6a298201253befb2689a281e372fdb2d66839f59f99f9c2f8eeba52a496a9dd1b9168f4081cc0ee62d79030e223c6f5b5d186dbe28f7a4dcf4ee383f64e285cc1b07f2207cf18fe4c62b32cafa318dabef522fd034ba7f131ce137e196be1c911e113df75482bad269a479bb71f42b9fc47547a95449612872800eedca4e7da00085283aebe2e568857bc236b639a3991105021b6e2abe5a52c6557ce8bff4be97315d41f008800fe1793a921bac3c3799be80371a23b7b0a66ab3a5830b80700a80026048af0dcb6b984fa212d9d992b09dbf999a3c192fe7048138b327d0bbce9555c8cb43af4e74335183faa96749dde94f00b08dd9c065c5cb029593b9587e8c176ac5d4120d7a9e4762aed1be13b2ecee0b72ccc0345dc1f30ade48b4c3175f9e834b2e571b5f792298b63a275ee6aaaec5daf2f10c44f9c48be2dac3a4503bbedceabe5e0a63e76b17cd1af06aacfb99eebb396076451ee5e1d7eded23eb9d7814b8fb4305e5ce1197dd93534cd7fa92edaa4309808327c744efaab05b2eb50ec19cf7afe8f3df08382d4ace97d54c0b1ba8fc8869e0d4f8dafacd70d34831ec10fd67b7876dd215d4f8e50fbaed45c05d712490c6054c061f0b8ee1122e46518f2a5ddd956c5765bd60f0f206f6e2e72ac432ca4f334c1c084515c4ca6fb55acfb15c3fcf7ada7740da89b6092be29cb61a37ce2af6d6fff39e1fef32dba1ba5a1275991081416038fe6ed098cdde24c00e2c2a955bcedd5d41e61b5be6d877ab09a7852056ffadd67f9ee0484791cbdfcd045d2e99cd7e29bc2306c4056dbb2c0c66dfc656d871694d07651d6be16432ed463857e804e8dbf487765b932ffcbf2aaaebc9116d3c1c11b31a54a68bf671b4542ad2f18af85b027b650d62673b13b9b82936fa8636ea805f060e739c7337b940d4a3d72c1f6c1ab317e99ec86c880c37e04f95139ef20b87785f26770221ca7d7bd468a4b4ac9214772dcb2a3d14df2cf6f96a7f087714362da68775efa6d88c864f157b44300cde90f38b1e1dd20caa9a4fcbf682d341e8aed6d072d0c8f970b79295d0565fffcf484e3b89238dbf9a47b0a331681b9fdb5689f05bd9d57ec9253f7a34e6e4437ededb19cf3e6c6f1cf8962eaa71f0361b78ccf9a67211e823d76d24d83861fd5059aede9c5997237c52d261ea5179d2236de3ad556d6cb9e627448c22da06fc065fe4aa834b29070054b3f52f6697acb39b2947813a6e8ceadf488a05781b65c57632b3450e42a00c708a4c1323af9529d94cb8112c1606abc56d2fbe1219c44403564932785df5174b388a4243ec860b1dc4e437b727c16dae266d7af476e0f9ab64fd9f8cba1c0e8261a2793c923fe6614f285d17e857e8ad792132c3f822c5915b5b96368b9e8875792f1eb3727bda75663f9639c5ce94147b23c3d07da1b2bcf608bc82ce30b1f72465aba44e450f893593fbe695b14f604dfcaa5173a981ed84cf42ea04335c5f9297e0f247d43684d5be00fa039f3a6b2be24bb3b605fbe5e8815375236e28f251479c1812eab45985917b5374cff1a649a861ddef99c256488568b07fe153f6a886ed5ad874cd9f2dc2ce435a563296af81d38ca77dc80f8101be2c4416120b364838dcf7b9460dbec37f24db46fe3a0958ca3ddfd29ceedfb9743d397de6711b46a1285f2129626f38ad6566a42e6e333c731e3874fd66b0f3e1f7e2d1ac36bf93a9970529fa4d51eff411410f47e173eb9bd43e0ea5f3c3b66471d1a1811ea700571c445728d405f7cecdf0cc722b4ca54e8bce2592c4132fab1f46fcafe3a98ec2b6db051a12e36e0add4d4bab865fc819573663bd3d555fd110c5c1a848cbcc052166aad62775f9bfe9c291b9ab750ddb11fe2565290ff3dbd206ae398a3721651ef59fb3d1b65a521c6f9425ba88219dfc18e23302940eb408130f16a14a7a117d7dcaef4b47a35e3e2e49079271dd6dd19d5753a8b9fc013bb3764ec8c55af3c3c3c3f694092774d01567ee7f300e8099d94713f5ec5a1d17475899d09cf3a94410033f7f9c3426e0f71fa42bfd3e20a72466810d0cf283d76c66f8e16463a20acaeb0f26ae322e5083cdb1f5c1c40bc5fccaa02c0197fd36b14e80d12d870e4a6a68e7f1acd4e27a777c66ef4e661271e1885a7f1d38702cc30717aab68fe93a11da4357a84be6d3e0b3abd55124833996d4b07e0f82fbc5fa5cce0c28d904ac971dc40c66b277b967ad6f226afd8ffd442c3b32820b304b884a0633db93c14e8cd89acb68a62da0a19ac2b5adfaf2e2c0a75caad972dc214c218b4a1f34c6ec41286b689690f449b96270639ef4cc8426feb8741b8a8d63718ba9992951cfb4a6d3db2867b9f705daede27aaa100daac9bea9de165c9d983e3d5a3fc7cc2793848da1988667ae91e639ffe279fed199ddd259870404e4a6c24a164cb1ea99f91bf206aed0db36de2d9efda86338f04a8893fb91286c5f726695d9e73efaa0037e43d85ef081bbd97daf888929f8c4ee1c0656c7aa20121bf75dee8235ef8e72920aebcab7cb9dd7d0f1764be62aad21af0f40f34a8942c9a58dea6a69fbbb89639122026d03933cd4413d41f8c3ad43ba3d1188c2ca24485ae8cb1622c11ad3546d00412a51d82017fb7653d9291e8f741f9caefb14c5739d517e6b4370b1cee7dab93f18e4502a6cf8a7eb13398cfc4fff65c0c867a0b90b61ab3b30a316322ffd252d6edb7350f42b371ea70562cdda0bfdeb1c428cfdb31377199c0f2f03497d905f3969790d2c64f7e26165c84075b79036a63b6fc1a0fddb495d8a7b4e64cc1ea12a634313f0c9dd872a1ebc36506f9bbfabd216ea557b67c20256fcb30d7e2804b99c3c74d9541409f5bf937a4a9138c5b90d9803311680257dd33cd4f15b86f2fbd1000a3b9b88ecc05696b3d81318f7bd3ba2093ec9d2daaf8935780cbf35ee2578d9c5975682ac2f75c0b85404be23996b3a458a55136bc8070e18aca22ebd5da4449bc5c0d71a7d3433fb5cafec1e799a7d9c282fa52de2c264306ab77645f9e2e8a6274826d08fc7aa47a39858c9c214a94b863a05cfc418e5241a140bcc733f2007667b841539bfa05a5f6b2fa8399f26fb9bfb5e12b26853efa675d7659249e32e9875c925148ef2efaaa62769d2168ac62eb8ae171727510a68e12026c69a8529241161793e290fa24d1c413a2bb8c6b59e9a6307d8f9d3630a2c970279a2d7f0d838f511d21000c572b65d3e6157347bb13394dcd51d521808ec2abe2c689f7f3d31f9fa234e6c19a74ae38af7df78c25451e83ad7594fb2a6dfc1e9d2f31acfa83b7136139fd3bd0b08515e5b84eb405a703ec1a6d0783efb2d62aea45544b8f513de3c638df52a1e0369d9dd6fc03cf9b4420d090ba7c5064779a3e916714e8d9e7b8c5790e3133faaaac1cf3bab8d3312b390cb4b500dd9c59ac6cd56507e8cc47cfe93725b9f612b9ccd9697887bf03292a6d75393f5c75fac59f912c03ef6114e373bd0f8c80f4323d37958bd817f17e10d96c55cd9", 0x1000, 0x4}, {&(0x7f0000005dc0)="f7bfd5a3c150a324a009cea1e88e6654908ad04c911d545c3f9f734aaf159e08bbe0d5b80a0c3bc7ae6f0718b445069f8a045051912102134a42021596a8da64", 0x40, 0x6a2754a0}], 0x8, &(0x7f00000015c0)={[{@fat=@codepage={'codepage', 0x3d, '949'}}, {@fat=@tz_utc='tz=UTC'}, {@iocharset={'iocharset', 0x3d, 'cp775'}}, {@shortname_winnt='shortname=winnt'}, {@nonumtail='nnonumtail=1'}, {@utf8='utf8=1'}, {@fat=@usefree='usefree'}, {@uni_xlate='uni_xlate=1'}, {@shortname_mixed='shortname=mixed'}, {@utf8='utf8=1'}]}) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0de3"], 0x0, 0x0, 0x0}) 04:11:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x60000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2463.642017][ T4122] binder: 4119 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2463.642034][ T4122] binder: 4119:4122 ioctl c018620c 20000240 returned -22 04:11:20 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(r1, 0x4070aea0, &(0x7f0000000000)) [ 2463.710663][ T4125] FAT-fs (loop3): Unrecognized mount option "obj_role=GPL" or missing value [ 2463.723289][ T4122] binder: 4119 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2463.723301][ T4122] binder: 4119:4122 ioctl c018620c 20000240 returned -22 [ 2463.734669][ T4131] binder: 4128 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2463.734680][ T4131] binder: 4128:4131 ioctl c018620c 20000240 returned -22 04:11:20 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x680000, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(r1, 0xc0385720, &(0x7f0000000100)={0x1, {r2, r3+30000000}, 0x9, 0x400}) ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000140)={0x0}) ioctl$DRM_IOCTL_GEM_CLOSE(r1, 0x40086409, &(0x7f0000000180)={r4}) ioctl$FS_IOC_ENABLE_VERITY(r1, 0x6685) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) 04:11:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}) 04:11:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x68000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) r1 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0xfff, 0x400000) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r1, 0xc08c5336, &(0x7f0000000140)={0x7ff, 0x1, 0x9, 'queue1\x00', 0xc24e}) ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffff9c, 0xc008640a, &(0x7f0000000080)={0x0}) ioctl$DRM_IOCTL_GEM_CLOSE(r1, 0x40086409, &(0x7f0000000100)={r2}) [ 2463.909793][ T4224] binder: 4213 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2463.909806][ T4224] binder: 4213:4224 ioctl c018620c 20000240 returned -22 04:11:20 executing program 4: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x18040, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f0000000280)={0x294, r1, 0x300, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x44, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3f}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @remote}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x4, @rand_addr="f55c481db590227652760b0118964013", 0x4}}}}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}]}, @TIPC_NLA_MEDIA={0x40, 0x5, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10000}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_BEARER={0x4c, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @remote}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x1, @loopback, 0x7ff}}}}]}, @TIPC_NLA_BEARER={0xec, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100000000}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x0, @mcast2}}, {0x14, 0x2, @in={0x2, 0x4e24, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'tunl0\x00'}}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x4, @dev={0xfe, 0x80, [], 0x28}, 0x96}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x6, @local, 0x5000000000000000}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}]}, @TIPC_NLA_NODE={0x24, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_LINK={0x10, 0x4, [@TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_NODE={0x30, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6535}]}, @TIPC_NLA_MON={0x54, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffffffffffffe}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x20}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x25d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffffffffffff9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffffffffffffffff}]}]}, 0x294}, 0x1, 0x0, 0x0, 0x4000000}, 0x10) r2 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x68000000, 0x0, 0x0, 0x0, 0x0}) [ 2464.017353][ T4249] binder: 4248:4249 ioctl c018620c 20000240 returned -22 04:11:20 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) ioctl$KVM_REINJECT_CONTROL(r1, 0x4070aea0, &(0x7f0000000000)) 04:11:20 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x6c000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x3, 0x2) socket$key(0xf, 0x3, 0x2) [ 2464.167371][ T4323] binder: 4275:4323 ioctl c018620c 20000240 returned -22 04:11:20 executing program 3: r0 = syz_open_dev$mouse(&(0x7f00000001c0)='/dev/input/mouse#\x00', 0x0, 0x40) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x1) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x32, 0x0, &(0x7f0000000640)=ANY=[@ANYRESOCT=r0, @ANYPTR, @ANYRESHEX=r1, @ANYPTR64=&(0x7f00000003c0)=ANY=[@ANYBLOB="2af95bc9eb89968dc9e94914f824d4f55525", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYRES16=r1, @ANYRESDEC=0x0, @ANYPTR64, @ANYRES32=r0, @ANYRES32=r0, @ANYPTR64, @ANYPTR64, @ANYPTR64], @ANYRES64=0x0, @ANYRES16=r1, @ANYRESHEX=r0, @ANYRESDEC=r0, @ANYPTR, @ANYPTR=&(0x7f0000000280)=ANY=[@ANYRES64=r1, @ANYRESDEC=r1, @ANYBLOB="2a47585860ef31f77d36b2bc24", @ANYPTR, @ANYRESDEC=r1, @ANYBLOB="fb8baec339da35d5286b51e230acaf2a5fee9eb5bdd9e4b4771b562915950f7991b50477243b6b283ab1481ae703bca9b34ee1da0d2c7cedbc22d6aaba0bed2a6067bd4f11d14333b2934bd84d4fbf0f4f1f9e6fb00edcd4e15d37d814b6ce70d066bcfa46edd3da65a2e46e891ead1cdd07f9d243", @ANYRES16=r0, @ANYRESHEX=r0, @ANYRES64=r1], @ANYPTR64=&(0x7f0000000380)=ANY=[@ANYRES16=r0], @ANYRES16=r0], @ANYPTR=&(0x7f0000000540)=ANY=[@ANYRES16=r0, @ANYRESDEC, @ANYRESHEX=r1, @ANYPTR64, @ANYPTR64=&(0x7f00000004c0)=ANY=[@ANYPTR, @ANYBLOB="2fcf8d4f", @ANYRES16=r0, @ANYRESOCT=r0, @ANYPTR64, @ANYRESOCT=r1], @ANYRESDEC=r0], @ANYRES16=r1], 0xfe54, 0x0, 0x0}) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cachefiles\x00', 0x100, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r2, 0x6685) write$cgroup_int(r2, &(0x7f0000000180)=0x80000000, 0x12) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000040)={0x0}, &(0x7f0000000080)=0xc) syz_open_procfs(r3, &(0x7f0000000200)='wchan\x00') 04:11:21 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) ioctl$KVM_REINJECT_CONTROL(r1, 0x4070aea0, &(0x7f0000000000)) 04:11:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x6c000000, 0x0, 0x0, 0x0, 0x0}) [ 2464.307102][ T4371] binder: 4368:4371 ioctl c018620c 20000240 returned -22 [ 2464.339990][ T4374] binder: 4372:4374 unknown command 808464432 04:11:21 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x74000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2464.396468][ T4374] binder: 4372:4374 ioctl c0306201 20000000 returned -22 [ 2464.410122][ T4381] binder: 4378:4381 ioctl c018620c 20000240 returned -22 04:11:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x1f5, 0x0, 0x0, 0x204, 0x0, 0x0}) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_id=0x0, &(0x7f0000000040)=0x4) getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={r1, 0x7}, &(0x7f0000000100)=0x8) 04:11:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x74000000, 0x0, 0x0, 0x0, 0x0}) 04:11:21 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) ioctl$KVM_REINJECT_CONTROL(r1, 0x4070aea0, &(0x7f0000000000)) [ 2464.478671][ T4426] binder: 4419:4426 ioctl c018620c 20000240 returned -22 04:11:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$vcsa(&(0x7f0000000580)='/dev/vcsa#\x00', 0x2, 0x4000) getsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f00000005c0), &(0x7f0000000600)=0x1) 04:11:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x7a000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2464.614638][ T4496] binder: 4492:4496 ioctl c018620c 20000240 returned -22 04:11:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x7a000000, 0x0, 0x0, 0x0, 0x0}) 04:11:21 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(0xffffffffffffffff) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0xfffffffffffffd65, 0x0, &(0x7f0000000080)=ANY=[@ANYRES64], 0x0, 0x0, 0x0}) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x1, 0x0) r2 = getpid() getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000001700)={{{@in=@broadcast, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in=@loopback}}, &(0x7f0000001800)=0xe8) r4 = getgid() r5 = getpgid(0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000001840)={{{@in6=@loopback, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@broadcast}}, &(0x7f0000001940)=0xe8) getuid() getresgid(&(0x7f0000001980), &(0x7f00000019c0), &(0x7f0000001a00)=0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001a80)={0x0, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000001a40)='/dev/binder#\x00', 0xffffffffffffffff}, 0x30) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001ac0)={{{@in=@broadcast, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@dev}}, &(0x7f0000001bc0)=0xe8) syz_mount_image$hfsplus(&(0x7f0000001e00)='hfsplus\x00', &(0x7f0000001e40)='./file0\x00', 0xbc2, 0x1, &(0x7f0000001f00)=[{&(0x7f0000001e80)="202d77a9834e7cb0ca30536c503ab69044cad3a959414ce302193cec69a39d5532a9f1c4cf5000d7b8841a5a387433267a856b5638e72fc2088fbfab0db40159dc4b98a63a47f7a0064462e1080f7ff0320e76e4", 0x54, 0x27c}], 0x2, &(0x7f0000001f40)={[{@nobarrier='nobarrier'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '/dev/dlm-control\x00'}}, {@subj_type={'subj_type', 0x3d, '&'}}, {@audit='audit'}, {@context={'context', 0x3d, 'user_u'}}, {@uid_lt={'uid<', r9}}, {@seclabel='seclabel'}, {@context={'context', 0x3d, 'user_u'}}]}) stat(&(0x7f0000001c00)='./file0\x00', &(0x7f0000001c40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$unix(r1, &(0x7f0000001dc0)={&(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001680)=[{&(0x7f0000000180)="4b550be0fd65273aad90c828d3582b987c1d8c43f7e72ef43571c43ccea8c03a65cf4902a173593552af4e3a7c5fde517fffb179b45d250d2629479983e8c72d60fffcbd7b1b5e0524c06ebd977eb179bb274f50", 0x54}, {&(0x7f0000000200)="4f266da71841ffad108f6cb152e51dab", 0x10}, {&(0x7f0000000240)="57c554c9823394dc4dea58ab81153d401f96744512acba366b7efeec1741db9f8a3e323bc9cf343dd218c6901d3ad7df4202881f2eea161556d4bf11e7fab980b172e1601fba7290ffa1fae2aa167ba8caf052f09626e1155c887893597784b969ee3f14bd7df0533746b17db06c1adeeb483f62437c887f304e260066328edd296dddc5ab8a9c50a6ecb556f75e1a14b908bf9ad5c33dc990c42b6ffb774fc6c5a80e49c3211bb488220d00e4fd91c813987d0b7782ffb983517f7fd0588bf74e787ddbd20793be30393499f190e80fd39d21426bc84c7da52674400ce946005e1dc2ee3aa95e0daf261c69b913c3fda422", 0xf2}, {&(0x7f0000000340)="da8e5136c9e2272b877362d9d053f247c7f793285b0634fe858b8c6f4481779f2ded9fca784ac069d1270e8352490791eafa09f67bcd1d8a87f1ea7b5e1f9073a1e3ea0c42e92d4c1781c5b31d682b039c7335c373b2c70ab93d8d178a8ba80c4fd4bb5791944ef2cca3685666133fc261129bc5f6c227b6786d8002b78f0e31359a188ac474b2a3838226cb3ebde5604a40838899f4ffea63562cfaf3f325cada5a299f906c80824e56b813fba4f25e66c508ab7c543297096484fba7fb5b4cd335c097b812bda3663687a21641f081ccbaf21699", 0xd5}, {&(0x7f0000000440)="e498aec01b003482cd889418d30e1b4e52cc26cf9dfe9ff0abe25017266f0ffb00b321659c357a4285fe69edad8c44a467a48b25787b604b51f81a942db0111b61f8389fa778132dac964095cace606a5135d9c6eca360c81e2d9e197ed570cd8ffa6fa8063b1035f2eaf7c772972c23ae4860a812ddd1092ec8333b7e69f97d738428def41c153b93092587a8905d456bac95526c530ddba12b22a5af3c16642f0cc2ffcbac25ec7d987e19c3e3da699217f8be34f259dd66736d31515591ed7b63c528545debd0775f965747abdbfaa4e4089edb5312df3d6b59cb99731797fdf721a965eb3a18407c21912410ada91cc3ce723bbbb8d93c276c074935c22abd4422d0e178846d0a4bea403c9a954e0fc1c11c9ee1acbf1e1d2f81cd29057a6966862e8e38d4632e74721543966a864bc678c973e6f99c5d3a878cfbad7142352fb824a283f2e34b0b7c6c14ad806aa75846b11d834a1ac06bc67ac963c0f052600877e82e0f28159cd2c48ebee15a1390598d6af475ba94009a1ee4db5140e6acec83ddc5b2ab987ffefc1ea59480f0d65ef831e763dc332632808edd8ee3d0f71bd9d3e3f33bc841f69af070a5e78b3e901448d33e0fe7878ffae7e16d615b7c9257dec565fac1507faf1a7ea2a86e4016e2907f618844ac22090a0fb6953831fb922a836061b4f9c3ea60e865e33a664e87bca5ae9c2bdb4118534cc626179dc5850249eded7455b1317bfcd946ade310608dc7d9cead8dd384353c84f8a53bbbb40fc4ac861948bdbfed4dac54d1217981d380963b28371fef6a752d74ebcfc220c4cf33cdd11ed23f9eb850d778bdd1cf659305be9d3e21169b302d6502551962b1520517a355839a88e5b212bd7830a676871fba0a66b4f8349dbae10d35f5f6c2e437fab9feee47aa2880b8e572d265fe3d1004a4b3142cad2fc1f679297605704414107273bcfc4fee47e018a9be077d33ac1268665a7470613d34e2fbe69750580830fade4e029114041caabc25a534afce94c2f48cfd1914fb162d971e0bffa5bbf4916934cb9967542141cd8368e5385e018dd79e7227764c95f0fd661934e1922b35a9f505fb2eb5593d0f5bfa785b275361e18602870cea54a9720b64be7997502e43e51b2f103628ddadda970822a4e9f27213573304e5aa4cf2cbdf6d0d99d6b749c84400181e4a37b942fddc7da86ff53e261b7561e30e1c9a8db248ea010f0a887e5eb0317e3d27c472b8445d112435d2d650c48e601b7944a7bede4aea4d2f7d7cf78e9e2405a886fe69ddbc809534408be9f51c6ab5e79d9775e9f1215c0f211f28d92d9a684ec0da9389bb5ed57b39ee855f0fdf99412121a6358d5bc2ae3b2be83351bb51c43b88508cc5139d3094fc33dde254ebc8973f026ae65b6714c1f1aaa3ad95ecec8b8f4ff26382ee1bc3eac2a8284b24195ca6564cd873264283718fe3cc5ed8d48012aeec72f179b2c5a3dde6688f11d5cf663abfde55e8a4e091a18129b55895c0559ce41f02dcfd504def2ae5a66e59d83f041a698358e2b55d743f99e820109a7a88851baac4b2f9611c90c63e35e7fc3f4447ca6b1dc4a770a2184ea790f22dfb1a7a21b9ae9ddd0cb39b35292479e379817cf0e42a6cf291c49e70e3313df2c67a3f748513844f6de66cbc120fd56aa6c339108a52b406802aa246f3e372b86cfd08eeb0be9a3137bb5907939cbe68238be58ed2012afed3766b11229c1271c7972e5447662863335f86ee32c886ba324b35c3c0cc9b1edca75c5e9a395e9afc3e407beb001a28ed9eda64a30e15629100940774f562d7c039b1f00863cdd864248af8ebdc8d9df8e1f0200140d3ba176207f5a2eb5801c735f1eb8539cdfa759bea8e7218dd31deaab57d3fe2f0b3cb55429f149345311ce6577e07e73bdd41253c796a112f812884ea8c2ed81d77b3ae6a1747df6ea7ff5c4a461f7c4543f6b8a06e1dccfe4aaaf7ae02a25003fe91b9941172e7f182f83cc4d15e06d1537a82a420d9d79d8049c5c9831a2f2408d23388d84b3d5c4c936dff8b0649c917688341e17f7f90db22f58b8555107e006bb5e70afdba461890e8ecd844ba61302067e9f7b307d4014f9804cb2d9be1ba30a5e118a277e4a45bc2feaaf4da4f84240f07b659f50d2608d2c3c61382d7f50fe53061d7fa213a51c6cc74ccf2cff0f61abbf3dcef2e505d1f49908a4984ef7e9ab1e6ba9917b8852c33ab71c67b5b0ba4271a92d3805434a51746d74dd00cfddf8245f587d9cfdb81584b6a2b6e7f03beb8c48d2f5730f4c50fa2a22044e2338dfeb0a0ad95a1100b51486403592f259f205b91faa41185e5c5da57f54cac7db696f657c2ad90ec2b20645b3711599a76d996ed70383f7223226a40b8df105894eb2779bc8dfaf4885eb1a32bc99e90574f329dfd37be6923343ec1ee46085bb04dacff4426017d3a443216473d7a1be6d6a1b89b9853cc2b1d16fcbd9ddbb29d57cd2120fa66c5ee09e7fd6a8ea7356f1a672c26c6518bc77e10bac945f5485d1f91080dfc8d50aa18b7aa863b44f218d4e01f712c58f5aace5f118b5af27bdca98ef506ee02c6c8316b2d9dbb4c86aceff94ce3fd4b180b1b6574f881ada64067e7e72ef25cfc9003b27f35e8cd4a3d5a6d460fafc76eb6e6fb5a808eff8098c52cbaf0071769a5b5180670f8a807be86e98d2d4b8d83012c528938bd70922d95c347e9fb6c4776d14a1424f0c1476844090e35f38b3ba2a960464bebdcaedd16ed2a33a25426caa129527c952136950e5639a93eb57fdf158d8ac1a27d4cfb6f97110ba5361bb46a54ba06313dc0fc1f6b79fe8fd1f82c3ce7831945cf33aff74988aa1d918f91fd7c1dcd11175d56be31a4bea0432b8e712317217360dbbd4866a488735abf8a53855a83e0ae79893f9f1199e81e83dc306ec72986a7f9da22d29b668abc40e282121a73bb7b5965d35d95c9073e9bcb945f070e57ebf267c591713188580d16b60f40c37ca5bdaef7c1dcf455fa2ebf571734572bf7b37b9f32686749018d3a2ab3ee2970851a3b8ba11ce9406537b33540628b5f7743b8a44182a5e6d0bab6ac9e190594c915b9472796c83e30115fbca898e531eda0c9ae3a90e804cf0d93ed138cb4caef9a66a2a41d8263961a356c444a965fc9ae3445ae04ce4b4ec1d0287990e3f1c81d6d560191b61d2a1ce18ec14906b2aff457f2762d268e7bfc1990971e9473e0450c46e5b9c1e990b4b2fb3e34fdde6aac497d38ee31b995cc8a40154fe1bf04b72bf0e563db47dc7ef3c81473a18c3c5ec6353ee4389a6559c80e46b504a3a18dd07bda6d34b957e85ef87ed0b74e6d19b132f57d8f2fcd2ca4b391c995b68c5b0dcef2b7378313208c2770d986b9c402dd40ffced882a6a54776029e6f9b1e0f875cbfa394c03fac5b9a3c3e491bec61c4c981a80bec062d691f63dd1dd7e62432b2f12480f0fedcd51c21969ab33b0a7ca12f5689243ac014113cde80b27c2bfb36f44a40af7285f48f47941bb44b8760935c94249acd3ccf4e72b5423f6687341dd2db4f5cce50ee23b2b24e5483f5b2309eea8d2264a1ed2ca2e53ac8f917396001ab21b2c91ea67ad6e20a7021bd5bfa70195b150f5a56dc4dbac91e14ffba9fb7e22ce73975e117cad7f25e0cff27c202f109116290e847831ba5df4d387d31ae3c7309939296af9160fbd3d651841904858ac549e8e5da164ce2cfacc3d7e2d7b31ed35a5b9ec8cab23df5914aa373727a2a92429e741282f4ba34324d417d5199b7f70582d5b53d2b241695f83259f7252e5101212f6eb5b0fac4755135215f4ab04987d2c2c826723408ca4deac32322acd9fe1592e55de5134070ea013d7d23ab8452f9182c46930a7866f7ca2d9f5b94413dadb0a77d7104a0cf861301af45d489d1807210b0fd15ba821f2b75a077c21f1685fc8c3db74617693c3ddac76629bd34c35d96c488172869c3c573f1e9b0f0bf5c0bba068badfa0b8860ff17f27df22f45c79b26e41992cc484469a3852d7ba90a9e5ba8adc8bb7c79562853b80e332d431fa9908acd54d3a42af45fd5caef05ad222dcd25d3dc19e3976ad2c56e1b79fce4230f132a4c7bf54110d0096db4a0e49cb417ab7242adbc3a89d74ec10710356688862380f692f9837f6189341d50cd901b6b41cec6a365740dc62bdf85395f1aad3f6cff67de26842a9eef7a7d762b855392bb28c164d71cdc7a5ba5bff98b3c03bfe39ed7424e2a010c56a551299a701acab52f2887ed5389d1331bd3ed9948ede6c78cf102935094aabb32dbb73b9fd5edcdd5fbdeb4d21d9a2068c0fceca21e22d76a8222e6dd6c30508b647e49d59a74443b935364fab9be31982275b3ec534e213ff9826b1bbd943b8c4b2eff933a516923801a01651745f2e1fccb972d500df6024bb12ea9f513e0db72d41b6fc28fcb52c76b0c052ba08087940dac27f810d896f49a74dd07842edb7e76d0d832ded8313e4b3695f8f2fdf0a72982fc668b0a0a7e41d47f3c7ae05f2498f87ceaa42b02ce2f102a32bcd492c8afe67c217c6615a518287e789251f1296e1f3a31fa223bab2ab5095bdebcc3d5d914f35006d0b1ba0c074a8f57a5ede75e6d9dbef77917d12584cb7b9bc34dabd3ff4fad45efccc420ba474bafff851cf51d07fd9de08b024237b5b0df5a05b9ad7904c64722d69f49c978f53f46f967d68fd1ff033518db6c23245b90dbd5de5e96751b2d7fbca18a1e9199155273d6d0265b6ac453c10e7f956dcb0368c55ecca00f43386623a59f4577058f0712f882c8236a07540e6b88ee09715c3c9d103632b1334aa6f3bc8b317ff615507046f119662d84bed2a17cfa74f4fa02200bc33d6bfe16f86bfe87909f387e1f789ab1c7dda41453c586f798fcd2f589138d67b7a20d74727fd6725a04890786c49875d1144a474f432e88af93513d016d6b2552424944246eb7a16cc5da644c7063ba75c80bfc78125e77469121dd19adfe1dc4f624e27870aacaa9042c05cfe19e79631bbaef14b5702995c70d778e85be7c10cb47699c476929c661539f59d87be433cd96816fe43a7665a5f351e506f3f2129291e2a20d5a29962530b2352cfe78ceb140d15ca7448edea762cd3126616f181341315144c3a2d02a178635437d9a6c75fd110d62025a71631126f8c80ee424e6464272d63051665b39c1e7a01c590bcc2678853a462085ea3d28ae73e6fadd6db54fc3b7540d98b70830874d4e0b5678bd683a788500eda8e42a601c4331de18eb9b169f76b5a18e0fb3d1fbe8a8d67932d8c739ebe27886a50a8f1bd1449dca2523dd44dda366b717801880e33bfe8521227663baee3665b7d755f39ae5b6dc531506f65432f6830c023d3d45f699af9a4fe546a0baf5dcc00197989084f685972105b9cd99a70d5a5f68b8f3ddb741c569a547721f32214010622eb28fd783d3663229f042c1f5fc983fcc646190d18a0afa7333dff412c0f4ffe100fdc87cf72f9d20c8ffd5295662524e1c7e7715b022bd5486fb57800a728beef1f79e32bd1fe8adaccbd267a258205f9e9db623ea7c5b4d425476c2ec1597c6feb2cf26faa53526c465b21f00909b84430d5647310811d237ea7a63ba71f6e619ef1a9ab0238bdf17cb77f238ec3d589e0b55491f3faa822765be12ea4c51e1311b5a0ac4d9cc83c51c626f9bf57bd60ceaabcb4ee4f67fc0d8185bb119a0244321a7fd9b198d75ea4a8e6ee3d74fefa462c25bf1a7db8deeed2fc9799515cba4fd99a7230ccfbb", 0x1000}, {&(0x7f0000001440)="7ee347c52f0e619941cde66533427d2cf94b5bccd3de46200086e9d75de9dfe50c868c81c5e92857e37f4b7991a037d4e3d215453de92957b5b4027aa43edde3211790d59e5b6318826c0be50e495dc6e3a0e5e711ca2c49be7f4d69277d4d5dab20634a06d224c434b42d0322241170c5b8875f1352b03048068c8ab576d979a6742142953ecd640ff7564d7ab5a20c15ec31b6fcf35b209879834cd574081591eaefb47480856518acbe868e3a892e891930b44b3dc2f29c8c9216dbd48d", 0xbf}, {&(0x7f0000001500)="d2ed6d3b3ce781834a1313a44a07a0974a6961d0ea57601a129c4b8c588f218c3967ef2f9a996465d5911375d8f3739943f39321837aaef7084752428f7b3f7c4a91fe747b77cb7feb46ba9e3181648973639774ab2cbe64aa2b42d7a934447964dbb00fdccb4123fd4d924c1f449de3db7f1cab9f04abf88642cdc397bbe0e510528b3483d9f2049a481a5e33b9a422ae28662251e9b0a471c5b2a7f16b2142089edbee816e0e272595dc46af6f9dbc8292fd96aaa7989be657f365e5066d5ef754c474e382ba520000be956aeb3a9b74034293", 0xd4}, {&(0x7f0000001600)="3f957715798acc63773f7fd27b6a71d1ba36d7d2d0cc891f0476dea66b1eb82237946b32590df0d1e1399052e9f4e6dc19e7df592f4a50ad0d6b99eb200b63e127b970d778566a073033ceac6e273289682be4d33506bc4a92831f", 0x5b}], 0x8, &(0x7f0000001cc0)=[@cred={0x20, 0x1, 0x2, r2, r3, r4}, @rights={0x18, 0x1, 0x1, [r0]}, @rights={0x30, 0x1, 0x1, [r0, r0, r0, r0, r0, r0, r0]}, @rights={0x20, 0x1, 0x1, [r0, r0, r0, r0]}, @cred={0x20, 0x1, 0x2, r5, r6, r7}, @cred={0x20, 0x1, 0x2, r8, r9, r10}], 0xc8, 0x50}, 0x800) 04:11:21 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000000)) [ 2464.726541][ T4503] binder: 4501:4503 ioctl c018620c 20000240 returned -22 04:11:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0x0, 0x9) 04:11:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0}) 04:11:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x100000000000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2464.772708][ T4505] binder: 4504:4505 ioctl c018620c 20000240 returned -22 [ 2464.855338][ T4509] hfsplus: unable to parse mount options [ 2464.890944][ T4540] binder: 4533:4540 ioctl c018620c 20000240 returned -22 [ 2464.932803][ T4587] binder: 4541:4587 ioctl c018620c 20000240 returned -22 04:11:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x200000000000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0xfffffffffffffd84, 0x0, 0x0}) 04:11:21 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000000)) 04:11:21 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(0xffffffffffffffff) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0}) 04:11:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x40002, 0x0) connect$netlink(r1, &(0x7f0000000080)=@kern={0x10, 0x0, 0x0, 0x4000000}, 0xc) [ 2465.055820][ T4629] binder: 4628:4629 ioctl c018620c 20000240 returned -22 04:11:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x300000000000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffff7fff8) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcs\x00', 0x1912c0, 0x0) accept$unix(r1, 0x0, &(0x7f0000000180)) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x6685) r2 = syz_open_dev$mice(&(0x7f0000001400)='/dev/input/mice\x00', 0x0, 0x20000) shutdown(r2, 0x1) getsockopt$netrom_NETROM_IDLE(r2, 0x103, 0x7, &(0x7f0000000200)=0xfffffffffffffffe, &(0x7f0000000280)=0x2) ioctl$EVIOCGKEYCODE_V2(r2, 0x80284504, &(0x7f0000000000)=""/88) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r2, 0x40505331, &(0x7f0000000080)={{0x80, 0xfffffffffffffff7}, {0xd34, 0x9}, 0x100000001, 0x1, 0x5}) [ 2465.185795][ T4653] binder: 4640:4653 ioctl c018620c 20000240 returned -22 04:11:21 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000000)) 04:11:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x300000000000000, 0x0, 0x0, 0x0, 0x0}) 04:11:22 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(0xffffffffffffffff) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2465.253910][ T4701] binder: 4668:4701 ioctl c018620c 20000240 returned -22 [ 2465.306363][ T4701] binder: 4668:4701 ioctl c018620c 20000240 returned -22 04:11:22 executing program 3: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x20000, 0x0) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000080)={[{0x9, 0x7, 0x7, 0x676, 0xdcb, 0x2, 0x101, 0x40, 0x18000000000000, 0xffffffffffffff86, 0x2400000, 0x0, 0x80000001}, {0xad7, 0x80000000, 0x1, 0xf29a207, 0x10001, 0x7, 0x401, 0x1, 0x0, 0x9, 0x100000001, 0x9, 0x1ff}, {0x7, 0x9, 0x3, 0x80000001, 0x6285673, 0x8, 0x0, 0x3, 0x0, 0x80, 0x1c, 0x1000}]}) 04:11:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x400000000000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2465.355985][ T4758] binder: 4753:4758 ioctl c018620c 20000240 returned -22 04:11:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x801) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2465.421274][ T4764] binder: 4762:4764 ioctl c018620c 20000240 returned -22 04:11:22 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x0}) 04:11:22 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(r1, 0x4070aea0, 0x0) 04:11:22 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, 0x0, 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x500000000000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2465.564168][ T4830] binder: 4825:4830 ioctl c018620c 20000240 returned -22 04:11:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:22 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x500000000000000, 0x0, 0x0, 0x0, 0x0}) [ 2465.630253][ T4880] binder: 4845:4880 ioctl c018620c 20000240 returned -22 04:11:22 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="f7f5e4e53cbe016a596f1d528bae"], 0x0, 0x0, 0x0}) 04:11:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x600000000000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:22 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, 0x0, 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:22 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(r1, 0x4070aea0, 0x0) 04:11:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, 0xffffffff98949602) [ 2465.778221][ T4889] binder: 4888:4889 unknown command -437979657 [ 2465.790955][ T4889] binder: 4888:4889 ioctl c0306201 20000240 returned -22 [ 2465.835419][ T4892] binder: 4886:4892 ioctl c018620c 20000240 returned -22 [ 2465.854962][ T4896] binder: 4894:4896 ioctl c018620c 20000240 returned -22 [ 2465.896608][ T4889] binder: 4888:4889 unknown command -437979657 [ 2465.934728][ T4902] binder: 4900:4902 ioctl 40046205 ffffffff98949602 returned -22 04:11:22 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x600000000000000, 0x0, 0x0, 0x0, 0x0}) 04:11:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x700000000000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:22 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, 0x0, 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2465.939127][ T4889] binder: 4888:4889 ioctl c0306201 20000240 returned -22 [ 2465.951203][ T4904] binder: 4900:4904 ioctl 40046205 ffffffff98949602 returned -22 04:11:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000200)='/dev/qat_adf_ctl\x00', 0x0, 0x0) write$FUSE_INTERRUPT(r1, &(0x7f0000000380)={0x10, 0x0, 0x7}, 0x10) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) io_setup(0x1, &(0x7f0000000000)=0x0) pread64(r0, &(0x7f0000000280)=""/242, 0xf2, 0x0) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x1, 0x0) io_cancel(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x3, 0x7fffffff, r0, &(0x7f0000000100)="3528c9f61ac843cf5c2f0d33128d619f0ccee51523bff7aea120a4bb4821294c387c29481d73e3fdc932ab2f644699d24dc81ee3b1f8bdd866715d6b54015d894688fcf181bd4f6d9f401f9b7c0e9969d10dfe9ee74390a36a1bcba2700b15c301b415b395bde310527d60f7a30f0d9e30418c9e0a985c0334530e5c9a466951fd26e8c07bb71bfd189427c96776540399ebb2beb120c3", 0x97, 0x1, 0x0, 0x2, r3}, &(0x7f00000001c0)) 04:11:22 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) ioctl$KVM_REINJECT_CONTROL(r1, 0x4070aea0, 0x0) 04:11:22 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) r1 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0xd64, 0x101000) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r1, 0xc0845658, &(0x7f0000000100)={0x0, @bt={0x7fff, 0x497, 0x1, 0x2, 0x81, 0xbc, 0x10000, 0x5, 0x2, 0x7, 0x7, 0x4b7, 0x2, 0xffffffff00000001, 0x2, 0x8}}) ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, &(0x7f00000001c0)) [ 2466.037218][ T4908] binder: 4907:4908 ioctl c018620c 20000240 returned -22 [ 2466.073861][ T4911] binder: 4910:4911 ioctl c018620c 20000240 returned -22 04:11:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x2000000000000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:22 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x700000000000000, 0x0, 0x0, 0x0, 0x0}) 04:11:22 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x0) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x2, 0x400200) ioctl$PPPIOCGNPMODE(r1, 0xc008744c, &(0x7f0000000040)={0xc2a1, 0x2}) [ 2466.235314][ T4964] binder: 4945:4964 ioctl c018620c 20000240 returned -22 [ 2466.271779][ T5004] binder: 4968:5004 ioctl c018620c 20000240 returned -22 04:11:23 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='cpuset\x00') sync_file_range(r1, 0x0, 0x9, 0x5) 04:11:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0}) 04:11:23 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="2d63d1bdb2b1e2c6b24cc058c021e24ef677cec20e0fe7065950d9d437e712c9146e03c1f55669a844950d1ba0a67318dbf4ebfc5cf842f2127c54e47f84cce7cddd7391971b4c8e3ef75493a69a8a75d37e091e88821619d161cd9997a41541b8cf97ac03001a3b94a460045817e20d946c3aa6b58549e46b3703af387f3cbd4a9ef55311e167cfbc9960569fcb68ae9b9b6f47d3e6072e406fee0f91063eafbc4cfd8c9544951b54c9fbd1a0d681e1c79d97df7255de25db50d0281a7e24ce2642a67f329de23d37cbcf3a0437ad242a5b027f5e03487ad2db026de7a02c97edf99b1440321222ad38274acae977885146b9add5724625f2c57918552690ef5491f3c548d76f"], 0x0, 0x0, 0x0}) 04:11:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x3f00000000000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:23 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x0) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2466.424529][ T5043] binder: 5042:5043 ioctl c018620c 20000240 returned -22 04:11:23 executing program 4: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:23 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") time(&(0x7f0000000300)) 04:11:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x4800000000000000, 0x0, 0x0, 0x0, 0x0}) [ 2466.472599][ T5048] binder: 5047:5048 unknown command -1110351059 [ 2466.479301][ T5046] binder: 5040:5046 ioctl c018620c 20000240 returned -22 [ 2466.483613][ T5048] binder: 5047:5048 ioctl c0306201 20000240 returned -22 04:11:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x4800000000000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:23 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0d63a96d6fd400f4071e5ca8a4539ba0ffeeea68889ca792616d7d6d20784461b8111af30d8e0354660e114881a15e17193b66038a8c3163edb49ab6ae8352b00fde"], 0x0, 0x0, 0x0}) prctl$PR_GET_TSC(0x19, &(0x7f0000000100)) r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x20000, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r1, 0x4020565b, &(0x7f0000000080)={0x8001003, 0x3, 0x1}) 04:11:23 executing program 4: prctl$PR_GET_NO_NEW_PRIVS(0x27) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000740)='/dev/full\x00', 0x4000, 0x0) ioctl$PPPIOCGMRU(r0, 0x80047453, &(0x7f0000000780)) r1 = accept4$inet6(0xffffffffffffff9c, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, &(0x7f0000000040)=0x1c, 0x80000) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000080)={0x0, 0x8}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000140)={r2, 0x100000000, 0x20, 0x3, 0x7}, &(0x7f0000000180)=0x18) syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0x0, 0x800) syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) 04:11:23 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x0) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:23 executing program 5: socketpair$unix(0x1, 0x40000000005, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_emit_ethernet(0x62, &(0x7f0000000200)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "4eba8d", 0x2c, 0xffffff88, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, @ipv4={[], [], @empty}, {[], @tipc=@payload_mcast={{{{{{0x2c, 0x0, 0x0, 0x0, 0x0, 0xb}}}}}}}}}}}, 0x0) [ 2466.644495][ T5059] binder: 5058:5059 ioctl c018620c 20000240 returned -22 [ 2466.653911][ T5062] binder: 5061:5062 unknown command 1839817485 [ 2466.685548][ T5062] binder: 5061:5062 ioctl c0306201 20000240 returned -22 [ 2466.697482][ T5065] binder: 5064:5065 ioctl c018620c 20000240 returned -22 [ 2466.700925][ T5062] binder: 5061:5062 unknown command 1839817485 04:11:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2466.728732][ T5059] binder: 5058:5059 ioctl c018620c 20000240 returned -22 [ 2466.755397][ T5062] binder: 5061:5062 ioctl c0306201 20000240 returned -22 04:11:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x4c00000000000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x4c00000000000000, 0x0, 0x0, 0x0, 0x0}) 04:11:23 executing program 5: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) [ 2466.855998][ T5128] binder: 5115:5128 ioctl c018620c 20000240 returned -22 [ 2466.876087][ T5143] binder: 5127:5143 ioctl c018620c 20000240 returned -22 04:11:23 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(0x0, 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2466.907514][ T5128] binder: 5115:5128 ioctl c018620c 20000240 returned -22 04:11:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}) 04:11:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:23 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 04:11:23 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x300, 0x0) 04:11:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x6000000000000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:23 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(0x0, 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2467.048380][ T5196] binder: 5192:5196 ioctl c018620c 20000240 returned -22 04:11:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x6800000000000000, 0x0, 0x0, 0x0, 0x0}) 04:11:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffc3, 0x0, 0x0}) openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x458202, 0x0) [ 2467.151531][ T5246] binder: 5237:5246 ioctl c018620c 20000240 returned -22 04:11:23 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) 04:11:24 executing program 5: [ 2467.253226][ T5313] binder: 5312:5313 ioctl c018620c 20000240 returned -22 04:11:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x6800000000000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:24 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(0x0, 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:24 executing program 4: r0 = open(&(0x7f0000000000)='./file0\x00', 0x80000, 0x4) ioctl$KDSETMODE(r0, 0x4b3a, 0x1) signalfd4(r0, &(0x7f0000000100)={0x4}, 0x8, 0x800) getsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000040), &(0x7f0000000080)=0x4) setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000140)=0xc, 0x4) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:24 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x6c00000000000000, 0x0, 0x0, 0x0, 0x0}) 04:11:24 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) socket$inet_smc(0x2b, 0x1, 0x0) [ 2467.382434][ T5324] binder: 5323:5324 ioctl c018620c 20000240 returned -22 04:11:24 executing program 5: 04:11:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x6c00000000000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:24 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2467.487863][ T5334] binder: 5332:5334 ioctl c018620c 20000240 returned -22 04:11:24 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x4000, 0x0) ioctl$PPPIOCGNPMODE(r1, 0xc008744c, &(0x7f0000000080)={0x8029, 0x3}) 04:11:24 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x7400000000000000, 0x0, 0x0, 0x0, 0x0}) 04:11:24 executing program 5: [ 2467.574552][ T5342] binder: 5340:5342 ioctl c018620c 20000240 returned -22 [ 2467.623402][ T5342] binder: 5340:5342 ioctl c018620c 20000240 returned -22 [ 2467.649420][ C1] net_ratelimit: 22 callbacks suppressed [ 2467.649431][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2467.660908][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:11:24 executing program 5: [ 2467.686455][ T5424] binder: 5419:5424 ioctl c018620c 20000240 returned -22 [ 2467.715706][ T5407] binder: BINDER_SET_CONTEXT_MGR already set [ 2467.729433][ C1] protocol 88fb is buggy, dev hsr_slave_0 04:11:24 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2467.735223][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:11:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x7400000000000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:24 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0d63e120e90dade40a9b6431e168051e8f0950777ece7ee37749ceda124d20455498"], 0x0, 0x0, 0x0}) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x12080, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(r1, 0xc0385720, &(0x7f0000000080)={0x1, {0x0, 0x989680}, 0x2, 0x8}) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000280)={0x4, 0x7fffffff, 0x0, 0x1, 0x7, [{0xfffffffffffffff7, 0x6, 0x80000000, 0x0, 0x0, 0x2580}, {0x7, 0x100, 0x4c9, 0x0, 0x0, 0x400}, {0x100, 0x9, 0x9, 0x0, 0x0, 0x200}, {0x1, 0x40, 0x8, 0x0, 0x0, 0x1000}, {0x4, 0x1, 0x0, 0x0, 0x0, 0x80}, {0x401, 0xff, 0x4c24, 0x0, 0x0, 0x100}, {0xe984, 0x80000001, 0x50130aa7, 0x0, 0x0, 0x100}]}) ioctl$ASHMEM_GET_PROT_MASK(r1, 0x7706, &(0x7f0000000000)) [ 2467.759410][ T5407] binder: 5371:5407 ioctl 40046207 0 returned -16 04:11:24 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x7a00000000000000, 0x0, 0x0, 0x0, 0x0}) 04:11:24 executing program 5: 04:11:24 executing program 4: [ 2467.817382][ T5457] binder: 5454:5457 ioctl c018620c 20000240 returned -22 [ 2467.856244][ T5460] binder: 5459:5460 unknown command 551641869 04:11:24 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2467.879905][ T5460] binder: 5459:5460 ioctl c0306201 20000240 returned -22 [ 2467.914392][ T5465] binder: 5462:5465 ioctl c018620c 20000240 returned -22 04:11:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x7a00000000000000, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:24 executing program 5: 04:11:24 executing program 4: 04:11:24 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x2, 0x0, 0x0}) 04:11:24 executing program 5: 04:11:24 executing program 4: 04:11:24 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000180)='/dev/usbmon#\x00', 0xb, 0x460000) connect$bt_rfcomm(r1, &(0x7f0000000080)={0x1f, {0x8, 0x8000, 0x3, 0x6, 0x2, 0xffffffff}}, 0xa) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\r<'], 0x0, 0x0, 0x0}) [ 2468.073898][ T5575] binder_ioctl_get_node_info_for_ref: 42 callbacks suppressed [ 2468.073906][ T5575] binder: 5556 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2468.073918][ T5575] binder: 5556:5575 ioctl c018620c 20000240 returned -22 [ 2468.111318][ T5579] binder: 5568:5579 ioctl c018620c 20000240 returned -1 04:11:24 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x2, 0x0, 0x0}) [ 2468.225442][ T5586] binder: 5585:5586 unknown command 15373 [ 2468.259939][ T5586] binder: 5585:5586 ioctl c0306201 20000240 returned -22 04:11:24 executing program 4: 04:11:24 executing program 5: 04:11:25 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x3, 0x0, 0x0}) [ 2468.272969][ T5591] binder: 5589 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2468.272981][ T5591] binder: 5589:5591 ioctl c018620c 20000240 returned -22 04:11:25 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x3, 0x0, 0x0}) [ 2468.348398][ T5663] binder: 5653:5663 ioctl c018620c 20000240 returned -1 04:11:25 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0adc1f123c123f3188b070") mbind(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x8003, 0x0, 0x0, 0x0) 04:11:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x2) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) 04:11:25 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4, 0x0, 0x0}) 04:11:25 executing program 5: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) [ 2468.468006][ T5704] binder: 5701 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2468.468019][ T5704] binder: 5701:5704 ioctl c018620c 20000240 returned -22 04:11:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) 04:11:25 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:25 executing program 4: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) bind$netrom(r0, &(0x7f0000000000)={{0x3, @netrom}, [@bcast, @rose, @netrom, @netrom, @netrom, @remote, @bcast, @bcast]}, 0x48) 04:11:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x4, 0x0, 0x0}) 04:11:25 executing program 5: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) [ 2468.608561][ T5717] binder: 5714:5717 ioctl c018620c 20000240 returned -1 04:11:25 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x5, 0x0, 0x0}) 04:11:25 executing program 5: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) [ 2468.742125][ T5767] binder: 5735 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2468.742137][ T5767] binder: 5735:5767 ioctl c018620c 20000240 returned -22 04:11:25 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000e11ff0)=[{&(0x7f0000000100)="580000001400192340834b80040d8c560a0200000003fb69da03000000000000004824ca944f64009400050028925aa8000000000000008000f0ffffffff09000000fff5dd000000100001000a0c0c00fcff0000040e05a5", 0x58}], 0x1) gettid() syz_open_procfs(0xffffffffffffffff, 0x0) 04:11:25 executing program 3: syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r0 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0xfffffffffffffffd, 0x20000) write$USERIO_CMD_REGISTER(r0, &(0x7f00000000c0)={0x0, 0xfffffffffffffffd}, 0x2) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rL'], 0x0, 0x0, 0x0}) 04:11:25 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, 0x0, 0x0) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2468.824332][ T5834] binder: 5832:5834 ioctl c018620c 20000240 returned -1 [ 2468.849421][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2468.855238][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:11:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x5, 0x0, 0x0}) 04:11:25 executing program 5: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) [ 2468.929408][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2468.935258][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:11:25 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x6, 0x0, 0x0}) 04:11:25 executing program 5: ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f00000002c0)) [ 2469.044690][ T5909] binder: 5886 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2469.044704][ T5909] binder: 5886:5909 ioctl c018620c 20000240 returned -22 04:11:25 executing program 4: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='mountinfo\x00') fcntl$lock(r1, 0x25, &(0x7f0000000000)) 04:11:25 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, 0x0, 0x0) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:25 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(r0, 0x0, 0x0) openat$cgroup_type(r0, 0x0, 0x2, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = add_key(&(0x7f0000000040)='rxrpc\x00', &(0x7f0000000080)={'syz', 0x1}, &(0x7f0000000280)="5659754b084f3dc96b800807bafb09b50d282888caaea3131ece6ccde0d26b81a4af8dc2c2b86439f9f51edb6a52c33161d6dbea20dc43ac44c59a3e0e69ebe5ab43aa257fe34c73191f932dc55b5f94ae299130fa239106ceb0e20900d44815076f884bf80e40dc869df720d1", 0x6d, 0xfffffffffffffffb) keyctl$set_timeout(0xf, r1, 0x5) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(r2, 0x0, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) write$cgroup_int(r2, &(0x7f0000000200), 0x26000) r3 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) [ 2469.098206][ T5956] binder: 5955:5956 ioctl c018620c 20000240 returned -1 [ 2469.125053][ T5956] binder: 5955:5956 ioctl c018620c 20000240 returned -1 04:11:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x6, 0x0, 0x0}) [ 2469.169456][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2469.175357][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:11:25 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x7, 0x0, 0x0}) 04:11:25 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:25 executing program 5: ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f00000002c0)) 04:11:26 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, 0x0, 0x0) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2469.295463][ T5971] binder: 5970 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2469.295476][ T5971] binder: 5970:5971 ioctl c018620c 20000240 returned -22 [ 2469.370167][ T6024] binder: 6004:6024 ioctl c018620c 20000240 returned -1 04:11:26 executing program 5: ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f00000002c0)) 04:11:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x48, 0x0, 0x0}) 04:11:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x7, 0x0, 0x0}) 04:11:26 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2469.532802][ T6086] binder: 6084:6086 ioctl c018620c 20000240 returned -1 04:11:26 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[], 0x0) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00'], 0x0, 0x0, 0x0}) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/mls\x00', 0x0, 0x0) ioctl$KVM_GET_PIT2(r1, 0x8070ae9f, &(0x7f0000000100)) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000080)={0x6000, 0x3000, 0x1, 0x83, 0x8}) 04:11:26 executing program 5: r0 = openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) 04:11:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4c, 0x0, 0x0}) [ 2469.628138][ T6092] binder: 6090 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2469.628152][ T6092] binder: 6090:6092 ioctl c018620c 20000240 returned -22 04:11:26 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[], 0x0) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2469.741232][ T6101] binder: 6099:6101 ioctl c018620c 20000240 returned -1 [ 2469.754220][ T6092] binder: 6090 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2469.754232][ T6092] binder: 6090:6092 ioctl c018620c 20000240 returned -22 [ 2469.785194][ T6104] binder: 6102:6104 unknown command 0 04:11:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x48, 0x0, 0x0}) [ 2469.806722][ T6104] binder: 6102:6104 ioctl c0306201 20000240 returned -22 04:11:26 executing program 5: r0 = openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) 04:11:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x60, 0x0, 0x0}) [ 2469.854943][ T6110] binder: 6108 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2469.854955][ T6110] binder: 6108:6110 ioctl c018620c 20000240 returned -22 04:11:26 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0xfffffffffffffc84, 0x0, &(0x7f0000000100)=ANY=[], 0x125, 0x0, 0x0}) 04:11:26 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[], 0x0) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2469.955959][ T6215] binder: 6190:6215 ioctl c018620c 20000240 returned -1 04:11:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x4c, 0x0, 0x0}) 04:11:26 executing program 5: r0 = openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) 04:11:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x68, 0x0, 0x0}) [ 2470.039195][ T6221] binder: 6220:6221 ioctl c0306201 20000040 returned -14 04:11:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0d63ba29fd784b51b3c3b139acc8f141d95ac342199ee8e61d29adff00003cb2e3a363a5b555cce73f58a6503a21c7fb270e5f1c009a98b25d1318920dc4d3860a6917103d6a4b1a040fc49025c2c2191f55a79e5e817f0984ff8a7e75bae4910d5170590243da069fcd5920fd2a2f91f63cc799ccb89a8072a15f84b1282cd8dae696354dc42137eca67dc727143b54ff1dd3b596564ca943297c685fa82eaf58abe053f0de7c5d5c4f7d3bd7b525f17310233727d37ca8645e0405c28843a755d4cf68134dc86ae70ac6349a5af88ea5695f482c15b4745b1aa3235467661cf78306db4e14ded9799d0c090db561f8855f75e30fb29041ccc8273a89cb2b616a86d01aabb48035c69c954547ee0f25ba7ca6c09d00f55bc61285adecd8b9a126e5fb6f4a143cb9086f3a496aa7e7455ccc68e21749bf387e7616568336c6dc9eadba359ebbc2861fdd4f036c803029a6602dec03686e7c874b1f8cdebadfc37ba7cace4d4b2a446939d92904e42a9aab49efc25482482485c02df17f08fe435c8b45c31086d99b26a073e6027e8e17"], 0x0, 0x0, 0x0}) syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x800) [ 2470.121909][ T6231] binder: 6226 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2470.121922][ T6231] binder: 6226:6231 ioctl c018620c 20000240 returned -22 [ 2470.126051][ T6233] binder: 6230:6233 ioctl c018620c 20000240 returned -1 04:11:26 executing program 5: openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f00000002c0)) 04:11:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x60, 0x0, 0x0}) 04:11:26 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2470.208365][ T6236] binder: 6235:6236 unknown command 700080909 [ 2470.237054][ T6236] binder: 6235:6236 ioctl c0306201 20000240 returned -22 [ 2470.246742][ T6236] binder: 6235:6236 unknown command 700080909 [ 2470.253481][ T6236] binder: 6235:6236 ioctl c0306201 20000240 returned -22 04:11:27 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x6c, 0x0, 0x0}) [ 2470.312857][ T6268] binder: 6247:6268 ioctl c018620c 20000240 returned -22 04:11:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = dup3(r0, r0, 0x0) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000040), &(0x7f0000000080)=0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="000004d90b9d4b17de20c877542a4f07de2a9844fe42b50d97af2ea52b1405e6e41b990badcb863415abc4ef9dbbf130a462e60f25a83d05712836feabffaa01870da3a243cfd393c4f117bb361a06abf441ba1e995974fe7a3e1cee1644321594dd369a4eb0d95a1d76e2baa8d53275185a1333aef37ab5e4807def420a51a6594c2ad710e59b98505b6e6d030c24b8b3b1afb45b072c6af87b7a5a24e2cff759c8aa75b34f39f0f141fcd1b0f1205c1f9b358b83eab974fbf0000c38fac8498a5a07df5b3d18cef2c40513685b6cc8af0e2a8be960b61c9ee3bfcfdd2b118bfb28b5474229c2f99823bbe7db37ddd7ff04967293a71f0e39d2fee4a0d39ec28ffd185efc827340dfc0a1d398dcff57b51ed2f2771c1a7f9861d2f74c64e4974b2dd5582e624d7b423a5d233215689ca36cfa1740aedf399b34171c4e29a9500a7b546309058dd02ce5eb25a8632d056484a102117229dc141627ffdd5ec36a31a38aa04db8b8319e016ba75c60f8c5f698814ed0822167c895a679d92bc78f30"], 0x0, 0x0, 0x0}) 04:11:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x68, 0x0, 0x0}) 04:11:27 executing program 5: openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f00000002c0)) [ 2470.397760][ T6350] binder: 6345:6350 ioctl c018620c 20000240 returned -1 04:11:27 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:27 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x74, 0x0, 0x0}) [ 2470.513798][ T6357] binder: 6353:6357 ioctl c018620c 20000240 returned -22 [ 2470.535477][ T6358] binder: 6355:6358 unknown command -654049280 04:11:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x6c, 0x0, 0x0}) 04:11:27 executing program 5: openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f00000002c0)) [ 2470.576410][ T6358] binder: 6355:6358 ioctl c0306201 20000240 returned -22 [ 2470.604751][ T6364] binder: 6360:6364 ioctl c018620c 20000240 returned -1 04:11:27 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:27 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x7a, 0x0, 0x0}) [ 2470.663528][ T6386] binder: 6379:6386 ioctl c018620c 20000240 returned -22 04:11:27 executing program 5: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, 0x0) [ 2470.787582][ T6465] binder: 6463:6465 ioctl c018620c 20000240 returned -1 04:11:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) r1 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x8, 0x400002) ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f0000000080)={0x4, 0x6, 0x2}) 04:11:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x74, 0x0, 0x0}) 04:11:27 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ff"], 0x1) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:27 executing program 5: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, 0x0) 04:11:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x300, 0x0, 0x0}) [ 2470.877208][ T6488] binder: 6486:6488 ioctl c018620c 20000240 returned -22 04:11:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x7a, 0x0, 0x0}) 04:11:27 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x2) 04:11:27 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ff"], 0x1) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2471.028691][ T6587] binder: 6545:6587 ioctl c018620c 20000240 returned -1 [ 2471.043063][ T6603] binder: 6562:6603 ioctl c018620c 20000240 returned -22 04:11:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x500, 0x0, 0x0}) 04:11:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0d738713cb84b62983081b683e709b978c4aa9e51ceda6f555e7e615bd46"], 0x0, 0x0, 0x0}) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x400400, 0x0) ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000000100)={0x0, 0x0, @ioapic}) write$P9_RFLUSH(r1, &(0x7f0000000080)={0x7, 0x6d, 0x1}, 0x7) 04:11:27 executing program 5: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, 0x0) 04:11:27 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x2) 04:11:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x300, 0x0, 0x0}) [ 2471.150629][ T6610] binder: 6607:6610 unknown command 327643917 [ 2471.188691][ T6617] binder: 6615:6617 ioctl c018620c 20000240 returned -1 04:11:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x600, 0x0, 0x0}) 04:11:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x500, 0x0, 0x0}) [ 2471.214290][ T6610] binder: 6607:6610 ioctl c0306201 20000240 returned -22 [ 2471.241441][ T6644] binder: 6623:6644 ioctl c018620c 20000240 returned -22 04:11:28 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ff"], 0x1) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:28 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ff"], 0x1) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:28 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x2) [ 2471.342931][ T6709] binder: 6687:6709 ioctl c018620c 20000240 returned -1 [ 2471.368768][ T6723] binder: 6717:6723 ioctl c018620c 20000240 returned -22 04:11:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x408000, 0x0) getsockopt$bt_sco_SCO_CONNINFO(r1, 0x11, 0x2, &(0x7f0000000100)=""/219, &(0x7f0000000080)=0xdb) [ 2471.406231][ T6723] binder: 6717:6723 ioctl c018620c 20000240 returned -22 04:11:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x700, 0x0, 0x0}) 04:11:28 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") close(r0) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x600, 0x0, 0x0}) 04:11:28 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(0xffffffffffffffff, r2, &(0x7f0000d83ff8), 0x2) 04:11:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) 04:11:28 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2471.595060][ T6847] binder: 6801:6847 ioctl c018620c 20000240 returned -22 [ 2471.610420][ T6843] binder: 6746:6843 ioctl c018620c 20000240 returned -1 04:11:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x700, 0x0, 0x0}) 04:11:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x2000, 0x0, 0x0}) 04:11:28 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") close(r0) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:28 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(0xffffffffffffffff, r2, &(0x7f0000d83ff8), 0x2) [ 2471.805282][ T6896] binder: 6886:6896 ioctl c018620c 20000240 returned -1 [ 2471.842660][ T6921] binder: 6891:6921 ioctl c018620c 20000240 returned -22 04:11:28 executing program 5: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2471.855075][ T6921] binder: 6891:6921 ioctl c018620c 20000240 returned -22 04:11:28 executing program 3: r0 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x10000, 0x0) ioctl$DRM_IOCTL_GET_MAP(r0, 0xc0286404, &(0x7f0000000080)={&(0x7f0000002000/0x4000)=nil, 0x8, 0x5, 0x10, &(0x7f0000004000/0x2000)=nil, 0x100}) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f00000002c0)=0x2) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x12001}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x50, r2, 0x0, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0xc, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x2}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NET={0x24, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7ff}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x4) 04:11:28 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") close(r0) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x2000, 0x0, 0x0}) 04:11:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4800, 0x0, 0x0}) 04:11:28 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(0xffffffffffffffff, r2, &(0x7f0000d83ff8), 0x2) [ 2472.001132][ T6988] binder: 6973:6988 ioctl c018620c 20000240 returned -22 04:11:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x3f00, 0x0, 0x0}) [ 2472.065914][ T7032] binder: 7022:7032 ioctl c018620c 20000240 returned -1 04:11:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) lseek(r0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="84011e9a1efabad3764bf84e7c6e1a68"], 0x0, 0x0, 0x0}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) 04:11:28 executing program 5: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:28 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4c00, 0x0, 0x0}) [ 2472.165340][ T7087] binder: 7086:7087 ioctl c018620c 20000240 returned -22 04:11:28 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x2) [ 2472.224971][ T7092] binder: 7090:7092 unknown command -1709309564 04:11:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x4800, 0x0, 0x0}) [ 2472.277814][ T7098] binder: 7096:7098 ioctl c018620c 20000240 returned -1 [ 2472.291119][ T7092] binder: 7090:7092 ioctl c0306201 20000240 returned -22 04:11:29 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x6000, 0x0, 0x0}) [ 2472.381889][ T7152] binder: 7119:7152 ioctl c018620c 20000240 returned -22 04:11:29 executing program 5: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:29 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x2) 04:11:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x802) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0xfffffffffffffe0c, 0x0, &(0x7f0000000000)=ANY=[@ANYRES16], 0x3b1b, 0x0, 0x0}) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) getsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, &(0x7f0000000100)=0x40, &(0x7f0000000140)=0x4) write$P9_RLOPEN(r1, &(0x7f0000000180)={0x18, 0xd, 0x2, {{0x3a, 0x2, 0x3}, 0x4}}, 0x18) 04:11:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x4c00, 0x0, 0x0}) [ 2472.482819][ T7210] binder: 7209:7210 ioctl c018620c 20000240 returned -1 04:11:29 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x6800, 0x0, 0x0}) [ 2472.580843][ T7220] binder: 7216:7220 ioctl c0306201 20000040 returned -14 [ 2472.612176][ T7222] binder: 7219:7222 ioctl c018620c 20000240 returned -22 04:11:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x6000, 0x0, 0x0}) 04:11:29 executing program 5: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2472.703931][ T7250] binder: 7225:7250 ioctl c018620c 20000240 returned -1 04:11:29 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x2) 04:11:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x6c00, 0x0, 0x0}) [ 2472.752567][ T7293] binder: 7269:7293 ioctl c018620c 20000240 returned -22 04:11:29 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:29 executing program 3: r0 = add_key$keyring(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000200)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) request_key(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)='/dev/binder#\x00', r0) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = accept4$bt_l2cap(r1, &(0x7f0000000280), &(0x7f00000002c0)=0xe, 0x80000) r3 = openat$full(0xffffffffffffff9c, 0xfffffffffffffffd, 0x1, 0x0) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000480)={"04fb80a4cf1dcdf6782867fe08bd1899c20059d17c3561a783a813ec40546cdf2e834fda811f439d8e9f431bb69f94c6d322f78e309bfb65f8aa30cef2e783ebdab86a622036148d85f0ca96e40fb233f8ee8e5e739ea75f044d183bc7570ef15e09a6bda924830279de7236536d4890cb38afbf771b98fbff954c8ec645f418becbd4729c90e95c1a4ba0a5c05b6915ce85fbd8432f9f664d06ecdb5b9831aa036dd16f4049c06049ce1ecdff45372c1b0116b8979d69ef26edf5f8557c924ab419dc6d03f39c7d93ca6f5b577f79500515e6f16774ab9df6c94d1cfc042d67bf138609c846fd5343cbffb71b34b16202bd5bd1fff05db145714ea751d1299d07f9829261a602c736d088aad840a86f5a8364c3bdb4c7ac377d7e57de24ebd190d8df5822da801b0752f705334bcf73ce7f856ecb4c3b7f7f4204d587bea394d7e0faf18ba30d74c6b1da86209d1479576a0761f1d9ba582d80f16f1c86983150e33e1c8f5b9eba3ada20f20d5f91f01a0db64246b3ce3fd69155a271820ebf56ec2658c55476e06a51d3098e95b1c5f79857757b5bdb267a242bea5a971119d0148be9ec6d954f8304cd24502dfd807c49cbfca3c65452ddf198a39617dd4834891a22c48d7a4cd0291ba26aca8cf8a625b837143cdf5ce625092bea8da5ebb5398627ce7a2f2e0e518dadc04f6fdc9094fafa92b0338e03173abfabc598c3efb67a84967eafb58716fa9ff12dbc9975b5ab9e2dbdf7090574761dfdaca8f47648cbf8ab2f29453458bfdfb59896e5bf1e7b4cbf0a7e7347ec8a97b958bfd2197ad8ad771fc9e16e5428d2997f387b41d4ef34b1c346aa7284917c138a0d1975d80ed77ebed03280947ff92c34205a32a9b5ba51f00321634dc661477a3fbf7369e738628a505cde19ad0b410548e2e24e7a56f3c0ba6f8a9b20c5f111808b7e61fa78ac90e8601644ba10f90ccb09085f72ff8793cd999c9c40957c5f1f5b8a2307752127c9ce314f28ec11dfa8a880e349923e5d8979e21cb7e2e75ee24ac47b9754c8fd99faa886caca8754a27371b011ca576ee07d34fa2ce946f2fa734961033b4453107d5c21e53a05e3f2b4c4066e1122006ed5a37c0e4f1b847870b25123af91ca3b8ad475cfcd9c76fcae0a5c3a326c57cd200e8175bce3e2ff55f945274493bd5ec13f46a4a6cc6bbac290744cd89ed4d00e53bcfc7aa3c21d3f75c46750dab38a7d7bfb2f6abcbbfa689dd99bcc8c456a08b0ffec5e1e1805b1331201d794d10c0b745a52f9ac16ed0e3ff9d8b3849d0acf9fe3ef34c9e59a1fc2dc3f05fa0035802064214063058bd7f585c2ec5266e916e108b4d697923e1bed467b025a264e0774bd8e4df40e4f396840654d28ef679f6086f1996e1f9efe95a73c0fe6b53df3cbb62646779924dae21bf013afa324131fd3712461986d73"}) getsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000300), &(0x7f0000000340)=0x4) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="aadf400556f0df1b2db9f616dfff515e4aba5fcf4ef1460b7b06ef51021ff1cb1b3ce2b465926b080400110cd7f9fc73727960b8305651aa2df66c904ff68fb88344a0fb00a585a2897f1deb4f8d31e80013dad6d3dad19839e128aeac9c8909aabcd31877303a2ea176c520eda905dd5b476e523dbdffcf4b3d1d09e049b4d7b5af526baf29d5e77389e7ed91b0d46ec0f3aa64118db3bd29c57fbe57d5d0895149dcea6fd7aeb734f6b8f3c89f0aa59552d3684c07ee4794e872747e882141615dba71faed8da3"], 0x0, 0x0, 0x0}) membarrier(0x0, 0x0) 04:11:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x6800, 0x0, 0x0}) 04:11:29 executing program 5: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2472.848016][ T7338] binder: 7337:7338 ioctl c018620c 20000240 returned -1 04:11:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x7400, 0x0, 0x0}) [ 2472.967221][ T7348] binder: 7347:7348 ioctl c018620c 20000240 returned -22 [ 2472.976052][ T7349] binder: 7345:7349 unknown command 88137642 [ 2472.994828][ T7349] binder: 7345:7349 ioctl c0306201 20000240 returned -22 [ 2473.009403][ C1] net_ratelimit: 18 callbacks suppressed 04:11:29 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, 0x0, 0x2) 04:11:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x6c00, 0x0, 0x0}) [ 2473.009411][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2473.020927][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:11:29 executing program 5: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2473.072602][ T7413] binder: 7377:7413 ioctl c018620c 20000240 returned -1 [ 2473.089422][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2473.095584][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2473.110248][ T7455] binder_ioctl_get_node_info_for_ref: 17 callbacks suppressed 04:11:29 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x8, 0x0, &(0x7f0000000040)=ANY=[@ANYRES64], 0x0, 0x0, 0x0}) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/commit_pending_bools\x00', 0x1, 0x0) r2 = syz_genetlink_get_family_id$nbd(&(0x7f00000001c0)='nbd\x00') sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x14008001}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x28, r2, 0x0, 0x70bd26, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x3}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000010}, 0x4000000) socket$bt_rfcomm(0x1f, 0x3, 0x3) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x40, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r3, 0x541b, &(0x7f0000000100)) ioctl$BLKGETSIZE64(r3, 0x80081272, &(0x7f0000000080)) [ 2473.110256][ T7455] binder: 7432 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2473.110269][ T7455] binder: 7432:7455 ioctl c018620c 20000240 returned -22 04:11:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x7a00, 0x0, 0x0}) 04:11:29 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, 0x0, 0x2) 04:11:29 executing program 5: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x2) [ 2473.245196][ T7470] binder: 7468:7470 unknown command -1 [ 2473.270562][ T7470] binder: 7468:7470 ioctl c0306201 20000240 returned -22 [ 2473.281171][ T7455] binder: 7432 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2473.281184][ T7455] binder: 7432:7455 ioctl c018620c 20000240 returned -22 [ 2473.309397][ T7526] binder: 7472:7526 ioctl c018620c 20000240 returned -1 [ 2473.329469][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2473.335259][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:11:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x7400, 0x0, 0x0}) 04:11:30 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, 0x0, 0x2) 04:11:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0}) 04:11:30 executing program 4: close(0xffffffffffffffff) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(0xffffffffffffffff, r0, &(0x7f0000d83ff8), 0x2) 04:11:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000080)=ANY=[@ANYRES32=r0], 0x0, 0x0, 0x0}) 04:11:30 executing program 5: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x2) [ 2473.489415][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2473.495229][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2473.526136][ T7597] binder: 7589 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2473.526149][ T7597] binder: 7589:7597 ioctl c018620c 20000240 returned -22 [ 2473.548932][ T7593] binder: 7590:7593 ioctl c018620c 20000240 returned -1 [ 2473.566622][ T7600] binder: 7598:7600 unknown command 3 04:11:30 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x0) [ 2473.590734][ T7600] binder: 7598:7600 ioctl c0306201 20000240 returned -22 04:11:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0}) 04:11:30 executing program 4: close(0xffffffffffffffff) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(0xffffffffffffffff, r0, &(0x7f0000d83ff8), 0x2) 04:11:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00V'], 0x0, 0x0, 0x0}) r1 = syz_open_dev$sndpcmp(&(0x7f0000000440)='/dev/snd/pcmC#D#p\x00', 0x7, 0xcb09a3ce20c8befe) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x2c, &(0x7f0000000080)=[@in6={0xa, 0x4e24, 0x7fff, @local, 0x40}, @in={0x2, 0x4e20, @empty}]}, &(0x7f0000000140)=0x10) r3 = mmap$binder(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x2000001, 0x8011, r1, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000040)='./file0\x00', &(0x7f0000000480)='trusted.overlay.upper\x00', &(0x7f00000004c0)={0x0, 0xfb, 0x72, 0x0, 0x8, "f1658784cf3663f04238cc1d89975090", "5392f6d357981749a9cf65fc858a314a7f1f96007a0a90de4441a8e3d0605ed88efb83b4132fdb9436c08541d355148516cf8816acd827f4a62f6ed6f4de7ee6bcc5343ede4b78e219cfbeecfd75266eb1ad1f703c9a698ca0929b0bb6"}, 0x72, 0x3) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000400)={0x58, 0x0, &(0x7f0000000280)=[@free_buffer={0x40086303, r3}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x2, 0x0, 0x11, 0x0, 0x0, 0x38, 0x28, &(0x7f00000001c0)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x1}, @fda={0x66646185, 0x0, 0x1, 0x3a}], &(0x7f0000000200)=[0x78, 0x0, 0x48, 0x40, 0x58]}, 0xfffffffffffffffd}}], 0xfc, 0x0, &(0x7f0000000300)="18a0fbd7d55c8b406ef658998ca2199e09c17b703dd0fcf792c936f29bbcf61a9cb89b7d841e5096311db3f3b29e483b05ee5e8557d2d918bbb9300321ecf4acb720ee4066786e50bc66866b0b6ea67b19f705c5fa4b53f648db24a64836500c38164286f4ea4bb1e7b9cba2affda1ec1223a7b8a68475b84693adfb811f910debb9a66437f703f111bd61e4b017bb613201a1378b24ac92cda012b58bba4838b6d4f6d539cfe2875da8e25361bcffb48738d6bdcc2563cad54be4596cb3de30f75e7a16cb776f7ddd38dbac27f70ce5f8503be37f1e863f75089df65a4844edbb33ebe10d32bc1aefb58f9261363665d8c078ee1256b6c8e92bbb7c"}) write$P9_RLCREATE(r1, &(0x7f0000000540)={0x18, 0xf, 0x1, {{0x82, 0x1, 0x6}, 0x3}}, 0x18) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f0000000580)=""/238, &(0x7f0000000680)=0xee) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r1, 0x84, 0x23, &(0x7f0000000180)={r2, 0x3f}, 0x8) 04:11:30 executing program 5: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x2) 04:11:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x7a00, 0x0, 0x0}) [ 2473.743955][ T7617] binder: 7614:7617 unknown command 22016 [ 2473.751005][ T7619] binder: 7615 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2473.751024][ T7619] binder: 7615:7619 ioctl c018620c 20000240 returned -22 [ 2473.766393][ T7616] binder: 7609:7616 ioctl c018620c 20000240 returned -1 04:11:30 executing program 4: close(0xffffffffffffffff) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(0xffffffffffffffff, r0, &(0x7f0000d83ff8), 0x2) 04:11:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x3000000, 0x0, 0x0}) 04:11:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x1000000, 0x0, 0x0}) [ 2473.802748][ T7617] binder: 7614:7617 ioctl c0306201 20000240 returned -22 04:11:30 executing program 5: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) close(r0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:30 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x0) [ 2473.889392][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2473.895213][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:11:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="f7becbf070c78b33e85ff10864e6cb0d63"], 0x0, 0x0, 0x0}) [ 2473.944967][ T7759] binder: 7743:7759 ioctl c018620c 20000240 returned -1 [ 2473.961291][ T7776] binder: 7774 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2473.961305][ T7776] binder: 7774:7776 ioctl c018620c 20000240 returned -22 04:11:30 executing program 4: r0 = socket$inet6(0xa, 0x0, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0}) [ 2474.017997][ T7776] binder: 7774 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2474.018010][ T7776] binder: 7774:7776 ioctl c018620c 20000240 returned -22 04:11:30 executing program 5: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) close(r0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2474.079809][ T7782] binder: 7780:7782 unknown command -255082761 [ 2474.114435][ T7782] binder: 7780:7782 ioctl c0306201 20000240 returned -22 04:11:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x2000000, 0x0, 0x0}) 04:11:30 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x0) [ 2474.132179][ T7785] binder: 7783:7785 ioctl c018620c 20000240 returned -1 04:11:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="054c"], 0x0, 0x0, 0x0}) fcntl$getownex(r0, 0x10, &(0x7f0000000040)={0x0, 0x0}) process_vm_writev(r1, &(0x7f0000001500)=[{&(0x7f0000000100)=""/199, 0xc7}, {&(0x7f0000000280)=""/4096, 0x1000}, {&(0x7f0000001280)=""/181, 0xb5}, {&(0x7f0000001340)=""/253, 0xfd}, {&(0x7f0000001440)=""/130, 0x82}], 0x5, &(0x7f0000000080)=[{&(0x7f0000001580)=""/144, 0x90}, {&(0x7f0000001640)=""/4096, 0x1000}], 0x2, 0x0) 04:11:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x5000000, 0x0, 0x0}) 04:11:30 executing program 5: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) close(r0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:31 executing program 4: r0 = socket$inet6(0xa, 0x0, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2474.383893][ T7803] binder: 7799:7803 unknown command 19461 [ 2474.425579][ T7810] binder: 7800:7810 ioctl c018620c 20000240 returned -1 [ 2474.435368][ T7823] binder: 7806 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2474.435381][ T7823] binder: 7806:7823 ioctl c018620c 20000240 returned -22 [ 2474.442903][ T7803] binder: 7799:7803 ioctl c0306201 20000240 returned -22 04:11:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x6000000, 0x0, 0x0}) 04:11:31 executing program 5: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:31 executing program 4: r0 = socket$inet6(0xa, 0x0, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x3000000, 0x0, 0x0}) [ 2474.579200][ T7911] binder: 7902 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2474.579213][ T7911] binder: 7902:7911 ioctl c018620c 20000240 returned -22 04:11:31 executing program 0: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x7000000, 0x0, 0x0}) [ 2474.657427][ T7927] binder: 7900:7927 ioctl c018620c 20000240 returned -1 04:11:31 executing program 3: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000080), &(0x7f0000000100)=0x4) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) 04:11:31 executing program 5: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x4000000, 0x0, 0x0}) 04:11:31 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(0xffffffffffffffff) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2474.801481][ T7969] binder: 7937:7969 ioctl c018620c 20000240 returned -1 04:11:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) 04:11:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0}) [ 2474.866117][ T8017] binder: 8009 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2474.866129][ T8017] binder: 8009:8017 ioctl c018620c 20000240 returned -22 04:11:31 executing program 3: r0 = msgget(0x1, 0x9) msgctl$MSG_STAT(r0, 0xb, &(0x7f0000000080)=""/31) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x2, 0x0, &(0x7f0000000280)=ANY=[@ANYRESDEC=r1], 0x30, 0x0, 0x0}) r2 = open(&(0x7f0000000300)='./file0/f.le.\x00', 0x400, 0x8a) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000340)={{0x3, 0x0, 0x1, 0x3, 0xffffffffffff9026}}) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/net/pfkey\x00', 0xa600, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f0000000100)={0x2, 0x0, 0x0, 0x8}) r5 = syz_open_dev$dmmidi(&(0x7f00000004c0)='/dev/dmmidi#\x00', 0xfffffffffffffffc, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) semget(0xffffffffffffffff, 0x0, 0x10) creat(&(0x7f0000000880)='./file0/f.le.\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getgroups(0x3, &(0x7f0000000480)=[0xee01, 0xee00, 0xffffffffffffffff]) mount$fuse(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f00000003c0)='fuse\x00', 0x1000020, &(0x7f0000000780)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0xe000}, 0x2c, {'user_id'}, 0x2c, {'group_id', 0x3d, r7}, 0x2c, {[{@default_permissions='default_permissions'}], [{@obj_user={'obj_user', 0x3d, '-'}}, {@dont_hash='dont_hash'}, {@appraise='appraise'}]}}) mkdirat(r6, &(0x7f0000000740)='./file0\x00', 0x0) write$USERIO_CMD_SET_PORT_TYPE(r6, &(0x7f0000000440), 0x2) write$P9_RREMOVE(r5, &(0x7f00000002c0)={0x7, 0x7b, 0x1}, 0x7) getsockopt$inet6_IPV6_IPSEC_POLICY(r5, 0x29, 0x22, &(0x7f0000000a80)={{{@in=@local, @in=@remote}}, {{@in=@loopback}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000540)=0xe8) syz_mount_image$f2fs(&(0x7f0000000200)='f2fs\x00', 0x0, 0x2, 0x1, &(0x7f0000000a00)=[{&(0x7f0000000940), 0x0, 0x101}], 0x200804, 0x0) mkdirat(r6, &(0x7f0000000580)='.//ile0\x00', 0x0) write$FUSE_STATFS(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSID(r5, 0x5429, &(0x7f0000000280)) renameat(r6, &(0x7f0000000240)='.//ile0\x00', r6, &(0x7f0000000140)='./file0/../file0\x00') ioctl$DRM_IOCTL_SG_FREE(r3, 0x40106439, &(0x7f0000000140)={0xcae, r4}) creat(&(0x7f0000000040)='./file0\x00', 0x0) [ 2474.927005][ T8017] binder: 8009 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2474.927018][ T8017] binder: 8009:8017 ioctl c018620c 20000240 returned -22 04:11:31 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(0xffffffffffffffff) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:31 executing program 5: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2475.007040][ T8054] binder: 8050:8054 ioctl c018620c 20000240 returned -1 [ 2475.035452][ T8056] binder: 8055:8056 unknown command 808464432 04:11:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x5000000, 0x0, 0x0}) 04:11:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x48000000, 0x0, 0x0}) [ 2475.083750][ T8056] binder: 8055:8056 ioctl c0306201 20000180 returned -22 04:11:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r1) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r1, r3, &(0x7f0000d83ff8), 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) 04:11:31 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(0xffffffffffffffff) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x6000000, 0x0, 0x0}) [ 2475.162345][ T8082] binder: 8069:8082 ioctl c018620c 20000240 returned -1 [ 2475.165267][ T8087] binder: 8064:8087 ioctl c018620c 20000240 returned -22 [ 2475.181699][ T8082] binder: 8069:8082 ioctl c018620c 20000240 returned -1 04:11:31 executing program 5: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4c000000, 0x0, 0x0}) 04:11:32 executing program 3: r0 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/mls\x00', 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000200)={&(0x7f0000000180)=[0x7fff, 0x8001, 0x8, 0xffffffffffffff7f], 0x4, 0x1, 0x2, 0x9, 0x7, 0xffffffff, {0xfff, 0x47, 0x6, 0x8000, 0x56, 0x1, 0x40, 0x2, 0x7f, 0x0, 0xbbf, 0xfffffffffffffff9, 0x4, 0x4, "f8419c0dece23ad2a33abbe40e400c10fca0be553e234056b1cbe11210f9f447"}}) prctl$PR_GET_NAME(0x10, &(0x7f0000000040)=""/96) r1 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0xfffffffffffffffd) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x400, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) accept$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, &(0x7f00000000c0)=0x1c) 04:11:32 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, 0x0, 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r1) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r1, r3, &(0x7f0000d83ff8), 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) [ 2475.384381][ T8192] binder: 8189:8192 ioctl c018620c 20000240 returned -22 [ 2475.416506][ T8194] binder: 8191:8194 ioctl c018620c 20000240 returned -1 04:11:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x7000000, 0x0, 0x0}) 04:11:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0}) 04:11:32 executing program 5: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(0xffffffffffffffff, r0, &(0x7f0000d83ff8), 0x2) 04:11:32 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x49, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="cadc813432d4e7a059589aa7df7394de3f59ce441970333de90870d87aadbfe4727563a3ceb1b0e75de84de3c43dd0724e85fd5c65b628298f59082e049f922309ce98ef798cff8c56"], 0x0, 0x0, 0x0}) 04:11:32 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, 0x0, 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2475.641797][ T8310] binder: 8306:8310 ioctl c018620c 20000240 returned -22 [ 2475.664279][ T8311] binder: 8308:8311 ioctl c018620c 20000240 returned -1 [ 2475.681655][ T8313] binder: 8309:8313 unknown command 880925898 [ 2475.682869][ T8311] binder: 8308:8311 ioctl c018620c 20000240 returned -1 04:11:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x20000000, 0x0, 0x0}) 04:11:32 executing program 5: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(0xffffffffffffffff, r0, &(0x7f0000d83ff8), 0x2) 04:11:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r1) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r1, r3, &(0x7f0000d83ff8), 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) [ 2475.745931][ T8313] binder: 8309:8313 ioctl c0306201 20000040 returned -22 04:11:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x68000000, 0x0, 0x0}) 04:11:32 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0xffffffffffffff3d, 0x0, &(0x7f0000000040)=ANY=[@ANYRESDEC=r0, @ANYRESHEX], 0xfffffffffffffec2, 0x0, 0x0}) r1 = socket$isdn(0x22, 0x3, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x1ff, 0x208a00) ioctl$VIDIOC_STREAMOFF(r2, 0x40045613, &(0x7f0000000080)=0x1) ioctl$sock_SIOCOUTQ(r1, 0x5411, &(0x7f0000000100)) [ 2475.831846][ T8319] binder: 8318:8319 ioctl c018620c 20000240 returned -22 04:11:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x3f000000, 0x0, 0x0}) 04:11:32 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, 0x0, 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2475.908640][ T8327] binder: 8324:8327 ioctl c018620c 20000240 returned -1 [ 2475.947752][ T8330] binder: 8326:8330 ioctl c0306201 20000240 returned -14 04:11:32 executing program 5: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(0xffffffffffffffff, r0, &(0x7f0000d83ff8), 0x2) 04:11:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x6c000000, 0x0, 0x0}) [ 2475.984667][ T8334] binder: 8332:8334 ioctl c018620c 20000240 returned -22 [ 2476.000170][ T8330] binder: 8326:8330 ioctl c0306201 20000240 returned -14 04:11:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x48000000, 0x0, 0x0}) [ 2476.113940][ T8391] binder: 8382:8391 ioctl c018620c 20000240 returned -1 04:11:32 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:11:32 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x74000000, 0x0, 0x0}) [ 2476.165074][ T8425] binder: 8392:8425 ioctl c018620c 20000240 returned -22 04:11:32 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x20000000) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) 04:11:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x4c000000, 0x0, 0x0}) [ 2476.217872][ T8425] binder: 8392:8425 ioctl c018620c 20000240 returned -22 04:11:33 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2476.360183][ T8456] binder: 8452:8456 ioctl c018620c 20000240 returned -1 04:11:33 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:33 executing program 3: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) 04:11:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x60000000, 0x0, 0x0}) [ 2476.405510][ T8462] binder: 8458:8462 ioctl c018620c 20000240 returned -22 [ 2476.522336][ T8569] binder: 8528:8569 ioctl c018620c 20000240 returned -22 04:11:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x7a000000, 0x0, 0x0}) 04:11:33 executing program 5: r0 = socket$inet6(0xa, 0x0, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0d6356794a3ccbdf1c641d72e4ca3c3e401f34dcfa435150cc377659002862347a765ef5a39843727e217cf83e32010b35868f70be65b5ad"], 0x0, 0x0, 0x0}) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x6041, 0x0) ioctl$SCSI_IOCTL_SYNC(r1, 0x4) [ 2476.680760][ T8584] binder: 8579:8584 ioctl c018620c 20000240 returned -1 [ 2476.719049][ T8586] binder: 8585:8586 unknown command 2035704589 [ 2476.737932][ T8586] binder: 8585:8586 ioctl c0306201 20000240 returned -22 [ 2476.756908][ T8586] binder: 8585:8586 unknown command 2035704589 [ 2476.765375][ T8586] binder: 8585:8586 ioctl c0306201 20000240 returned -22 04:11:33 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:11:33 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x68000000, 0x0, 0x0}) 04:11:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0}) 04:11:33 executing program 5: r0 = socket$inet6(0xa, 0x0, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000013ffffff000000e85a62b134ff221f2a7181469d415124eb6b68378bec205fe061a3a1e29919015879d6f3e123115bd079c0b1f3e71d862cfe87f9b69bb567bedda2e3a38283e7e8e9e8494a01c92c167e4d28b0cad388f3f9c594340e59253c0a55242cf0198949395570f1e5874b8c1bd8c0e1c267916cde798402a062711234e5aaf60ad55df573518d23df0118ea7bba038c909e0b96a89ae9d106f70e4dfe6804ddfcdb3a1474bf363324eff5c3cb0eaf7b9d4044c95d93a491"], 0x0, 0x0, 0x0}) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x0, 0x0) ioctl$TUNSETTXFILTER(r1, 0x400454d1, &(0x7f0000000080)={0x1, 0x4, [@dev={[], 0x29}, @random="a2bbc2eee36d", @dev={[], 0xd}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}]}) [ 2477.145006][ T8700] binder: 8696:8700 ioctl c018620c 20000240 returned -22 [ 2477.158014][ T8703] binder: 8697:8703 ioctl c018620c 20000240 returned -1 [ 2477.162368][ T8700] binder: 8696:8700 ioctl c018620c 20000240 returned -22 [ 2477.169278][ T8705] binder: 8699:8705 unknown command 318767104 [ 2477.179217][ T8705] binder: 8699:8705 ioctl c0306201 20000240 returned -22 04:11:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x6c000000, 0x0, 0x0}) 04:11:33 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(0x0, 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0}) [ 2477.202166][ T8705] binder: 8699:8705 unknown command 318767104 [ 2477.230564][ T8705] binder: 8699:8705 ioctl c0306201 20000240 returned -22 04:11:34 executing program 5: r0 = socket$inet6(0xa, 0x0, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2477.319581][ T8761] binder: 8748:8761 ioctl c018620c 20000240 returned -22 [ 2477.333488][ T8761] binder: 8748:8761 ioctl c018620c 20000240 returned -22 [ 2477.365806][ T8787] binder: 8772:8787 ioctl c018620c 20000240 returned -1 04:11:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x74000000, 0x0, 0x0}) 04:11:34 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(0x0, 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2477.557113][ T8832] binder: 8826:8832 ioctl c018620c 20000240 returned -22 [ 2477.588539][ T8832] binder: 8826:8832 ioctl c018620c 20000240 returned -22 04:11:34 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(0x0, 0x2000000000000015) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) poll(&(0x7f0000000300)=[{r1}, {r2, 0x106}, {r2, 0xdf2d5b36b80889b8}, {r1, 0xa004}, {r3, 0x40}, {r1}, {r2, 0x1}], 0x7, 0xffff) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000002500)=@rose) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:11:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0x0}) 04:11:34 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x2) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x200000, 0x0) 04:11:34 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(0xffffffffffffffff) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:34 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(0x0, 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x7a000000, 0x0, 0x0}) [ 2478.049394][ C1] net_ratelimit: 22 callbacks suppressed [ 2478.049402][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2478.060907][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2478.079735][ T8841] binder: 8837:8841 ioctl c018620c 20000240 returned -1 [ 2478.087038][ T8843] binder: 8839:8843 ioctl c018620c 20000240 returned -22 04:11:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0}) 04:11:34 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x100000000000000, 0x0, 0x0}) [ 2478.129401][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2478.135275][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2478.228147][ T8960] binder_ioctl_get_node_info_for_ref: 16 callbacks suppressed [ 2478.228154][ T8960] binder: 8957 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2478.228173][ T8960] binder: 8957:8960 ioctl c018620c 20000240 returned -22 [ 2478.266434][ T8961] binder: 8956:8961 ioctl c018620c 20000240 returned -1 04:11:35 executing program 3: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x8000, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000180)={@dev, @loopback, 0x0}, &(0x7f00000001c0)=0xc) r2 = syz_open_dev$adsp(&(0x7f0000000200)='/dev/adsp#\x00', 0xc9c, 0x40000) bind$xdp(r0, &(0x7f0000000280)={0x2c, 0x4, r1, 0x31, r2}, 0x10) r3 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='\rc'], 0x150, 0x0, 0x0}) 04:11:35 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(0xffffffffffffffff) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2478.293165][ T8961] binder: 8956:8961 ioctl c018620c 20000240 returned -1 04:11:35 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2478.411495][ T8969] binder: 8965:8969 ioctl c0306201 20000240 returned -14 04:11:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x500, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0x0}) 04:11:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x200000000000000, 0x0, 0x0}) 04:11:35 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:35 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(0xffffffffffffffff) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:35 executing program 3: r0 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x8000) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffff9c, 0x84, 0x14, &(0x7f00000017c0)=@assoc_value={0x0}, &(0x7f0000001800)=0x8) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffff9c, 0x84, 0x13, &(0x7f0000001840)={0x0, 0x3}, &(0x7f0000001880)=0x8) sendmmsg$inet_sctp(r0, &(0x7f0000001980)=[{&(0x7f0000000100)=@in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000001740)=[{&(0x7f0000000140)="9be29e368a3771a47bbf7664e7e629b54fe1bcc68f8518b0e7344af592d16d95de73acae8e437ce365c10b146a8b4c322c4385198a453c9b06e93161c9853325ebe1dc914824d816b3f911dc20417351cc30fb78e15c5ce29d6631b91967feaf326e8bb72c251d8f68d1bfe32333cc7dfdb047e20f3e82f6125b25b568622c304f92d9c361c51a40b527a524add157a6bc352ad97b0d4babcfda51ebaadfa7c7880ccac80e0135960319a7ac73e13130341872eccfbf86de55fa8594fb5f4397e8b74dc7", 0xc4}, {&(0x7f0000000280)="a5d1b38b8917e790ee42b193d1244558ad17231ac7cebd14de47d85b3aa2c8b6f14a70435fc1676bbebd739bdad5b77caa1f611170345a4a2123126910487151f233c9da17841f1071e8ad3d6eaf4be8648b9945a2636fdfdf5005497ba43169bc336b1b32de7b1bb896a7a0c22cdb6c2cad3949fe0e302080418569c124e06a698b", 0x82}, {&(0x7f0000000340)="9b1ef5240a732c69ac20e5bad81a8a7dba99c675f22fa10eacc70752ec73c3262c6bf4218fa9867533e629aa1f07dd558cbd1c9d84f5bf94e077435ff2ed953a2a289860543e879d8e6f7496def56b6f824076e9323aedc04d93e264e4b66181069eda54198f5ffe6907bf4271646df426d51634c359a45caa1eb2d04e2aec7c698af31382c8aabdbfdcd844f42caaf7aaff6a27f2db53b40c0805267ca9be7039a6e19c2520d5fc4aab4d40884cf53f145cd25dfc141ef7704b678ad971f2e6b27953878bf2005dc025678db9e7c770b9683592fce2a23828c9b982a01debb475c7b843752c7a85e8d107187cabd220ec67386d34460bd6f839b97c1a32023b11a467128a716c3771347a19414b2bbb982ce39106a8a9b7a01ec5617a4e7f7264e34e1557aff53193c478ee86376856f89900d3953b5814b9afc98f6b2b1c48e0d9f049e1090e49da1d134949244f5ebf5d4d844231cfcfc26786288fefd28bb0f69242192eb2cf1caa7580cb156f7ae9044e0dc2a4478c248697281431489028f25214e40b3bb39b2c14c52c73e054de95bb43a65c8c0c83d91d8e6b995157c902a5275d1db4cfc158b4d500cd94694fe16d6aa8efe9e4fd804250592ff86821468c06766e00edb6f629bd855f06ee45f6103c3ed9ba9e1842ca39414471df58495678438fb3c77e8177d1a5bae5b9718aa5001bd1661c4e9ec35189c00b94875826f5e1d020e08e75e3d8de2ba336955cc68a25f381b5a8c327ade21c63b0dba99dcb3e44175802888351fabff1e3e244c39f1ba02a9a62fd81ab5aa16a46d11352977b35fe84f025dc77c9b4292a78005a31ce4bcb322a45869f69bca0eb7db58257f76f9a7cf0a7225e421a6d8d24766b8572bb3d5f9724fc62f38f3b9be5de26ddb7481a7a724e30b730f186d44e4590d709a4a01c2bde8c07b3c2ad0a7d77f610812df91a7bf770fb83d609d49840ebd8624add0262a3bd988b614f9a072a3587f908ee53ecbdc3b4b4c7241e3d387a4f5f1acbab0c69c778e771db6f78390a9305e997797bf087be65ec3c1bdec37149539743bfd084a7f37a642a1e605326ca20f1cdb1c79bdf4b9d7eff1ff059b52209ffc7902bf6ffbd4ad01256afe9e4527d255042da1050e195aa8c1c18103b99ade17d3f21bb0b236ee57467aa9a8739cc9526126b6a15fd562cc156ae098186de860cf7bea9a2f6aacbef3bcedf13e4a23b823c67a45fc8ea9477391761468900a0263a9ab6099cadc28cd171738cc33468ecd0230f1382995be53335e6b2bb190f5cd32a3cdd9ce24c3a67ae3e8e72e117ed7b393e28d52c02206d68cafb384151fdbb82011fffea5662b9ca2b830406151afaacd82388adfadc399f5537f72c419412da83e6d8e5fc574d11904c5f5b9bcd66d7212ef4ecc8c6ba05337cb0ef91f51a53987ef358b743061d84eace66086605188459a8c10fcd79ffcebdcfba0ad6cb3209eb397a96e621657c602b910aec7d8754b3851c50bf574cc025232b37c46984a44992260689e4666f897f2961a9fbc0998db0dd549fe5f1509aa20a32b274b12fbb9fbd61c049aed4ff6256fe669b6da28281224d018598956a38d724f02bff8f5242e44e4452e2b52c85ce17f828c31d07035c9fa56e153413a7645e024fcea4ba6d2403a1b647877d2df117944df907b3a6500c76b26808705dbdac4918c0c0dd9191ccee9e22eb22f2a7dcceed63a460621a58e3862f35b0f5c04374b11ea83a1617e995c118c533ee3f46bb07610b3a16c96cd1a592a2685503fbb7f8446328e1b69ad24331fb43fedde8ac7112c39302ca618bdc46095c4d19440ac9a8d51ce40a11aad5a43455b6d7a85dc289f5bea0009fb42459dfccbf455cb5f8e74fcc9bf6f8c0389157542a0dc2b03f590c62af7e632268a8d7b9dd166d21797f688d071508720038181abb94d7e37910907a591dbc81b0a264f609611e8f91916c5fcc5234a4b16e7de7e75d2866cb3b5070e7ec716a5d631e4fda674b571ae4ce4176e9d00750099d6ddf3d8a706eb9e4a1119ae65a4fc0c80d5bb3fd0f52f69cfe5e71404845927bed139940e8b1bd1f88c826090506ff68742293cd1769a36c410e25a62a54fabcf9e45dac1497c0312bd472fc1dcaa8ca804cfe9c1ae6433ea71c6204d37fe42114496df176f1376d3954e4d6073b0e2c34854fdaa42e7231c37e582c1a5507c90e6362343fb7a1cc5dcadee64a492bdb2c81f76bbb374570cda39d58ecc6b5a63f275a13c28d191543b863bdb2c56c0d0743bb03dd03d7d7ffbb66c26940ed92a620e57c7239fdd8104e17e28272cef5e7d4c56aa31683fccaf5ef04dde62d029088144d9c17e545f27c1d118cf07194a0131e2191eb6f85e297ee7656d0cced9d783b104618b4717f1eca89b5f9a0a3407712efff219d75835f735b2f0924c02a645a1a997cf4791d20ac73c5e0dafcb3c438896be8400f626d176b5ce8bb2cee423a8bf5da87ab709dadcb1540890d645d435ffce33c7b9f50d813b3655225f7716392e913edf7e5f728d9b63c88557fd1f5b70937b115ffca21d3752926301fdb611dc808d3d394ddd73cb34a8bb8becea7d6e55d60dce374b374a8620e5eca6bc8b3731c427f86970f6efd7f681dfb4222120c07f142f7f9523601e3c1af0ce52c6874efc76bdaca1cf29eaf4949e0bf64ef461a0e1abd1a60c1b826a624acbf7d232c2c0b429cca94a42937c6f9c2d5e5c9468367b2e0e974dd491d48c6beaed6cf61ebf8d23461fa10dffea886cab4e55c8ac681417994273c89ee11ba5ed44ff6690fb218cea11bf40cd26d1ac98b83eaab2ae954466f555024345dc2e411ed9f55a638b1f74ede81c8c0060a06558d92a6daa9c821596db51b1fddf6eda1e8b3ceb5c7de8d39363263732d6081ab6f73e4e0b0ec555738701e49b775691812dd68c65639de25d327d975929a53b3a978866c7514e1ba840190ad07859d1b7abc6ea68f8bb15571d13f502c8faac808e39ab65bea9ce99be3eee2a07c666933990343752a97dcd059710f10f5355bc0d197e7218ae933f63748a67957ad42f4a3a7e8e76ce49b01aa0ae301d2a5a42b385a729cd9e53923816bdedd05201de9a8566099ab6a44a627a3b52b4f097ab1b3d239c3f78d9b236451cc914ea6b0315795889e91909077a9ae57e3f98f243ff30ced0c7c0ebea5f9db39d5fda3ded91f02916fdbd16381e24096c8fed502337f8ac42c1b48e5c5345295ada3824166d4aa5a4c29e7ebe223aebbc21d6eff91e8d56c2b4b3d0094653c873458c5dcc508efd959cd0d01cafd51f9466b3aa1a27dc6a8d5b8a7f590300f94a180dd8d3f9e530d17e5b18f859a411abb6be2e07b769fab222edb89692436917624010e5bf1f788ad40e1c4c2521f77381f4e5b203cd0b45874f5b9af4682973f30d0977988d96abab667c06faa81d35f38255419d90107c5cae19810a90d1941cc3e6e589e549df12371f5a82000d3fbd947432ff5af48a391a5bc7aa80a6465373535e325a29aa49dc1aa8dc1139a16710e0ba07772a4a25bacf05230cf557b90b90c476b20172fa847a363cf31a23297d388a720a2694350c44541ca00885c87acabd1946a8397607c43f6a532fb1b7857689ef19a2b9bc5be0e286c11c07621f2bef5fbf88784f9ec59f5a037a9a2fde448c67133d82ea03d6251ee32afbb2a7d2840f724fe5acd07857759f0159ea7d66a20e579fdd6383e1f44a1b91f10a80dcb944a2c6789af6812bccc9864f1f7d071813fd2a77402971935e19bd7eda1386039880227ee3799c9e089bb143293e3790f00f54e7f9c70ecc200578858fc54a01188809092761f52694ff93aa9ec954651f254af878d0c0dd99703a05061427bdc333925723a6d7516ebb71b5a9b93f5077a0dc4248ed0b8e1d5678df2c3b302ae475f591087f7ae9b5d13d1282134e444a2debcf115e26a24cead0fa753b5bd30fe813c14ad946b6ce5802cd865025d5fa4cd2e7b25fb9fa74772c34ac22889bf347939bd2c5636b7d6c3f5b9064531b101e8040492b89253d1d90ca745dbbe68c802a3b3ff04be459285fbad912db1a7cbbb501aa3b2cdbacaee9db921e93d3fcb40c527bd242142f25c7b3c7fa89eb36ab657b2c7b0fc77f954ccbdb7d3957a70192c748103621786dae2432743dadeff31d8e0952c2af9f01d5c950f212218630d0d34302bf586041a13f33bddcf16b133a2bf6e008976a0e1705fabfbf038487a02f06952cf5ff80f3cc09fbc62b7ace7929967f41dbc9883f74b2b320c7ee0e4c77a8c4f406262a9c7c51818ccdcb04e2523f11f0757a877559d66908d82993fcfe0620a8b8b24a2a8e8ef96e4b3e04624cdb96a0e13774ae6630d9be583023e72cb3dcf8961bbe2883458cdc80031d81c956a1ca966862c3f8572138c9dd21918ac4c361c6184730ca47bce83de0b3245f478444689451ae1835a3dff45124f53b197e6a973edc50a151189882fdaf6dc8ae5cb4c8d53b3d39d2f3e9e99abf13a519e20a69dafa3f7caa1ff9a06ad4947ccb1e455514a36960cc04f84d102fe8ba5e71ba383e906bc046b7941079261e346725070963f232bbc000672194318bd522781bd550f04d3672f1d7c300aefef04888388b0fbd0fcddf800f5ebbad3d6c93230d4a677adb58a2ea5420c732f6363ea781140baeb02c319b82a555c41e19c4344895751e3204233ade27fd749c75ded6fe3238fc5f2092b6a7218ec05b95f3a2f80faca92a481f702a25f90c663009cf5b05ec948d54ce85b7c0f608be9a38c19b8067a575461ba57582e7b8e0b2d8fb75aea0e931a5f5938fe825f4746f388e3b12b0971f34785b89ca31340ca78ac378df1e5b10fcc3e9a49bca813b408e11b832251486cdae260f0a082aff6cd0930747777bc4a3ca65f67630951fc46d07029e7d645e3283a71f7508c52182e58b5d66e7186bfdeeea9b90c475788a16a949262f3bb60aa649fb9dcd09bca840224f9b6aadbc18a3bc497ed4a37647008ea9a0f8bdd132321d2def41c93b36cf55d29c4c4d442c4ab50bda51a8163948fdfff155acddf3da1e9cfdb88ff00509cccbb2a38c242cc3d24e62afad93931afbccfdc32cb8691c68d221e007f9e205358eb197dc2ddcfb3038083445840f04fdc581308900eed64b5382c5e85aedbc39470607dd0f5bbf147d9f16e4b6f6e381a427f8db77c0af53eebdfc98414005e97f62975efd500e26b3b9ee2860c0747369849d46ee66899069b7b94c5a81f248a82094f91cedfed6ffdc2ba9a5c42032692f8ea8460c60a293e72954e45748b16f96f02b7c83e6539b70a9fe003af150228c3337c9cd16776d8930323e26d6cb621e615c7588fe9033965ce0aec69a5a8c2a859a1a5638ad6cb4536910316545d3be44521ead473a6a3e0f3a8399b8799e012ca81d8ae3eed574f07fec7d6e5ff763e38868ae044130312f4465128d15a22ca2e0c2a71e9ba55f11ae9dec2b4386dcaad2ea97f91bc79ddf1d648d15127ff63c7324c0c74f510f4b3a8bb2a68611d12fe0a5427a58f0a946d3f21f21f4decc2449e122969d4c7b13b36a85cdd1c3ed24580c1a7756856d8e482e34f2fdf92c1bc1a71cc0385cbcc644686a9fcf7956291a9bacec31516fb067e693538dc91fc61a3f28837459d7951c5c7ebfa5e11a18c05e3baff09ac9ebadb42ce583d4202e0f5fe4ef602ddcb4b6958b0e7a3f30e754348db6cb13281a7b82cc389efd9732f82a13aefd9a3bb14c4d8f69a19203964a4de", 0x1000}, {&(0x7f0000001340)="39d49632d8d4867e44112a294a24466bf630330bd792505e0752998a5fc657f7f99fa78f9f316b78616afa9931ef7ffeefd3adbfcb544dca11cca5f096653680a79f287f59e7ad4f47f8a8c152cb5170b19570a5433e2f7aecc33709f6f85c329b2a75173d4a0a687678e0de47f510746a93946e8fbebeda772484866a504d4fffc18b74675819adf9709dcb1187359786565783a236a71bf80f839aea25d084091024a536d686550a9df29f961f84fb427581b5592ccaa93d0ecd575fe4d010370cc4c033ff063cdd9e58080fd9f9ebe87522cedca0654e66b8f2b6f6e1b931a1bf5158709fe77fecc87c5babe2e2082cc7", 0xf2}, {&(0x7f0000001440)="514e0cf92804fd628eaaed9b5d557007db1c2d120abec56ae9750265ce23dca763ea7fed46c9f267af5dfe75961037bbec9479213bce365cc73d308bfcc389fd0ce88d5e773152281af2b963bddd9a2870fd0f736b6e4b54203c02c5dd302b95ae44e8338c1a9296c671f551a43eaa40cad80f8db7440fb834e5b482a2293dee224981a7affe6bbe8c0813875ed9e6966119e1a4a630aef8530aa24019aa69371b908777a69f474aa344ae75782da055f45ea77ec042d0a65e1ae179bdb8e0cf9f37a46809a746c73cae8f90afb4a2a77879b66c82ace0", 0xd7}, {&(0x7f0000001540)="97c272426d1d111c440f221e19af854250c3cdf7061e0b7ff80f23d26482fa6785fe0605d8016d977ce17e71362a6ef7f8033245af85102ddf095bccf68699d44766ed231d5b013a2dce9e0fa2806af221a01faa66aaffa02d82ce3cc7415db23bcac0ff69e8a2908888967e1711c9786fb132b4f04d87fbc1008efad28d18f395747782b690c38a1d49d70f4c97171275d75c1008001c2c89fa5eb564b7dc31682684af163c9128e0612742a4d6102cdf542932c86e599a", 0xb8}, {&(0x7f0000001600)="492f5a3e8af8e6351da43ae42b2aad4a96c7142ed4b14169990451e46ad8802068f2129c14f544e51d70de846e4b6ab6c939c90291b60cefd4f62bda07ae1c48e7ef3cd7b01822241d44606653f0daf0081730ce18b7584de7a9c537be15b5acee30a1e41dc8a61b519a3dc627780893bdbc89537e709522ab3cae88c3a219d41e0856ae6a396d84e79fdc4fb96beed6b22bdb56aa0b542bad561d623e17cc26a7", 0xa1}, {&(0x7f00000016c0)="55db97c3ee8607104e07e5758432a9fb8f53fa1c187008cf227c5004f229f9f3d1a437f7818c419c93f5e9048b5d6137058ff3c9e78a91adf09c27079d7a350d197844fa38b86cea9b1ad0c4511c1415dba7fe37bc6b02d00b4a1b305e9e6b1340b7db18b32fd457e7f9231df471494cf7edb5c4cf461538f3", 0x79}], 0x8, &(0x7f00000018c0)=[@sndinfo={0x20, 0x84, 0x2, {0x4, 0x8, 0x80000000, 0x4, r1}}, @dstaddrv4={0x18, 0x84, 0x7, @local}, @init={0x18, 0x84, 0x0, {0x800, 0x1, 0x5, 0xffffffffba7c443b}}, @sndrcv={0x30, 0x84, 0x1, {0x8a, 0x9, 0x800c, 0x4, 0x0, 0x800, 0x2, 0x0, r2}}, @dstaddrv4={0x18, 0x84, 0x7, @dev={0xac, 0x14, 0x14, 0x14}}], 0x98, 0xc8c0}], 0x1, 0x4008000) r3 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x800) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) 04:11:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0x0}) [ 2479.006467][ T9089] binder: 9083:9089 ioctl c018620c 20000240 returned -1 [ 2479.023328][ T9092] binder: 9084 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2479.023342][ T9092] binder: 9084:9092 ioctl c018620c 20000240 returned -22 04:11:35 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x300000000000000, 0x0, 0x0}) 04:11:35 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, 0x0, 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2479.103778][ T9138] binder: 9102 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2479.103792][ T9138] binder: 9102:9138 ioctl c018620c 20000240 returned -22 04:11:35 executing program 0 (fault-call:7 fault-nth:0): r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2479.175150][ T9212] binder: 9208:9212 ioctl c018620c 20000240 returned -1 04:11:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0}) ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000000)=0x0) fcntl$setown(r0, 0x8, r1) 04:11:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0x0}) 04:11:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x400000000000000, 0x0, 0x0}) 04:11:36 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2479.232581][ T9217] binder: 9209 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2479.232596][ T9217] binder: 9209:9217 ioctl c018620c 20000240 returned -22 [ 2479.249402][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2479.255233][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2479.329424][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2479.335265][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:11:36 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, 0x0, 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2479.391394][ T9241] binder: 9223:9241 ioctl c018620c 20000240 returned -1 [ 2479.405732][ T9244] binder: 9226 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2479.405744][ T9244] binder: 9226:9244 ioctl c018620c 20000240 returned -22 [ 2479.406712][ T9219] FAULT_INJECTION: forcing a failure. [ 2479.406712][ T9219] name failslab, interval 1, probability 0, space 0, times 0 04:11:36 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) memfd_create(&(0x7f0000000280)='self\x00', 0x4) r1 = syz_open_dev$usbmon(&(0x7f0000000440)='/dev/usbmon#\x00', 0x7f, 0x200) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f0000000480)=0x8c4, 0x4) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) write$input_event(r1, &(0x7f0000000300)={{r2, r3/1000+10000}, 0x15, 0x7, 0x8001}, 0x18) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000040)={0x0}) r5 = mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x100032, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x68, 0x0, &(0x7f0000000140)=[@acquire={0x40046305, 0x2}, @transaction_sg={0x40486311, {{0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x30, 0x38, &(0x7f0000000080)=[@flat={0x77682a85, 0x100, r4, 0x2}, @fd={0x66642a85, 0x0, r0, 0x0, 0x3}], &(0x7f0000000100)=[0x30, 0x20, 0x68, 0x70, 0x38, 0x38, 0x38]}, 0xe}}, @free_buffer={0x40086303, r5}, @acquire], 0x1a, 0x0, &(0x7f00000001c0)="e13cc2867034fa2907d3b9ff10f1e874625aab8115b0043ca3a3"}) [ 2479.450327][ T9219] CPU: 1 PID: 9219 Comm: syz-executor.0 Not tainted 5.0.0+ #15 [ 2479.457902][ T9219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2479.468403][ T9219] Call Trace: [ 2479.471704][ T9219] dump_stack+0x172/0x1f0 [ 2479.476054][ T9219] should_fail.cold+0xa/0x15 [ 2479.480663][ T9219] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2479.486482][ T9219] ? ___might_sleep+0x163/0x280 [ 2479.491342][ T9219] __should_failslab+0x121/0x190 [ 2479.496285][ T9219] should_failslab+0x9/0x14 [ 2479.500807][ T9219] kmem_cache_alloc_trace+0x2d1/0x760 [ 2479.506188][ T9219] alloc_pipe_info+0xb9/0x430 [ 2479.510857][ T9219] ? __might_sleep+0x95/0x190 [ 2479.515522][ T9219] splice_direct_to_actor+0x775/0x970 [ 2479.520872][ T9219] ? avc_policy_seqno+0xd/0x70 [ 2479.525612][ T9219] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2479.531305][ T9219] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2479.536826][ T9219] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2479.543041][ T9219] ? do_splice_to+0x190/0x190 [ 2479.547747][ T9219] ? rw_verify_area+0x118/0x360 [ 2479.552578][ T9219] do_splice_direct+0x1da/0x2a0 [ 2479.557408][ T9219] ? splice_direct_to_actor+0x970/0x970 [ 2479.562930][ T9219] ? rw_verify_area+0x118/0x360 [ 2479.567797][ T9219] do_sendfile+0x597/0xd00 [ 2479.572194][ T9219] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2479.577480][ T9219] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2479.583717][ T9219] ? _copy_from_user+0xdd/0x150 [ 2479.588559][ T9219] __x64_sys_sendfile64+0x15a/0x220 [ 2479.593745][ T9219] ? __ia32_sys_sendfile+0x230/0x230 [ 2479.599011][ T9219] ? do_syscall_64+0x26/0x610 [ 2479.603752][ T9219] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2479.609011][ T9219] ? trace_hardirqs_on+0x67/0x230 [ 2479.614012][ T9219] do_syscall_64+0x103/0x610 [ 2479.618576][ T9219] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2479.624455][ T9219] RIP: 0033:0x457f29 [ 2479.628324][ T9219] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 04:11:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x500000000000000, 0x0, 0x0}) [ 2479.647918][ T9219] RSP: 002b:00007f3493b5bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2479.656306][ T9219] RAX: ffffffffffffffda RBX: 00007f3493b5bc90 RCX: 0000000000457f29 [ 2479.664251][ T9219] RDX: 0000000020d83ff8 RSI: 0000000000000005 RDI: 0000000000000003 [ 2479.672194][ T9219] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2479.680138][ T9219] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f3493b5c6d4 [ 2479.688080][ T9219] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000006 04:11:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0}) [ 2479.696353][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2479.702172][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:11:36 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:36 executing program 0 (fault-call:7 fault-nth:1): r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) [ 2479.789215][ T9345] binder: 9342 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2479.789230][ T9345] binder: 9342:9345 ioctl c018620c 20000240 returned -22 [ 2479.803679][ T9344] binder: 9340:9344 Acquire 1 refcount change on invalid ref 2 ret -22 [ 2479.836356][ T9344] binder: 9340:9344 got transaction to invalid handle [ 2479.853661][ T9344] binder: 9340:9344 transaction failed 29201/-22, size 48-56 line 2994 [ 2479.866462][ T9345] binder: 9342 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2479.866473][ T9345] binder: 9342:9345 ioctl c018620c 20000240 returned -22 04:11:36 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, 0x0, 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2479.903688][ T9351] binder: 9347:9351 ioctl c018620c 20000240 returned -1 04:11:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x600000000000000, 0x0, 0x0}) 04:11:36 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, 0x0, 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4800000000000000, 0x0, 0x0}) [ 2479.962282][ T9353] FAULT_INJECTION: forcing a failure. [ 2479.962282][ T9353] name failslab, interval 1, probability 0, space 0, times 0 04:11:36 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\rc'], 0x0, 0x0, 0x0}) pause() [ 2480.027162][T10518] binder: undelivered TRANSACTION_ERROR: 29201 [ 2480.037204][ T9353] CPU: 1 PID: 9353 Comm: syz-executor.0 Not tainted 5.0.0+ #15 [ 2480.044794][ T9353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2480.054849][ T9353] Call Trace: [ 2480.058153][ T9353] dump_stack+0x172/0x1f0 [ 2480.062500][ T9353] should_fail.cold+0xa/0x15 [ 2480.067116][ T9353] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2480.072919][ T9353] ? ___might_sleep+0x163/0x280 [ 2480.077760][ T9353] __should_failslab+0x121/0x190 [ 2480.082689][ T9353] should_failslab+0x9/0x14 [ 2480.087178][ T9353] __kmalloc+0x2dc/0x740 [ 2480.091410][ T9353] ? kmem_cache_alloc_trace+0x354/0x760 [ 2480.096951][ T9353] ? alloc_pipe_info+0x199/0x430 [ 2480.101873][ T9353] alloc_pipe_info+0x199/0x430 [ 2480.106619][ T9353] ? __might_sleep+0x95/0x190 [ 2480.111278][ T9353] splice_direct_to_actor+0x775/0x970 [ 2480.116626][ T9353] ? avc_policy_seqno+0xd/0x70 [ 2480.121370][ T9353] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2480.127073][ T9353] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2480.132595][ T9353] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2480.139026][ T9353] ? do_splice_to+0x190/0x190 [ 2480.143772][ T9353] ? rw_verify_area+0x118/0x360 [ 2480.148598][ T9353] do_splice_direct+0x1da/0x2a0 [ 2480.153425][ T9353] ? splice_direct_to_actor+0x970/0x970 [ 2480.158949][ T9353] ? rw_verify_area+0x118/0x360 [ 2480.163776][ T9353] do_sendfile+0x597/0xd00 [ 2480.168170][ T9353] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2480.173433][ T9353] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2480.179649][ T9353] ? _copy_from_user+0xdd/0x150 [ 2480.184480][ T9353] __x64_sys_sendfile64+0x15a/0x220 [ 2480.189664][ T9353] ? __ia32_sys_sendfile+0x230/0x230 [ 2480.194940][ T9353] ? do_syscall_64+0x26/0x610 [ 2480.199592][ T9353] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2480.204851][ T9353] ? trace_hardirqs_on+0x67/0x230 [ 2480.209849][ T9353] do_syscall_64+0x103/0x610 [ 2480.214419][ T9353] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2480.220284][ T9353] RIP: 0033:0x457f29 [ 2480.224175][ T9353] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2480.243853][ T9353] RSP: 002b:00007f3493b5bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2480.252237][ T9353] RAX: ffffffffffffffda RBX: 00007f3493b5bc90 RCX: 0000000000457f29 [ 2480.260180][ T9353] RDX: 0000000020d83ff8 RSI: 0000000000000005 RDI: 0000000000000003 [ 2480.268135][ T9353] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2480.276079][ T9353] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f3493b5c6d4 [ 2480.284021][ T9353] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000006 04:11:37 executing program 0 (fault-call:7 fault-nth:2): r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:37 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:37 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, 0x0, 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2480.323675][ T9474] binder: 9470 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2480.323687][ T9474] binder: 9470:9474 ioctl c018620c 20000240 returned -22 [ 2480.357838][ T9480] binder: 9477:9480 ioctl c018620c 20000240 returned -1 04:11:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4c00000000000000, 0x0, 0x0}) [ 2480.400112][ T9474] binder: 9470 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2480.400124][ T9474] binder: 9470:9474 ioctl c018620c 20000240 returned -22 04:11:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x700000000000000, 0x0, 0x0}) 04:11:37 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, 0x0, 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2480.496276][ T9496] binder: 9495:9496 ioctl c018620c 20000240 returned -1 [ 2480.532363][ T9492] FAULT_INJECTION: forcing a failure. [ 2480.532363][ T9492] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 2480.557022][ T9492] CPU: 1 PID: 9492 Comm: syz-executor.0 Not tainted 5.0.0+ #15 [ 2480.564593][ T9492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2480.574644][ T9492] Call Trace: [ 2480.577942][ T9492] dump_stack+0x172/0x1f0 [ 2480.579434][ T9500] binder: 9498 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2480.579446][ T9500] binder: 9498:9500 ioctl c018620c 20000240 returned -22 [ 2480.582280][ T9492] should_fail.cold+0xa/0x15 [ 2480.602343][ T9492] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2480.608146][ T9492] ? ___might_sleep+0x163/0x280 [ 2480.612985][ T9492] should_fail_alloc_page+0x50/0x60 [ 2480.618173][ T9492] __alloc_pages_nodemask+0x1a1/0x7e0 [ 2480.623522][ T9492] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2480.629217][ T9492] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2480.635437][ T9492] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2480.641657][ T9492] alloc_pages_current+0x107/0x210 [ 2480.646746][ T9492] __page_cache_alloc+0x2bd/0x460 [ 2480.651751][ T9492] __do_page_cache_readahead+0x1c9/0x5c0 [ 2480.657361][ T9492] ? read_pages+0x550/0x550 [ 2480.661840][ T9492] ? page_cache_sync_readahead+0x1d3/0x520 [ 2480.667624][ T9492] ondemand_readahead+0x561/0xd40 [ 2480.672627][ T9492] page_cache_sync_readahead+0x281/0x520 [ 2480.678236][ T9492] generic_file_read_iter+0x1582/0x2870 [ 2480.683764][ T9492] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 2480.689545][ T9492] ? kasan_kmalloc+0x9/0x10 [ 2480.694027][ T9492] ? filemap_write_and_wait_range+0xd0/0xd0 [ 2480.699904][ T9492] ? percpu_ref_put_many+0x94/0x190 [ 2480.705084][ T9492] ext4_file_read_iter+0x180/0x3c0 [ 2480.710172][ T9492] generic_file_splice_read+0x4b4/0x800 [ 2480.715692][ T9492] ? add_to_pipe+0x350/0x350 [ 2480.720271][ T9492] ? rw_verify_area+0x118/0x360 [ 2480.725106][ T9492] ? add_to_pipe+0x350/0x350 [ 2480.729683][ T9492] do_splice_to+0x12a/0x190 [ 2480.734190][ T9492] splice_direct_to_actor+0x2d2/0x970 [ 2480.739542][ T9492] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2480.745243][ T9492] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2480.751460][ T9492] ? do_splice_to+0x190/0x190 [ 2480.756115][ T9492] ? rw_verify_area+0x118/0x360 [ 2480.760943][ T9492] do_splice_direct+0x1da/0x2a0 [ 2480.765770][ T9492] ? splice_direct_to_actor+0x970/0x970 [ 2480.771297][ T9492] ? rw_verify_area+0x118/0x360 [ 2480.776152][ T9492] do_sendfile+0x597/0xd00 [ 2480.780549][ T9492] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2480.785809][ T9492] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2480.792024][ T9492] ? _copy_from_user+0xdd/0x150 [ 2480.796867][ T9492] __x64_sys_sendfile64+0x15a/0x220 [ 2480.802043][ T9492] ? __ia32_sys_sendfile+0x230/0x230 [ 2480.807303][ T9492] ? do_syscall_64+0x26/0x610 [ 2480.811963][ T9492] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2480.817226][ T9492] ? trace_hardirqs_on+0x67/0x230 [ 2480.822229][ T9492] do_syscall_64+0x103/0x610 [ 2480.826795][ T9492] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2480.832660][ T9492] RIP: 0033:0x457f29 [ 2480.836534][ T9492] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 04:11:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x2000000000000000, 0x0, 0x0}) 04:11:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x6000000000000000, 0x0, 0x0}) 04:11:37 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2480.856120][ T9492] RSP: 002b:00007f3493b5bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2480.865331][ T9492] RAX: ffffffffffffffda RBX: 00007f3493b5bc90 RCX: 0000000000457f29 [ 2480.873292][ T9492] RDX: 0000000020d83ff8 RSI: 0000000000000005 RDI: 0000000000000003 [ 2480.881241][ T9492] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2480.889187][ T9492] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f3493b5c6d4 [ 2480.897130][ T9492] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000006 [ 2480.962649][ T9507] binder: 9502:9507 ioctl c018620c 20000240 returned -22 [ 2480.989027][ T9513] binder: 9505:9513 ioctl c018620c 20000240 returned -1 04:11:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x3f00000000000000, 0x0, 0x0}) 04:11:37 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[], 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2481.118305][ T9519] binder: 9516:9519 ioctl c018620c 20000240 returned -22 [ 2481.140494][ T9519] binder: 9516:9519 ioctl c018620c 20000240 returned -22 04:11:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x6800000000000000, 0x0, 0x0}) 04:11:37 executing program 3 (fault-call:1 fault-nth:0): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) 04:11:37 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:37 executing program 0 (fault-call:7 fault-nth:3): r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x4800000000000000, 0x0, 0x0}) 04:11:37 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[], 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2481.263937][ T9636] binder: 9630:9636 ioctl c018620c 20000240 returned -1 [ 2481.294099][ T9634] FAULT_INJECTION: forcing a failure. [ 2481.294099][ T9634] name failslab, interval 1, probability 0, space 0, times 0 04:11:38 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(0x0, 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2481.319604][ T9640] FAULT_INJECTION: forcing a failure. [ 2481.319604][ T9640] name failslab, interval 1, probability 0, space 0, times 0 [ 2481.333608][ T9641] binder: 9637:9641 ioctl c018620c 20000240 returned -22 [ 2481.353327][ T9640] CPU: 0 PID: 9640 Comm: syz-executor.3 Not tainted 5.0.0+ #15 [ 2481.360886][ T9640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2481.370943][ T9640] Call Trace: [ 2481.374245][ T9640] dump_stack+0x172/0x1f0 [ 2481.378591][ T9640] should_fail.cold+0xa/0x15 [ 2481.383187][ T9640] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2481.389010][ T9640] ? ___might_sleep+0x163/0x280 [ 2481.393864][ T9640] __should_failslab+0x121/0x190 [ 2481.398795][ T9640] should_failslab+0x9/0x14 [ 2481.403320][ T9640] kmem_cache_alloc_trace+0x2d1/0x760 [ 2481.408696][ T9640] ? __might_fault+0x12b/0x1e0 [ 2481.413465][ T9640] ? find_held_lock+0x35/0x130 04:11:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x4c00000000000000, 0x0, 0x0}) 04:11:38 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[], 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2481.418243][ T9640] udmabuf_create+0xd1/0xd20 [ 2481.422841][ T9640] ? lock_downgrade+0x880/0x880 [ 2481.427696][ T9640] ? unmap_udmabuf+0x30/0x30 [ 2481.432301][ T9640] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2481.438541][ T9640] ? _copy_from_user+0xdd/0x150 [ 2481.443395][ T9640] udmabuf_ioctl+0x21c/0x260 [ 2481.447994][ T9640] ? udmabuf_create+0xd20/0xd20 [ 2481.452861][ T9640] ? ___might_sleep+0x163/0x280 [ 2481.457723][ T9640] ? udmabuf_create+0xd20/0xd20 [ 2481.462586][ T9640] do_vfs_ioctl+0xd6e/0x1390 [ 2481.462605][ T9640] ? ioctl_preallocate+0x210/0x210 [ 2481.462624][ T9640] ? selinux_file_mprotect+0x620/0x620 [ 2481.462644][ T9640] ? __fget+0x381/0x550 [ 2481.462663][ T9640] ? ksys_dup3+0x3e0/0x3e0 [ 2481.462675][ T9640] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2481.462701][ T9640] ? fput_many+0x12c/0x1a0 [ 2481.462721][ T9640] ? tomoyo_file_ioctl+0x23/0x30 [ 2481.462738][ T9640] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2481.489239][ T9640] ? security_file_ioctl+0x93/0xc0 [ 2481.489258][ T9640] ksys_ioctl+0xab/0xd0 [ 2481.489275][ T9640] __x64_sys_ioctl+0x73/0xb0 [ 2481.524831][ T9640] do_syscall_64+0x103/0x610 [ 2481.529460][ T9640] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2481.535369][ T9640] RIP: 0033:0x457f29 [ 2481.539284][ T9640] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2481.547846][ T9648] binder: 9645:9648 ioctl c018620c 20000240 returned -22 04:11:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x0}) [ 2481.558979][ T9640] RSP: 002b:00007f9c03137c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2481.558994][ T9640] RAX: ffffffffffffffda RBX: 00007f9c03137c90 RCX: 0000000000457f29 [ 2481.559003][ T9640] RDX: 00000000200002c0 RSI: 0000000040087543 RDI: 0000000000000003 [ 2481.559011][ T9640] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2481.559019][ T9640] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9c031386d4 [ 2481.559032][ T9640] R13: 00000000004c24df R14: 00000000004d4f08 R15: 0000000000000004 [ 2481.581990][ T9634] CPU: 0 PID: 9634 Comm: syz-executor.0 Not tainted 5.0.0+ #15 [ 2481.622086][ T9634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2481.632128][ T9634] Call Trace: [ 2481.632152][ T9634] dump_stack+0x172/0x1f0 [ 2481.632175][ T9634] should_fail.cold+0xa/0x15 [ 2481.632193][ T9634] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2481.632218][ T9634] __should_failslab+0x121/0x190 [ 2481.632236][ T9634] should_failslab+0x9/0x14 [ 2481.632250][ T9634] kmem_cache_alloc+0x47/0x6f0 [ 2481.632269][ T9634] ? ___might_sleep+0x163/0x280 04:11:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x6000000000000000, 0x0, 0x0}) [ 2481.656457][ T9651] binder: 9650:9651 ioctl c018620c 20000240 returned -1 [ 2481.659606][ T9634] ? mempool_alloc+0x380/0x380 [ 2481.659629][ T9634] mempool_alloc_slab+0x47/0x60 [ 2481.659646][ T9634] mempool_alloc+0x16b/0x380 [ 2481.659666][ T9634] ? mempool_destroy+0x40/0x40 [ 2481.659682][ T9634] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2481.659699][ T9634] ? __check_block_validity.constprop.0+0xda/0x210 [ 2481.659710][ T9634] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2481.659729][ T9634] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 04:11:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x7400000000000000, 0x0, 0x0}) [ 2481.669307][ T9634] ? ext4_map_blocks+0x39d/0x1a00 [ 2481.669332][ T9634] bio_alloc_bioset+0x3bf/0x680 [ 2481.669346][ T9634] ? ext4_issue_zeroout+0x190/0x190 [ 2481.669363][ T9634] ? bvec_alloc+0x2f0/0x2f0 [ 2481.669380][ T9634] ? trace_hardirqs_on+0x67/0x230 [ 2481.669393][ T9634] ? __inc_numa_state+0x49/0xe0 [ 2481.669411][ T9634] ext4_mpage_readpages+0xe81/0x1bb0 [ 2481.669433][ T9634] ? mpage_end_io+0x6a0/0x6a0 [ 2481.669453][ T9634] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2481.745547][ T9653] binder: 9652:9653 ioctl c018620c 20000240 returned -22 [ 2481.749843][ T9634] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2481.749869][ T9634] ? rcu_read_lock_sched_held+0x110/0x130 [ 2481.749908][ T9634] ext4_readpages+0xda/0x120 [ 2481.749920][ T9634] ? ext4_bmap+0x420/0x420 [ 2481.749940][ T9634] read_pages+0x10f/0x550 [ 2481.749967][ T9634] ? read_cache_pages+0x670/0x670 [ 2481.779371][ T9634] ? __page_cache_alloc+0x131/0x460 [ 2481.779396][ T9634] __do_page_cache_readahead+0x4c6/0x5c0 [ 2481.779417][ T9634] ? read_pages+0x550/0x550 04:11:38 executing program 3 (fault-call:1 fault-nth:1): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) 04:11:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x6800000000000000, 0x0, 0x0}) [ 2481.779429][ T9634] ? page_cache_sync_readahead+0x1d3/0x520 [ 2481.779450][ T9634] ondemand_readahead+0x561/0xd40 [ 2481.789718][ T9634] page_cache_sync_readahead+0x281/0x520 [ 2481.835192][ T9634] generic_file_read_iter+0x1582/0x2870 [ 2481.840760][ T9634] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 2481.846564][ T9634] ? kasan_kmalloc+0x9/0x10 [ 2481.851069][ T9634] ? filemap_write_and_wait_range+0xd0/0xd0 [ 2481.856994][ T9634] ? percpu_ref_put_many+0x94/0x190 [ 2481.862230][ T9634] ext4_file_read_iter+0x180/0x3c0 [ 2481.865989][ T9656] binder: 9654:9656 ioctl c018620c 20000240 returned -1 [ 2481.867343][ T9634] generic_file_splice_read+0x4b4/0x800 [ 2481.867359][ T9634] ? add_to_pipe+0x350/0x350 [ 2481.867388][ T9634] ? rw_verify_area+0x118/0x360 [ 2481.889242][ T9634] ? add_to_pipe+0x350/0x350 [ 2481.893837][ T9634] do_splice_to+0x12a/0x190 [ 2481.898354][ T9634] splice_direct_to_actor+0x2d2/0x970 [ 2481.903730][ T9634] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2481.909270][ T9634] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2481.915509][ T9634] ? do_splice_to+0x190/0x190 [ 2481.920283][ T9634] ? rw_verify_area+0x118/0x360 [ 2481.925146][ T9634] do_splice_direct+0x1da/0x2a0 [ 2481.930000][ T9634] ? splice_direct_to_actor+0x970/0x970 [ 2481.935557][ T9634] ? rw_verify_area+0x118/0x360 [ 2481.940415][ T9634] do_sendfile+0x597/0xd00 [ 2481.944844][ T9634] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2481.950140][ T9634] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2481.956383][ T9634] ? _copy_from_user+0xdd/0x150 [ 2481.961252][ T9634] __x64_sys_sendfile64+0x15a/0x220 [ 2481.966460][ T9634] ? __ia32_sys_sendfile+0x230/0x230 04:11:38 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2481.967839][ T9661] binder: 9658:9661 ioctl c018620c 20000240 returned -22 [ 2481.971742][ T9634] ? do_syscall_64+0x26/0x610 [ 2481.971760][ T9634] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2481.971777][ T9634] ? trace_hardirqs_on+0x67/0x230 [ 2481.971796][ T9634] do_syscall_64+0x103/0x610 [ 2481.971816][ T9634] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2481.971828][ T9634] RIP: 0033:0x457f29 [ 2481.971843][ T9634] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2481.971850][ T9634] RSP: 002b:00007f3493b5bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2481.971878][ T9634] RAX: ffffffffffffffda RBX: 00007f3493b5bc90 RCX: 0000000000457f29 [ 2482.027790][ T9634] RDX: 0000000020d83ff8 RSI: 0000000000000005 RDI: 0000000000000003 [ 2482.027799][ T9634] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2482.027807][ T9634] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f3493b5c6d4 [ 2482.027815][ T9634] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000006 [ 2482.087275][ T9663] FAULT_INJECTION: forcing a failure. [ 2482.087275][ T9663] name failslab, interval 1, probability 0, space 0, times 0 [ 2482.129523][ T9663] CPU: 0 PID: 9663 Comm: syz-executor.3 Not tainted 5.0.0+ #15 [ 2482.137091][ T9663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2482.137102][ T9663] Call Trace: [ 2482.150441][ T9663] dump_stack+0x172/0x1f0 [ 2482.154784][ T9663] should_fail.cold+0xa/0x15 [ 2482.159384][ T9663] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2482.165186][ T9663] ? ___might_sleep+0x163/0x280 [ 2482.170045][ T9663] __should_failslab+0x121/0x190 [ 2482.170065][ T9663] should_failslab+0x9/0x14 [ 2482.170080][ T9663] __kmalloc+0x2dc/0x740 [ 2482.170101][ T9663] ? udmabuf_create+0xd1/0xd20 [ 2482.183740][ T9663] ? rcu_read_lock_sched_held+0x110/0x130 [ 2482.183757][ T9663] ? dma_buf_export+0x1eb/0x9b0 [ 2482.183774][ T9663] dma_buf_export+0x1eb/0x9b0 [ 2482.183794][ T9663] udmabuf_create+0x91d/0xd20 [ 2482.183812][ T9663] ? lock_downgrade+0x880/0x880 [ 2482.183831][ T9663] ? unmap_udmabuf+0x30/0x30 [ 2482.183857][ T9663] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2482.224054][ T9663] ? _copy_from_user+0xdd/0x150 04:11:38 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8), 0x2) 04:11:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x0}) 04:11:38 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(0x0, 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x6c00000000000000, 0x0, 0x0}) 04:11:38 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2482.228915][ T9663] udmabuf_ioctl+0x21c/0x260 [ 2482.233507][ T9663] ? udmabuf_create+0xd20/0xd20 [ 2482.238379][ T9663] ? ___might_sleep+0x163/0x280 [ 2482.243237][ T9663] ? udmabuf_create+0xd20/0xd20 [ 2482.248091][ T9663] do_vfs_ioctl+0xd6e/0x1390 [ 2482.252696][ T9663] ? ioctl_preallocate+0x210/0x210 [ 2482.257811][ T9663] ? selinux_file_mprotect+0x620/0x620 [ 2482.263272][ T9663] ? __fget+0x381/0x550 [ 2482.267435][ T9663] ? ksys_dup3+0x3e0/0x3e0 [ 2482.271857][ T9663] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2482.275177][ T9673] binder: 9671:9673 ioctl c018620c 20000240 returned -1 [ 2482.278095][ T9663] ? fput_many+0x12c/0x1a0 [ 2482.278116][ T9663] ? tomoyo_file_ioctl+0x23/0x30 [ 2482.278135][ T9663] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2482.300597][ T9663] ? security_file_ioctl+0x93/0xc0 [ 2482.305712][ T9663] ksys_ioctl+0xab/0xd0 [ 2482.309876][ T9663] __x64_sys_ioctl+0x73/0xb0 [ 2482.314470][ T9663] do_syscall_64+0x103/0x610 [ 2482.319062][ T9663] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2482.324955][ T9663] RIP: 0033:0x457f29 [ 2482.328854][ T9663] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2482.348459][ T9663] RSP: 002b:00007f9c03137c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2482.356870][ T9663] RAX: ffffffffffffffda RBX: 00007f9c03137c90 RCX: 0000000000457f29 [ 2482.364854][ T9663] RDX: 00000000200002c0 RSI: 0000000040087543 RDI: 0000000000000003 [ 2482.372833][ T9663] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 04:11:39 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(0x0, 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2482.380806][ T9663] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9c031386d4 [ 2482.388881][ T9663] R13: 00000000004c24df R14: 00000000004d4f08 R15: 0000000000000004 04:11:39 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x7400000000000000, 0x0, 0x0}) 04:11:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x2, 0x0}) [ 2482.428156][ T9678] binder: 9670:9678 ioctl c018620c 20000240 returned -22 04:11:39 executing program 3 (fault-call:1 fault-nth:2): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) [ 2482.517511][ T9685] binder: 9681:9685 ioctl c018620c 20000240 returned -22 04:11:39 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:39 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x2, 0x2) [ 2482.579384][ T9690] binder: 9687:9690 ioctl c018620c 20000240 returned -1 [ 2482.607007][ T9692] FAULT_INJECTION: forcing a failure. [ 2482.607007][ T9692] name failslab, interval 1, probability 0, space 0, times 0 04:11:39 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ff"], 0x1) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2482.641219][ T9690] binder: 9687:9690 ioctl c018620c 20000240 returned -1 [ 2482.666566][ T9692] CPU: 0 PID: 9692 Comm: syz-executor.3 Not tainted 5.0.0+ #15 [ 2482.674132][ T9692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2482.684183][ T9692] Call Trace: [ 2482.687503][ T9692] dump_stack+0x172/0x1f0 [ 2482.691887][ T9692] should_fail.cold+0xa/0x15 [ 2482.696494][ T9692] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2482.702314][ T9692] ? ___might_sleep+0x163/0x280 [ 2482.707178][ T9692] __should_failslab+0x121/0x190 [ 2482.712129][ T9692] should_failslab+0x9/0x14 [ 2482.716638][ T9692] kmem_cache_alloc+0x2b2/0x6f0 [ 2482.721492][ T9692] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2482.727127][ T9692] ? find_held_lock+0x35/0x130 [ 2482.731901][ T9692] __d_alloc+0x2e/0x8c0 [ 2482.736067][ T9692] d_alloc_pseudo+0x1e/0x30 04:11:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0}) 04:11:39 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2482.740586][ T9692] alloc_file_pseudo+0xe2/0x280 [ 2482.745439][ T9692] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2482.751685][ T9692] ? alloc_file+0x4d0/0x4d0 [ 2482.756198][ T9692] ? lockdep_init_map+0x1be/0x6d0 [ 2482.761230][ T9692] anon_inode_getfile+0xda/0x200 [ 2482.766180][ T9692] dma_buf_export+0x4b5/0x9b0 [ 2482.770871][ T9692] udmabuf_create+0x91d/0xd20 [ 2482.775562][ T9692] ? lock_downgrade+0x880/0x880 [ 2482.780417][ T9692] ? unmap_udmabuf+0x30/0x30 [ 2482.785024][ T9692] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2482.791267][ T9692] ? _copy_from_user+0xdd/0x150 [ 2482.796125][ T9692] udmabuf_ioctl+0x21c/0x260 [ 2482.800713][ T9692] ? udmabuf_create+0xd20/0xd20 [ 2482.800739][ T9692] ? ___might_sleep+0x163/0x280 [ 2482.800761][ T9692] ? udmabuf_create+0xd20/0xd20 [ 2482.800780][ T9692] do_vfs_ioctl+0xd6e/0x1390 [ 2482.800802][ T9692] ? ioctl_preallocate+0x210/0x210 [ 2482.800823][ T9692] ? selinux_file_mprotect+0x620/0x620 [ 2482.810499][ T9692] ? __fget+0x381/0x550 [ 2482.810521][ T9692] ? ksys_dup3+0x3e0/0x3e0 04:11:39 executing program 3 (fault-call:1 fault-nth:3): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) 04:11:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x7a00000000000000, 0x0, 0x0}) [ 2482.810545][ T9692] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2482.810562][ T9692] ? fput_many+0x12c/0x1a0 [ 2482.810585][ T9692] ? tomoyo_file_ioctl+0x23/0x30 [ 2482.810599][ T9692] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2482.810616][ T9692] ? security_file_ioctl+0x93/0xc0 [ 2482.810635][ T9692] ksys_ioctl+0xab/0xd0 [ 2482.810652][ T9692] __x64_sys_ioctl+0x73/0xb0 [ 2482.810670][ T9692] do_syscall_64+0x103/0x610 [ 2482.810690][ T9692] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2482.825181][ T9692] RIP: 0033:0x457f29 04:11:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0}) [ 2482.825198][ T9692] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2482.825206][ T9692] RSP: 002b:00007f9c03137c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2482.825220][ T9692] RAX: ffffffffffffffda RBX: 00007f9c03137c90 RCX: 0000000000457f29 [ 2482.825229][ T9692] RDX: 00000000200002c0 RSI: 0000000040087543 RDI: 0000000000000003 [ 2482.825237][ T9692] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 04:11:39 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2482.825245][ T9692] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9c031386d4 [ 2482.825253][ T9692] R13: 00000000004c24df R14: 00000000004d4f08 R15: 0000000000000004 [ 2482.863897][ T9700] binder: 9699:9700 ioctl c018620c 20000240 returned -1 04:11:39 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x3, 0x2) [ 2483.000767][ T9712] binder: 9710:9712 ioctl c018620c 20000240 returned -22 [ 2483.031048][ T9714] FAULT_INJECTION: forcing a failure. [ 2483.031048][ T9714] name failslab, interval 1, probability 0, space 0, times 0 [ 2483.074559][ T9717] binder: 9713:9717 ioctl c018620c 20000240 returned -1 [ 2483.095262][ T9714] CPU: 0 PID: 9714 Comm: syz-executor.3 Not tainted 5.0.0+ #15 [ 2483.102835][ T9714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2483.112889][ T9714] Call Trace: [ 2483.116191][ T9714] dump_stack+0x172/0x1f0 [ 2483.120572][ T9714] should_fail.cold+0xa/0x15 [ 2483.125176][ T9714] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2483.130992][ T9714] ? ___might_sleep+0x163/0x280 [ 2483.135852][ T9714] __should_failslab+0x121/0x190 [ 2483.140890][ T9714] should_failslab+0x9/0x14 [ 2483.145398][ T9714] kmem_cache_alloc+0x2b2/0x6f0 [ 2483.150264][ T9714] __alloc_file+0x27/0x300 [ 2483.154691][ T9714] alloc_empty_file+0x72/0x170 [ 2483.159462][ T9714] alloc_file+0x5e/0x4d0 [ 2483.163815][ T9714] alloc_file_pseudo+0x189/0x280 [ 2483.168765][ T9714] ? alloc_file+0x4d0/0x4d0 [ 2483.173278][ T9714] ? lockdep_init_map+0x1be/0x6d0 [ 2483.178313][ T9714] anon_inode_getfile+0xda/0x200 [ 2483.183258][ T9714] dma_buf_export+0x4b5/0x9b0 [ 2483.187940][ T9714] udmabuf_create+0x91d/0xd20 [ 2483.192620][ T9714] ? lock_downgrade+0x880/0x880 [ 2483.197481][ T9714] ? unmap_udmabuf+0x30/0x30 [ 2483.202100][ T9714] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2483.208526][ T9714] ? _copy_from_user+0xdd/0x150 [ 2483.213396][ T9714] udmabuf_ioctl+0x21c/0x260 [ 2483.217990][ T9714] ? udmabuf_create+0xd20/0xd20 [ 2483.222858][ T9714] ? ___might_sleep+0x163/0x280 [ 2483.227725][ T9714] ? udmabuf_create+0xd20/0xd20 [ 2483.232597][ T9714] do_vfs_ioctl+0xd6e/0x1390 [ 2483.237198][ T9714] ? ioctl_preallocate+0x210/0x210 [ 2483.242314][ T9714] ? selinux_file_mprotect+0x620/0x620 [ 2483.247776][ T9714] ? __fget+0x381/0x550 [ 2483.251938][ T9714] ? ksys_dup3+0x3e0/0x3e0 [ 2483.256352][ T9714] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2483.256367][ T9714] ? fput_many+0x12c/0x1a0 [ 2483.256388][ T9714] ? tomoyo_file_ioctl+0x23/0x30 [ 2483.271927][ T9714] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2483.278171][ T9714] ? security_file_ioctl+0x93/0xc0 [ 2483.283284][ T9714] ksys_ioctl+0xab/0xd0 [ 2483.287447][ T9714] __x64_sys_ioctl+0x73/0xb0 [ 2483.292045][ T9714] do_syscall_64+0x103/0x610 [ 2483.296638][ T9714] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2483.296651][ T9714] RIP: 0033:0x457f29 04:11:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x2, 0x0}) 04:11:39 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x5, 0x0}) [ 2483.296666][ T9714] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2483.296674][ T9714] RSP: 002b:00007f9c03137c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2483.296689][ T9714] RAX: ffffffffffffffda RBX: 00007f9c03137c90 RCX: 0000000000457f29 [ 2483.296697][ T9714] RDX: 00000000200002c0 RSI: 0000000040087543 RDI: 0000000000000003 [ 2483.296705][ T9714] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2483.296713][ T9714] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9c031386d4 [ 2483.296726][ T9714] R13: 00000000004c24df R14: 00000000004d4f08 R15: 0000000000000004 04:11:40 executing program 3 (fault-call:1 fault-nth:4): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) 04:11:40 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ff"], 0x1) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2483.342365][ T9731] binder: 9729:9731 ioctl c018620c 20000240 returned -1 [ 2483.396096][ T9733] binder_ioctl_get_node_info_for_ref: 10 callbacks suppressed [ 2483.396103][ T9733] binder: 9724 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2483.396114][ T9733] binder: 9724:9733 ioctl c018620c 20000240 returned -22 [ 2483.409424][ C1] net_ratelimit: 18 callbacks suppressed [ 2483.409432][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2483.419454][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2483.475543][ T9739] FAULT_INJECTION: forcing a failure. [ 2483.475543][ T9739] name failslab, interval 1, probability 0, space 0, times 0 [ 2483.489391][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2483.495230][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2483.510111][ T9739] CPU: 0 PID: 9739 Comm: syz-executor.3 Not tainted 5.0.0+ #15 [ 2483.517676][ T9739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2483.527738][ T9739] Call Trace: [ 2483.531039][ T9739] dump_stack+0x172/0x1f0 [ 2483.535381][ T9739] should_fail.cold+0xa/0x15 [ 2483.539980][ T9739] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2483.545793][ T9739] ? ___might_sleep+0x163/0x280 [ 2483.550651][ T9739] __should_failslab+0x121/0x190 [ 2483.555600][ T9739] should_failslab+0x9/0x14 [ 2483.560112][ T9739] kmem_cache_alloc+0x2b2/0x6f0 [ 2483.565068][ T9739] ? rcu_read_lock_sched_held+0x110/0x130 [ 2483.570807][ T9739] ? kmem_cache_alloc+0x32e/0x6f0 [ 2483.575833][ T9739] security_file_alloc+0x39/0x170 [ 2483.580876][ T9739] __alloc_file+0xac/0x300 [ 2483.585301][ T9739] alloc_empty_file+0x72/0x170 [ 2483.590067][ T9739] alloc_file+0x5e/0x4d0 [ 2483.594310][ T9739] alloc_file_pseudo+0x189/0x280 [ 2483.599249][ T9739] ? alloc_file+0x4d0/0x4d0 [ 2483.603757][ T9739] ? lockdep_init_map+0x1be/0x6d0 [ 2483.608807][ T9739] anon_inode_getfile+0xda/0x200 [ 2483.613756][ T9739] dma_buf_export+0x4b5/0x9b0 [ 2483.618443][ T9739] udmabuf_create+0x91d/0xd20 [ 2483.623133][ T9739] ? lock_downgrade+0x880/0x880 [ 2483.627994][ T9739] ? unmap_udmabuf+0x30/0x30 [ 2483.632589][ T9739] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2483.632608][ T9739] ? _copy_from_user+0xdd/0x150 [ 2483.632631][ T9739] udmabuf_ioctl+0x21c/0x260 [ 2483.632647][ T9739] ? udmabuf_create+0xd20/0xd20 [ 2483.632672][ T9739] ? ___might_sleep+0x163/0x280 [ 2483.632695][ T9739] ? udmabuf_create+0xd20/0xd20 [ 2483.649684][ T9744] binder: 9743 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2483.649695][ T9744] binder: 9743:9744 ioctl c018620c 20000240 returned -22 [ 2483.653589][ T9739] do_vfs_ioctl+0xd6e/0x1390 [ 2483.653607][ T9739] ? ioctl_preallocate+0x210/0x210 [ 2483.653622][ T9739] ? selinux_file_mprotect+0x620/0x620 [ 2483.653641][ T9739] ? __fget+0x381/0x550 [ 2483.683362][ T9739] ? ksys_dup3+0x3e0/0x3e0 [ 2483.683379][ T9739] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2483.683395][ T9739] ? fput_many+0x12c/0x1a0 [ 2483.683416][ T9739] ? tomoyo_file_ioctl+0x23/0x30 [ 2483.718014][ T9739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 04:11:40 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x4, 0x2) 04:11:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x3, 0x0}) 04:11:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x6, 0x0}) 04:11:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x4, 0x0}) [ 2483.724263][ T9739] ? security_file_ioctl+0x93/0xc0 [ 2483.729381][ T9739] ksys_ioctl+0xab/0xd0 [ 2483.733539][ T9739] __x64_sys_ioctl+0x73/0xb0 [ 2483.738138][ T9739] do_syscall_64+0x103/0x610 [ 2483.742744][ T9739] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2483.748634][ T9739] RIP: 0033:0x457f29 [ 2483.752546][ T9739] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2483.772168][ T9739] RSP: 002b:00007f9c03137c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2483.780572][ T9739] RAX: ffffffffffffffda RBX: 00007f9c03137c90 RCX: 0000000000457f29 [ 2483.780581][ T9739] RDX: 00000000200002c0 RSI: 0000000040087543 RDI: 0000000000000003 [ 2483.780590][ T9739] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2483.780599][ T9739] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9c031386d4 [ 2483.780607][ T9739] R13: 00000000004c24df R14: 00000000004d4f08 R15: 0000000000000004 04:11:40 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:40 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ff"], 0x1) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:40 executing program 3 (fault-call:1 fault-nth:5): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) [ 2483.821850][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2483.827635][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2483.850945][ T9750] binder: 9748 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2483.850959][ T9750] binder: 9748:9750 ioctl c018620c 20000240 returned -22 [ 2483.860687][ T9751] binder: 9745:9751 ioctl c018620c 20000240 returned -1 [ 2483.889407][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2483.895242][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2483.908430][ T9750] binder: 9748 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2483.908453][ T9750] binder: 9748:9750 ioctl c018620c 20000240 returned -22 04:11:40 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x5, 0x2) 04:11:40 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) 04:11:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x7, 0x0}) 04:11:40 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x5, 0x0}) 04:11:40 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(0xffffffffffffffff, r1, &(0x7f0000d83ff8), 0x2) 04:11:40 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x2, &(0x7f00000002c0)) 04:11:40 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x6, 0x2) [ 2484.127461][ T9775] binder: 9774:9775 ioctl c018620c 20000240 returned -1 04:11:40 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, 0x0, 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2484.182846][ T9781] binder: 9777 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2484.182859][ T9781] binder: 9777:9781 ioctl c018620c 20000240 returned -22 04:11:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x6, 0x0}) 04:11:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x48, 0x0}) 04:11:41 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, &(0x7f00000002c0)) 04:11:41 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(0xffffffffffffffff, r1, &(0x7f0000d83ff8), 0x2) 04:11:41 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, 0x0, 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2484.388713][ T9797] binder: 9794 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2484.388726][ T9797] binder: 9794:9797 ioctl c018620c 20000240 returned -22 [ 2484.407571][ T9798] binder: 9795:9798 ioctl c018620c 20000240 returned -1 [ 2484.420201][ T9797] binder: 9794 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2484.420214][ T9797] binder: 9794:9797 ioctl c018620c 20000240 returned -22 04:11:41 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b49, &(0x7f00000002c0)) 04:11:41 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x7, 0x2) [ 2484.449413][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2484.455238][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2484.459415][ T9798] binder: 9795:9798 ioctl c018620c 20000240 returned -1 04:11:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x7, 0x0}) 04:11:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x4c, 0x0}) 04:11:41 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x541b, &(0x7f00000002c0)) 04:11:41 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(0xffffffffffffffff, r1, &(0x7f0000d83ff8), 0x2) 04:11:41 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, 0x0, 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2484.609151][ T9816] binder: 9813:9816 ioctl c018620c 20000240 returned -1 [ 2484.647692][ T9819] binder: 9815 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. 04:11:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x60, 0x0}) [ 2484.647705][ T9819] binder: 9815:9819 ioctl c018620c 20000240 returned -22 04:11:41 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x8, 0x2) 04:11:41 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x5421, &(0x7f00000002c0)) [ 2484.765099][ T9831] binder: 9830:9831 ioctl c018620c 20000240 returned -1 04:11:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x68, 0x0}) 04:11:41 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x2) 04:11:41 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[], 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x48, 0x0}) 04:11:41 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x5450, &(0x7f00000002c0)) [ 2484.913728][ T9845] binder: 9841:9845 ioctl c018620c 20000240 returned -1 [ 2484.923419][ T9846] binder: 9840 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2484.923432][ T9846] binder: 9840:9846 ioctl c018620c 20000240 returned -22 04:11:41 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[], 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:41 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x9, 0x2) 04:11:41 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x5451, &(0x7f00000002c0)) 04:11:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x6c, 0x0}) 04:11:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x4c, 0x0}) 04:11:41 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x2) 04:11:41 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x5452, &(0x7f00000002c0)) 04:11:41 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[], 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2485.151997][ T9864] binder: 9858 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2485.152010][ T9864] binder: 9858:9864 ioctl c018620c 20000240 returned -22 [ 2485.172814][ T9867] binder: 9859:9867 ioctl c018620c 20000240 returned -1 04:11:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x74, 0x0}) 04:11:42 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x2) 04:11:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x60, 0x0}) 04:11:42 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0xd, 0x2) 04:11:42 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x5460, &(0x7f00000002c0)) 04:11:42 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2485.361778][ T9885] binder: 9881:9885 ioctl c018620c 20000240 returned -22 [ 2485.374604][ T9886] binder: 9884:9886 ioctl c018620c 20000240 returned -1 [ 2485.389166][ T9885] binder: 9881:9885 ioctl c018620c 20000240 returned -22 04:11:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x68, 0x0}) 04:11:42 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40049409, &(0x7f00000002c0)) 04:11:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x7a, 0x0}) 04:11:42 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x10, 0x2) 04:11:42 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, 0x0, 0x2) 04:11:42 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2485.625787][ T9907] binder: 9903:9907 ioctl c018620c 20000240 returned -22 [ 2485.648429][ T9911] binder: 9904:9911 ioctl c018620c 20000240 returned -1 04:11:42 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, 0x0, 0x2) 04:11:42 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40086602, &(0x7f00000002c0)) 04:11:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x6c, 0x0}) [ 2485.716376][ T9911] binder: 9904:9911 ioctl c018620c 20000240 returned -1 04:11:42 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x23, 0x2) 04:11:42 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x300, 0x0}) [ 2485.849669][ T9927] binder: 9924:9927 ioctl c018620c 20000240 returned -22 04:11:42 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087602, &(0x7f00000002c0)) 04:11:42 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, 0x0, 0x2) 04:11:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x74, 0x0}) 04:11:42 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ff"], 0x1) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:42 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x48, 0x2) [ 2485.983797][ T9937] binder: 9935:9937 ioctl c018620c 20000240 returned -22 [ 2486.019516][ T9943] binder: 9939:9943 ioctl c018620c 20000240 returned -1 04:11:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x7a, 0x0}) 04:11:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x500, 0x0}) 04:11:42 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40187542, &(0x7f00000002c0)) 04:11:42 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x4c, 0x2) 04:11:42 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x0) 04:11:42 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ff"], 0x1) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2486.160368][ T9955] binder: 9953:9955 ioctl c018620c 20000240 returned -22 [ 2486.189673][ T9958] binder: 9956:9958 ioctl c018620c 20000240 returned -1 [ 2486.234821][ T9955] binder: 9953:9955 ioctl c018620c 20000240 returned -22 04:11:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x600, 0x0}) 04:11:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x300, 0x0}) 04:11:43 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x68, 0x2) 04:11:43 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4020940d, &(0x7f00000002c0)) [ 2486.355979][ T9972] binder: 9971:9972 ioctl c018620c 20000240 returned -1 04:11:43 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x0) [ 2486.401929][ T9976] binder: 9974:9976 ioctl c018620c 20000240 returned -22 04:11:43 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ff"], 0x1) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x500, 0x0}) 04:11:43 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x80086601, &(0x7f00000002c0)) 04:11:43 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x6c, 0x2) 04:11:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x700, 0x0}) 04:11:43 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x0) [ 2486.596036][ T9995] binder: 9991:9995 ioctl c018620c 20000240 returned -22 [ 2486.642421][T10000] binder: 9998:10000 ioctl c018620c 20000240 returned -1 04:11:43 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(0xffffffffffffffff, r1, &(0x7f0000d83ff8), 0x2) 04:11:43 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x80087601, &(0x7f00000002c0)) [ 2486.697276][ T9995] binder: 9991:9995 ioctl c018620c 20000240 returned -22 04:11:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x600, 0x0}) 04:11:43 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x74, 0x2) 04:11:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x2000, 0x0}) [ 2486.841541][T10015] binder: 10011:10015 ioctl c018620c 20000240 returned -1 04:11:43 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0xc0045878, &(0x7f00000002c0)) 04:11:43 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(0xffffffffffffffff, r1, &(0x7f0000d83ff8), 0x2) 04:11:43 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, &(0x7f00000002c0)) [ 2486.884866][T10019] binder: 10017:10019 ioctl c018620c 20000240 returned -22 [ 2486.898761][T10015] binder: 10011:10015 ioctl c018620c 20000240 returned -1 04:11:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x4800, 0x0}) 04:11:43 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0xc0045878, &(0x7f00000002c0)) 04:11:43 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x7a, 0x2) 04:11:43 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, &(0x7f00000002c0)) 04:11:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x700, 0x0}) 04:11:43 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(0xffffffffffffffff, r1, &(0x7f0000d83ff8), 0x2) [ 2487.052872][T10031] binder: 10030:10031 ioctl c018620c 20000240 returned -1 [ 2487.085347][T10031] binder: 10030:10031 ioctl c018620c 20000240 returned -1 04:11:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x4c00, 0x0}) [ 2487.138222][T10038] binder: 10036:10038 ioctl c018620c 20000240 returned -22 04:11:43 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0xc0189436, &(0x7f00000002c0)) [ 2487.245041][T10048] binder: 10046:10048 ioctl c018620c 20000240 returned -1 04:11:44 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, &(0x7f00000002c0)) 04:11:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x2000, 0x0}) 04:11:44 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0xc020660b, &(0x7f00000002c0)) 04:11:44 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0xa7, 0x2) 04:11:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x6000, 0x0}) 04:11:44 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x2) 04:11:44 executing program 4: ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x4b47, &(0x7f00000002c0)) [ 2487.459664][T10063] binder: 10060:10063 ioctl c018620c 20000240 returned -22 [ 2487.489877][T10066] binder: 10061:10066 ioctl c018620c 20000240 returned -1 04:11:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x3f00, 0x0}) 04:11:44 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x4}) 04:11:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x6800, 0x0}) 04:11:44 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x2) 04:11:44 executing program 4: ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x4b47, &(0x7f00000002c0)) 04:11:44 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0xfe, 0x2) [ 2487.707028][T10082] binder: 10077:10082 ioctl c018620c 20000240 returned -22 [ 2487.715650][T10083] binder: 10081:10083 ioctl c018620c 20000240 returned -1 04:11:44 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x4000}) 04:11:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x4800, 0x0}) [ 2487.794296][T10083] binder: 10081:10083 ioctl c018620c 20000240 returned -1 04:11:44 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x2) 04:11:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x6c00, 0x0}) 04:11:44 executing program 4: ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x4b47, &(0x7f00000002c0)) [ 2487.911148][T10098] binder: 10097:10098 ioctl c018620c 20000240 returned -22 04:11:44 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x204, 0x2) 04:11:44 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x40000}) 04:11:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x4c00, 0x0}) [ 2488.001771][T10105] binder: 10104:10105 ioctl c018620c 20000240 returned -1 04:11:44 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, 0x0, 0x2) 04:11:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x7400, 0x0}) 04:11:44 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, &(0x7f00000002c0)) [ 2488.177311][T10116] binder: 10111:10116 ioctl c018620c 20000240 returned -22 04:11:44 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x400000}) 04:11:45 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x300, 0x2) 04:11:45 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, 0x0, 0x2) 04:11:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x6000, 0x0}) [ 2488.322377][T10127] binder: 10122:10127 ioctl c018620c 20000240 returned -1 04:11:45 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, &(0x7f00000002c0)) 04:11:45 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x80ffff}) [ 2488.435335][T10137] binder_ioctl_get_node_info_for_ref: 16 callbacks suppressed [ 2488.435341][T10137] binder: 10134 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2488.435353][T10137] binder: 10134:10137 ioctl c018620c 20000240 returned -22 04:11:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x7a00, 0x0}) 04:11:45 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, 0x0, 0x2) 04:11:45 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, &(0x7f00000002c0)) 04:11:45 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x4000000}) 04:11:45 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x402, 0x2) [ 2488.609391][ C1] net_ratelimit: 22 callbacks suppressed [ 2488.609399][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2488.620905][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2488.626689][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2488.632464][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2488.645848][T10149] binder: 10147:10149 ioctl c018620c 20000240 returned -1 04:11:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x6800, 0x0}) 04:11:45 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x200002c8}) [ 2488.729919][T10161] binder: 10160 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2488.729932][T10161] binder: 10160:10161 ioctl c018620c 20000240 returned -22 [ 2488.765876][T10149] binder: 10147:10149 ioctl c018620c 20000240 returned -1 04:11:45 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x0) 04:11:45 executing program 4: openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x4b47, &(0x7f00000002c0)) 04:11:45 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x500, 0x2) 04:11:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0}) 04:11:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x6c00, 0x0}) 04:11:45 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0xc8020020}) [ 2488.972405][T10177] binder: 10176:10177 ioctl c018620c 20000240 returned -1 04:11:45 executing program 4: openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x4b47, &(0x7f00000002c0)) 04:11:45 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x0) [ 2489.037371][T10181] binder: 10180 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2489.037385][T10181] binder: 10180:10181 ioctl c018620c 20000240 returned -22 04:11:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0}) 04:11:45 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x600, 0x2) 04:11:45 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0xffff8000}) 04:11:45 executing program 4: openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x4b47, &(0x7f00000002c0)) [ 2489.209235][T10193] binder: 10192:10193 ioctl c018620c 20000240 returned -1 04:11:45 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x0) 04:11:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x7400, 0x0}) 04:11:46 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x1000000000000}) 04:11:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0}) 04:11:46 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) 04:11:46 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x700, 0x2) [ 2489.403742][T10210] binder: 10208 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2489.403755][T10210] binder: 10208:10210 ioctl c018620c 20000240 returned -22 [ 2489.432470][T10213] binder: 10211:10213 ioctl c018620c 20000240 returned -1 04:11:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0}) 04:11:46 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x4000000000000}) 04:11:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x7a00, 0x0}) 04:11:46 executing program 4 (fault-call:1 fault-nth:0): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) 04:11:46 executing program 5 (fault-call:5 fault-nth:0): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:46 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x900, 0x2) 04:11:46 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x40000000000000}) [ 2489.649410][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2489.655259][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2489.665411][T10232] binder: 10225:10232 ioctl c018620c 20000240 returned -1 [ 2489.705322][T10236] binder: 10235 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2489.705335][T10236] binder: 10235:10236 ioctl c018620c 20000240 returned -22 [ 2489.729408][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2489.735210][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2489.744260][T10234] FAULT_INJECTION: forcing a failure. 04:11:46 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) 04:11:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x5000000, 0x0}) [ 2489.744260][T10234] name failslab, interval 1, probability 0, space 0, times 0 [ 2489.794903][T10234] CPU: 0 PID: 10234 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2489.802588][T10234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2489.812648][T10234] Call Trace: [ 2489.815954][T10234] dump_stack+0x172/0x1f0 [ 2489.820309][T10234] should_fail.cold+0xa/0x15 [ 2489.824912][T10234] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2489.830730][T10234] ? ___might_sleep+0x163/0x280 [ 2489.835599][T10234] __should_failslab+0x121/0x190 [ 2489.840080][T10244] binder: 10241 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2489.840091][T10244] binder: 10241:10244 ioctl c018620c 20000240 returned -22 [ 2489.840537][T10234] should_failslab+0x9/0x14 [ 2489.840559][T10234] kmem_cache_alloc_trace+0x2d1/0x760 [ 2489.866166][T10234] alloc_pipe_info+0xb9/0x430 [ 2489.870848][T10234] ? __might_sleep+0x95/0x190 [ 2489.875541][T10234] splice_direct_to_actor+0x775/0x970 [ 2489.880939][T10234] ? avc_policy_seqno+0xd/0x70 [ 2489.885722][T10234] ? __sanitizer_cov_trace_cmp4+0x16/0x20 04:11:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x1000000, 0x0}) 04:11:46 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x80ffff00000000}) [ 2489.891440][T10234] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2489.897019][T10234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2489.903268][T10234] ? do_splice_to+0x190/0x190 [ 2489.903289][T10234] ? rw_verify_area+0x118/0x360 [ 2489.903304][T10234] do_splice_direct+0x1da/0x2a0 [ 2489.903321][T10234] ? splice_direct_to_actor+0x970/0x970 [ 2489.912816][T10234] ? rw_verify_area+0x118/0x360 [ 2489.912831][T10234] do_sendfile+0x597/0xd00 [ 2489.912853][T10234] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2489.912873][T10234] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 04:11:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x2000000, 0x0}) [ 2489.943967][T10234] ? _copy_from_user+0xdd/0x150 [ 2489.948841][T10234] __x64_sys_sendfile64+0x15a/0x220 [ 2489.954054][T10234] ? __ia32_sys_sendfile+0x230/0x230 [ 2489.959350][T10234] ? do_syscall_64+0x26/0x610 [ 2489.959369][T10234] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2489.959385][T10234] ? trace_hardirqs_on+0x67/0x230 [ 2489.959401][T10234] do_syscall_64+0x103/0x610 [ 2489.959421][T10234] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2489.959432][T10234] RIP: 0033:0x457f29 04:11:46 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x400000000000000}) 04:11:46 executing program 5 (fault-call:5 fault-nth:1): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:46 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x2, 0x0) [ 2489.959446][T10234] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2489.959452][T10234] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2489.984860][T10234] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2489.984868][T10234] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2489.984875][T10234] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2489.984882][T10234] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2489.984890][T10234] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2490.056985][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2490.062768][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2490.072456][T10252] binder: 10249:10252 ioctl c018620c 20000240 returned -1 04:11:46 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0xd00, 0x2) [ 2490.101615][T10254] binder: 10250 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2490.101627][T10254] binder: 10250:10254 ioctl c018620c 20000240 returned -22 04:11:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x6000000, 0x0}) [ 2490.155332][T10257] FAULT_INJECTION: forcing a failure. [ 2490.155332][T10257] name failslab, interval 1, probability 0, space 0, times 0 04:11:46 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b49, 0x0) 04:11:46 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0xc802002000000000}) 04:11:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x3000000, 0x0}) [ 2490.239487][T10257] CPU: 1 PID: 10257 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2490.247164][T10257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2490.257226][T10257] Call Trace: [ 2490.260534][T10257] dump_stack+0x172/0x1f0 [ 2490.264888][T10257] should_fail.cold+0xa/0x15 [ 2490.269621][T10257] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2490.275450][T10257] ? ___might_sleep+0x163/0x280 [ 2490.280313][T10257] __should_failslab+0x121/0x190 [ 2490.285256][T10257] should_failslab+0x9/0x14 [ 2490.289752][T10257] __kmalloc+0x2dc/0x740 [ 2490.293975][T10257] ? kmem_cache_alloc_trace+0x354/0x760 [ 2490.299501][T10257] ? alloc_pipe_info+0x199/0x430 [ 2490.304420][T10257] alloc_pipe_info+0x199/0x430 [ 2490.309162][T10257] ? __might_sleep+0x95/0x190 [ 2490.313818][T10257] splice_direct_to_actor+0x775/0x970 [ 2490.319168][T10257] ? avc_policy_seqno+0xd/0x70 [ 2490.323912][T10257] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2490.329617][T10257] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2490.335161][T10257] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2490.341387][T10257] ? do_splice_to+0x190/0x190 [ 2490.346070][T10257] ? rw_verify_area+0x118/0x360 [ 2490.350898][T10257] do_splice_direct+0x1da/0x2a0 [ 2490.355735][T10257] ? splice_direct_to_actor+0x970/0x970 [ 2490.361285][T10257] ? rw_verify_area+0x118/0x360 [ 2490.366114][T10257] do_sendfile+0x597/0xd00 [ 2490.370514][T10257] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2490.375776][T10257] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2490.381992][T10257] ? _copy_from_user+0xdd/0x150 [ 2490.386820][T10257] __x64_sys_sendfile64+0x15a/0x220 [ 2490.392008][T10257] ? __ia32_sys_sendfile+0x230/0x230 [ 2490.397270][T10257] ? do_syscall_64+0x26/0x610 [ 2490.401931][T10257] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2490.407196][T10257] ? trace_hardirqs_on+0x67/0x230 [ 2490.412196][T10257] do_syscall_64+0x103/0x610 [ 2490.416764][T10257] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2490.422637][T10257] RIP: 0033:0x457f29 [ 2490.426515][T10257] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2490.446093][T10257] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2490.454477][T10257] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2490.462431][T10257] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2490.470391][T10257] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2490.478340][T10257] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2490.486288][T10257] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 04:11:47 executing program 5 (fault-call:5 fault-nth:2): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2490.512611][T10270] binder: 10268:10270 ioctl c018620c 20000240 returned -1 [ 2490.577319][T10279] binder: 10278 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2490.577333][T10279] binder: 10278:10279 ioctl c018620c 20000240 returned -22 04:11:47 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x0, 0x4}) 04:11:47 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0xf20, 0x2) 04:11:47 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x541b, 0x0) 04:11:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0}) [ 2490.667623][T10282] FAULT_INJECTION: forcing a failure. [ 2490.667623][T10282] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2490.716568][T10288] binder: 10286:10288 ioctl c018620c 20000240 returned -1 [ 2490.748080][T10282] CPU: 0 PID: 10282 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2490.755763][T10282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2490.765950][T10282] Call Trace: [ 2490.769250][T10282] dump_stack+0x172/0x1f0 [ 2490.773678][T10282] should_fail.cold+0xa/0x15 [ 2490.778280][T10282] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2490.784091][T10282] ? ___might_sleep+0x163/0x280 [ 2490.788954][T10282] should_fail_alloc_page+0x50/0x60 [ 2490.794164][T10282] __alloc_pages_nodemask+0x1a1/0x7e0 [ 2490.799539][T10282] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2490.805259][T10282] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2490.811512][T10282] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2490.817762][T10282] alloc_pages_current+0x107/0x210 [ 2490.822882][T10282] __page_cache_alloc+0x2bd/0x460 [ 2490.827936][T10282] __do_page_cache_readahead+0x1c9/0x5c0 [ 2490.833561][T10282] ? read_pages+0x550/0x550 [ 2490.838058][T10282] ? page_cache_sync_readahead+0x1d3/0x520 [ 2490.843856][T10282] ondemand_readahead+0x561/0xd40 [ 2490.843875][T10282] page_cache_sync_readahead+0x281/0x520 [ 2490.843903][T10282] generic_file_read_iter+0x1582/0x2870 [ 2490.843928][T10282] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 04:11:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0}) 04:11:47 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x0, 0x4000}) 04:11:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x4000000, 0x0}) [ 2490.843943][T10282] ? kasan_kmalloc+0x9/0x10 [ 2490.870381][T10282] ? filemap_write_and_wait_range+0xd0/0xd0 [ 2490.876287][T10282] ? percpu_ref_put_many+0x94/0x190 [ 2490.881499][T10282] ext4_file_read_iter+0x180/0x3c0 [ 2490.886617][T10282] generic_file_splice_read+0x4b4/0x800 [ 2490.892173][T10282] ? add_to_pipe+0x350/0x350 [ 2490.896779][T10282] ? rw_verify_area+0x118/0x360 [ 2490.901627][T10282] ? add_to_pipe+0x350/0x350 [ 2490.906251][T10282] do_splice_to+0x12a/0x190 [ 2490.910760][T10282] splice_direct_to_actor+0x2d2/0x970 04:11:47 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x5421, 0x0) [ 2490.916142][T10282] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2490.921692][T10282] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2490.921706][T10282] ? do_splice_to+0x190/0x190 [ 2490.921726][T10282] ? rw_verify_area+0x118/0x360 [ 2490.921743][T10282] do_splice_direct+0x1da/0x2a0 [ 2490.921759][T10282] ? splice_direct_to_actor+0x970/0x970 [ 2490.947942][T10282] ? rw_verify_area+0x118/0x360 [ 2490.947962][T10282] do_sendfile+0x597/0xd00 [ 2490.947987][T10282] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2490.948008][T10282] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2490.948025][T10282] ? _copy_from_user+0xdd/0x150 [ 2490.948043][T10282] __x64_sys_sendfile64+0x15a/0x220 [ 2490.948061][T10282] ? __ia32_sys_sendfile+0x230/0x230 [ 2490.984071][T10282] ? do_syscall_64+0x26/0x610 [ 2490.988752][T10282] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2490.994024][T10282] ? trace_hardirqs_on+0x67/0x230 [ 2490.994043][T10282] do_syscall_64+0x103/0x610 [ 2490.994062][T10282] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2490.994073][T10282] RIP: 0033:0x457f29 04:11:47 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1f00, 0x2) [ 2490.994088][T10282] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2490.994094][T10282] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2490.994106][T10282] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2490.994112][T10282] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2490.994118][T10282] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2490.994125][T10282] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2490.994138][T10282] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2491.092270][T10303] binder: 10295 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2491.092283][T10303] binder: 10295:10303 ioctl c018620c 20000240 returned -22 [ 2491.105766][T10304] binder: 10299:10304 ioctl c018620c 20000240 returned -1 04:11:47 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x5450, 0x0) 04:11:47 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x0, 0x40000}) 04:11:47 executing program 5 (fault-call:5 fault-nth:3): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x5000000, 0x0}) 04:11:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x48000000, 0x0}) 04:11:48 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x5451, 0x0) [ 2491.277090][T10318] binder: 10316 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2491.277104][T10318] binder: 10316:10318 ioctl c018620c 20000240 returned -22 04:11:48 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x2000, 0x2) 04:11:48 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x0, 0x400000}) [ 2491.352784][T10322] FAULT_INJECTION: forcing a failure. [ 2491.352784][T10322] name failslab, interval 1, probability 0, space 0, times 0 [ 2491.376096][T10322] CPU: 1 PID: 10322 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2491.380328][T10327] binder: 10324:10327 ioctl c018620c 20000240 returned -1 [ 2491.383867][T10322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2491.383874][T10322] Call Trace: [ 2491.383902][T10322] dump_stack+0x172/0x1f0 [ 2491.383927][T10322] should_fail.cold+0xa/0x15 [ 2491.413319][T10322] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2491.419139][T10322] __should_failslab+0x121/0x190 [ 2491.424080][T10322] should_failslab+0x9/0x14 [ 2491.428581][T10322] kmem_cache_alloc+0x47/0x6f0 [ 2491.433330][T10322] ? ___might_sleep+0x163/0x280 [ 2491.438176][T10322] ? mempool_alloc+0x380/0x380 [ 2491.442929][T10322] mempool_alloc_slab+0x47/0x60 [ 2491.447757][T10322] mempool_alloc+0x16b/0x380 [ 2491.452325][T10322] ? mempool_destroy+0x40/0x40 [ 2491.457079][T10322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2491.463307][T10322] ? __check_block_validity.constprop.0+0xda/0x210 [ 2491.470116][T10322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2491.476335][T10322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2491.482559][T10322] ? ext4_map_blocks+0x39d/0x1a00 [ 2491.489181][T10322] bio_alloc_bioset+0x3bf/0x680 [ 2491.494009][T10322] ? ext4_issue_zeroout+0x190/0x190 [ 2491.499186][T10322] ? bvec_alloc+0x2f0/0x2f0 [ 2491.503683][T10322] ? trace_hardirqs_on+0x67/0x230 [ 2491.508817][T10322] ? __inc_numa_state+0x49/0xe0 [ 2491.513681][T10322] ext4_mpage_readpages+0xe81/0x1bb0 [ 2491.518959][T10322] ? mpage_end_io+0x6a0/0x6a0 [ 2491.523619][T10322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2491.529839][T10322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2491.536076][T10322] ? rcu_read_lock_sched_held+0x110/0x130 [ 2491.541774][T10322] ext4_readpages+0xda/0x120 [ 2491.546338][T10322] ? ext4_bmap+0x420/0x420 [ 2491.550733][T10322] read_pages+0x10f/0x550 [ 2491.555040][T10322] ? read_cache_pages+0x670/0x670 [ 2491.560043][T10322] ? __page_cache_alloc+0x131/0x460 [ 2491.565230][T10322] __do_page_cache_readahead+0x4c6/0x5c0 [ 2491.570848][T10322] ? read_pages+0x550/0x550 [ 2491.575325][T10322] ? page_cache_sync_readahead+0x1d3/0x520 [ 2491.581111][T10322] ondemand_readahead+0x561/0xd40 [ 2491.586118][T10322] page_cache_sync_readahead+0x281/0x520 [ 2491.591728][T10322] generic_file_read_iter+0x1582/0x2870 [ 2491.597261][T10322] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 2491.603043][T10322] ? kasan_kmalloc+0x9/0x10 [ 2491.607526][T10322] ? filemap_write_and_wait_range+0xd0/0xd0 [ 2491.613399][T10322] ? percpu_ref_put_many+0x94/0x190 [ 2491.618595][T10322] ext4_file_read_iter+0x180/0x3c0 [ 2491.623794][T10322] generic_file_splice_read+0x4b4/0x800 [ 2491.629347][T10322] ? add_to_pipe+0x350/0x350 [ 2491.633933][T10322] ? rw_verify_area+0x118/0x360 [ 2491.638757][T10322] ? add_to_pipe+0x350/0x350 [ 2491.643324][T10322] do_splice_to+0x12a/0x190 [ 2491.647831][T10322] splice_direct_to_actor+0x2d2/0x970 [ 2491.653192][T10322] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2491.658726][T10322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2491.664948][T10322] ? do_splice_to+0x190/0x190 [ 2491.669613][T10322] ? rw_verify_area+0x118/0x360 [ 2491.674442][T10322] do_splice_direct+0x1da/0x2a0 [ 2491.679269][T10322] ? splice_direct_to_actor+0x970/0x970 [ 2491.684796][T10322] ? rw_verify_area+0x118/0x360 [ 2491.689628][T10322] do_sendfile+0x597/0xd00 [ 2491.694024][T10322] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2491.699311][T10322] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2491.705534][T10322] ? _copy_from_user+0xdd/0x150 [ 2491.710402][T10322] __x64_sys_sendfile64+0x15a/0x220 [ 2491.715590][T10322] ? __ia32_sys_sendfile+0x230/0x230 [ 2491.720959][T10322] ? do_syscall_64+0x26/0x610 [ 2491.725612][T10322] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2491.730892][T10322] ? trace_hardirqs_on+0x67/0x230 [ 2491.735897][T10322] do_syscall_64+0x103/0x610 [ 2491.740471][T10322] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2491.746346][T10322] RIP: 0033:0x457f29 [ 2491.750216][T10322] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2491.769828][T10322] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2491.778216][T10322] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2491.786163][T10322] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2491.794120][T10322] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 04:11:48 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x0}) 04:11:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x6000000, 0x0}) [ 2491.802081][T10322] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2491.810027][T10322] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 04:11:48 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x5452, 0x0) [ 2491.873062][T10331] binder: 10330:10331 ioctl c018620c 20000240 returned -1 04:11:48 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x0, 0x80ffff}) 04:11:48 executing program 5 (fault-call:5 fault-nth:4): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:48 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0}) [ 2491.975119][T10340] binder: 10337:10340 ioctl c018620c 20000240 returned -22 [ 2491.996877][T10340] binder: 10337:10340 ioctl c018620c 20000240 returned -22 04:11:48 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x5460, 0x0) 04:11:48 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x0, 0x4000000}) 04:11:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x7000000, 0x0}) [ 2492.100646][T10352] binder: 10351:10352 ioctl c018620c 20000240 returned -1 [ 2492.117172][T10350] FAULT_INJECTION: forcing a failure. [ 2492.117172][T10350] name failslab, interval 1, probability 0, space 0, times 0 [ 2492.136214][T10350] CPU: 1 PID: 10350 Comm: syz-executor.5 Not tainted 5.0.0+ #15 04:11:48 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x68000000, 0x0}) [ 2492.143896][T10350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2492.153954][T10350] Call Trace: [ 2492.157250][T10350] dump_stack+0x172/0x1f0 [ 2492.161576][T10350] should_fail.cold+0xa/0x15 [ 2492.166171][T10350] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2492.171971][T10350] ? ___might_sleep+0x163/0x280 [ 2492.176809][T10350] __should_failslab+0x121/0x190 [ 2492.181726][T10350] should_failslab+0x9/0x14 [ 2492.186207][T10350] kmem_cache_alloc_node+0x264/0x710 [ 2492.191471][T10350] ? _raw_spin_unlock_irq+0x28/0x90 [ 2492.196643][T10350] ? finish_task_switch+0x146/0x780 [ 2492.201829][T10350] __alloc_skb+0xd5/0x5e0 [ 2492.206134][T10350] ? skb_trim+0x190/0x190 [ 2492.210442][T10350] ? kasan_check_write+0x14/0x20 [ 2492.215355][T10350] ? finish_task_switch+0x1f0/0x780 [ 2492.220545][T10350] ? __switch_to_asm+0x34/0x70 [ 2492.225280][T10350] ? __switch_to_asm+0x40/0x70 [ 2492.230029][T10350] vhci_write+0xc4/0x470 [ 2492.234251][T10350] new_sync_write+0x4c7/0x760 [ 2492.238903][T10350] ? default_llseek+0x2e0/0x2e0 [ 2492.243728][T10350] ? copy_page_to_iter+0x47b/0xd00 [ 2492.248815][T10350] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2492.255034][T10350] ? put_page+0xce/0x130 [ 2492.259272][T10350] __vfs_write+0xe4/0x110 [ 2492.263588][T10350] __kernel_write+0x110/0x3b0 [ 2492.268256][T10350] write_pipe_buf+0x15d/0x1f0 [ 2492.272913][T10350] ? do_splice_direct+0x2a0/0x2a0 [ 2492.277933][T10350] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2492.284150][T10350] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2492.290191][T10350] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2492.296405][T10350] __splice_from_pipe+0x39a/0x7e0 [ 2492.301405][T10350] ? do_splice_direct+0x2a0/0x2a0 [ 2492.306406][T10350] ? do_splice_direct+0x2a0/0x2a0 [ 2492.311402][T10350] splice_from_pipe+0x108/0x170 [ 2492.316226][T10350] ? splice_shrink_spd+0xd0/0xd0 [ 2492.321142][T10350] default_file_splice_write+0x3c/0x90 [ 2492.326570][T10350] ? generic_splice_sendpage+0x50/0x50 [ 2492.332019][T10350] direct_splice_actor+0x126/0x1a0 [ 2492.337126][T10350] splice_direct_to_actor+0x369/0x970 [ 2492.342495][T10350] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2492.348031][T10350] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2492.354243][T10350] ? do_splice_to+0x190/0x190 [ 2492.358911][T10350] ? rw_verify_area+0x118/0x360 [ 2492.363747][T10350] do_splice_direct+0x1da/0x2a0 [ 2492.368583][T10350] ? splice_direct_to_actor+0x970/0x970 [ 2492.374136][T10350] ? rw_verify_area+0x118/0x360 [ 2492.378962][T10350] do_sendfile+0x597/0xd00 [ 2492.383358][T10350] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2492.388633][T10350] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2492.394846][T10350] ? _copy_from_user+0xdd/0x150 [ 2492.399674][T10350] __x64_sys_sendfile64+0x15a/0x220 [ 2492.404845][T10350] ? __ia32_sys_sendfile+0x230/0x230 [ 2492.410114][T10350] ? do_syscall_64+0x26/0x610 [ 2492.414775][T10350] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2492.420036][T10350] ? trace_hardirqs_on+0x67/0x230 [ 2492.425038][T10350] do_syscall_64+0x103/0x610 [ 2492.429608][T10350] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2492.435503][T10350] RIP: 0033:0x457f29 [ 2492.439398][T10350] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2492.458979][T10350] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2492.467366][T10350] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2492.475309][T10350] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2492.483254][T10350] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2492.491294][T10350] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 04:11:49 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x200f, 0x2) [ 2492.499257][T10350] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 04:11:49 executing program 5 (fault-call:5 fault-nth:5): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2492.585824][T10361] binder: 10360:10361 ioctl c018620c 20000240 returned -22 [ 2492.595824][T10362] binder: 10356:10362 ioctl c018620c 20000240 returned -1 04:11:49 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x0, 0x200002c8}) 04:11:49 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40049409, 0x0) 04:11:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x20000000, 0x0}) 04:11:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x0}) [ 2492.738214][T10369] FAULT_INJECTION: forcing a failure. [ 2492.738214][T10369] name failslab, interval 1, probability 0, space 0, times 0 04:11:49 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x2300, 0x2) [ 2492.778747][T10376] binder: 10374:10376 ioctl c018620c 20000240 returned -22 [ 2492.804536][T10381] binder: 10379:10381 ioctl c018620c 20000240 returned -1 04:11:49 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x0, 0xc8020020}) 04:11:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x3f000000, 0x0}) [ 2492.829546][T10369] CPU: 1 PID: 10369 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2492.835180][T10381] binder: 10379:10381 ioctl c018620c 20000240 returned -1 [ 2492.837222][T10369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2492.837229][T10369] Call Trace: [ 2492.837255][T10369] dump_stack+0x172/0x1f0 [ 2492.837280][T10369] should_fail.cold+0xa/0x15 [ 2492.866588][T10369] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2492.872408][T10369] ? ___might_sleep+0x163/0x280 04:11:49 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40086602, 0x0) [ 2492.877272][T10369] __should_failslab+0x121/0x190 [ 2492.882218][T10369] should_failslab+0x9/0x14 [ 2492.886737][T10369] kmem_cache_alloc_node_trace+0x270/0x720 [ 2492.892556][T10369] __kmalloc_node_track_caller+0x3d/0x70 [ 2492.898185][T10369] __kmalloc_reserve.isra.0+0x40/0xf0 [ 2492.903538][T10369] __alloc_skb+0x10b/0x5e0 [ 2492.907931][T10369] ? skb_trim+0x190/0x190 [ 2492.912235][T10369] ? _raw_spin_unlock_irq+0x5e/0x90 [ 2492.917411][T10369] ? finish_task_switch+0x146/0x780 [ 2492.922585][T10369] ? finish_task_switch+0x118/0x780 [ 2492.927757][T10369] ? __switch_to_asm+0x34/0x70 [ 2492.932496][T10369] ? __switch_to_asm+0x40/0x70 [ 2492.937242][T10369] vhci_write+0xc4/0x470 [ 2492.941464][T10369] new_sync_write+0x4c7/0x760 [ 2492.946120][T10369] ? default_llseek+0x2e0/0x2e0 [ 2492.950963][T10369] ? copy_page_to_iter+0x47b/0xd00 [ 2492.956057][T10369] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2492.962275][T10369] ? put_page+0xce/0x130 [ 2492.966504][T10369] __vfs_write+0xe4/0x110 [ 2492.970814][T10369] __kernel_write+0x110/0x3b0 [ 2492.975469][T10369] write_pipe_buf+0x15d/0x1f0 [ 2492.980127][T10369] ? do_splice_direct+0x2a0/0x2a0 [ 2492.985128][T10369] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2492.991349][T10369] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2492.997405][T10369] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2493.003623][T10369] __splice_from_pipe+0x39a/0x7e0 [ 2493.008643][T10369] ? do_splice_direct+0x2a0/0x2a0 [ 2493.013660][T10369] ? do_splice_direct+0x2a0/0x2a0 [ 2493.018659][T10369] splice_from_pipe+0x108/0x170 [ 2493.023494][T10369] ? splice_shrink_spd+0xd0/0xd0 [ 2493.028433][T10369] default_file_splice_write+0x3c/0x90 [ 2493.033864][T10369] ? generic_splice_sendpage+0x50/0x50 [ 2493.039299][T10369] direct_splice_actor+0x126/0x1a0 [ 2493.044408][T10369] splice_direct_to_actor+0x369/0x970 [ 2493.049777][T10369] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2493.055314][T10369] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2493.061539][T10369] ? do_splice_to+0x190/0x190 [ 2493.066204][T10369] ? rw_verify_area+0x118/0x360 [ 2493.071058][T10369] do_splice_direct+0x1da/0x2a0 [ 2493.075887][T10369] ? splice_direct_to_actor+0x970/0x970 [ 2493.081413][T10369] ? rw_verify_area+0x118/0x360 [ 2493.086247][T10369] do_sendfile+0x597/0xd00 [ 2493.090646][T10369] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2493.095913][T10369] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2493.102138][T10369] ? _copy_from_user+0xdd/0x150 [ 2493.106981][T10369] __x64_sys_sendfile64+0x15a/0x220 [ 2493.112164][T10369] ? __ia32_sys_sendfile+0x230/0x230 [ 2493.117434][T10369] ? do_syscall_64+0x26/0x610 [ 2493.122090][T10369] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2493.127349][T10369] ? trace_hardirqs_on+0x67/0x230 [ 2493.132351][T10369] do_syscall_64+0x103/0x610 [ 2493.136919][T10369] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2493.142795][T10369] RIP: 0033:0x457f29 [ 2493.146675][T10369] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2493.166260][T10369] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 04:11:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x74000000, 0x0}) [ 2493.174658][T10369] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2493.182617][T10369] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2493.190567][T10369] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2493.198524][T10369] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2493.206475][T10369] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 04:11:50 executing program 5 (fault-call:5 fault-nth:6): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2493.295838][T10397] binder: 10393:10397 ioctl c018620c 20000240 returned -1 [ 2493.301929][T10398] binder: 10391:10398 ioctl c018620c 20000240 returned -22 04:11:50 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x0, 0xffff8000}) 04:11:50 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, 0x0) [ 2493.343074][T10397] binder: 10393:10397 ioctl c018620c 20000240 returned -1 04:11:50 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x3f00, 0x2) 04:11:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x48000000, 0x0}) 04:11:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x0}) [ 2493.434991][T10405] FAULT_INJECTION: forcing a failure. [ 2493.434991][T10405] name failslab, interval 1, probability 0, space 0, times 0 [ 2493.469251][T10405] CPU: 0 PID: 10405 Comm: syz-executor.5 Not tainted 5.0.0+ #15 04:11:50 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x0, 0x1000000000000}) [ 2493.477037][T10405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2493.477052][T10405] Call Trace: [ 2493.490399][T10405] dump_stack+0x172/0x1f0 [ 2493.494748][T10405] should_fail.cold+0xa/0x15 [ 2493.499355][T10405] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2493.505177][T10405] ? ___might_sleep+0x163/0x280 [ 2493.510039][T10405] __should_failslab+0x121/0x190 [ 2493.514984][T10405] should_failslab+0x9/0x14 [ 2493.519494][T10405] kmem_cache_alloc_node+0x264/0x710 [ 2493.524788][T10405] __alloc_skb+0xd5/0x5e0 [ 2493.524806][T10405] ? skb_trim+0x190/0x190 [ 2493.524821][T10405] ? vhci_write+0x2b3/0x470 [ 2493.524838][T10405] ? rcu_read_lock_sched_held+0x110/0x130 [ 2493.524853][T10405] ? kmem_cache_free+0x225/0x260 [ 2493.524872][T10405] __vhci_create_device+0x88/0x5a0 [ 2493.524890][T10405] vhci_write+0x2d0/0x470 [ 2493.524908][T10405] new_sync_write+0x4c7/0x760 [ 2493.524924][T10405] ? default_llseek+0x2e0/0x2e0 [ 2493.531767][T10415] binder_ioctl_get_node_info_for_ref: 5 callbacks suppressed [ 2493.531774][T10415] binder: 10412 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. 04:11:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x4c000000, 0x0}) [ 2493.531784][T10415] binder: 10412:10415 ioctl c018620c 20000240 returned -22 [ 2493.533552][T10405] ? copy_page_to_iter+0x47b/0xd00 [ 2493.533574][T10405] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2493.533593][T10405] ? put_page+0xce/0x130 [ 2493.543783][T10405] __vfs_write+0xe4/0x110 [ 2493.543800][T10405] __kernel_write+0x110/0x3b0 [ 2493.574996][T10405] write_pipe_buf+0x15d/0x1f0 [ 2493.595809][T10405] ? do_splice_direct+0x2a0/0x2a0 [ 2493.624914][T10405] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2493.631167][T10405] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2493.637238][T10405] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2493.643482][T10405] __splice_from_pipe+0x39a/0x7e0 [ 2493.643499][T10405] ? do_splice_direct+0x2a0/0x2a0 [ 2493.643519][T10405] ? do_splice_direct+0x2a0/0x2a0 [ 2493.643534][T10405] splice_from_pipe+0x108/0x170 [ 2493.643551][T10405] ? splice_shrink_spd+0xd0/0xd0 [ 2493.643580][T10405] default_file_splice_write+0x3c/0x90 [ 2493.643593][T10405] ? generic_splice_sendpage+0x50/0x50 [ 2493.643609][T10405] direct_splice_actor+0x126/0x1a0 [ 2493.658649][T10405] splice_direct_to_actor+0x369/0x970 [ 2493.658674][T10405] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2493.658694][T10405] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2493.658710][T10405] ? do_splice_to+0x190/0x190 [ 2493.674275][T10423] binder: 10421:10423 ioctl c018620c 20000240 returned -1 [ 2493.679353][T10405] ? rw_verify_area+0x118/0x360 [ 2493.679373][T10405] do_splice_direct+0x1da/0x2a0 [ 2493.679390][T10405] ? splice_direct_to_actor+0x970/0x970 [ 2493.679412][T10405] ? rw_verify_area+0x118/0x360 [ 2493.679429][T10405] do_sendfile+0x597/0xd00 [ 2493.679455][T10405] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2493.718251][T10405] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2493.718271][T10405] ? _copy_from_user+0xdd/0x150 [ 2493.718292][T10405] __x64_sys_sendfile64+0x15a/0x220 [ 2493.718310][T10405] ? __ia32_sys_sendfile+0x230/0x230 [ 2493.718325][T10405] ? do_syscall_64+0x26/0x610 [ 2493.718342][T10405] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2493.718358][T10405] ? trace_hardirqs_on+0x67/0x230 [ 2493.718376][T10405] do_syscall_64+0x103/0x610 04:11:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0}) 04:11:50 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x0, 0x4000000000000}) 04:11:50 executing program 5 (fault-call:5 fault-nth:7): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2493.754339][T10405] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2493.754353][T10405] RIP: 0033:0x457f29 [ 2493.754369][T10405] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2493.754377][T10405] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2493.754390][T10405] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 04:11:50 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087602, 0x0) [ 2493.754398][T10405] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2493.754406][T10405] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2493.754413][T10405] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2493.754421][T10405] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2493.797153][T10426] binder: 10422 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2493.797165][T10426] binder: 10422:10426 ioctl c018620c 20000240 returned -22 [ 2493.889394][ C1] net_ratelimit: 18 callbacks suppressed [ 2493.889408][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2493.900878][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2493.906688][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2493.912479][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2493.924741][T10426] binder: 10422 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. 04:11:50 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x4000, 0x2) [ 2493.924753][T10426] binder: 10422:10426 ioctl c018620c 20000240 returned -22 [ 2493.962436][T10437] binder: 10433:10437 ioctl c018620c 20000240 returned -1 04:11:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x60000000, 0x0}) 04:11:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0}) 04:11:50 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x0, 0x40000000000000}) 04:11:50 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40187542, 0x0) [ 2494.052652][T10445] FAULT_INJECTION: forcing a failure. [ 2494.052652][T10445] name failslab, interval 1, probability 0, space 0, times 0 [ 2494.069143][T10445] CPU: 0 PID: 10445 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2494.076901][T10445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2494.086969][T10445] Call Trace: [ 2494.086998][T10445] dump_stack+0x172/0x1f0 [ 2494.094599][T10445] should_fail.cold+0xa/0x15 [ 2494.099211][T10445] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2494.105030][T10445] ? ___might_sleep+0x163/0x280 [ 2494.109892][T10445] __should_failslab+0x121/0x190 [ 2494.114829][T10445] should_failslab+0x9/0x14 [ 2494.119334][T10445] kmem_cache_alloc_node_trace+0x270/0x720 [ 2494.119360][T10445] __kmalloc_node_track_caller+0x3d/0x70 [ 2494.119379][T10445] __kmalloc_reserve.isra.0+0x40/0xf0 [ 2494.119394][T10445] __alloc_skb+0x10b/0x5e0 [ 2494.119410][T10445] ? skb_trim+0x190/0x190 [ 2494.144872][T10445] ? vhci_write+0x2b3/0x470 [ 2494.144897][T10445] ? rcu_read_lock_sched_held+0x110/0x130 [ 2494.144915][T10445] ? kmem_cache_free+0x225/0x260 [ 2494.144933][T10445] __vhci_create_device+0x88/0x5a0 [ 2494.144950][T10445] vhci_write+0x2d0/0x470 [ 2494.144968][T10445] new_sync_write+0x4c7/0x760 [ 2494.144984][T10445] ? default_llseek+0x2e0/0x2e0 [ 2494.145002][T10445] ? copy_page_to_iter+0x47b/0xd00 [ 2494.165225][T10445] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2494.165243][T10445] ? put_page+0xce/0x130 [ 2494.165269][T10445] __vfs_write+0xe4/0x110 [ 2494.174247][T10445] __kernel_write+0x110/0x3b0 [ 2494.174269][T10445] write_pipe_buf+0x15d/0x1f0 [ 2494.174285][T10445] ? do_splice_direct+0x2a0/0x2a0 [ 2494.174302][T10445] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2494.174316][T10445] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2494.174330][T10445] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2494.174348][T10445] __splice_from_pipe+0x39a/0x7e0 [ 2494.174362][T10445] ? do_splice_direct+0x2a0/0x2a0 [ 2494.174382][T10445] ? do_splice_direct+0x2a0/0x2a0 [ 2494.174395][T10445] splice_from_pipe+0x108/0x170 04:11:50 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4020940d, 0x0) [ 2494.174412][T10445] ? splice_shrink_spd+0xd0/0xd0 [ 2494.174442][T10445] default_file_splice_write+0x3c/0x90 [ 2494.174456][T10445] ? generic_splice_sendpage+0x50/0x50 [ 2494.174473][T10445] direct_splice_actor+0x126/0x1a0 [ 2494.209411][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2494.213497][T10445] splice_direct_to_actor+0x369/0x970 [ 2494.213516][T10445] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2494.213536][T10445] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2494.213551][T10445] ? do_splice_to+0x190/0x190 [ 2494.219830][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2494.225818][T10445] ? rw_verify_area+0x118/0x360 [ 2494.310795][T10445] do_splice_direct+0x1da/0x2a0 [ 2494.311406][T10566] binder: 10450 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2494.311418][T10566] binder: 10450:10566 ioctl c018620c 20000240 returned -22 [ 2494.315650][T10445] ? splice_direct_to_actor+0x970/0x970 [ 2494.315674][T10445] ? rw_verify_area+0x118/0x360 [ 2494.331445][T10445] do_sendfile+0x597/0xd00 [ 2494.331469][T10445] ? do_compat_pwritev64+0x1c0/0x1c0 04:11:51 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x0, 0x80ffff00000000}) [ 2494.331490][T10445] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2494.331510][T10445] ? _copy_from_user+0xdd/0x150 [ 2494.351536][T10445] __x64_sys_sendfile64+0x15a/0x220 [ 2494.351553][T10445] ? __ia32_sys_sendfile+0x230/0x230 [ 2494.351568][T10445] ? do_syscall_64+0x26/0x610 [ 2494.351583][T10445] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2494.351599][T10445] ? trace_hardirqs_on+0x67/0x230 [ 2494.351621][T10445] do_syscall_64+0x103/0x610 [ 2494.351641][T10445] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2494.398533][T10445] RIP: 0033:0x457f29 [ 2494.402433][T10445] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2494.422029][T10445] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2494.422045][T10445] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2494.422054][T10445] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 04:11:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x68000000, 0x0}) 04:11:51 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x4800, 0x2) [ 2494.422061][T10445] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2494.422069][T10445] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2494.422076][T10445] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 04:11:51 executing program 5 (fault-call:5 fault-nth:8): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:51 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x80086601, 0x0) [ 2494.529396][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2494.535195][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2494.558302][T10680] binder: 10679 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2494.558315][T10680] binder: 10679:10680 ioctl c018620c 20000240 returned -22 04:11:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x0}) 04:11:51 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x0, 0x400000000000000}) 04:11:51 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x80087601, 0x0) 04:11:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x6c000000, 0x0}) [ 2494.696505][T10688] FAULT_INJECTION: forcing a failure. [ 2494.696505][T10688] name failslab, interval 1, probability 0, space 0, times 0 [ 2494.739676][T10688] CPU: 1 PID: 10688 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2494.747361][T10688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2494.757421][T10688] Call Trace: [ 2494.760727][T10688] dump_stack+0x172/0x1f0 [ 2494.765071][T10688] should_fail.cold+0xa/0x15 [ 2494.769674][T10688] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2494.775501][T10688] ? ___might_sleep+0x163/0x280 [ 2494.780350][T10688] __should_failslab+0x121/0x190 [ 2494.785273][T10688] should_failslab+0x9/0x14 [ 2494.789754][T10688] kmem_cache_alloc_trace+0x2d1/0x760 [ 2494.795107][T10688] ? skb_trim+0x190/0x190 [ 2494.799415][T10688] ? vhci_write+0x2b3/0x470 [ 2494.803906][T10688] ? rcu_read_lock_sched_held+0x110/0x130 [ 2494.809606][T10688] hci_alloc_dev+0x43/0x1d00 [ 2494.814176][T10688] __vhci_create_device+0x101/0x5a0 [ 2494.819355][T10688] vhci_write+0x2d0/0x470 [ 2494.823666][T10688] new_sync_write+0x4c7/0x760 [ 2494.828321][T10688] ? default_llseek+0x2e0/0x2e0 [ 2494.833161][T10688] ? copy_page_to_iter+0x47b/0xd00 [ 2494.838258][T10688] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2494.844496][T10688] ? put_page+0xce/0x130 [ 2494.848724][T10688] __vfs_write+0xe4/0x110 [ 2494.853048][T10688] __kernel_write+0x110/0x3b0 [ 2494.857714][T10688] write_pipe_buf+0x15d/0x1f0 [ 2494.862367][T10688] ? do_splice_direct+0x2a0/0x2a0 [ 2494.867372][T10688] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2494.873604][T10688] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2494.879661][T10688] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2494.885888][T10688] __splice_from_pipe+0x39a/0x7e0 [ 2494.890887][T10688] ? do_splice_direct+0x2a0/0x2a0 [ 2494.895889][T10688] ? do_splice_direct+0x2a0/0x2a0 [ 2494.900888][T10688] splice_from_pipe+0x108/0x170 [ 2494.905715][T10688] ? splice_shrink_spd+0xd0/0xd0 [ 2494.910645][T10688] default_file_splice_write+0x3c/0x90 [ 2494.916091][T10688] ? generic_splice_sendpage+0x50/0x50 [ 2494.921524][T10688] direct_splice_actor+0x126/0x1a0 [ 2494.926613][T10688] splice_direct_to_actor+0x369/0x970 [ 2494.931963][T10688] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2494.937490][T10688] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2494.943705][T10688] ? do_splice_to+0x190/0x190 [ 2494.948394][T10688] ? rw_verify_area+0x118/0x360 [ 2494.953233][T10688] do_splice_direct+0x1da/0x2a0 [ 2494.958061][T10688] ? splice_direct_to_actor+0x970/0x970 [ 2494.963589][T10688] ? rw_verify_area+0x118/0x360 [ 2494.968419][T10688] do_sendfile+0x597/0xd00 [ 2494.972821][T10688] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2494.978085][T10688] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2494.984302][T10688] ? _copy_from_user+0xdd/0x150 [ 2494.989133][T10688] __x64_sys_sendfile64+0x15a/0x220 [ 2494.994306][T10688] ? __ia32_sys_sendfile+0x230/0x230 [ 2494.999576][T10688] ? do_syscall_64+0x26/0x610 [ 2495.004252][T10688] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2495.009512][T10688] ? trace_hardirqs_on+0x67/0x230 [ 2495.014514][T10688] do_syscall_64+0x103/0x610 [ 2495.019087][T10688] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2495.024956][T10688] RIP: 0033:0x457f29 [ 2495.028835][T10688] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2495.048430][T10688] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2495.056817][T10688] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2495.064762][T10688] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2495.072794][T10688] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2495.080750][T10688] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 04:11:51 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x0, 0xc802002000000000}) 04:11:51 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x4c00, 0x2) [ 2495.088695][T10688] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2495.096997][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2495.102821][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2495.118894][T10701] binder: 10699:10701 ioctl c018620c 20000240 returned -1 04:11:51 executing program 5 (fault-call:5 fault-nth:9): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:51 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0xc0045878, 0x0) 04:11:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0}) [ 2495.139940][T10701] binder: 10699:10701 ioctl c018620c 20000240 returned -1 [ 2495.164063][T10704] binder: 10702 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2495.164076][T10704] binder: 10702:10704 ioctl c018620c 20000240 returned -22 04:11:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x74000000, 0x0}) 04:11:52 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0xc0045878, 0x0) 04:11:52 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x4400, 0x0) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) [ 2495.307413][T10719] binder: 10712:10719 ioctl c018620c 20000240 returned -1 [ 2495.332246][T10718] FAULT_INJECTION: forcing a failure. [ 2495.332246][T10718] name failslab, interval 1, probability 0, space 0, times 0 [ 2495.354061][T10718] CPU: 0 PID: 10718 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2495.361726][T10718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2495.371793][T10718] Call Trace: [ 2495.375103][T10718] dump_stack+0x172/0x1f0 [ 2495.379455][T10718] should_fail.cold+0xa/0x15 [ 2495.384058][T10718] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2495.389905][T10718] ? ___might_sleep+0x163/0x280 [ 2495.395461][T10718] __should_failslab+0x121/0x190 [ 2495.400401][T10718] should_failslab+0x9/0x14 [ 2495.400437][T10718] __kmalloc+0x2dc/0x740 [ 2495.400458][T10718] ? alloc_workqueue+0x13c/0xe70 [ 2495.400473][T10718] alloc_workqueue+0x13c/0xe70 [ 2495.400494][T10718] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 2495.409208][T10718] ? scnprintf+0x140/0x140 [ 2495.409231][T10718] ? __init_waitqueue_head+0x36/0x90 [ 2495.409256][T10718] hci_register_dev+0x1b8/0x860 [ 2495.409270][T10718] ? hci_init_sysfs+0x7c/0xa0 [ 2495.409292][T10718] __vhci_create_device+0x2d0/0x5a0 [ 2495.409310][T10718] vhci_write+0x2d0/0x470 [ 2495.409328][T10718] new_sync_write+0x4c7/0x760 04:11:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x0}) [ 2495.409345][T10718] ? default_llseek+0x2e0/0x2e0 [ 2495.409362][T10718] ? copy_page_to_iter+0x47b/0xd00 [ 2495.409380][T10718] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2495.409399][T10718] ? put_page+0xce/0x130 [ 2495.434435][T10718] __vfs_write+0xe4/0x110 [ 2495.453414][T10718] __kernel_write+0x110/0x3b0 [ 2495.453436][T10718] write_pipe_buf+0x15d/0x1f0 [ 2495.453452][T10718] ? do_splice_direct+0x2a0/0x2a0 [ 2495.453470][T10718] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 04:11:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x7a000000, 0x0}) [ 2495.453485][T10718] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2495.453499][T10718] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2495.453526][T10718] __splice_from_pipe+0x39a/0x7e0 [ 2495.453540][T10718] ? do_splice_direct+0x2a0/0x2a0 [ 2495.453561][T10718] ? do_splice_direct+0x2a0/0x2a0 [ 2495.453578][T10718] splice_from_pipe+0x108/0x170 [ 2495.489135][T10718] ? splice_shrink_spd+0xd0/0xd0 [ 2495.489165][T10718] default_file_splice_write+0x3c/0x90 [ 2495.489177][T10718] ? generic_splice_sendpage+0x50/0x50 [ 2495.489192][T10718] direct_splice_actor+0x126/0x1a0 [ 2495.489208][T10718] splice_direct_to_actor+0x369/0x970 [ 2495.489229][T10718] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2495.495159][T10730] binder: 10727:10730 ioctl c018620c 20000240 returned -1 [ 2495.498902][T10718] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2495.498919][T10718] ? do_splice_to+0x190/0x190 [ 2495.498940][T10718] ? rw_verify_area+0x118/0x360 [ 2495.498960][T10718] do_splice_direct+0x1da/0x2a0 [ 2495.537314][T10718] ? splice_direct_to_actor+0x970/0x970 [ 2495.537341][T10718] ? rw_verify_area+0x118/0x360 04:11:52 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0xc0189436, 0x0) 04:11:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x0}) 04:11:52 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x3, 0x2) ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f0000000080)={0x0, @pix={0x7ff, 0x7fff, 0x41416770, 0xf, 0xffffffff, 0x3, 0x1, 0xc2a, 0x1, 0x5, 0x2, 0x5}}) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']) [ 2495.537359][T10718] do_sendfile+0x597/0xd00 [ 2495.537384][T10718] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2495.537407][T10718] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2495.537422][T10718] ? _copy_from_user+0xdd/0x150 [ 2495.537442][T10718] __x64_sys_sendfile64+0x15a/0x220 [ 2495.592048][T10718] ? __ia32_sys_sendfile+0x230/0x230 [ 2495.611652][T10718] ? do_syscall_64+0x26/0x610 [ 2495.611669][T10718] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2495.611688][T10718] ? trace_hardirqs_on+0x67/0x230 [ 2495.653533][T10718] do_syscall_64+0x103/0x610 [ 2495.658122][T10718] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2495.664008][T10718] RIP: 0033:0x457f29 [ 2495.667917][T10718] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2495.687522][T10718] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2495.687538][T10718] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 04:11:52 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x6087, 0x2) [ 2495.687546][T10718] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2495.687554][T10718] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2495.687562][T10718] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2495.687570][T10718] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2495.718665][T10718] Bluetooth: Can't register HCI device [ 2495.757162][T10843] binder: 10837 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2495.757175][T10843] binder: 10837:10843 ioctl c018620c 20000240 returned -22 [ 2495.777385][T10841] binder: 10839:10841 ioctl c018620c 20000240 returned -1 04:11:52 executing program 5 (fault-call:5 fault-nth:10): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:52 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0xc020660b, 0x0) 04:11:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x100000000000000, 0x0}) 04:11:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x0}) 04:11:52 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x4000, 0x0) 04:11:52 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x6800, 0x2) [ 2495.962577][T10958] FAULT_INJECTION: forcing a failure. [ 2495.962577][T10958] name failslab, interval 1, probability 0, space 0, times 0 [ 2495.978710][T10963] binder: 10960:10963 ioctl c018620c 20000240 returned -1 [ 2496.001739][T10965] binder: 10961 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. 04:11:52 executing program 3: ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f00000002c0)) r0 = socket$inet6_sctp(0xa, 0xf42bd62525051615, 0x84) sendto$inet6(r0, &(0x7f0000000040)="ad54489206effb643fb56c746c460e97734cb69c4e49c0340b6cd4ef5d31500f60379072b9b818e715b8e826718638fb4aec1d904dd8e8b879b5ed3205c66ad70af8641310f49805e3fd18e0b1dbcf5cfae891", 0x53, 0x800, &(0x7f00000000c0)={0xa, 0x4e23, 0x4, @mcast1}, 0x1c) r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x81, 0xc0000) ioctl$RTC_AIE_OFF(r1, 0x7002) [ 2496.001751][T10965] binder: 10961:10965 ioctl c018620c 20000240 returned -22 [ 2496.008369][T10958] CPU: 0 PID: 10958 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2496.025167][T10958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2496.035217][T10958] Call Trace: [ 2496.038506][T10958] dump_stack+0x172/0x1f0 [ 2496.042853][T10958] should_fail.cold+0xa/0x15 [ 2496.047461][T10958] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2496.053303][T10958] ? ___might_sleep+0x163/0x280 [ 2496.058160][T10958] __should_failslab+0x121/0x190 04:11:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0}) [ 2496.063108][T10958] should_failslab+0x9/0x14 [ 2496.067622][T10958] kmem_cache_alloc_trace+0x2d1/0x760 [ 2496.073000][T10958] ? rcu_read_lock_sched_held+0x110/0x130 [ 2496.078731][T10958] ? __kmalloc+0x5d5/0x740 [ 2496.083159][T10958] alloc_workqueue_attrs+0x82/0x120 [ 2496.088361][T10958] alloc_workqueue+0x166/0xe70 [ 2496.093152][T10958] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 2496.098871][T10958] ? scnprintf+0x140/0x140 [ 2496.103299][T10958] ? __init_waitqueue_head+0x36/0x90 [ 2496.108613][T10958] hci_register_dev+0x1b8/0x860 [ 2496.113475][T10958] ? hci_init_sysfs+0x7c/0xa0 [ 2496.118170][T10958] __vhci_create_device+0x2d0/0x5a0 [ 2496.123383][T10958] vhci_write+0x2d0/0x470 [ 2496.123403][T10958] new_sync_write+0x4c7/0x760 [ 2496.123420][T10958] ? default_llseek+0x2e0/0x2e0 [ 2496.132411][T10958] ? copy_page_to_iter+0x47b/0xd00 [ 2496.132433][T10958] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2496.132449][T10958] ? put_page+0xce/0x130 [ 2496.132485][T10958] __vfs_write+0xe4/0x110 [ 2496.132504][T10958] __kernel_write+0x110/0x3b0 04:11:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x200000000000000, 0x0}) [ 2496.132523][T10958] write_pipe_buf+0x15d/0x1f0 [ 2496.132540][T10958] ? do_splice_direct+0x2a0/0x2a0 [ 2496.171601][T10958] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2496.177865][T10958] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2496.183941][T10958] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2496.190190][T10958] __splice_from_pipe+0x39a/0x7e0 [ 2496.195265][T10958] ? do_splice_direct+0x2a0/0x2a0 [ 2496.200301][T10958] ? do_splice_direct+0x2a0/0x2a0 [ 2496.205326][T10958] splice_from_pipe+0x108/0x170 [ 2496.210183][T10958] ? splice_shrink_spd+0xd0/0xd0 [ 2496.215138][T10958] default_file_splice_write+0x3c/0x90 [ 2496.220604][T10958] ? generic_splice_sendpage+0x50/0x50 [ 2496.226065][T10958] direct_splice_actor+0x126/0x1a0 [ 2496.226084][T10958] splice_direct_to_actor+0x369/0x970 [ 2496.236553][T10958] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2496.242111][T10958] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2496.248351][T10958] ? do_splice_to+0x190/0x190 [ 2496.248374][T10958] ? rw_verify_area+0x118/0x360 [ 2496.248391][T10958] do_splice_direct+0x1da/0x2a0 [ 2496.248408][T10958] ? splice_direct_to_actor+0x970/0x970 [ 2496.268283][T10958] ? rw_verify_area+0x118/0x360 [ 2496.273141][T10958] do_sendfile+0x597/0xd00 [ 2496.277571][T10958] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2496.282866][T10958] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2496.289123][T10958] ? _copy_from_user+0xdd/0x150 [ 2496.293982][T10958] __x64_sys_sendfile64+0x15a/0x220 [ 2496.299185][T10958] ? __ia32_sys_sendfile+0x230/0x230 [ 2496.304487][T10958] ? do_syscall_64+0x26/0x610 [ 2496.309169][T10958] ? lockdep_hardirqs_on+0x418/0x5d0 04:11:52 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x6c00, 0x2) [ 2496.314470][T10958] ? trace_hardirqs_on+0x67/0x230 [ 2496.319504][T10958] do_syscall_64+0x103/0x610 [ 2496.324112][T10958] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2496.330002][T10958] RIP: 0033:0x457f29 [ 2496.333898][T10958] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2496.343870][T11076] binder: 11053 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. 04:11:53 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x1, 0x2) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000080)) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) [ 2496.343882][T11076] binder: 11053:11076 ioctl c018620c 20000240 returned -22 [ 2496.353497][T10958] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2496.353532][T10958] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2496.353541][T10958] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2496.353550][T10958] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2496.353558][T10958] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 04:11:53 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) [ 2496.353567][T10958] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2496.377484][T10958] Bluetooth: Can't register HCI device 04:11:53 executing program 5 (fault-call:5 fault-nth:11): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x300000000000000, 0x0}) [ 2496.462227][T11088] binder: 10973:11088 ioctl c018620c 20000240 returned -1 04:11:53 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)=ANY=[@ANYBLOB="0200270000000000"]) 04:11:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x4800000000000000, 0x0}) [ 2496.546077][T11099] binder: 11096 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2496.546090][T11099] binder: 11096:11099 ioctl c018620c 20000240 returned -22 04:11:53 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/status\x00', 0x0, 0x0) bind$rose(r1, &(0x7f0000000080)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, 0x1c) 04:11:53 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x7400, 0x2) 04:11:53 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000040)=ANY=[@ANYBLOB="0000230000963f74aee311c5f8e10000"]) [ 2496.648156][T11105] FAULT_INJECTION: forcing a failure. [ 2496.648156][T11105] name failslab, interval 1, probability 0, space 0, times 0 [ 2496.663245][T11109] binder: 11107:11109 ioctl c018620c 20000240 returned -1 04:11:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x400000000000000, 0x0}) 04:11:53 executing program 4: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x101200, 0x0) ioctl$KVM_SET_CPUID2(r0, 0x4008ae90, &(0x7f0000000080)={0x4, 0x0, [{0x54b1a7763cf53eb3, 0x0, 0x0, 0x0, 0x0, 0x5, 0x9}, {0x80000008, 0xfff, 0x2, 0x6bc1282e, 0x3, 0xffffffff, 0x2}, {0x40000007, 0x1, 0x4, 0xfffffffffffffffc, 0x541, 0x6, 0xd80}, {0x8000000f, 0x2, 0x2, 0x89e8, 0x7fffffff, 0x2}]}) ioctl$KVM_SET_CPUID2(r0, 0x4008ae90, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000000000c040000000020000010000000000000000b038000005000000e0415e82035e20c7754bcf32"]) ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x4b47, 0x0) [ 2496.732221][T11105] CPU: 0 PID: 11105 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2496.739899][T11105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2496.749958][T11105] Call Trace: [ 2496.753260][T11105] dump_stack+0x172/0x1f0 [ 2496.757598][T11105] should_fail.cold+0xa/0x15 [ 2496.762209][T11105] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2496.768033][T11105] ? ___might_sleep+0x163/0x280 [ 2496.772896][T11105] __should_failslab+0x121/0x190 [ 2496.777843][T11105] should_failslab+0x9/0x14 [ 2496.782354][T11105] __kmalloc_track_caller+0x2d8/0x740 [ 2496.787750][T11105] ? pointer+0x910/0x910 [ 2496.791991][T11105] ? set_precision+0x180/0x180 [ 2496.796745][T11105] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2496.802497][T11105] ? kasprintf+0xbb/0xf0 [ 2496.806746][T11105] kvasprintf+0xc8/0x170 [ 2496.810993][T11105] ? bust_spinlocks+0xe0/0xe0 [ 2496.815679][T11105] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2496.821415][T11105] ? find_next_bit+0x107/0x130 [ 2496.826180][T11105] kasprintf+0xbb/0xf0 [ 2496.830250][T11105] ? kvasprintf_const+0x190/0x190 [ 2496.835287][T11105] ? kasan_check_read+0x11/0x20 [ 2496.840151][T11105] alloc_workqueue+0x442/0xe70 [ 2496.844946][T11105] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 2496.850697][T11105] ? __init_waitqueue_head+0x36/0x90 [ 2496.852819][T11154] binder: 11127:11154 ioctl c018620c 20000240 returned -22 [ 2496.855986][T11105] hci_register_dev+0x1b8/0x860 [ 2496.856001][T11105] ? hci_init_sysfs+0x7c/0xa0 [ 2496.856025][T11105] __vhci_create_device+0x2d0/0x5a0 [ 2496.856042][T11105] vhci_write+0x2d0/0x470 [ 2496.856062][T11105] new_sync_write+0x4c7/0x760 [ 2496.856079][T11105] ? default_llseek+0x2e0/0x2e0 [ 2496.856093][T11105] ? copy_page_to_iter+0x47b/0xd00 [ 2496.856114][T11105] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2496.903089][T11105] ? put_page+0xce/0x130 [ 2496.907354][T11105] __vfs_write+0xe4/0x110 [ 2496.911703][T11105] __kernel_write+0x110/0x3b0 [ 2496.916391][T11105] write_pipe_buf+0x15d/0x1f0 [ 2496.921078][T11105] ? do_splice_direct+0x2a0/0x2a0 [ 2496.926110][T11105] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 04:11:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x500000000000000, 0x0}) 04:11:53 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x502, 0x0) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) [ 2496.932370][T11105] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2496.938450][T11105] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2496.944698][T11105] __splice_from_pipe+0x39a/0x7e0 [ 2496.949723][T11105] ? do_splice_direct+0x2a0/0x2a0 [ 2496.954756][T11105] ? do_splice_direct+0x2a0/0x2a0 [ 2496.959803][T11105] splice_from_pipe+0x108/0x170 [ 2496.964660][T11105] ? splice_shrink_spd+0xd0/0xd0 [ 2496.969610][T11105] default_file_splice_write+0x3c/0x90 [ 2496.975066][T11105] ? generic_splice_sendpage+0x50/0x50 04:11:53 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) prctl$PR_GET_KEEPCAPS(0x7) ioctl$EVIOCGUNIQ(0xffffffffffffffff, 0x80404508, &(0x7f0000000080)=""/226) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x80, 0x0) ioctl$TIOCSCTTY(r1, 0x540e, 0x3e) [ 2496.980528][T11105] direct_splice_actor+0x126/0x1a0 [ 2496.985645][T11105] splice_direct_to_actor+0x369/0x970 [ 2496.991028][T11105] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2496.996584][T11105] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2497.002826][T11105] ? do_splice_to+0x190/0x190 [ 2497.007522][T11105] ? rw_verify_area+0x118/0x360 [ 2497.012379][T11105] do_splice_direct+0x1da/0x2a0 [ 2497.017242][T11105] ? splice_direct_to_actor+0x970/0x970 [ 2497.022785][T11105] ? rw_verify_area+0x118/0x360 [ 2497.022803][T11105] do_sendfile+0x597/0xd00 [ 2497.022827][T11105] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2497.022847][T11105] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2497.022866][T11105] ? _copy_from_user+0xdd/0x150 [ 2497.048526][T11105] __x64_sys_sendfile64+0x15a/0x220 [ 2497.048545][T11105] ? __ia32_sys_sendfile+0x230/0x230 [ 2497.048566][T11105] ? do_syscall_64+0x26/0x610 [ 2497.063701][T11105] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2497.068996][T11105] ? trace_hardirqs_on+0x67/0x230 [ 2497.074030][T11105] do_syscall_64+0x103/0x610 [ 2497.078625][T11105] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2497.084520][T11105] RIP: 0033:0x457f29 [ 2497.084537][T11105] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2497.084545][T11105] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2497.084561][T11105] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2497.084570][T11105] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2497.084578][T11105] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2497.084586][T11105] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2497.084594][T11105] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2497.167176][T11244] binder: 11235:11244 ioctl c018620c 20000240 returned -22 04:11:54 executing program 5 (fault-call:5 fault-nth:12): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x0}) 04:11:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x600000000000000, 0x0}) 04:11:54 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x7a00, 0x2) 04:11:54 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000200)={0xffffffffffffffff, 0x10, &(0x7f00000001c0)={&(0x7f0000000140)=""/73, 0x49, 0xffffffffffffffff}}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000240)=r1, 0x4) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x0, 0x0) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000300)=0x6) mq_getsetattr(r2, &(0x7f0000000080)={0x8, 0xffffffff, 0x9, 0x9, 0x6d, 0x0, 0x10001, 0x5}, &(0x7f00000000c0)) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000100)=0x10000, 0x4) socket$rxrpc(0x21, 0x2, 0xa) sendto$rxrpc(r2, &(0x7f0000000280)="a9", 0x1, 0x880, &(0x7f00000002c0)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @rand_addr=0x1}}, 0x24) ioctl$UI_DEV_DESTROY(r2, 0x5502) 04:11:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0x0}) 04:11:54 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000cc0)='/dev/udmabuf\x00', 0x2) r1 = syz_open_dev$vcsa(&(0x7f0000000100)='/dev/vcsa#\x00', 0x4, 0x800) accept4$bt_l2cap(r1, 0x0, &(0x7f0000000140), 0x800) r2 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x3, 0x80) ioctl$VIDIOC_G_OUTPUT(r2, 0x8004562e, &(0x7f0000000080)) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2001a000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)=@deltclass={0x91c, 0x29, 0x300, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, {0x2, 0xd}, {0x0, 0xe}, {0x4, 0xb}}, [@tclass_kind_options=@c_htb={{0x8, 0x1, 'htb\x00'}, {0x8f0, 0x2, [@TCA_HTB_RTAB={0x404, 0x4, [0xff, 0xfffffffffffffffa, 0xffffffffffffffd6, 0x10001, 0x3, 0x9be, 0xce, 0x6, 0x3, 0x7ff, 0x5, 0x2, 0x3293, 0x71, 0x1ff, 0x80000001, 0x7, 0x100000000, 0x0, 0x7, 0x4, 0x0, 0x1, 0x3, 0x1, 0x8001, 0x2, 0x2, 0x99ee, 0xfffffffffffffff7, 0x8, 0xffffffffffff7fff, 0x3f, 0x7, 0x5, 0x9, 0xd27a, 0x502, 0xc000000000, 0x4, 0x1, 0x8, 0x1ff, 0x2, 0x10000, 0x80000000, 0x9, 0x0, 0x7, 0xfffffffffffff083, 0x200, 0x6, 0xaa51, 0x2, 0x7ca5, 0x0, 0x2c9, 0x8, 0x200, 0x1, 0x9, 0x300, 0x19a, 0x100000001, 0x9, 0x5e, 0xffffffff, 0x1, 0x3fc000000, 0x1398a00, 0x1, 0xffffffffffffffff, 0x2, 0x67, 0x20, 0x6, 0xff, 0x5, 0x5, 0x80000001, 0x9, 0x1000, 0x100000001, 0x400000000000, 0x9, 0x3, 0x10000, 0x4, 0x200, 0x7f, 0xfffffffffffffff7, 0x2, 0xe34, 0x5, 0x7fffffff, 0xff, 0xfffffffffffffffb, 0x2, 0xff, 0x0, 0x1, 0x3, 0x2, 0x401, 0x8001, 0x3, 0x80000001, 0x9, 0x1fccad69, 0x7fffffff, 0x2, 0x3, 0x6, 0xfad9, 0x8, 0xfffffffeffffffff, 0x8001, 0x100, 0x3, 0xbd4, 0xfffffffffffffffb, 0x80000000, 0x8, 0x76, 0x8, 0x0, 0x1, 0x8001, 0x0, 0xbbc, 0x1ff, 0x1, 0x0, 0x10000, 0xc8ca, 0x9, 0x1, 0x4, 0x78, 0x6, 0x7f, 0x7, 0xcb3f, 0x9, 0x9, 0x9, 0x40, 0x8, 0x0, 0x3ff, 0x100000001, 0x4, 0x80000001, 0x3, 0x2, 0x6, 0xb296, 0x3f, 0x5, 0x6, 0x80, 0x6, 0x8, 0x9b9, 0x8, 0x9, 0x20, 0xffff, 0x8, 0x0, 0x2, 0x7ff, 0x1, 0x1000, 0x3, 0x80000000, 0x1, 0x8, 0xa23, 0xf109, 0x7, 0x0, 0x6, 0x5, 0x800, 0x400, 0x0, 0xffffffff, 0x1ffc000000, 0x100, 0x80000001, 0x0, 0x7fff, 0x4f, 0x10001, 0x0, 0x8000, 0x3, 0x4, 0x9, 0xffffffff997458ed, 0x9, 0x89f, 0x6, 0x8, 0x8, 0x0, 0x7fff, 0x5, 0xe0c6, 0x0, 0x80000000000000, 0x5, 0x34adc00, 0x4, 0x7fff, 0x0, 0xa9c, 0x9, 0x9, 0x7, 0x8, 0x5, 0xae07, 0x8, 0x7, 0xfff, 0x9, 0x7, 0x6, 0x4, 0x3ff, 0x982, 0xffffffff00000000, 0x2, 0x80000000, 0x2, 0x81, 0x8, 0x2bc, 0xffffffff, 0x2, 0x1000, 0x2, 0x6935, 0x8cfe, 0x7fffffff, 0x69, 0x0, 0x3ff, 0x101, 0x8, 0x9, 0x8000, 0x6, 0x80000000]}, @TCA_HTB_RATE64={0xc, 0x6, 0xffffffffffffee85}, @TCA_HTB_PARMS={0x30, 0x1, {{0xffffffffffffffff, 0x0, 0x0, 0x100000001, 0x6}, {0x100, 0x0, 0x81, 0x10000, 0x1, 0x40}, 0x0, 0x7, 0x2, 0x5, 0x9}}, @TCA_HTB_RATE64={0xc, 0x6, 0x80000001}, @TCA_HTB_CTAB={0x404, 0x3, [0x4, 0x0, 0x8, 0x3fffffffc000, 0x4, 0x6, 0x76b, 0x4, 0x1, 0xffffffffffff0000, 0x5, 0x4, 0x5, 0x5, 0x8, 0x800, 0x1, 0x4, 0x68, 0xca6, 0x2, 0x0, 0x1, 0x100, 0x80000001, 0x8, 0x1, 0xe3, 0x8, 0x3ff, 0x10001, 0x2, 0x8, 0xfff, 0x13ac, 0x0, 0x3, 0xffffffffffffff81, 0x51, 0x214, 0x1f, 0x7, 0x8, 0x2, 0x401, 0x2, 0x8, 0x80000001, 0x7ff, 0x100000000, 0x3, 0x8000, 0x3, 0x9, 0x8000, 0x1, 0x6, 0x80000000, 0xfffffffffffffffe, 0x2, 0x100000001, 0x3f, 0x6d3, 0x0, 0x7, 0x3, 0x5, 0x5, 0x4, 0x9, 0x7ff, 0x676, 0x0, 0x1, 0x6, 0x6, 0x3f, 0x10000, 0x1, 0x1, 0x8, 0x62ca, 0x92f, 0x5, 0x0, 0x7, 0x9, 0x67c, 0xffff, 0x7, 0x0, 0x9, 0xfff, 0x715, 0x1000, 0x7, 0xffffffff00000000, 0x0, 0x9, 0xff, 0x3, 0x5a, 0x2, 0x3, 0x7, 0x5, 0x6, 0x7, 0x9, 0x1, 0xffffffffffffff36, 0x1f, 0x10000, 0x2, 0x0, 0x10001, 0x4, 0xee, 0x9, 0xffffffffffffff7f, 0x800, 0x0, 0x0, 0x6, 0x100, 0x1, 0x1, 0x4, 0x8766, 0x5, 0x8000, 0x6d, 0x48000000000, 0xfffffffffffffe01, 0x8, 0x6, 0x8, 0x4, 0x9, 0x0, 0x0, 0x2, 0x6, 0x0, 0x200, 0x6, 0x80000001, 0x100000001, 0x2, 0x1f, 0x1, 0x6, 0x3f, 0x0, 0x4, 0x0, 0x100000001, 0x1, 0x3f, 0xffff, 0x4, 0x4, 0x9, 0xe9, 0x6, 0x6, 0x6a55, 0x7, 0x5d, 0x2, 0x999, 0x5, 0x2, 0x7, 0x2, 0x67c7, 0x3f, 0xd8eb, 0x0, 0x3, 0x3, 0x44a, 0xfff, 0x40, 0x7fff, 0x0, 0x1ff, 0x6, 0x1000000000000000, 0x6, 0x647e, 0x7fffffff, 0x1, 0xffffffffffffffb2, 0x6, 0x0, 0x200, 0x5, 0x800, 0x1, 0x4, 0x8, 0xfffffffffffffffd, 0x7, 0x0, 0x6, 0x20, 0x1, 0x5, 0x1, 0x90e, 0x0, 0xcb7, 0x0, 0x762, 0x40, 0x79, 0x2a, 0x7fff, 0x3b, 0x9, 0x44, 0x9, 0x20, 0x800, 0x5, 0x3, 0x2, 0x20, 0x1, 0x1, 0x400, 0x8, 0x0, 0x1, 0x4, 0x3ff, 0x3, 0x0, 0x3, 0x8000, 0x400, 0x40, 0x93f7, 0x1, 0x1, 0xfffffffffffffffd, 0x870e, 0x4cfb, 0x7ff, 0xf1d7, 0x8, 0x8, 0x3ff, 0x251, 0xd9b2]}, @TCA_HTB_PARMS={0x30, 0x1, {{0x1, 0x0, 0x0, 0x8001, 0x7, 0xe02}, {0x400, 0x1, 0x0, 0x0, 0x10000, 0xd02}, 0x6, 0x3, 0x9, 0x7, 0xa267}}, @TCA_HTB_PARMS={0x30, 0x1, {{0x3ff, 0x1, 0x6ff76f03, 0x4, 0x1, 0x40}, {0x401, 0x0, 0x9, 0x6, 0x6, 0x800}, 0x40, 0x6, 0x8, 0x400, 0x4}}, @TCA_HTB_RATE64={0xc, 0x6, 0x400}, @TCA_HTB_PARMS={0x30, 0x1, {{0x9, 0x2, 0x7fff, 0x3d22, 0xfffffffffffffffa, 0xfff}, {0x8001, 0x0, 0x200, 0x1, 0x3, 0x6}, 0xa12, 0x1000, 0x4, 0x5bf, 0x4479665c}}]}}]}, 0x91c}, 0x1, 0x0, 0x0, 0x4004010}, 0x4000) [ 2497.317777][T11350] binder: 11347:11350 ioctl c018620c 20000240 returned -1 [ 2497.325803][T11351] binder: 11348:11351 ioctl c018620c 20000240 returned -22 04:11:54 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/mls\x00', 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0xeca8b6ed2a58ac07, 0x0) r3 = dup(r0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000000c0)={r2, 0x3, 0xffff, r3}) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) 04:11:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x700000000000000, 0x0}) [ 2497.463096][T11404] binder: 11362:11404 ioctl c018620c 20000240 returned -1 [ 2497.472680][T11365] FAULT_INJECTION: forcing a failure. [ 2497.472680][T11365] name failslab, interval 1, probability 0, space 0, times 0 [ 2497.494456][T11404] binder: 11362:11404 ioctl c018620c 20000240 returned -1 [ 2497.505200][T11365] CPU: 0 PID: 11365 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2497.512844][T11365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2497.522983][T11365] Call Trace: [ 2497.523087][T11365] dump_stack+0x172/0x1f0 [ 2497.523110][T11365] should_fail.cold+0xa/0x15 [ 2497.523128][T11365] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2497.523149][T11365] ? ___might_sleep+0x163/0x280 [ 2497.545940][T11365] __should_failslab+0x121/0x190 [ 2497.545958][T11365] should_failslab+0x9/0x14 [ 2497.545977][T11365] __kmalloc+0x2dc/0x740 [ 2497.559619][T11365] ? apply_wqattrs_prepare+0xae/0x970 [ 2497.564999][T11365] apply_wqattrs_prepare+0xae/0x970 [ 2497.570212][T11365] apply_workqueue_attrs_locked+0xcb/0x140 [ 2497.576015][T11365] apply_workqueue_attrs+0x31/0x50 [ 2497.581120][T11365] alloc_workqueue+0x84c/0xe70 [ 2497.581143][T11365] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 2497.581166][T11365] ? __init_waitqueue_head+0x36/0x90 [ 2497.581190][T11365] hci_register_dev+0x1b8/0x860 [ 2497.581202][T11365] ? hci_init_sysfs+0x7c/0xa0 [ 2497.581224][T11365] __vhci_create_device+0x2d0/0x5a0 04:11:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x0}) [ 2497.581242][T11365] vhci_write+0x2d0/0x470 [ 2497.581259][T11365] new_sync_write+0x4c7/0x760 [ 2497.581275][T11365] ? default_llseek+0x2e0/0x2e0 [ 2497.625483][T11365] ? copy_page_to_iter+0x47b/0xd00 [ 2497.630618][T11365] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2497.636859][T11365] ? put_page+0xce/0x130 [ 2497.636890][T11365] __vfs_write+0xe4/0x110 [ 2497.636912][T11365] __kernel_write+0x110/0x3b0 [ 2497.650127][T11365] write_pipe_buf+0x15d/0x1f0 [ 2497.654805][T11365] ? do_splice_direct+0x2a0/0x2a0 [ 2497.654824][T11365] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2497.654841][T11365] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2497.672133][T11365] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2497.678389][T11365] __splice_from_pipe+0x39a/0x7e0 [ 2497.683416][T11365] ? do_splice_direct+0x2a0/0x2a0 [ 2497.688446][T11365] ? do_splice_direct+0x2a0/0x2a0 [ 2497.693478][T11365] splice_from_pipe+0x108/0x170 [ 2497.698316][T11478] binder: 11475:11478 ioctl c018620c 20000240 returned -1 [ 2497.705445][T11365] ? splice_shrink_spd+0xd0/0xd0 04:11:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x0}) [ 2497.710408][T11365] default_file_splice_write+0x3c/0x90 [ 2497.715873][T11365] ? generic_splice_sendpage+0x50/0x50 [ 2497.721347][T11365] direct_splice_actor+0x126/0x1a0 [ 2497.726463][T11365] splice_direct_to_actor+0x369/0x970 [ 2497.731839][T11365] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2497.737396][T11365] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2497.743638][T11365] ? do_splice_to+0x190/0x190 [ 2497.748343][T11365] ? rw_verify_area+0x118/0x360 [ 2497.753199][T11365] do_splice_direct+0x1da/0x2a0 [ 2497.758051][T11365] ? splice_direct_to_actor+0x970/0x970 [ 2497.763613][T11365] ? rw_verify_area+0x118/0x360 [ 2497.768471][T11365] do_sendfile+0x597/0xd00 [ 2497.772897][T11365] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2497.778204][T11365] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2497.784450][T11365] ? _copy_from_user+0xdd/0x150 [ 2497.784474][T11365] __x64_sys_sendfile64+0x15a/0x220 [ 2497.794487][T11365] ? __ia32_sys_sendfile+0x230/0x230 [ 2497.799775][T11365] ? do_syscall_64+0x26/0x610 [ 2497.804455][T11365] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2497.809743][T11365] ? trace_hardirqs_on+0x67/0x230 04:11:54 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x2001, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x100) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f00000000c0)={0x1, 0x8, 0x1, r2}) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) [ 2497.814771][T11365] do_syscall_64+0x103/0x610 [ 2497.819366][T11365] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2497.819378][T11365] RIP: 0033:0x457f29 [ 2497.819394][T11365] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2497.819401][T11365] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2497.819413][T11365] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2497.819420][T11365] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2497.819427][T11365] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2497.819435][T11365] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2497.819442][T11365] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2497.834686][T11365] Bluetooth: Can't register HCI device [ 2497.915275][T11481] binder: 11479:11481 ioctl c018620c 20000240 returned -1 04:11:54 executing program 5 (fault-call:5 fault-nth:13): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:54 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0xa700, 0x2) 04:11:54 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = semget(0x3, 0x3, 0x0) semctl$SETALL(r1, 0x0, 0x11, &(0x7f0000000040)=[0xe7]) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) 04:11:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x2000000000000000, 0x0}) 04:11:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x0}) 04:11:54 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0xd, &(0x7f0000000040)='/dev/udmabuf\x00', 0xffffffffffffffff}, 0x30) getpgrp(r1) socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) [ 2498.034434][T11530] binder: 11524:11530 ioctl c018620c 20000240 returned -22 [ 2498.057778][T11558] binder: 11533:11558 ioctl c018620c 20000240 returned -1 04:11:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x0}) 04:11:54 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) prctl$PR_MCE_KILL_GET(0x22) 04:11:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x3f00000000000000, 0x0}) 04:11:54 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0xfeff, 0x2) [ 2498.154512][T11599] FAULT_INJECTION: forcing a failure. [ 2498.154512][T11599] name failslab, interval 1, probability 0, space 0, times 0 [ 2498.186871][T11599] CPU: 1 PID: 11599 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2498.194539][T11599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2498.194546][T11599] Call Trace: [ 2498.194572][T11599] dump_stack+0x172/0x1f0 [ 2498.194597][T11599] should_fail.cold+0xa/0x15 [ 2498.194616][T11599] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2498.194636][T11599] ? ___might_sleep+0x163/0x280 [ 2498.194655][T11599] __should_failslab+0x121/0x190 [ 2498.194673][T11599] should_failslab+0x9/0x14 [ 2498.194688][T11599] kmem_cache_alloc_trace+0x2d1/0x760 [ 2498.194702][T11599] ? rcu_read_lock_sched_held+0x110/0x130 [ 2498.194719][T11599] ? __kmalloc+0x5d5/0x740 [ 2498.227564][T11599] alloc_workqueue_attrs+0x82/0x120 [ 2498.227584][T11599] apply_wqattrs_prepare+0xbb/0x970 [ 2498.227607][T11599] apply_workqueue_attrs_locked+0xcb/0x140 [ 2498.268565][T11599] apply_workqueue_attrs+0x31/0x50 [ 2498.273659][T11599] alloc_workqueue+0x84c/0xe70 [ 2498.278429][T11599] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 2498.284132][T11599] ? __init_waitqueue_head+0x36/0x90 [ 2498.289411][T11599] hci_register_dev+0x1b8/0x860 [ 2498.294255][T11599] ? hci_init_sysfs+0x7c/0xa0 [ 2498.298916][T11599] __vhci_create_device+0x2d0/0x5a0 [ 2498.304112][T11599] vhci_write+0x2d0/0x470 [ 2498.308430][T11599] new_sync_write+0x4c7/0x760 [ 2498.313090][T11599] ? default_llseek+0x2e0/0x2e0 [ 2498.317929][T11599] ? copy_page_to_iter+0x47b/0xd00 [ 2498.323025][T11599] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2498.329244][T11599] ? put_page+0xce/0x130 [ 2498.333490][T11599] __vfs_write+0xe4/0x110 [ 2498.337801][T11599] __kernel_write+0x110/0x3b0 [ 2498.342456][T11599] write_pipe_buf+0x15d/0x1f0 [ 2498.347109][T11599] ? do_splice_direct+0x2a0/0x2a0 [ 2498.352113][T11599] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2498.358326][T11599] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2498.364365][T11599] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2498.370583][T11599] __splice_from_pipe+0x39a/0x7e0 [ 2498.375580][T11599] ? do_splice_direct+0x2a0/0x2a0 [ 2498.380583][T11599] ? do_splice_direct+0x2a0/0x2a0 [ 2498.385584][T11599] splice_from_pipe+0x108/0x170 [ 2498.390410][T11599] ? splice_shrink_spd+0xd0/0xd0 [ 2498.395332][T11599] default_file_splice_write+0x3c/0x90 [ 2498.400774][T11599] ? generic_splice_sendpage+0x50/0x50 [ 2498.406208][T11599] direct_splice_actor+0x126/0x1a0 [ 2498.411301][T11599] splice_direct_to_actor+0x369/0x970 [ 2498.416648][T11599] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2498.422170][T11599] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2498.428382][T11599] ? do_splice_to+0x190/0x190 [ 2498.433040][T11599] ? rw_verify_area+0x118/0x360 [ 2498.437875][T11599] do_splice_direct+0x1da/0x2a0 [ 2498.442714][T11599] ? splice_direct_to_actor+0x970/0x970 [ 2498.448358][T11599] ? rw_verify_area+0x118/0x360 [ 2498.453186][T11599] do_sendfile+0x597/0xd00 [ 2498.457585][T11599] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2498.462847][T11599] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2498.469066][T11599] ? _copy_from_user+0xdd/0x150 [ 2498.473921][T11599] __x64_sys_sendfile64+0x15a/0x220 [ 2498.479093][T11599] ? __ia32_sys_sendfile+0x230/0x230 [ 2498.484356][T11599] ? do_syscall_64+0x26/0x610 [ 2498.489010][T11599] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2498.494281][T11599] ? trace_hardirqs_on+0x67/0x230 [ 2498.499290][T11599] do_syscall_64+0x103/0x610 [ 2498.503882][T11599] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2498.509778][T11599] RIP: 0033:0x457f29 [ 2498.513648][T11599] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2498.533226][T11599] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2498.541610][T11599] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 04:11:55 executing program 4: r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00') sendmsg$FOU_CMD_DEL(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x4c, r1, 0x331, 0x70bd26, 0x25dfdbfc, {}, [@FOU_ATTR_PORT={0x8, 0x1, 0x4e24}, @FOU_ATTR_TYPE={0x8, 0x4, 0x2}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0x87}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0x4}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e24}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0x2b}, @FOU_ATTR_TYPE={0x8, 0x4, 0x3}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4800}, 0x10) syz_init_net_socket$rose(0xb, 0x5, 0x0) r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r2, 0x4b47, 0x0) [ 2498.549557][T11599] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2498.557502][T11599] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2498.565450][T11599] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2498.573514][T11599] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2498.598193][T11599] Bluetooth: Can't register HCI device 04:11:55 executing program 5 (fault-call:5 fault-nth:14): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2498.672125][T11617] binder: 11605:11617 ioctl c018620c 20000240 returned -1 [ 2498.674832][T11618] binder_ioctl_get_node_info_for_ref: 4 callbacks suppressed [ 2498.674839][T11618] binder: 11611 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2498.674849][T11618] binder: 11611:11618 ioctl c018620c 20000240 returned -22 04:11:55 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) prctl$PR_SET_DUMPABLE(0x4, 0x2) lsetxattr$trusted_overlay_redirect(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='trusted.overlay.redirect\x00', &(0x7f00000000c0)='./file0\x00', 0x8, 0x1) 04:11:55 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0xff0f, 0x2) 04:11:55 executing program 1: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x1, 0x2) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000040)=[@acquire={0x40046305, 0x1}], 0x46, 0x0, &(0x7f0000000100)="fddbfadb6b96f2db6959baa69c5e67caf27bcb9562d7b810d301032abda071e95bf6c1a209b8cf1a3d524314ffeaf22954e2a87e42ca5903bdbb6e7c792fad8d1d23c06032b0"}) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x4800000000000000, 0x0}) 04:11:55 executing program 4: r0 = dup3(0xffffffffffffff9c, 0xffffffffffffffff, 0x80000) ioctl$SIOCX25GFACILITIES(r0, 0x89e2, &(0x7f0000000000)) [ 2498.910486][T11736] binder: 11725:11736 ioctl c018620c 20000240 returned -1 [ 2498.918328][T11737] binder: 11730 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2498.918341][T11737] binder: 11730:11737 ioctl c018620c 20000240 returned -22 [ 2498.949017][T11724] FAULT_INJECTION: forcing a failure. [ 2498.949017][T11724] name failslab, interval 1, probability 0, space 0, times 0 [ 2498.987610][T11724] CPU: 0 PID: 11724 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2498.995324][T11724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2499.005400][T11724] Call Trace: [ 2499.008718][T11724] dump_stack+0x172/0x1f0 [ 2499.013068][T11724] should_fail.cold+0xa/0x15 [ 2499.017673][T11724] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2499.023503][T11724] ? ___might_sleep+0x163/0x280 [ 2499.028362][T11724] __should_failslab+0x121/0x190 [ 2499.033304][T11724] should_failslab+0x9/0x14 [ 2499.033321][T11724] kmem_cache_alloc_trace+0x2d1/0x760 [ 2499.033336][T11724] ? rcu_read_lock_sched_held+0x110/0x130 [ 2499.033349][T11724] ? __kmalloc+0x5d5/0x740 [ 2499.033372][T11724] alloc_workqueue_attrs+0x82/0x120 [ 2499.048907][T11724] apply_wqattrs_prepare+0xc8/0x970 [ 2499.048938][T11724] apply_workqueue_attrs_locked+0xcb/0x140 [ 2499.069495][T11724] apply_workqueue_attrs+0x31/0x50 [ 2499.074613][T11724] alloc_workqueue+0x84c/0xe70 [ 2499.079395][T11724] ? workqueue_sysfs_register+0x3f0/0x3f0 04:11:55 executing program 4: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x803, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) epoll_ctl$EPOLL_CTL_DEL(r0, 0x2, r1) setsockopt$ax25_int(r0, 0x101, 0x7, &(0x7f0000000040)=0x40e, 0x4) r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100)='/dev/udmabuf\x00', 0x2) flock(r2, 0x8) ioctl$TIOCLINUX6(r0, 0x541c, &(0x7f0000000080)={0x6, 0x100}) ioctl$UDMABUF_CREATE_LIST(r2, 0x4b47, 0x0) 04:11:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x4c00000000000000, 0x0}) [ 2499.085132][T11724] ? __init_waitqueue_head+0x36/0x90 [ 2499.090418][T11724] hci_register_dev+0x1b8/0x860 [ 2499.095272][T11724] ? hci_init_sysfs+0x7c/0xa0 [ 2499.099962][T11724] __vhci_create_device+0x2d0/0x5a0 [ 2499.105165][T11724] vhci_write+0x2d0/0x470 [ 2499.109507][T11724] new_sync_write+0x4c7/0x760 [ 2499.114197][T11724] ? default_llseek+0x2e0/0x2e0 [ 2499.119061][T11724] ? copy_page_to_iter+0x47b/0xd00 [ 2499.124178][T11724] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2499.130423][T11724] ? put_page+0xce/0x130 04:11:55 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040)='/dev/udmabuf\x00', 0x2) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_sock_size\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffff9c, 0x84, 0x1, &(0x7f0000000080)={0x0, 0x8, 0x100, 0x654, 0xf1}, &(0x7f0000000100)=0x14) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000140)={r2, 0x6}, 0x8) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) 04:11:55 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0xfffe, 0x2) [ 2499.134685][T11724] __vfs_write+0xe4/0x110 [ 2499.139027][T11724] __kernel_write+0x110/0x3b0 [ 2499.143730][T11724] write_pipe_buf+0x15d/0x1f0 [ 2499.148415][T11724] ? do_splice_direct+0x2a0/0x2a0 [ 2499.153450][T11724] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2499.159701][T11724] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2499.164534][T11943] binder: 11941 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2499.164545][T11943] binder: 11941:11943 ioctl c018620c 20000240 returned -22 [ 2499.165766][T11724] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2499.165787][T11724] __splice_from_pipe+0x39a/0x7e0 [ 2499.165802][T11724] ? do_splice_direct+0x2a0/0x2a0 [ 2499.165822][T11724] ? do_splice_direct+0x2a0/0x2a0 [ 2499.165835][T11724] splice_from_pipe+0x108/0x170 [ 2499.165852][T11724] ? splice_shrink_spd+0xd0/0xd0 [ 2499.165879][T11724] default_file_splice_write+0x3c/0x90 [ 2499.197867][T11724] ? generic_splice_sendpage+0x50/0x50 [ 2499.218056][T11724] direct_splice_actor+0x126/0x1a0 [ 2499.218075][T11724] splice_direct_to_actor+0x369/0x970 [ 2499.218092][T11724] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2499.218114][T11724] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2499.218127][T11724] ? do_splice_to+0x190/0x190 [ 2499.218149][T11724] ? rw_verify_area+0x118/0x360 [ 2499.218166][T11724] do_splice_direct+0x1da/0x2a0 [ 2499.218183][T11724] ? splice_direct_to_actor+0x970/0x970 [ 2499.218206][T11724] ? rw_verify_area+0x118/0x360 [ 2499.249427][ C1] net_ratelimit: 22 callbacks suppressed [ 2499.249434][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2499.252341][T11724] do_sendfile+0x597/0xd00 04:11:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x6000000000000000, 0x0}) [ 2499.257226][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2499.262005][T11724] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2499.262027][T11724] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2499.267599][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2499.272368][T11724] ? _copy_from_user+0xdd/0x150 [ 2499.272394][T11724] __x64_sys_sendfile64+0x15a/0x220 [ 2499.278020][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2499.283712][T11724] ? __ia32_sys_sendfile+0x230/0x230 [ 2499.283726][T11724] ? do_syscall_64+0x26/0x610 04:11:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2499.283746][T11724] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2499.312069][T11724] ? trace_hardirqs_on+0x67/0x230 [ 2499.312091][T11724] do_syscall_64+0x103/0x610 [ 2499.312111][T11724] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2499.312122][T11724] RIP: 0033:0x457f29 [ 2499.312135][T11724] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2499.312148][T11724] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2499.327850][T11724] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2499.327859][T11724] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2499.327868][T11724] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2499.327877][T11724] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2499.327885][T11724] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2499.350883][T11724] Bluetooth: Can't register HCI device [ 2499.420263][T11954] binder: 11951 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2499.420275][T11954] binder: 11951:11954 ioctl c018620c 20000240 returned -22 [ 2499.467024][T11989] binder: 11955:11989 ioctl c018620c 20000240 returned -1 04:11:56 executing program 5 (fault-call:5 fault-nth:15): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:56 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000080)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) r1 = dup3(r0, r0, 0x80000) ioctl$SIOCAX25ADDFWD(r1, 0x89ea, &(0x7f00000000c0)={@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}) getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x18) 04:11:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x6800000000000000, 0x0}) 04:11:56 executing program 1: r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x6f, &(0x7f0000000200)=0x3, 0x4) r1 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x800000) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x240081, 0x0) ioctl$IOC_PR_RELEASE(r2, 0x401070ca, &(0x7f0000000080)={0x8, 0x8}) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x5, 0x8, 0x8, 0x712c, 0x0, 0x6, 0x9}, 0x1c) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000100), &(0x7f0000000140)=0x4) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x200, 0x0) ioctl$VIDIOC_RESERVED(r3, 0x5601, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:56 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed7d, 0x2) 04:11:56 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = dup(r0) ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f0000000040)=[0x3, 0x3c1e]) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) [ 2499.637551][T12071] binder: 12063 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2499.637563][T12071] binder: 12063:12071 ioctl c018620c 20000240 returned -22 [ 2499.655330][T12065] binder: 12062:12065 ioctl c018620c 20000240 returned -1 04:11:56 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/udmabuf\x00', 0x2) syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1) prctl$PR_SVE_SET_VL(0x32, 0x2d208) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) 04:11:56 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed7e, 0x2) 04:11:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x6c00000000000000, 0x0}) 04:11:56 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x2, 0x200000) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000100)={0x0, 0x3, [{r1, 0x0, 0x1000100007ffc, 0xfffffffff0002000}, {r1, 0x0, 0x1000000000000, 0x4000}, {r1, 0x0, 0x10000, 0x8000}]}) [ 2499.788119][T12115] FAULT_INJECTION: forcing a failure. [ 2499.788119][T12115] name failslab, interval 1, probability 0, space 0, times 0 [ 2499.826499][T12115] CPU: 1 PID: 12115 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2499.834181][T12115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2499.844239][T12115] Call Trace: [ 2499.847544][T12115] dump_stack+0x172/0x1f0 [ 2499.851879][T12115] should_fail.cold+0xa/0x15 [ 2499.856454][T12115] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2499.862259][T12115] ? ___might_sleep+0x163/0x280 [ 2499.862281][T12115] __should_failslab+0x121/0x190 [ 2499.862301][T12115] should_failslab+0x9/0x14 [ 2499.862322][T12115] kmem_cache_alloc_node+0x264/0x710 [ 2499.872095][T12115] alloc_unbound_pwq+0x4c5/0xcf0 04:11:56 executing program 1: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) [ 2499.872118][T12115] apply_wqattrs_prepare+0x35e/0x970 [ 2499.872142][T12115] apply_workqueue_attrs_locked+0xcb/0x140 [ 2499.872170][T12115] apply_workqueue_attrs+0x31/0x50 [ 2499.902965][T12115] alloc_workqueue+0x84c/0xe70 [ 2499.907712][T12115] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 2499.913415][T12115] ? __init_waitqueue_head+0x36/0x90 [ 2499.918683][T12115] hci_register_dev+0x1b8/0x860 [ 2499.923508][T12115] ? hci_init_sysfs+0x7c/0xa0 [ 2499.928174][T12115] __vhci_create_device+0x2d0/0x5a0 [ 2499.933350][T12115] vhci_write+0x2d0/0x470 [ 2499.937658][T12115] new_sync_write+0x4c7/0x760 [ 2499.942324][T12115] ? default_llseek+0x2e0/0x2e0 [ 2499.947168][T12115] ? copy_page_to_iter+0x47b/0xd00 [ 2499.952257][T12115] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2499.958472][T12115] ? put_page+0xce/0x130 [ 2499.962698][T12115] __vfs_write+0xe4/0x110 [ 2499.967005][T12115] __kernel_write+0x110/0x3b0 [ 2499.971670][T12115] write_pipe_buf+0x15d/0x1f0 [ 2499.976342][T12115] ? do_splice_direct+0x2a0/0x2a0 [ 2499.981345][T12115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2499.987571][T12115] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2499.993612][T12115] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2499.999828][T12115] __splice_from_pipe+0x39a/0x7e0 [ 2500.004842][T12115] ? do_splice_direct+0x2a0/0x2a0 [ 2500.009850][T12115] ? do_splice_direct+0x2a0/0x2a0 [ 2500.014850][T12115] splice_from_pipe+0x108/0x170 [ 2500.019675][T12115] ? splice_shrink_spd+0xd0/0xd0 [ 2500.024610][T12115] default_file_splice_write+0x3c/0x90 [ 2500.030052][T12115] ? generic_splice_sendpage+0x50/0x50 [ 2500.035495][T12115] direct_splice_actor+0x126/0x1a0 [ 2500.040585][T12115] splice_direct_to_actor+0x369/0x970 [ 2500.045933][T12115] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2500.051475][T12115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2500.057695][T12115] ? do_splice_to+0x190/0x190 [ 2500.062353][T12115] ? rw_verify_area+0x118/0x360 [ 2500.067180][T12115] do_splice_direct+0x1da/0x2a0 [ 2500.072024][T12115] ? splice_direct_to_actor+0x970/0x970 [ 2500.077550][T12115] ? rw_verify_area+0x118/0x360 [ 2500.082376][T12115] do_sendfile+0x597/0xd00 [ 2500.086774][T12115] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2500.092039][T12115] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2500.098259][T12115] ? _copy_from_user+0xdd/0x150 [ 2500.103091][T12115] __x64_sys_sendfile64+0x15a/0x220 [ 2500.108265][T12115] ? __ia32_sys_sendfile+0x230/0x230 [ 2500.113534][T12115] ? do_syscall_64+0x26/0x610 [ 2500.118197][T12115] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2500.123469][T12115] ? trace_hardirqs_on+0x67/0x230 [ 2500.128473][T12115] do_syscall_64+0x103/0x610 [ 2500.133043][T12115] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2500.138943][T12115] RIP: 0033:0x457f29 [ 2500.142830][T12115] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2500.162413][T12115] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2500.170818][T12115] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2500.178773][T12115] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 04:11:56 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x8, 0x44000) ioctl$VT_RESIZE(r1, 0x5609, &(0x7f0000000100)={0x3, 0x1, 0xffffffff}) arch_prctl$ARCH_SET_GS(0x1001, 0x3) [ 2500.186733][T12115] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2500.194679][T12115] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2500.202624][T12115] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2500.210919][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2500.216704][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2500.222574][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2500.228330][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2500.235174][T12115] Bluetooth: Can't register HCI device [ 2500.257221][T12286] binder: 12283 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2500.257236][T12286] binder: 12283:12286 ioctl c018620c 20000240 returned -22 04:11:57 executing program 5 (fault-call:5 fault-nth:16): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x7fd) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x8, &(0x7f0000000100)=[{}, {0x0}, {}, {}, {}, {}, {}, {}]}) ioctl$DRM_IOCTL_LOCK(r1, 0x4008642a, &(0x7f0000000180)={r2}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000040)={0x22, 0xb, 0x2, 0xed6, 0xffffffffffffff92, 0x2}) 04:11:57 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed7f, 0x2) 04:11:57 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) 04:11:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x7400000000000000, 0x0}) 04:11:57 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x400) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000040)=ANY=[@ANYBLOB="00ffffffffc83cff32"]) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x90) ioctl$IMADDTIMER(r1, 0x80044940, &(0x7f0000000100)=0xf4272) 04:11:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x7a00000000000000, 0x0}) 04:11:57 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed80, 0x2) [ 2500.526032][T12473] binder: 12450 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2500.526045][T12473] binder: 12450:12473 ioctl c018620c 20000240 returned -22 [ 2500.529574][T12414] FAULT_INJECTION: forcing a failure. [ 2500.529574][T12414] name failslab, interval 1, probability 0, space 0, times 0 04:11:57 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000180)='/dev/udmabuf\x00', 0x2) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cachefiles\x00', 0x400, 0x0) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000140), 0x4) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x20002, 0x0) ioctl$PERF_EVENT_IOC_ID(r2, 0x80082407, &(0x7f0000000080)) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) [ 2500.609398][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2500.615220][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2500.639551][T12414] CPU: 0 PID: 12414 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2500.647225][T12414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2500.657290][T12414] Call Trace: [ 2500.657362][T12521] binder: 12519 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2500.657373][T12521] binder: 12519:12521 ioctl c018620c 20000240 returned -22 [ 2500.660588][T12414] dump_stack+0x172/0x1f0 [ 2500.660614][T12414] should_fail.cold+0xa/0x15 [ 2500.660632][T12414] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2500.660652][T12414] ? ___might_sleep+0x163/0x280 [ 2500.660668][T12414] __should_failslab+0x121/0x190 [ 2500.660691][T12414] should_failslab+0x9/0x14 [ 2500.705381][T12414] __kmalloc+0x2dc/0x740 [ 2500.709643][T12414] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2500.715375][T12414] ? pwq_adjust_max_active+0x3b6/0x5c0 [ 2500.720845][T12414] ? alloc_workqueue+0x13c/0xe70 [ 2500.725792][T12414] alloc_workqueue+0x13c/0xe70 [ 2500.730569][T12414] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 2500.736299][T12414] ? __init_waitqueue_head+0x36/0x90 [ 2500.741596][T12414] hci_register_dev+0x209/0x860 [ 2500.746458][T12414] __vhci_create_device+0x2d0/0x5a0 [ 2500.751666][T12414] vhci_write+0x2d0/0x470 04:11:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mixer\x00', 0x2000, 0x0) sendmmsg$nfc_llcp(r1, &(0x7f0000002240)=[{&(0x7f0000000280)={0x27, 0x1, 0x1, 0x3, 0x80000001, 0x2, "217bb4fb5b6cf57702e4ccc1753435d0ebc34ff97fa80ff3344a3cdd5a2e5cbf5ba3504da63285d4aaae92eab4adfa8ff0930548ad71f8bb40cd43c4e4a31b", 0x32}, 0x60, &(0x7f0000000000)=[{&(0x7f0000000300)="9bd4235be49fab23912551a327707454533efd3756bf9ba9455542095a0cc0a672168ed128a25bfb15df9d2806cda4e1c0184825ff7c3fd6d9a0e52f1e90e8121c0166f5ebd721dc753ddafd51df9d676fd9d6bb38f0d9f806e42276f3e402138e3f92617cf9863daafb6e65e673e4c84d9d8f33b730843bf78d7050870628bc1d0ee69cec991d27252e66e46af3b9f842b3ca00746580c00ede0cf941ddaeffa43554c40dc409c4f65577887792cbb6db1cfd7ccaba7cc8173043cf66f1f06aa241e81faeaf8aeb3c4e86f7aa", 0xcd}, {&(0x7f0000000400)="6a8a0fa28af6541be04206205ca8c6bfce902e09bb45d9ada9dd9d9cc1e27c0bf0762e2514b73ba3d12fe63ef8906e8c3ebe2679b3effb57aa1f2824c6a5a92f570b031636776df714f5640c229d965999531d75fa1b7ad92ad55f084350fb89e00ff4fa36ba0eff8ab2683d49b8a8f81b9b1deb40e0a344f72d108a42d96be9f87ae2c68076007e87363727f495a0e35985", 0x92}], 0x2, &(0x7f00000004c0)={0x50, 0x19f, 0x7ff, "55b68a7dad76712471ad04637387fc3d03e51a62e06ffd5e9412ee11dd55898ed445078b503797a100bf8101ed9d571af7df22532d3134b7d515c379ed40e7"}, 0x50, 0x40}, {&(0x7f0000000540)={0x27, 0x1, 0x2, 0x7, 0x1ff, 0xfffffffffffffff9, "055cdf9e6ac344c78fb7ea9ff17bad0000000000005071b297fe2168e0837cf4d6788a4c1957d56bb052632810cdc90000000000000100008000", 0x1e}, 0x60, &(0x7f0000000080)=[{&(0x7f00000005c0)="73ff56e8d337f4817a3455beca27d108e4dcedfe8d7394bcef89264d1447382360f98985ebbdff3e39a42ac1517acc34267f9ca706bd1cd5c7662b9a92a4d8da5e9769eaf42256bcc612b729bcfa30e476c8a57019c7b20dbd5538a1553453b2847b1b52e58af62963f0c6d217a3ca498170580f7b9579e4fdb4766604122005dc2fd4fe10d9953d3ade774f20dc0198461134484615a825f5e6c72430", 0x9d}], 0x1, &(0x7f0000000680)={0x48, 0x11f, 0x62, "729bef11232411f40c0b570c95cf5132889a5eacafe0e06813b927e012cf4405d56dc3e3e1ce3783908d1ffe0bcf5935a9ed76aadf734f"}, 0x48, 0x20008084}, {&(0x7f0000000700)={0x27, 0x1, 0x1, 0x5, 0x7, 0xffffffffffffffb5, "1b00f6b3fa1cc516b66365fd3dc00e0368a8c56dcac759f8ee03a2bad1a6c5ca1f442e761bf16715c3aae378f228a0816b71a2f1facc29ccfe12c1330b3ed4", 0x9}, 0x60, &(0x7f0000000100)=[{&(0x7f0000002340)="3fcbb7e28c9053925a3927c7c32e5028bcad437764372c079d91fb3c23146e80a8e16a44930bca45b4558c5adb4108f578406574b5f4ed3b4947fa72cfb857954ae9581cc8aa8120b4469c3168c480f1b9561c3d", 0x54}, {&(0x7f0000000800)="7d10b8e56c82a95b019c261ddbba08c3d949a75dbe16afc5da7e64b81c8dfed0802083a507fb1d34611f5e26788f25aee34681e12894ba157e6aea3ce4f7c0f11416850d9954060c3ff255e8dba7df86b22637fde6efbe6c9e005bc96a0b9f61f03e016d99ef28f9dd052b4db76f44c525a6942cb8d49f6a320ff6cbf505a0e73d7e081ce1f161714dae72a6018910a5f137bb2f71df3cc8f8f2da98ca56e44ef5d9cfa5f04ef6fdcfc79351d471fdc08dc4569fbdcb52f91a2e799113", 0xbd}, {&(0x7f00000008c0)="e453e402fa78c8ba000ca057b8249b3e1514c650a2e5e5ab376ac5787f642afd8b84c10fd16dbfe1869406e4869679dad52801e2ff25cb3fa6900e4898c615a8de635dc4daae5211fc0fe313176ddf6e852380d1ac1e8f66b1393d7b522e6c8c3ef59c8ce8b43f13b6a1517c5ce7d67f40d82fff3b81df1be9d7856338989502ddb84592bbbed1f4f3f5ba0b18e6900703485ecc22417afbf307178573f00ab7099e374849374341935438ce655a1dc28602330d79f0fbbec92e38b4e7161bf3a5060fa8e6dfb4b23a7714cc38b9e981b6740299aa01f06c40a7e41b937834ef18405a8b23e84d40a7b4dd269c0d5cea6064024f24b3f8f0c6b1873a4fad6f3484b51f4aa0be3a1d28566c94920af51f98aa6a9b665f76057a0f1009007d9266066f0db453459fb652fc34e4bcaddb46eff29a85bab5e6b10927157156298874a7fef500f5c058d77e7ab3bdcfa1ab12a40d26e10b1a7a0af488a036a671a606354852d1f969cbd3dd16716a82efbf68c962090a0d9096aa5849ad1bc1103d62da1c1938f5b4c1458f9fcc739e82df8f74ad709d2806a72aae4a12f7060fa30e17bb2eca4ecb9d7c981924f23f7bb4e400b1fbf55ef9fd1dc0f70d555b642a9de20aa83a0996255ddd2854b0440dc4ff3a27e7383ca0f4321c24b3f9c4f9abfd983c819ceeb00d305f958fc0c273ffe6164f3e407be254ec40037d47323b6f4c2862d29b3e4dadd5f6f2fe3fa9937294db19e2d71e3f286d2d1e22629a32f2329da1c74c8dc7d0c4b4ecb512931022849ec19e7e948f0d98a92d94ff3aa0fcd020be988ad3b0b2b6789c78eae354ea1638fd9eb2cb48b97205f70cc7fff41e9066890f205ad3d47b1695e0585b41afbc1afb99f4b6df15033da38ef0ceadec4aed8b71db77cc711c3e5e2e34b23beb138bdcff185dc0f468d69de7653ab42bbef3d2724a4b7b18a33a915d2965e57e2931988cdbe9dd314eb6d5947620ac07f2da9d3ee3a99e0db3bf11746a3d32e36b761209e4bbe9b10f35638b8d49d90fa2b780b9a3f60e95e828d72fcce05400ae46f608a4dd68ab0138761b02b0cd2a08844d988778be23e74179d1e3a14ffdf54f5b704b8c3a0b76042ea6e555c587189aebc1c8b7d3f163e442ea5a1c83b4a8a7a03a714d7d34116b9808498ac7ff3bc4f94dc266e2d0b54c8653300c978b5d35220dbc3ecca1786700d7c89752886fcb58473f700565e1c9728b9ed1f413b63ad1247680d0d94f8a269ee0d5eea8b52c28b0ec3a559567ff72874b9ea9f3dc3d87102b905d7e7b4454d0845d3ab0921280dcf4d9b59772e2895ab707e5c7cfcc19b37d64c5850c2cdac8049a0cebb37183698644b5b00f64273f1765e014d055e4a74b743f4865fd6c2d357a7a95be878f4bfe987c2e41af01d6291028688450281de1aa9d3943323acf36dc8363186975c1566f7ae4431a5c695a7e65b22aba8042f78076dce3df4ece2d47cbece000f79679e1b297e99e59deeaf219c4c23f8223fe69ac050e87983bae54c7814ce4293c28215bae93a7fb58cbbc89ae168b033ac9a4bbce11b8cace856c7ce4b4bf07be4c0aeba1976a653f815c09e76488ad30667f99729300ebd425d1c427b157011db13d51948d3c403831f1f8724677cba7457c47ed3e959471c2eb9a7a139ad612e4dc4213f717bc3eb3d84850e88fb133a73c92289c69ef5159ab25762d58dc3a0e5039419ca10d3324464ac906af0a781f6559b8eeb2f3170ec4522b025bc7bf1f18e55c87c42ba0df71668e209a87a8a8be8de504df966710de3be75b56c272695dc24173d59064341b5aac95b0f650aa34a1c99a19afd38a0785578cc8f864ec958d2a9bf553b90b5f2b3762f309db516293c1cc4c2ae628c301bc7c42f826190dfe942de5b7651c035475c843edcd1a90cd5ce60ac2fe0998e6923263238ab288c7a30f8a8aad6fd56a7233102f524a861562a6c5104a9446e321824f4a76e73971fc57d5eb46f1a9866cce5292736b2f7263ff26448ac3f8f134373fc58d0d274cfc39c5e8c47e5a77f7af36a89350b07ebb7af7ef85d50661b71c40d7f0a4ada274f20ff58e234ebfdbb0fe7d52bbde2a89cbc33fee0912ee00f52e5ff7b275fbc1b8603a3eb6b8b72e698a6cf34f7d9760a0db94b0fe1a21f8a0a1777b815e56ffc78e394e6ef6a50ab3750a3fd72fe2ce6e4e9e94fe41070d1e191a7d9460e5b02ec259c7396a1c56ad706f44d82bdef3280822893386f4e9bef23e0774ce90d571ce2254f7502c860ca45fdad0b74642c768b4ed419f676ddf3d04443c9475117742731d7c6e4b114db2a61a0b2964ab825e58b8f53bc24a722ba6a834fc1efe00ffa4fb3dae0ba661057348df933f7f84f0119a9ab82ad251f88fba94c6dd050afb7e10464da607bf3a798e31c9f65eb503936e31fa3f2bb7b6f4f49d3b521525e03670e1dfeec53fca703d6f3d203575dde31b5fe7767133b21c2f900c72b8c50bfc71df01853478c1d5a573f9623a564cd1fc2a5032cbc93f9c50cf91918e785d1a4889466b0a8851d51fb81487f369b7df93f9936cd2638fb0189011707e707b81c2da490b0ebd29913ae3ee18d36321da688b8b961eb2742f8f5dbe8866b853a802fa9a141584469be7c601b394b408353332323888dccf17c93792f8ba1858cce9099b4cfc1ed58daf78de5e102b2616fd2402c6d7da451692b0995400a0d61763172072253d7c06f70ac8beeb4b2ae6ccbe3f6a87e8592c8c56de286d653b562d9def2ef2153fc5a94b6222c410ccf988a92ddfd96be2c52c16f86c05e840b103449b6d733be6093e7bb39df8db362acbb6c50170158a405877e139780a6024d4c4e55345c3c626875e026f72de0a96bf69d036bd743d4ee3ccc0f69b003f115057a147e20171d2ec004e4c0b8667e2f04feafd874b5f4279cc5b8979025f4502e2b96f1dd1e0e26bf7ba9a3b41b0698ad5c84a013c1d2044afdeb0d0349d60902043ba00a81e677e0cf51f28424c04a71d1c92b5b7fbc21d451c017b22ee56a429d73debfde70eeff81a616609b6eccb2b10a96b153853220f5d8e8cd285ed4f6840597348498aefbe8f8d7c08c35f4bea0c0931177c837ac69b9d30ba6d7edd1deac5762c4734fc449d20efd61a2997cd045c0d2f1a83023ec173990783ea76f6f43f2c8c11fdd0567ba4ee6441f8a63e06e6df9ee18f3e3b9ab29ef780326879c16b627688d220ecb760bd691cfabe8deeb8a53d5281ba4d3c087a6d5c1adc0c10d8f5f8edcc7fadc21eab9f93ae424a96ccfe99f5667028526372ecbdd8c4cf3db03d52bb9db2b6ed90fe57e57ba5e9582aa3d0ed0f72786a735f473e21498c5afdc2c212c2943e1119061d059a8ae0530e8340446f36109d8497865c958ded88261b068c1a7a32cd106b330282503795aaa17bad009f006899d1e28a78c714361e6794a77236102831f1adaced79dbff5f0be777d9e8ad46f545d0b1c65ae5fe228e77b3634a7b7a305138efa0b1105673a24543116c8f3d573847a203323319017be3bccafbe09cd19ec01d810e78bdcc1972a3a4ad6aaa7b45c57ca50fc7b12b235ba5d99a06fa85fdc9de4cf0a7e34953bca21529fe1424c6f9bf4998aebbe1cee402fccc1c7000184767e5c30aecea43d8bd19e37819c807ec5097f2ddb80907e5a234e123c54b3fa917888e89d1adc6c792141593f0669b5e7bba3f8b3d9ded69f6756e74e7dc5169ddfd8b1ac318710010f68f5534ad19462e56f12b283610f5123170845da90aff684de478eb10717b4805e7d5bb4612ca78046409a6b37c815d19f75a9ba4db824c154e905f375b84b5eb2115c0f9658f0d3d0ebc95ff072a4ef6e5decc6f3892d558e37778b3da8939d0a9677df6523f8e93ca894d41708954330987f1a461ef346d2e43dd8416b336ded9596e28a423ae6cea4fd1301463fd92623df727840824c78f1cd1e242a0df1fa035a32a3f6a48bb6adb6c5a759bf19e59c61e04fae02357169c0bc810e967043a8e900a079c31dddbb74a187655d58e705e1c082d48e4f7d6f8c398a8e974e0707bd56342bfdb7f0250f534244e9ab200ccf4aecfb85939482e43e3da40eab1c3ab7d624aae83ba0a9bf2b8105fcc90a35173e04dadf470a088f827cf065b8359c3e8d095c8d82c1d212929622d18fabcd566b99df8451deebd334a836a91cf9161cdfbec19a396a2a98d21fa6e464929332fc7166b29981d62cb193f4c9a8507836264f5952762466c9d94ba67a4b4027677e82955c1decb5f33efbd1e8af4347220c386eb68fb8265614419be266def028a60d651112747e9aedd188c3ce63fa9333cf835cf7fad8d3f5f5af6032a9b1a65f5622f0bf9ccc04e0ea0b9ac5d2e971e574c9de4558a309e86accdb363e5d65f2eca251e40559883648b19f983f91ada61cda9edf4be8723e7f44dc30ee76a00d22d200ccc26e59a48f0c664c3b014f1baa78e01f1e8030f12c7dd3cb7cd34ac95a9b19347c5f6863690ce78b008bd1a7bcc9e44e64e5992000c713a3ca61f0e277aac5166b6eecfeff1f5422e8eac3b021818b285a92b5b21b37adf0044793e1e65ca172eb065c1ff210b65d59e5ee0480d45c11bc44698db0e527e0a0a652c6d645de20cdb327c0f0f026d8c8abebc8ab2a15926e77213af701b38824ecf17fb45d301b68ce19dbdc8cea94783b0fcf0efe48e1fe4dde9b608668322c40c186bcfcd8eb2f6264119e894c7ac921910b834f1c3d5821a02bf98f5ecb6e41f3b7f46810b129967b4b539e2ab8dbc54ff04527991089027c997c789ac5cc1f0425e6af2717c108f6a6687d46d63448a95403d75dc76a8924010e4e265be8acf19ec9bcbe5188ef3cc20fb2fe277455e3eb332db8f6efe100ffc8c665de80e25c648c4b1951bdf12f13aea8152abb87b8350e7562b53b7ab22f43e8ca842fa825a0aba7252fbb4ed0e36629e2ba3abc1db89cce98521caa31ed25eee9b0927123f2df602b562a3bc6d67e169d5d7cdf335c2363c8aff2e045bdf3d27fd2961f0785a82f8bf47e31bbc961a02eac9e41ccb0315e869a45f1903972b0e17d37ab277135b197cac81aff62903a2ec8aa527700d01f62fd51f94bafb808d48c9230a01390ef6cf8f35b609bfde22e9202805e2c16bae7c8d77faabcd735f509b8f47b4d55563a0d9f13f05e124046feb05f42d3a9439711f0a50efc45c8bfe087daa7ff870486ea836f7a1e0c991409355a827658a7f2170482c7978edae93c74ea58c09d9501be50782749b1686e95603e98693f1b2a554a202f9e587ad903915b94db071f322523952f413baa24f5957ec3d0299bb633afec3ffd6139f55f9d75857853b5f304a1850d9aea0d79ea3c6428e0ccb3be804bb35bd7ad91ca67cf6db1baf6f87a341eefef34dd47f568bd69cf29173357e68733f3d7010f9032f43223a30ce2c17190a211924a290e3b6325bfa85581d3440f2198b047b81adf7f0d294d46be3030b089ba3c9fded19d288df94b4db671cb70148667ada17a538f03f0128956c65086f15b8739c1da7d34b8c37a4b9e48385b7daf50d48a72634f81e60fc0723ec68454b6ad859243891228d63b4e9331ef1c239b739d6b64824b390276de69591bad7fde1b25b993c501b4da9df826a58ac0cd0193b24c2e2aa474647f186632eb5e40d6981b9f410d5c4abf98b254d69cbe57a62d9f51f61da2871d9d8cd7fd4f12dcbe3fb06f6169a57150b8960cace2e5a274c6515fec0adc88c8a52bd6156c716ad70a7fc2b", 0x1000}, {&(0x7f00000018c0)="7a2c02059bdb5aec11f231d97dc1500e31a7ac03c63032558275a00e3c9daff01eab0719534de1bc28f377133d990bc97288f1870e80d8fd60806d6e51597bea2594cb10f6e3310f637be0f1fb177bc3003a16ad9aaf00d3bedf807cc5e08954bb431610fe11c52272ace382b3f12285c3a093be36900434ad04f9b03432cc5b682b61f337f80bfc0046ea65a1ed5b9b23c771abb8c253a7cbf9965cbfd7702a9552921c632209b583cb5512ac34cc97d023ff4323444aeb11b23e4093aee89f7480dc2af8823906d3d1c60db8fd8d7f44a369d394f6a0c2865b2c6b35b2b6824fd66357eeef1d1ea743d1aa99bd6540e41fe4da7cafd6", 0xf7}], 0x4, &(0x7f0000000180)={0x30, 0x29, 0x7, "7b0462b5f9ca0f93f7558d65dd17452a9ef528ed14ace125acd329d6193d4b33"}, 0x30, 0x4000}, {&(0x7f00000019c0)={0x27, 0x1, 0x1, 0x6, 0x0, 0x5, "3b0ebbdb5a8a14cd505705d50452b337d12f02b150604787ed18b591ad4b2b03223f102ef07a7ff423ab8fec114228171be63c974f74666a247d8049f9b1f3", 0x3a}, 0x60, &(0x7f0000001e80)=[{&(0x7f0000001a40)="f03d9744f64200a7a0c944d87f74763b2fd7a2d9c870c49c0d45d3ad01f8c7b02bbee7ff826c921f6df76772b97f8058cf75dde4c6a9fb25e11ffae567c7a606ff7188ff1760c78470ab2aea454a1f1be3f98c9df185b8d979c031e2b35a6547a9bdbdf8e9a8c71a00599f6ae6e9d9b2eac3a24f3228bca6ca0ae625cea99b0ade40a6de3318990634914deb65622a8810d04fec5ff3d28e0fba1bcb3503", 0x2f}, {&(0x7f0000001b00)="2301c03d582ef9da505f7f56fe8c8a13d104b13578f8", 0x16}, {&(0x7f0000001b40)="ec920f5faaecd7aa3cb5833828e97e63d7865172c5ca8407db9f2d0e24e321348acd2198951ec06295747b5e58a4b5b03d2c172fe542579605659009d443d9b3aa8d0d7134960671d10731cc74e49f2d20d1d4d9164833bb4e8d282752642381bb3ff0fa37767546843d88c843827c8ec2998d8a4c83f441cfe510478f04cb50791b64db0544f863331374cadea929dacf2e1833230e326064c0f8235dc7cb5b10ccd8a1e542e355a44560452d84d30f1df1b92385fb9a3cda211bf35d4ae5556c4b9fb281a9d6e906c6947d13ce58094b7ad3b749108bba6b9e616d1f6cd8fa9e05e9f3e26e2c7aa4e4e2ffb658e93b26517eeb854f617a7befb05a", 0xfc}, {&(0x7f0000001c40)="acfbf93cbb3f71a9f8ab80610b29c74fe1e8ebe6d4f5f90d53af9f6b7c03387c76b865eb2f890bf422fd038c42bb0608ce08b3a33bd6e05201cbfc75aa", 0x3d}, {&(0x7f0000001c80)="3ef0a1628b362ce63efe4f03f63b6b1b6e035c6e6ebe8c155a9e421a6dda2fbff9b7349f24311b1d370e01c5fa57541573e103c6dd13ed082391b040ab0853b16c08428eb136db6f0684f7fd2c2dcb9c1ac4df858859868ef114278af8e99e5ba9552e5a3ad2134ccaa55b03f9cafe910f338f404edc151a852e6cb524e13ac9a6bc1ee981d4b0b9813c5d8ead12cb414dc825cb1f0b501eb3cdcc6f8fa3f4ed52eeb24279be488213ba82ff28f18f1803e5e450090ec667b918966a9bd92f191b1dd9ace4332f0c1e7265987874772fdc16e1e2156e29344c47dea81db2f4d23606b79582ded339b332e2b8058237cac9621dc715b89adb440e5cf75f", 0xfd}, {&(0x7f0000001d80)="239a3db6a2c5ec0453c20854a3a430ff5dbd46a0ef1549fdeaf033c8fc83ba68070013bc185b96365210217a43565993977f09a765eeb523f8d63b10eadd7988a040039c5cfcd34f9d970d0f9950bd04ef991f7173f48e72756b1400d270077f47a8d251ba1f5ff85ff945f3ffdd88cc7b7b2907708206cf9a58cd83555eee7f4d4f238a78c5525b9fc2b735f8a75dc88c404aa93505c9f289674da41db2de1bbb682d01d06404b452c742974d38cccebd8107e66588f1a9e7d3b2a55cf0bdea28", 0xc1}], 0x6, &(0x7f0000001f00)={0xe8, 0x11f, 0x1f4, "fc31e0cd6ce7408e58f6c25acd9b28b59464bf45123b12dc5bbbeb0bfd1eb0d96fde93698ea552934fd7725a3169cf4b10aa84e4147f28f05caeb8bb06e77519283cf227667f437363cc79e1dcfa56fa02df60bf41a96a513ff1c3d39b51f3e7e7b11268eae5f27c9d7d7cd2cf4bfd6b393070e3d721fc637eccf0e6479053e43e723c4ed41b990cb765474efcf591fbaba7a0dacc70c56e0a3c3e8b7582a41641104635ba96a114b2cd2f9d8284b01a4d388ba03ddd9c1dc8daaa7461615116019d65ce76ed4f03623d4c59cad1cecefce01175cf7780"}, 0xe8, 0x4000}], 0x4, 0x4000040) getsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f00000001c0), &(0x7f0000000200)=0xfffffffffffffe8f) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000040)={0x200000000007, 0xfff}) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000002140)='TIPC\x00') sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f0000002200)={&(0x7f0000002100)={0x10, 0x0, 0x0, 0x40010082}, 0xc, &(0x7f00000021c0)={&(0x7f0000002180)={0x28, r2, 0x0, 0x70bd29, 0x25dfdbff, {{}, 0x0, 0x410c, 0x0, {0xc, 0x14, 'syz0\x00'}}, ["", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x20004004}, 0x81) [ 2500.756004][T12414] new_sync_write+0x4c7/0x760 [ 2500.760685][T12414] ? default_llseek+0x2e0/0x2e0 [ 2500.765540][T12414] ? copy_page_to_iter+0x47b/0xd00 [ 2500.770665][T12414] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2500.776911][T12414] ? put_page+0xce/0x130 [ 2500.781175][T12414] __vfs_write+0xe4/0x110 [ 2500.785514][T12414] __kernel_write+0x110/0x3b0 [ 2500.790203][T12414] write_pipe_buf+0x15d/0x1f0 [ 2500.794886][T12414] ? do_splice_direct+0x2a0/0x2a0 [ 2500.799915][T12414] ? nested_vmx_enter_non_root_mode+0x5740/0x60a0 [ 2500.806333][T12414] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2500.812588][T12414] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2500.818653][T12414] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2500.824902][T12414] __splice_from_pipe+0x39a/0x7e0 [ 2500.829934][T12414] ? do_splice_direct+0x2a0/0x2a0 [ 2500.834426][T12573] binder: 12567 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2500.834437][T12573] binder: 12567:12573 ioctl c018620c 20000240 returned -22 [ 2500.834967][T12414] ? do_splice_direct+0x2a0/0x2a0 [ 2500.834983][T12414] splice_from_pipe+0x108/0x170 [ 2500.835000][T12414] ? splice_shrink_spd+0xd0/0xd0 [ 2500.835026][T12414] default_file_splice_write+0x3c/0x90 [ 2500.870979][T12414] ? generic_splice_sendpage+0x50/0x50 [ 2500.876448][T12414] direct_splice_actor+0x126/0x1a0 [ 2500.879250][T12573] binder: 12567 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2500.879261][T12573] binder: 12567:12573 ioctl c018620c 20000240 returned -22 [ 2500.881567][T12414] splice_direct_to_actor+0x369/0x970 [ 2500.881586][T12414] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2500.881609][T12414] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2500.881621][T12414] ? do_splice_to+0x190/0x190 [ 2500.881641][T12414] ? rw_verify_area+0x118/0x360 [ 2500.881657][T12414] do_splice_direct+0x1da/0x2a0 [ 2500.881672][T12414] ? splice_direct_to_actor+0x970/0x970 [ 2500.881700][T12414] ? rw_verify_area+0x118/0x360 [ 2500.939270][T12414] do_sendfile+0x597/0xd00 [ 2500.943699][T12414] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2500.949002][T12414] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2500.955248][T12414] ? _copy_from_user+0xdd/0x150 [ 2500.960117][T12414] __x64_sys_sendfile64+0x15a/0x220 [ 2500.965320][T12414] ? __ia32_sys_sendfile+0x230/0x230 [ 2500.970616][T12414] ? do_syscall_64+0x26/0x610 [ 2500.975296][T12414] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2500.980594][T12414] ? trace_hardirqs_on+0x67/0x230 [ 2500.985626][T12414] do_syscall_64+0x103/0x610 [ 2500.990229][T12414] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2500.996123][T12414] RIP: 0033:0x457f29 04:11:57 executing program 1: syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x40) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000100)={0x0, @in6={{0xa, 0x4e22, 0x5, @local, 0x4}}, [0x25074825, 0x4, 0x5, 0x100, 0x5, 0x34c6, 0x15, 0x108c, 0x0, 0x6, 0x800, 0x6, 0x22093f59, 0x6, 0x1]}, &(0x7f0000000080)=0x100) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000200)={r1, 0x77}, &(0x7f0000000240)=0x8) ioctl$KVM_DEASSIGN_DEV_IRQ(r0, 0x4040ae75, &(0x7f0000000040)={0x10001, 0x10, 0x2, 0x605}) 04:11:57 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed81, 0x2) [ 2501.000022][T12414] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2501.019624][T12414] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2501.028043][T12414] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2501.036031][T12414] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2501.044016][T12414] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2501.051981][T12414] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2501.059960][T12414] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2501.075352][T12414] Bluetooth: Can't register HCI device 04:11:57 executing program 5 (fault-call:5 fault-nth:17): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x1000000000) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:11:57 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)=ANY=[@ANYBLOB="0004000000000000"]) 04:11:57 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed82, 0x2) 04:11:57 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000040)={0x0}) ioctl$DRM_IOCTL_RM_CTX(r0, 0xc0086421, &(0x7f0000000080)={r1, 0x1}) [ 2501.160851][T12684] binder: 12673:12684 ioctl c018620c 20000240 returned -22 04:11:57 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x5, 0x10000) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f00000000c0)={0x28, 0x2, 0x0, {0x0, 0x10000, 0x8001}}, 0x28) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x0, 0xaaaaa53}) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040)='/dev/udmabuf\x00', 0x2) 04:11:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = dup(r0) setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000000)=0x4, 0x2) 04:11:58 executing program 4: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x50200, 0x0) ioctl$TUNGETFEATURES(r0, 0x800454cf, &(0x7f0000000180)) ioctl$PPPIOCGFLAGS1(r0, 0x8004745a, &(0x7f0000000200)) r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000480)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r1, 0x4b47, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x2, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000040)=0x8, 0x4) setsockopt$bt_BT_FLUSHABLE(r2, 0x112, 0x8, &(0x7f0000000100), 0x4) r3 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/mls\x00', 0x0, 0x0) ioctl$SG_SET_FORCE_PACK_ID(r3, 0x227b, &(0x7f00000001c0)=0x1) 04:11:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x400000, 0x2) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000200)={0x0, 0x4, 0x10, 0x81, 0x1}, &(0x7f0000000280)=0x18) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000040)={r2, 0x5}, &(0x7f00000002c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000100)={r3, @in6={{0xa, 0x4e20, 0x400, @empty, 0x7ff}}, 0x7fffffff, 0x5}, &(0x7f00000001c0)=0x90) [ 2501.304824][T12754] FAULT_INJECTION: forcing a failure. [ 2501.304824][T12754] name failslab, interval 1, probability 0, space 0, times 0 [ 2501.335470][T12754] CPU: 0 PID: 12754 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2501.343139][T12754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2501.343145][T12754] Call Trace: [ 2501.343172][T12754] dump_stack+0x172/0x1f0 [ 2501.343199][T12754] should_fail.cold+0xa/0x15 [ 2501.343221][T12754] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2501.343244][T12754] ? ___might_sleep+0x163/0x280 [ 2501.376096][T12754] __should_failslab+0x121/0x190 [ 2501.381056][T12754] should_failslab+0x9/0x14 [ 2501.385567][T12754] kmem_cache_alloc_trace+0x2d1/0x760 [ 2501.390949][T12754] ? rcu_read_lock_sched_held+0x110/0x130 [ 2501.396681][T12754] ? __kmalloc+0x5d5/0x740 [ 2501.401111][T12754] alloc_workqueue_attrs+0x82/0x120 [ 2501.406307][T12754] alloc_workqueue+0x166/0xe70 [ 2501.411093][T12754] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 2501.416813][T12754] ? __init_waitqueue_head+0x36/0x90 [ 2501.416840][T12754] hci_register_dev+0x209/0x860 [ 2501.416866][T12754] __vhci_create_device+0x2d0/0x5a0 [ 2501.416881][T12754] vhci_write+0x2d0/0x470 [ 2501.416899][T12754] new_sync_write+0x4c7/0x760 [ 2501.416915][T12754] ? default_llseek+0x2e0/0x2e0 [ 2501.416930][T12754] ? copy_page_to_iter+0x47b/0xd00 [ 2501.416949][T12754] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2501.416965][T12754] ? put_page+0xce/0x130 [ 2501.416991][T12754] __vfs_write+0xe4/0x110 [ 2501.417009][T12754] __kernel_write+0x110/0x3b0 [ 2501.417029][T12754] write_pipe_buf+0x15d/0x1f0 [ 2501.432326][T12754] ? do_splice_direct+0x2a0/0x2a0 [ 2501.432345][T12754] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2501.432360][T12754] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2501.432375][T12754] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2501.432394][T12754] __splice_from_pipe+0x39a/0x7e0 [ 2501.446197][T12754] ? do_splice_direct+0x2a0/0x2a0 [ 2501.446220][T12754] ? do_splice_direct+0x2a0/0x2a0 [ 2501.446235][T12754] splice_from_pipe+0x108/0x170 [ 2501.446251][T12754] ? splice_shrink_spd+0xd0/0xd0 [ 2501.446280][T12754] default_file_splice_write+0x3c/0x90 [ 2501.446298][T12754] ? generic_splice_sendpage+0x50/0x50 [ 2501.446314][T12754] direct_splice_actor+0x126/0x1a0 [ 2501.446332][T12754] splice_direct_to_actor+0x369/0x970 [ 2501.446349][T12754] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2501.446371][T12754] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2501.446387][T12754] ? do_splice_to+0x190/0x190 [ 2501.457706][T12754] ? rw_verify_area+0x118/0x360 [ 2501.457726][T12754] do_splice_direct+0x1da/0x2a0 [ 2501.457744][T12754] ? splice_direct_to_actor+0x970/0x970 [ 2501.457767][T12754] ? rw_verify_area+0x118/0x360 [ 2501.457784][T12754] do_sendfile+0x597/0xd00 [ 2501.457808][T12754] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2501.457831][T12754] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2501.457849][T12754] ? _copy_from_user+0xdd/0x150 04:11:58 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) 04:11:58 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed83, 0x2) [ 2501.457871][T12754] __x64_sys_sendfile64+0x15a/0x220 [ 2501.565886][T12788] binder: 12785:12788 ioctl c018620c 20000240 returned -22 [ 2501.568444][T12754] ? __ia32_sys_sendfile+0x230/0x230 [ 2501.568463][T12754] ? do_syscall_64+0x26/0x610 [ 2501.568483][T12754] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2501.631966][T12754] ? trace_hardirqs_on+0x67/0x230 [ 2501.636998][T12754] do_syscall_64+0x103/0x610 [ 2501.637031][T12754] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2501.637048][T12754] RIP: 0033:0x457f29 [ 2501.651374][T12754] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2501.670968][T12754] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2501.670985][T12754] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2501.670994][T12754] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2501.671003][T12754] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 04:11:58 executing program 3: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x7fffffff) r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000080)={0x1b, 0x4, 0x1}) ioctl$UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000001c00000022"]) [ 2501.671011][T12754] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2501.671029][T12754] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2501.727166][T12754] Bluetooth: Can't register HCI device 04:11:58 executing program 5 (fault-call:5 fault-nth:18): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) socket$nl_route(0x10, 0x3, 0x0) 04:11:58 executing program 4: r0 = add_key(&(0x7f0000000040)='rxrpc_s\x00', &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x2, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="290000000300000000277976550529c35a4a3765efb100000000000000050000000000000008000000686011ce2a0b7a3de2ec6e1d113c4c3145e0e924668d9e39d3fe05305f869517246930e0a790aeb559fe81f09dec5bf2f586d43028e47520a0cacf56ff444c17cf8c49bddfb046d0c80f8815d74dc123b2fbeb11eea18d952b9e71a8c71802f613a6765c728bfbfafaecd2fbd262ba7cb06e8805d95bee0ea0c13b620aa05811604450da28b2d20bd02671d4193b5af87b34416c71795a07ab2d493c0bd2bfcd4e1e5df632a459d85bb10da1352a3c5ac6986ef983e99de71bf0633eea21272f2de0201151"], 0x29) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vga_arbiter\x00', 0x185000, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r2, 0x10e, 0x3, &(0x7f00000001c0)=0x9, 0x4) keyctl$restrict_keyring(0x1d, r0, &(0x7f00000000c0)='.request_key_auth\x00', &(0x7f0000000100)='/\x00') r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/net/pfkey\x00', 0x2200, 0x0) ioctl$SIOCAX25GETINFO(r3, 0x89ed, &(0x7f0000000380)) r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r4, 0x4b47, 0x0) 04:11:58 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed84, 0x2) 04:11:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) prctl$PR_SET_FP_MODE(0x2d, 0x1) getgid() [ 2501.817283][T13015] binder: 12998:13015 ioctl c018620c 20000240 returned -22 [ 2501.851882][T13015] binder: 12998:13015 ioctl c018620c 20000240 returned -22 04:11:58 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) 04:11:58 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = add_key(&(0x7f0000000240)='id_resolver\x00', &(0x7f0000000280)={'syz', 0x0}, &(0x7f00000002c0)="6a278bba88574c14fea590f3c5b1db35e7e2b52d", 0x14, 0xfffffffffffffffd) keyctl$restrict_keyring(0x1d, r1, &(0x7f0000000300)='logon\x00', &(0x7f0000000340)='/dev/udmabuf\x00') ioctl$KVM_SET_CPUID(r0, 0x4008ae8a, &(0x7f00000004c0)={0x6, 0x0, [{0xd, 0x400, 0x4, 0x1a, 0xee}, {0xb, 0x7f, 0x10001, 0xfffffffffffffffd, 0x6}, {0x80000007, 0xf8f, 0x100, 0x4}, {0x80000000, 0x100000000, 0x6, 0x5, 0x7ff}, {0xc0000019, 0x1, 0x9, 0x80000000, 0x100000000}, {0x80000001, 0x8, 0xb67, 0x2, 0x10000}]}) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) r2 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x20, 0xc0) write$RDMA_USER_CM_CMD_GET_EVENT(r2, &(0x7f0000000200)={0xc, 0x8, 0xfa00, {&(0x7f0000000080)}}, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0)='TIPC\x00') sendmsg$TIPC_CMD_GET_NODES(r2, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x1c, r3, 0x6, 0x70bd2a, 0x25dfdbfb, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000004}, 0x10) 04:11:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x20000000004) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2501.935324][T13085] FAULT_INJECTION: forcing a failure. [ 2501.935324][T13085] name failslab, interval 1, probability 0, space 0, times 0 [ 2501.950082][T13093] binder: 13091:13093 ioctl c018620c 20000240 returned -1 [ 2501.998770][T13093] binder: 13091:13093 ioctl c018620c 20000240 returned -1 [ 2502.019928][T13085] CPU: 0 PID: 13085 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2502.027620][T13085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2502.037677][T13085] Call Trace: [ 2502.040995][T13085] dump_stack+0x172/0x1f0 [ 2502.045339][T13085] should_fail.cold+0xa/0x15 [ 2502.049944][T13085] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2502.055762][T13085] ? ___might_sleep+0x163/0x280 [ 2502.060623][T13085] __should_failslab+0x121/0x190 [ 2502.065571][T13085] should_failslab+0x9/0x14 [ 2502.070092][T13085] __kmalloc_track_caller+0x2d8/0x740 [ 2502.075469][T13085] ? pointer+0x910/0x910 [ 2502.079718][T13085] ? set_precision+0x180/0x180 [ 2502.084494][T13085] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2502.090136][T13085] ? kasprintf+0xbb/0xf0 [ 2502.094387][T13085] kvasprintf+0xc8/0x170 [ 2502.098633][T13085] ? bust_spinlocks+0xe0/0xe0 [ 2502.103319][T13085] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2502.109047][T13085] ? find_next_bit+0x107/0x130 [ 2502.113816][T13085] kasprintf+0xbb/0xf0 [ 2502.117893][T13085] ? kvasprintf_const+0x190/0x190 [ 2502.122935][T13085] ? kasan_check_read+0x11/0x20 [ 2502.127796][T13085] alloc_workqueue+0x442/0xe70 [ 2502.132573][T13085] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 2502.138305][T13085] ? __init_waitqueue_head+0x36/0x90 [ 2502.143604][T13085] hci_register_dev+0x209/0x860 04:11:58 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) 04:11:58 executing program 1: syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x52, 0x4000) r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:11:58 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x4000, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f00000000c0)={0x0, 0x8, 0x1, &(0x7f0000000080)=0x90}) [ 2502.148467][T13085] __vhci_create_device+0x2d0/0x5a0 [ 2502.153671][T13085] vhci_write+0x2d0/0x470 [ 2502.158017][T13085] new_sync_write+0x4c7/0x760 [ 2502.162704][T13085] ? default_llseek+0x2e0/0x2e0 [ 2502.167561][T13085] ? copy_page_to_iter+0x47b/0xd00 [ 2502.172685][T13085] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2502.178934][T13085] ? put_page+0xce/0x130 [ 2502.183188][T13085] __vfs_write+0xe4/0x110 [ 2502.183207][T13085] __kernel_write+0x110/0x3b0 [ 2502.183229][T13085] write_pipe_buf+0x15d/0x1f0 [ 2502.183248][T13085] ? do_splice_direct+0x2a0/0x2a0 [ 2502.183268][T13085] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2502.208131][T13085] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2502.208150][T13085] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2502.208168][T13085] __splice_from_pipe+0x39a/0x7e0 [ 2502.208183][T13085] ? do_splice_direct+0x2a0/0x2a0 [ 2502.208204][T13085] ? do_splice_direct+0x2a0/0x2a0 [ 2502.208218][T13085] splice_from_pipe+0x108/0x170 [ 2502.208243][T13085] ? splice_shrink_spd+0xd0/0xd0 [ 2502.245304][T13085] default_file_splice_write+0x3c/0x90 [ 2502.250772][T13085] ? generic_splice_sendpage+0x50/0x50 [ 2502.256240][T13085] direct_splice_actor+0x126/0x1a0 [ 2502.261349][T13085] splice_direct_to_actor+0x369/0x970 [ 2502.261368][T13085] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2502.261391][T13085] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2502.261405][T13085] ? do_splice_to+0x190/0x190 [ 2502.261423][T13085] ? rw_verify_area+0x118/0x360 [ 2502.261440][T13085] do_splice_direct+0x1da/0x2a0 [ 2502.261455][T13085] ? splice_direct_to_actor+0x970/0x970 [ 2502.261478][T13085] ? rw_verify_area+0x118/0x360 [ 2502.261495][T13085] do_sendfile+0x597/0xd00 [ 2502.261518][T13085] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2502.261536][T13085] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2502.261557][T13085] ? _copy_from_user+0xdd/0x150 [ 2502.288158][T13085] __x64_sys_sendfile64+0x15a/0x220 [ 2502.288178][T13085] ? __ia32_sys_sendfile+0x230/0x230 [ 2502.288194][T13085] ? do_syscall_64+0x26/0x610 [ 2502.288212][T13085] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2502.288235][T13085] ? trace_hardirqs_on+0x67/0x230 04:11:59 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed85, 0x2) [ 2502.288254][T13085] do_syscall_64+0x103/0x610 [ 2502.288275][T13085] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2502.288287][T13085] RIP: 0033:0x457f29 [ 2502.288304][T13085] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2502.334650][T13085] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2502.334667][T13085] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2502.334675][T13085] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2502.334684][T13085] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2502.334693][T13085] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2502.334702][T13085] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2502.421650][T13232] binder: 13208:13232 ioctl c018620c 20000240 returned -1 04:11:59 executing program 5 (fault-call:5 fault-nth:19): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:11:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000000)) 04:11:59 executing program 4: r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0x80045500, &(0x7f0000000080)) r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) listen(r0, 0x4) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$UDMABUF_CREATE_LIST(r1, 0x4b47, 0x0) 04:11:59 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x2, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r1, 0x28, 0x0, &(0x7f0000000080)=0x8, 0x8) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) 04:11:59 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed86, 0x2) 04:11:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = accept(0xffffffffffffff9c, 0x0, &(0x7f0000000080)) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000100)=0x40, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x90) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x9, 0x5f04, 0x3, 0x7, 0x7, 0x4, 0x100}, 0x1c) [ 2502.612771][T13427] binder: 13425:13427 ioctl c018620c 20000240 returned -22 04:11:59 executing program 4: openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r0 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x6, 0x80) mlock2(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) [ 2502.661312][T13434] binder: 13425:13434 ioctl 8905 20000000 returned -22 [ 2502.715336][T13434] binder: 13425:13434 ioctl 8905 20000000 returned -22 [ 2502.729067][T13427] binder: 13425:13427 ioctl c018620c 20000240 returned -22 04:11:59 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = socket$inet6_dccp(0xa, 0x6, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000040)=0x518, 0x4) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) [ 2502.757223][T13455] FAULT_INJECTION: forcing a failure. [ 2502.757223][T13455] name failslab, interval 1, probability 0, space 0, times 0 [ 2502.762341][T13541] binder: 13440:13541 ioctl c018620c 20000240 returned -1 [ 2502.799489][T13455] CPU: 0 PID: 13455 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2502.807163][T13455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2502.817237][T13455] Call Trace: [ 2502.820542][T13455] dump_stack+0x172/0x1f0 [ 2502.824890][T13455] should_fail.cold+0xa/0x15 [ 2502.829504][T13455] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2502.835329][T13455] ? ___might_sleep+0x163/0x280 [ 2502.840201][T13455] __should_failslab+0x121/0x190 [ 2502.845155][T13455] should_failslab+0x9/0x14 04:11:59 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x8100, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000001200)='/dev/rfkill\x00', 0x400000, 0x0) r2 = semget$private(0x0, 0x4, 0x28) semctl$GETVAL(r2, 0x2, 0xc, &(0x7f0000001140)=""/168) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000001100)={r1, &(0x7f0000000080)="b7555aa06e451dab641490af844d6981cad9360f29306767266ce6cd47f452f5fb6686e9f9951de3a2e7f22c2688f6baba9d32bd0d9dd992f3c96700e96dbba02252a3ed66ce6da605dad437ed245b06d583", &(0x7f0000000100)="fe7e935b70adaea82ddfea25fcf93ab0880fc847c0c8d3185a389be99e6feef05b873cda748b3ebe53c34779ac2bf3561bf6daacf1c020f804fb033a2d9337661f7df483a7eaea0f5b582fc452a8e2d20db8585f650935123f574517d12e170d49be27889cfbb68743d0fd6b7b139436a9c8b5882ef98dac2926f5ab57f0690180b7009451ede702cf9202d0916bdf90e14c1f11422e53d915376109fa06a6bb07140dcfb1037b07a331116924f5e3e01b4a939110ca81281091b419680b7644e58ff6703b043654d9aae89bdaaff2380873509d5294b2d93ad12bfe03f6b4172eb76fce3401669f5d84fd3098f15e8d5bedfb8afac1ac5f90f8c7beb7ed2a3dc215243f83bac7c7123c289baf8361b8288c7d7fa5ce04198238e2331ad46828664ad6aa222499c8d161943aac8c24dbb0537e411fe1498ad6713c8f77045a0247f22dbfe1f9e3d57af5f24402c023b4aaaf1691c29bd5a4e7f328d28c047db3d924ed2d004be1bda445b243f0dd0d02492d5b08484e165de67adc7d107e3d04dbf90b7d8336e8112b1ed6da0dc14842ac44722224c3a29678e1efcf50866c9261f8444e114290c3cad0a53e15f3e53d58d529b1392448a6731ae7732325b6c9e0759aa8157be2e4a977908af5f10e530c0ed4bb4701956a8f59a6d95db29cb058fa5cae2ff04779e0286e3f6915253b56c41e1194eecead1e64a7757b9180e55526715ef073334dc6e3b01c18575b6f5a6e7a38cf323e1530930701d2beac922090b2ea657215f96c773349b904cdfd454aecbd9c4f4b22be8b1b326c6999c2b4424648a820cbb74577948e33646b2870edf8079318e7073181ca76b1ad4722333d0b873e71430283d21824ccc7b405c2a16cadf5d4643cf6402e51b2dece69898607d094860d6a212ef388a903d559fbb6a5fc3da32fec0c2f58046d452767c0a1c81a0d0fd3feeea8a5417732597a4bba57a9574655cf1b0fe8766d2c012ffb7f5dc6acf0ab8c7771866287b75c5f9195fec8a1a3280b0a9f22e87b5ef38e0b0ca325a82e0465fc912937453d437dfd770c9fdd83ca5cb04231694510d12d4f6493cf150ff671de30cecb6b5f719c30e9b78128719c43de7afc18278e9c40ff50deb63d068717bf192fe1b0c5f7b505702d047e184c50ca9776373f6e1bfbb5b51920bf02efa8a6bbbcb423cbf7f5afafcd4109547f5baf0c354b7c5da22e3e942d7bc15be0fa44591d79f913656faeb0bdb155438ac53a650533f934ef1b4f994b8ed28e9c359d8a7bdaddd7b97ebc07c727b1dd11e3db5dbe6b8d03061c4c287587f62079aae1ff735ac491f9d217d6328ab6e2b3bbf1177a3246f4e5329f38e758f53903fa15cd52d8537a2e4b5d5787a615c34e920653ee96e0c5bc37599c1281ff8ab5542ae1792fa9c3a09fd37e2fc7e94bc57d47eb6079bdb2d0a57641c61de16d46942d5680465c2b4e29027815ccf35db66a8cc6a4f1f021285211ca91ccfd0a5645ba6f05f20a35e2a84fd30c26b7d370167165f38d944d7550b0621f5cf4c6912c7839d6df4c65aa72c0d3c7ad0f8db00d0d4d313746a4b14c1b210dbdb43da2453f5f294ea3d7cdfc9cb9cdfdae0070118d4b5bef38a6a686ff609a23236b3df73d6eafbf37c63235653c57e8dd1db05ac1b9bce844779a6ec103506f477c94565a6fecf1d0f82c770a453009a0dd28ab2bac7525080cb32d10235d71fbf9e4378e093b47f9fafaa8d40be6dc2c5975fa3a431e05b621e3b8d164281c2c222d6fc1f9dc979ab61eb7eeff984f252e76c18382e6e775d12b60409b993cd7bd4ab325ec2dd7ac162c1b5fceeb1d64363d62a415ccee735e5a4aa8603fc2bc9fe92ddb12282ba94d81b9e70f933270261660e4dd578051fdc4edb4f2f9b554bc386ca79a9c38cad7cb73c8bc01fcdfbf23426eaaa21cf01d93f9d653a2dcbd05ff8f3edc199c96b840e135d2a3362f518180c03c7851dd4018cc4d7b6f0b033618302abd2d0bb4305babf62c65193b6fbb088eb3a6ee2e53c2e7ea7e5c16ebcdc657167e6ee0b43b6c491e8e4459c4c7d8436390bb684f72266a0b38c0f26580d76d0448266e396e7b61ddcdd4b3b586bf1f9d933d347be9164a412099b86bc88e1384b61efcdd70a0a0c0998cd9f93d0509cd7f64699aa0d26be064878f709ed858c0f7ddab786fa3423773264f1e8a793bcba01f73cc9149cb544726e0566830522ff6ee2069a2a9b7a2300654850a32f080caa909f06684db56fa9192bc257b40425e0d0143f19d986be4bae3001a397f5808135aea9b7c42b48edae36a26535098eff1ff473e469672eb209639746f8b55e2ce09bebf0a52abc79fa14085963bf0c52e8287bfe868a059a127de744c89951e4ac1592a800b0d15895adfcd9c34426593f254d8c582bab12c6ba49bdbd4a547b6b4846588876b2c4bf997660d18a38dde5f401d6ec324d9356ff3d59265b85f385e14dff47bc277f1f71ef37efc8e4c5374fbae1f7b86980877d61c2350cc419e637377de61a31009d4568e946079b9713462c617ddb0116d276c994a0404361ce6b72c9cb36695e5224803c2074506e7196ec63a1dd73a245339cc626b964efca5424d5a7b1cca4c3376b37af3e95d6143bf0f1d73dbef4ab6c133e7ffc3284582d26f52dd33052091a14bce5e6c86e0bf7117b7dc10a0ab3e19a888f86665dd645da289eff6b1aedd3623a14b9e7d0e77564078f2623ef910c857e67b1947467f804cac9d5a9a0ef6e416e1f42432561599249d48c80f126819030f0adee5818310e7d29bd65d8dea71a32a19b0bee44c6cc446be5a0e627b4a18e7cd541bdfbb9f59e9bb3e94e439a50c05bd22e66bec8f708aeba827912c67d9fb0cb0343b82c8bd9509fae2aff3459c7339ce3b21529fe0c1fdf0e76acd9b2fd2f8f03522c0a6893123157104d2a844064e4d2aa45554338d79803a489aa908235f9b823b630284117b3d71f38f1cc8dfe621b44bd915e2ed1a15a9a446707cbd47724ec6fce4917afed7627ebb559a8ba8f6a1d3bef175b28a515a543e1c1a8799ff8bf9ac51bae30c24378102a64afbb7ee54854607075a2b1ffd0634e8681322154786ffdddb1bcfecf3d1b635439828d926498a711de41881147d0f101d9639fc378d41b0166652d7a2f27c8e6d53a7f9d0e4c9c2577d4587f6f3c75ee02f7ffc7ec8a20c7617f285fab0a300e154d793839e667b88c18a15dfbcc2adf2959bdb6da8c4170f7c9800318271f9030e3e7143278f5b8d4050bb274e538e2070188184efa5b728682c293be10134a8477586cf9462dd154c56fd4ae0f7a83aa9bfae8589b93449ae50f17232668e2704b1abeff736112200971445e8c9ac4019ac28c018bf51f444912b1e7dfbd505dc3601e38329c3fc6f2b0f4589eb549f9e90de12878aea8d29181f367c9d42de22cc9fe6a567738bd7ba46488bbacf08b69106ebfac893618376f56c307de7625bfd7f778b450efb4ff6be37aa93e91c425b511fa91bf9c4fb181da1a61e5bde7c03bfddf7fe5968f377f382e10c251665ba0cd735426b4b4674f736d329eaff2bcefc0af61ee2846879317f0a78fae65c6d1fd9021eb227251c2424d6a0d98fe7b9ce318242e9b55844a812999b74090eed23f3c738772d2916ad4911c0f7b83920d765d15c6afee6c33b8bb62b191c769c91658b34bbc7d18beae1848603aef7cca619721829bf345778829e99408a33b4e6e771bff4a62cfb7ac3392d652079e8e74913b79f12f2347895ec192aa7fdcd6b23a429b2f520849c1317322f5beeecbb8367dcbd7707a95267d125a5653dbd4fda49a8ec8507152b39d8a783aeefd84651c510ab807c98209ab3a1f9a4aace4b46746fd789f926583cf3ff2d75c438fc24dd9a91ab4f4c7271e0c239e2777b8fb98a49b83c7417ae7485875620ce540f921d3c4ac5766672fd6abb92fe2241158209d3fafd54556d023540bc920f36936863743c9740a731a134e6be70c9e4f15b73335850072fe79a8f2809c7b008bd08bc8a90f572b10ca0106fa12738369f9f08ddd382f06cbdeb2fb70c6df40a1f30cb07bc7d51e66ba6a432789949d3394ede8928a5583488faf3989d4ec8a5f80e77cc4d34f6e722c917c74ed639fb6dd7efcbdf083e1b705a9621c2721d839dff86823ffe4b1dcf7c0ac06cd91a9c71453c9c256cc8f81c85ce5f4da916e9ac47115bcaed1c1b5b140385e79d5b18985f101604ef11a8b79e9588a6d6dbabb2ce6f376c46b4096be227489fcc06a34b84afc728bac46e83ef0f23a15baf17623421fed590f6bb603a2e55900db2d43f095ab19ece3c6cd3a27a521deefba1b8a0c818cf49f4128d17951e5cffee60553d845c3937af5e49d7c08fc53a7388c1e959cc9b4cc7fab2c8a7b43e6e82bddff24b27d5d76a69e7dfcafb6fcdf5344095beea623cfc21ebc8642a9e69da13e3214f7e2ee199750a41467ec15f521705bc91c73f81ea0047229568a1ab3cec98c046eefa764ba33133890f8087f710613e335ac9c6cb7aa72785b03d390eafe92933414a108935ff53030e6e64a6c0b6e35e665b59c4407bba1e0ee9805efdd01e060501f6e897df944268a561854261ab16b028f7248a3da3b7c030a4a446cf57f8212d8ccb501c831457a38db8c226b2606d3f306417d65414b488df19fef2acdc0e83dca622f539e1b20380e5f826041905321b665d06874373f7c7bc47e72c109fa2c8704d4f8117c3932138eb8433d81508888321d0299afa713cb602424b3312081063766f3850fed40dc2914ffd2f95ed4c3edc67529b5cf9910e0ab74a69b8e8b7926924210821bdada06e7c47968b156f89ca173e2804ee8a43447378efea1747b0d19bd64b9f3052b3f9f4554ad6e46d27584442a32a36b8be96af691c06ddba328866d6de921e31432ee0b430f0bf9bf7f5dba3857ca7b837df0f946d870cb38e4d3a6f53bc5db226570b48ea533af8de0a60f75b903fde5df2195176f5b8671294e4d4c47a334e28414655d9382078a99acd27448130be2a2907634e85da0729809ca4b4625e9fc8c6450307a7fba0f80136f8bec94f5f987d58371a1ef544c31efb9c10e94ad2736f1657647ce656d2dc2f77c9b78f9ac5836f34fa00cfccf60710df4d3b5620531937634908a3ffcbc4b09d8de00b86e2029aaaaecd632ab9117ee1a4b84bf533c7ab80633802dcc91f81ba3f6520ab0df6ab00a4cfc2c5cdd2a2d8ceed3f6213052dcd458a36df426399428b8a0db20f93ec407d20ad4ed60f370f3d12f72bedfe2c6d537f43d9dc1e50cb007dfcf84526502f335fd258110236222146dbfad03c9ba05cac08f7b3d670d0d7f567999ebf185236e4ca869c0f3dea06dc1836eebe314dac40bc83e2b9bc6a8502b342fe116b7a972348aaaea9edd136b2e6d67fe00d66caaadf9e47a43bbab29de2bc9c99e44c09089ee337d8957860632ad5a1fa296ee743151acf01c1b35d418eee1942c60f789209b1a7ee6044ce6c44485ceb35cfa13a3134e3cc5b2593d51a6f1f45c51471cde54921c0fd91509161f07f0807b4b0e1e8ca87c099c2559b80073d1bf3bc200501722918a0997ed386589692298315ac5746e69dfc3cd23f29f665555061e04e9b9a55b19bea405f97d0435f901bd56a6deb2a3e61d36c37a30636a54995263b36d542013f58ecbd2a9c67c16ee6bb49ce5b2329415e2710d11f3e43b58b8a74f4b9c84eadbb6f07471b92931462291b51f2dee152e1153d95d6cd9d274e5489faee0c48"}, 0x20) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) [ 2502.849676][T13455] __kmalloc_track_caller+0x2d8/0x740 [ 2502.855052][T13455] ? pointer+0x910/0x910 [ 2502.859296][T13455] ? set_precision+0x180/0x180 [ 2502.864065][T13455] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2502.869701][T13455] ? kasprintf+0xbb/0xf0 [ 2502.873966][T13455] kvasprintf+0xc8/0x170 [ 2502.878225][T13455] ? bust_spinlocks+0xe0/0xe0 [ 2502.882916][T13455] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2502.888648][T13455] ? find_next_bit+0x107/0x130 [ 2502.893417][T13455] kasprintf+0xbb/0xf0 [ 2502.897486][T13455] ? kvasprintf_const+0x190/0x190 [ 2502.902526][T13455] ? kasan_check_read+0x11/0x20 [ 2502.907389][T13455] alloc_workqueue+0x442/0xe70 [ 2502.912180][T13455] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 2502.917928][T13455] ? __init_waitqueue_head+0x36/0x90 [ 2502.923227][T13455] hci_register_dev+0x209/0x860 [ 2502.928090][T13455] __vhci_create_device+0x2d0/0x5a0 [ 2502.933296][T13455] vhci_write+0x2d0/0x470 [ 2502.937636][T13455] new_sync_write+0x4c7/0x760 [ 2502.942315][T13455] ? default_llseek+0x2e0/0x2e0 04:11:59 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/status\x00', 0x0, 0x0) ioctl$VIDIOC_S_FREQUENCY(r1, 0x402c5639, &(0x7f00000000c0)={0xf2, 0x4, 0x8000}) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000040)={0x0, 0xc}) [ 2502.947175][T13455] ? copy_page_to_iter+0x47b/0xd00 [ 2502.952299][T13455] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2502.958542][T13455] ? put_page+0xce/0x130 [ 2502.962800][T13455] __vfs_write+0xe4/0x110 [ 2502.967134][T13455] __kernel_write+0x110/0x3b0 [ 2502.971819][T13455] write_pipe_buf+0x15d/0x1f0 [ 2502.976497][T13455] ? do_splice_direct+0x2a0/0x2a0 [ 2502.981526][T13455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2502.987772][T13455] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2502.993845][T13455] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 04:11:59 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x12000, 0x0) ioctl$BLKREPORTZONE(r1, 0xc0101282, &(0x7f0000000080)={0x7fffffff, 0x7, 0x0, [{0x9, 0x7, 0x3, 0xa00000, 0x683, 0x6, 0xffffffffffffff90}, {0x0, 0xc07, 0x10000, 0x6, 0x0, 0xfffffffffffffffc, 0x6}, {0x4, 0x5, 0x7, 0x8000, 0x10001, 0x6, 0x1}, {0x7, 0xe8, 0x7fff, 0x401, 0xb3, 0x6, 0x4}, {0x0, 0x1, 0xffffffff, 0x40, 0x3, 0x8001, 0x6}, {0x81, 0x2, 0xff, 0x0, 0x80, 0x643, 0xd49}, {0x1, 0x27, 0x3, 0x6, 0xfff, 0x12000000000, 0x2}]}) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) [ 2503.000095][T13455] __splice_from_pipe+0x39a/0x7e0 [ 2503.005125][T13455] ? do_splice_direct+0x2a0/0x2a0 [ 2503.010156][T13455] ? do_splice_direct+0x2a0/0x2a0 [ 2503.015193][T13455] splice_from_pipe+0x108/0x170 [ 2503.020040][T13455] ? splice_shrink_spd+0xd0/0xd0 [ 2503.020072][T13455] default_file_splice_write+0x3c/0x90 [ 2503.020084][T13455] ? generic_splice_sendpage+0x50/0x50 [ 2503.020100][T13455] direct_splice_actor+0x126/0x1a0 [ 2503.020117][T13455] splice_direct_to_actor+0x369/0x970 [ 2503.020133][T13455] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2503.020155][T13455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2503.020172][T13455] ? do_splice_to+0x190/0x190 [ 2503.020189][T13455] ? rw_verify_area+0x118/0x360 [ 2503.020205][T13455] do_splice_direct+0x1da/0x2a0 [ 2503.030563][T13455] ? splice_direct_to_actor+0x970/0x970 [ 2503.058217][T13455] ? rw_verify_area+0x118/0x360 [ 2503.058237][T13455] do_sendfile+0x597/0xd00 [ 2503.058263][T13455] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2503.058286][T13455] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 04:11:59 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed87, 0x2) [ 2503.058303][T13455] ? _copy_from_user+0xdd/0x150 [ 2503.058323][T13455] __x64_sys_sendfile64+0x15a/0x220 [ 2503.058341][T13455] ? __ia32_sys_sendfile+0x230/0x230 [ 2503.058356][T13455] ? do_syscall_64+0x26/0x610 [ 2503.058375][T13455] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2503.087460][T13455] ? trace_hardirqs_on+0x67/0x230 [ 2503.087485][T13455] do_syscall_64+0x103/0x610 [ 2503.087505][T13455] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2503.087518][T13455] RIP: 0033:0x457f29 [ 2503.087534][T13455] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2503.087542][T13455] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2503.087557][T13455] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2503.087565][T13455] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2503.087574][T13455] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2503.087582][T13455] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2503.087590][T13455] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 04:12:00 executing program 5 (fault-call:5 fault-nth:20): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:12:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$GIO_FONTX(r1, 0x4b6b, &(0x7f0000000040)=""/29) ioctl$KVM_REINJECT_CONTROL(r1, 0xae71, &(0x7f0000000080)={0x401}) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:12:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0xffff, 0x400) ioctl$KVM_DEASSIGN_DEV_IRQ(r1, 0x4040ae75, &(0x7f0000000040)={0x4, 0x8046284077, 0x81, 0x104}) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:12:00 executing program 4: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x200, 0x0) ioctl$KVM_ASSIGN_SET_INTX_MASK(r0, 0x4040aea4, 0xfffffffffffffffe) ioctl$SCSI_IOCTL_TEST_UNIT_READY(r0, 0x2) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000280)='/dev/full\x00', 0x40, 0x0) pipe(&(0x7f0000000380)) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r0, 0xc08c5334, &(0x7f0000000080)={0x48, 0x81, 0x9, 'queue1\x00', 0x101}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000240)={&(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x4, 0x8, 0x7, 0x8}) bind$pptp(r1, &(0x7f00000003c0)={0x18, 0x2, {0x3, @loopback}}, 0x1e) r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r2, 0x4b47, 0x0) setxattr(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)=@known='system.advise\x00', &(0x7f0000000340)='-:wlan1!\x00', 0x9, 0x2) 04:12:00 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed88, 0x2) 04:12:00 executing program 3: openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ubi_ctrl\x00', 0x200, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='setgroups\x00') ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000080)={0x1}) r1 = dup3(0xffffffffffffffff, 0xffffffffffffff9c, 0x80000) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000000)=0x3, 0x4) [ 2503.435148][T13885] binder: 13881:13885 ioctl c018620c 20000240 returned -22 [ 2503.443378][T13886] binder: 13882:13886 ioctl c018620c 20000240 returned -1 04:12:00 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) [ 2503.480061][T13924] binder: 13881:13924 ioctl c018620c 20000240 returned -22 04:12:00 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x2, 0x88) ioctl$KVM_DIRTY_TLB(r1, 0x4010aeaa, &(0x7f0000000080)={0x7ff, 0x7}) ioctl$UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f0000000180)={0x3, 0x5, [{r1, 0x0, 0x0, 0x100000000}, {r1, 0x0, 0xfffffffffffff000, 0x8000}, {r0, 0x0, 0x2000, 0xfffff000}, {r1, 0x0, 0xfffffffffffff000, 0x8000}, {r1, 0x0, 0x2000, 0x1000}]}) r2 = getpgrp(0x0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r2, 0x10, &(0x7f00000000c0)={0x4}) 04:12:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0xfffffffffffffffd) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2503.529600][T13954] FAULT_INJECTION: forcing a failure. [ 2503.529600][T13954] name failslab, interval 1, probability 0, space 0, times 0 04:12:00 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed89, 0x2) 04:12:00 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) r1 = getuid() syz_mount_image$xfs(&(0x7f0000000040)='xfs\x00', &(0x7f0000000080)='./file0\x00', 0x8, 0xa, &(0x7f0000002600)=[{&(0x7f00000000c0)="7f8b49177e10ddba461cae9760f117c2f3ccf93c81dd8f2433055ca87ede0d971363f8a3cd6d475d82db0f30d572071cfebbd8436c8d38458583d0e144a8ad942ac2cb8d39c4fbb7f18ca3060c127eb133fe74c2ba5ee85196d6d63e3c86d1d9b8600d3d4e4138aac7100f6fa88330634a7af0bee8cfdeab83f5f50479d953645d0203c72e87962be5a00fcedd8bbaa4029475cee40ca16c98d42d18c7df17f240ab26aa3ec1fc6460457eec9e444017140f0136be6419d84d0fa4ea9ba800ad47c090410690e01cbd385b13ecb7727afcaef36c", 0xd4, 0xfe0}, {&(0x7f00000001c0)="e1171d7e5620dbc07e84e29017c03e86697514f56ee0814fcc5e5acf04616993cb740cb77a2817fb9e5c485267c597fc92803af2706e", 0x36, 0x10001}, {&(0x7f0000000200)="f12a5c3fad23a8bb556f13fb9d2d5ebe6f6e00a57ce7cd9cd9e815f5e4b21c8de9031f159a34f7037b873382345412b7f11767bd03fd26e0699623acbf9de8625ffe038fddec3cefb5779cbc6074636bbf5c9ffb8f905336573918cbeb9df1dbc7deb8451d08b75ac2fea23bc6af513fc026aa1134ad5247f8a1c560ff2b0ebe17af680fb0a6f2e8955f77c6e879e4f998f83578b53d1b4284e9624c203a2b96d4fe2b51a3973874214f041b051367993907d7419d8bc852dcf93fd1d79576bd09c8910d942db741241f788642053e1446d69c4359e5d8fb6e7a9f56e6adff57a9fb0a82d35f61a220957f2ef6111df7c6cd1eb872b743e4aed2", 0xfa, 0x100000000}, {&(0x7f0000000300)="f697c9aae4528053a5d6423a8346c3c2398dabdae756fe6b04be3294c1a7cb3697b81b10ec2c0a9f1a62898a6843e95162ab9d6e83aa45cbfe1a064f95ebc596f3061a7c37be24dc405a56feda7922f2cf89196e1a7edaaaa11909f34178577003f3325dc17eb5bcf3da1c7363e2e3dc741e607444920884250ca7f3faec54516cdcc1e61742af9251040637213dc9e26683736151d1e7f64e9c27b56aca72b19586f38b5c7a2fb0735c90e2aec73749a541617f0752cdd2f9100a8d40ed9d65d94565b94fe907dee0e1a6730277aecb26836211c4e391b74cb45bcc1e2b3916", 0xe0}, {&(0x7f0000000400)="dbe5d5d34b4398c1101a83091ec5bbf9e28fd3e1adc6f77315df49b3bed4c5ca9095c62135596114cc8fea043e9ef489f5e9bd90f070655ee0408fae879a66dbe0fc1c7f701b2a1cdf2b06999c60b98a656e1ec3f31d34b7f609dcd4b56922078e1d65df9d4b286cff8864749e0b42b29f76932551ef04d5629ff231d5c38991d548cf77c762b078fceceac0ce36a993aaa0a5f7a95c6602f976a91564f0ccc68bb87a1f5fe4115411546a03a150ae665b52efec6897204158c053c06217c86da457c3ff9275c76a6d4025da29e39692fb9c114e6ba98c7f7d67aef9bc4206f40898a862494d6797af998698acb1f0ae68de0bf0658bb1dfbd7bcc764aa7235b57a0c69854641661b2cc858546a883591ffc1f006a2041c413b4b1bc7e4015c014e8a23a7ae6cdceb5b26a12069acd049c672b3dde3f22f32261bca14662bd6c1038eefba5364701a2392668a9f5150531c7a91bd71a17359fb38b673bbdf538b85c803cbbb9eb537068c120b9633c7f719c6507ce381b096297520e58f08c955776b8cda998b2c60fef4bcc182cc2f495947a63396e2de610b507fbadfa4149ad0d2a2f60ed45b864a41417990e3597c5a5becab44ba9a848186ee63a5f748ba6b6a8edc7e2b91210e1d9c2dae1f1730ebd60b6410acc386d6172839ba7985286d6b884b24e8c69f49bc7233e4f4b8a1a15409c5c36a1b8048c5b6dafef6083ff6ce44211a354944640ef2ec71c8f1aaaf4c87c021fd6c8f738bf11e1c0d834cd7c8d01af31588b69551531c3d00de7b924f22f7b678432a7fa172361efa2abe47e0e9e3f56eded19a5c4ce6529f475b9c493bb19d1705e490c3d4a02a1c7f1ea069af45e70dc284f22bda92df7b6d8c88c3d2d03b22c0033ba1b7ff47e2ecd1538be9b612f4ce8984c9c91ad4d7a827f1406a93e0ef693079f9ed2677e07a2f0b113eb7f648b0d12174ea45b6685a7b7ccd01d4d95a53bc14179c981bb15c4b42b855c16ddb7a931ac8c0df27d11140139dcfadccbb81bb20313af866473c7bcde342718f283c924582241ba453b43f32ccd62e1185085df9db02b130a16d64295349f806e8ab30d6e8ffcbe5e55bbd5ee594dda31e4ad5499015245908933716df35af1ca8944081d13e9f47853d4d0decaf8ab3cb1d5f2174ed273cac5168062873c7de2ff33cc2e93c4d4529d0a89ef6e7329f136ab69e51b0f7589854b157f5ce8203032222acf9284f386fbe7ed09070514a034efdc01de3bea42b7cac06ac6b814d081e2b39dcc221ac282cb3441759cda83226f4a55eee2f46bba8aba6e10abe0851099cc2d0747c77d84396a9acdeb0596992ac19d7f8a62509f3e0338098bd738e816a48361322dbe3a86601a32539432e6194184bbe5fd7e13698bba0685928f92c70bfdd02bdb4858095b36426d9646d9947e2c53cf3cfb8ee8501d5c2e4f27d1b52af3b54a3a49a1db7b015fe9ea2916d3cb7c54ca5c32e9fc727edb202f9344f48f2e5cdb33370498f0d2233565bd02f7a57ba1af918dcadaaa88627c4738a5a570b93a8c21be54df2bc1fee3721f9b03bf279b42b435d59d776e3280167e857cec5814e32b05a42f3fddfb5f08f6f82a5beae07444ccbac8637a0bb7366d2b9d44f233a20cf72a71efb39a4120980329ddcac12e11bc6e674943dfb4f3c7703c140f23540ce8e1744e4e2a2a7d50e359a60a780ae98f6e6e3f058e2b5be2bee94d7e47ac81182967ca40660c3e04391bd0c00256b15b8b50be1eb69383e11b7e66dd1569337701927d9263459388229966a9cf37aae3eb49bb6f22c1d12254ebabccd0ae36c1a346b5213ba9c3f56293f6a4bd36054f0d5606015d75c6a2d3487f588946476e47eb364e78b8ebe7aef7f8a2dee240a7fec07625fa3c28e9862750c7bc5bf5cdd1bd0678ea439597be854221e54e96379597745f617f52fdd2a8714f235aa109f1aa8bd0bb0db2fb2bda16edaa5974b538169c3338ed2a923b01486ed3d5ec98a08ba62e73b7f4e7421db592c4a66cd10dabd476ef17231fcccf57708f9680afc7f757b7b609a52973d922301e99dd9133f6f3ab374a5aaf720e29388e6b90e4765c78470aa3cb8fd19beb2cb931ef39e3e9d290f87addbfe6ecb99de21c193426c09134bb9017a65065d454bf09d4ed02bb018e3e43caa321efc76df197b52e1c55e3885b28586b4d15892a5632ffd6ffa67fbead13e2ab0b071657d7eaf440d66e713955f2a7acbb14cc3a3d86c55ad7d3a63dd30a477daebaf4c8cdb92a98b05af7b8939082017d0453a396f95783b622db62a63a6a664ce978f86b1f9738131198d3484ba969d09e24c519808c8b06632867f1eba0f6f0ba0972c9de90784d29e8c0699eab2c89e07ce91e6562b7724b1309aabaef998db2d7f01fe665c1b0396cd35a6136bf228bf6f3b343cb554c3e668a37cd872ba55f3236144a9e82c172d4ef0b3f4152dacdf809acd3374bacdad784fe4010f62d168d1ecec5291aaad39d6cd11913e0e8c3b77acbf3d9879c700371e8ae5888e26574f8a9cbf1b561500a2bb8bb94aefdc7fa3f78da26249c5c5a72b3b60a16559a93d1d7d84b283ec9e6e5caeb171cc7dcc719ae88468090958c27cdd8d3c22b22f1e1a371fec6ed55650982679269171563c400779c16e26cca197a65b2d7ed29d12452cdbafaca6b44170c692fcdf9428d352e716fa48e1a12f6490fed7cb150f6ad0c61eed4763cb2a01fddd24fede85ce75409868f38c44ee2fc91883154d9a739451332347478c3fe4c3f52ae1fd0d4bd3fb61dfa582598cd52ac5f096794da1a4d544dbc00d70f2197eac9b206bc4ddd8f88ffd7985ea50ddc35d17c54223cccdf996bd8d653084b3bf2285314e3a951c53b9637c57f4a8c84f538dfaf403447104ba3a07ff328ba7a8ed8cb6205959391865d24ac55fc4175126b06bd260089ab09bf9d8115a364167f45dbb240c74d03c7122f12105adf60a7abfe09807aa936c7bd6d4022c948b7e47f2328ff77b1ea785e0082eee3a44d4d0bb459df82555bb5a6b96bc5f42541d2d0ffec7754285751a3baa0492af12aef153bd4109a642023b14612ff5367e8f1bba9907d8a3434d2bcc6a81c7986aa665b8109e2b02aa07fa236ea2f7ce2737f930636a77d3e329c97e85650db6938b7a69e9798c840ddd6ee310cf0f8e119fb152fa78c5af49adadf531f283f010c38e0b96c0f2e16bc20004c01801e0fac87625b5cd00c5b324150dd23ea5cb3052b8cb506ebd3c8372afc47703252a5eebbb45b6ba633e78adba1efdfe57e5f8802ba7d2b943ba9dd30081e9781450780b66545d4b530ac5ce3546b775899a1a5277672f23f5e95122ce1bc02af7d2bf9738893c2c0fa459d0f4e59dd4493b2f70f6d61889cf7207cdb2ec0518d199c5fe2fc087c531ffb2f82da4215c638a8db4ce9269a80482c01a279e184872ef4dd410cdc189c2948ed66a342db9f262140bbb3e7cc825e2ea53299a91c0d26fced3dd072966da7b0a23d9584a2b449f6472656802f08cbcf0bed9761549a67e8d36885a0e125cef7b14c7b7c4b1ee742f00778c77f9d3a675589af5690d1c95ededf87cea1c9f6832042b038104f631ba034b9b634040a516f6476c456e7e9a8f358d9ab86daa8127e5525556c0900a5514dc41cf045c0813bd797a2c7ef07154951b5c03a7872cb31dc08a17c3d8f223c5232b96811820f46c7bc2bbe80a3d594ce7a8a559b9123d1a964a73c4d3c0121315338d3f6070b9140b0cd4c05fe0e41cfdbcf671e3089a7da00db164dce8eafcae8b92f7cdcca04ef1f5b58b82a4f2721289b6661cd4bf313d28cf2de678f9c883f155c92455f10aad4e464a5e7de05bfdfdce7433349a704331b9700b17449f8f22a5119c2036648f6014a97da8bc9182643f784312320afa838ab7e8c91d8e8a35ab07b8aee1a62928d7c9e86cf33acb109440ad16e39114f57720a5874c5396191b152f39703c2799a688d32d69b333af05db2423dee064dcd153151226099f671434e1a85e96c86314665eb1aa1677d6ba94a395b5b1b2bb7ca06f0134e2a0a22cf688e2eec322909219b4c3baa9fad8f8a756cb45196a5df161a33a900218380752963c94ecef1d5d98ef22bbdd68dbede07dd92e6332f90b2ca658610fb4d0664a2c80dbab0f9975c5c554f451410bd6f602939ae595a97b4f15ad0769d941adbc5f7e078d4d0d43c6f0a6002251c01d657d7e36f5e03b128f757dfee73216879df64b025d5c584a9b19c115645016e7d7014f185418b0cc7833fb6d7b23ec0c340b032c59a912cbfd9736ad3e4c4bbf6dac47755bea46e2da3bfc68be7947d8ba33976a1d2ba6c65990645b196acf7fe580395d598461c4fb18479fdf2b46af929814e2b8568a1677c1a248ae53ad8961245cbd264e9d2502da7dc21192efd08e3b18fe50a71bc899464cff3d5f9acebc6ecae709c6a3a5984b6ec706455e29394c6db19c75bfbc6ffc32602dacd0a5b1e3ce21e74235dded934447981f27d049f88196a7ed5f780b9e0afd8c5bb877ed66efaeac35175d4eb7e92a278ce78cef16f6f006a85191758c7ef9ef127eab56ce9c88adc7b0c2178712b92565df0f8de626923202c50b7260698aec9428887a9680b8b25b1dcd177404bdb3fff31eb5a3b19e0a59ce3c4f2d267d7ff4da522918ba3469726830a276810f213f9214e3c3ad52229a208131581c5866ac37bc1bfede17bd4ee526c170e503ea3c0fe11c05c6adecc9a91b32a3c4d922335acef2a4ca1fed3bd1320f40ef20d2e40eb542000602e65f16671d6fcdb89d3227308da52eba13562e4c6e10829085466aaffde5def70ea37d2c88b5b5120aa55b394d6d2b5e26794702d182224c0f84b115876a4254fa5a669c2caf4d5abf7ec9bc83efbe3349636a0fd71cd2edae3e88bf00d055a2c14cc7310202729314f0759ed3ba6c105a6499b344a02c71022729d13193538967bb1559b13a42e011f153cf7d570499c53b1df1b1cad1693fcd0a72b4fb723bc84bd0d3827c78560ebfc6e911493e9723b3c50d51fc249056c19286a19710478166c63f314886b350f14cf79251faa3426dbca006bf47039a7d33c5a257012b7405997030828649640123e6e26b2e1ab69d86114f3e01300d0e4f9eca05d123c8fff7ded935ee1d6d2ea36c51998551ed2d31f09309d87c21d51ae164151f4bd5ca1c77dcd27b9c0b44c640302743388b70687844d055944d4154edd1525fd3b4b09fcec473cad09fad1e2239e4176893977f7966aa715eedaf4f57f79cde0eea552bf346240c104d38fd351dcbb76f7974f26f8c70d978d86319beeb417c08960a1109bf87004a2de2ccebc50fb54acbad8902fcf571db0f49d19dc80eedac8724a3199fccc85dc4f834f7e9949a2e70df992f9b7b969fd2f64cb5f01849453f75553a99c0e603a2c56ce9553e2fce0f3228edb65401ac293ff0caddc8f43ca607692f10603a3397b305ae6c331fb38681c2b0f435403a49572fd98aa3f9387474c9d53e65ab7124e75068a7843a3aa63130aa556a351f4d0f3387300eebb7fc1dbe7348bf623f28598126e0423ccc9acae0dde8c1d655d80b25e255f6c52ff2248b9b1c09b977c798005792ab723d0f95e29f1fa3a49db4ae5250323fe6fdc7b9fe8cd924530e9114efcd0d2646e16508919a13c8c48166b7e8eb2afcc2c602f6a18b153192d42e23ac671c06afa271dd0cf28be1c31fdedef854460754bfa53239b5a23a403149d906557d8632270fe1248a266", 0x1000}, {&(0x7f0000001400)="83f376b7b3800ab320e0eab80588520706c38a3a9d938a9dab641f83adca6ae8cb8c79779149bea18094413ad7cff7e21e252b977b4092af9f1d979f0a235ba99de6ee7ff5755452d7c9b4efa00303122c94b2cec39822bc162f5f23", 0x5c}, {&(0x7f0000001480)="ba16c6061e2dc1d96009a06d5e93aa22e15a8bdb5228fb2fcbc5c2f238de16da0d2244b21606f0b3a670be2185d74118bcd8845cad91d49b6860736ca5d73cf4b2d0764cbd4fdc111bc680aa3e9b791d42af9aa9196b1a074e3ac0653e21c622cbb71807e6c8f64cfd63d0819127e254e466b6ee65b7ac5d01573117dc97bda545301abd17656b262bced0122385d7ff84714ab905023893de09930fdf25b952c7c3be46aae2282f7af8982c5018faeb0e06da79d2c0b86e71eaa076061ec64cebdcae2f820eaf06fdaf7b86bae41f39335021788df99d4435d8f0ac77d0f8ee9de2add98e7c25fae72359a1f4f33fcefc79876f0c0b40c6e3546c630597c0e8aa241642becb776a8c7afb0c3403f95cb0dda5a26b5e48846c60164d49edd7758357ed7de256cb35abfb20a8b56ada4e42294d54f56a0a9448186e57ccc46ac8600875d8430749e6e9de67fee5e97ae757c6da1ca261a1d0e10ffff4ab2d56f8de1d96cf34108f0d8de64c2e6961ee8fcf79c5f693042e54ccafc2f5e1fe79e2772d2068af004f29d7825dab4293ba8e9ea35a0bb751af477010f3d33622f5b37b245a184c4a3221a42d0663e14394cfa351dc6083362b3e9bf8874adb1d445a1a781e8cccebeefa50abb112377018ed69bbacd7ed9f3facf4ec34bfe7302f198c57eb7c9b31fdb2e1c63d4884dbf369edb02a4f40b9228ebfc297b525e86af6817d843a90ecf6f9cc6ba67369c821fb853daeb4ed23eafa1757e4e3d7c07d70eef99b462200a0825b3c57f96c6f196ef1c3ea9c1d00ed6b3fcf56ca469c585944b87ea02bbf1efa354c1c81836077398bf82b32ee72676d1360be88fb61a535fe1eccf949643a01da817c5e87554f38536af9e9f72f405ad250d9850c7f3bfbb2142bdbfd84b8d4c48bd147cc221636bafb89cdf9839cb78a4aef02827f886d5e15ef185b9462cb0df1bb326fb03f376316cd74836752805c64924584a8665f87bb58c329798228a26b7a1872be7129c1d06783437949f05282c38daaf5165e1e8479c33c58c56b7ac4ff5845be30b48bd610f17ed4c4dcbb74d61c6d3e2ebb2cacf6d43268e99c8757eee8cd1fd378fd5cf656fb485a67e46de2ad922f140cd8346d31c39d2ae7aa92de9ec7f7f9b1c010712840c044d65a4be8cfca655db7509e9c781842fad58e98704bbe866a54d3cc278aab6c86024ea2af21184448215da23aeafd66dcf4e70e6df38cf4be5512a3c0385891e8a762f1cfc64c5ecad39040e8dc3fc364ec56f3f88fefe6ce7e2500682145081901ed33e29d0c36eb763e2fd4cdd5436a8595f249d4ebfd66df3338319279fc6444da0de5665fc6a91e55fae502851374e067a892fba6733836d94cb2ecc757ce4ed764605b17eca0e956e238168492a32172af2d06206483b40179903115ec9f367c6e98367b3a72abd9e6ee5d3cb1f66909c1d8b760020dd10c090c7a0a5da784950ea2ca05127aedf11ce8c342e943ab1395801a1eab1d7ec8840b5ad103491ed4de51c5cef7108608ac8c0c5a3e72269c98936dabbdce4a677beedd313bd1b997264e9633287cecd25707b877a165526ef51518ea3a40ce5f0c57280de760f34bccf244b30964ac4fadeae338f81443e3baea3b3565cdbb967add05dc2d2ea4bbadbd3f2c48401236a3a093e064024e4d09b466fd8370776f6a61c23f3db17de6547a4436913264fd00317af6b3fe3fc5576b6dbcaffefc884ee3dd31c56e4730402e9f7be26eea4a0427b0707f2c93d9a8ab2d7e2d225be4e0b0329a204a2d6c61b1af85a8d1e1c9f191ebc578b7ad2837a107e6ba72d5c2a75a72c48e3252cd9b065c60c761948d65cc35f48c854aef0f271489773c3cbe58a02c3d8cda952dd7222a0f34093c02424848b2966ec4e3d4379684feac9c5c189d0be01f1a2d9a72b501abd979fbf75e4f20451ad85811860f1cb607a17a48c8ae0201d20949c051a3a748fe471802cc3e1ac537cf0a862a6aba3badba25bcc0d62ba37dcf6f8fcc89b4a0921d1d5a33f2f548d702bd3d2cf87bc5969d13df5e2e4cff666651f0fc2bccaa45a5ce19aa545f291c31988c53470639f4e74408be388a0cde5a6030951db7cb87828e3c702a22a196b2c43a29d01e854a6193eab2266cb8898019c6bc45b76469a4618bb9ad857605a6e01fb5369daceb88051afb840ae82abc91ba0d9e00cd8fd9c7cfa7a9df86386f99fb6097add098fd3ae04051938dc2db5dae506a3e002960921ef76f24bfe0ad4c445bdd438f92e90bb592735d3452cdea337b0ab2d1f6aa86824b75dabcd68824ef732a1503b8aa850403d85a7ded9f6d66b450152f30f59296318bf1ec447d1cdf406bc152657d109c0e270f1d0f56a4e9d8ef39b14c33c2d249cd306916a36b08223934716fdd84994810243119919ae48bc32ca342836f6be616a6ed65b9d44706141507ea1405db70d2624689107d657e98fb109da036f2f2a2718221223e1a1bd1521d9843180919760750cf3b6d71f768fc67c65d97378a4606d1bbd8ce227a22433bd4e113cbed7cedc327828c359afa6c2ede5086054c767abee66982e9267a5bafcb8c6115b385dba5f47f9fda290013903e82473f08f0c213b955b5065a7de96b23854572ce2a0a44090e19aef60a62ec6173b3fd467e38d5eb00f522d482f16d43cb6c2ddcbe3a69ee2856bff6cf8bdd654d38ebd039cce703378e7d8ec9d98c6b6db4eb365dc87dc6d9abf3016b7af65ba18052e457daa68cd43978206f73385ee890db7054ad4f84433edebd24e50eea6ad4e2e868563f0972a220f3a8793345bccc3819e91778f7af7925eaae5c144e0316d2198b989a169496a7cf38d4a9cac35df7c81d45ee5291b10aa4cf72e53ab69d4bfb0fbede538d789a6a722d9304da3cf566d6466d370cc9ca4e47cd89e0a2fbbd1f4ca509f5bf0fe07ca13360162358453dd6825919469a1807de46e2315ac8d240d6267157b8bac8aa47865df1d26dfa6675a84c94d31c714b11e1530f8410fe2054a00febe92ecfe594b74e74668eae81516662927dba03c1d55081460a9b14d6bc4472d88823b757a3a023daa02e783d64c68fc360e6dee7ccca03edfe8bab5a5a1ca82b131e06d144fa0ce0665613c5428b2d747707b583d3406ae3e46bdc504a1184d8a833b109d3279eb9706fd8bb43e643de77d8577009d7aa29d752fec30bd55bf6138eb990ac00c2915ea025f929a9a7f0ba7e6e9709ea21dd8d96a6c4f9865b91be99d444d841e1c2bf4fe65c2041d76fed72045d97166f167445220b0cc4ac260c53d0df634eb89de67d6b9082932f1a73258d7978b1d1014c154ae7ae59a47c5761b5e95afbdf264a63e2484826f6adc52ab131a7ae4cba8909f7416d46632562f696948f4db534234ffd7a0d17c792771fc8c951c3969ffb6bda24fc0f4dcc1567e17e1c841b0da8204e9ab16239f277624db76a34dea622e03668ff7780e57866405bd138ed8832715ad6649f26b644c2151133315b8093649d91fe18772d699adc37754083354f11489a8ab3ffad2f68298194b08debf15c3f11882aea7b6cf467204a954317ddc2895b8b889c35a2078f240ba25c6312b1847cd4cf357c2a339fdd0b41480a6d6806fa72480a9fcf9c56f829e72c4c96a1384fb25f4a49120d66acd6ca5b2ce3ac5f0b2385bc5b9f323e7e3c789cbbb4b897f7291ca9c4b01af4c64e227c945f43dd682d9cab352d6205855b403595c4965ff106267984255f95245f3ab326f77e70ce88da7e70ee2c44dd61182e582fe16f491f170c87a1589c6afcb2d9b9f741a9b0a7562993672d6fbfc4ffb676d67a6124c023b9f2ac400d943dc825b1131d46ab114c0c5401eab2523d244871993191ae76738a10e413a7a9c882a5c10e41e5eef861aaf5e86d5bb188f6878ed064e704dffd8b88d0e6bfcc21b78b2d196999a3d817ed4b614bdc33eb4e8241a2881de47834b3b054a8d9d41e1782c3ba2577c7080144ad83dfb6721e75242d754ab9500cf621b3d380a62920c7a09dbc6e5d7b36f53dc222697e6f8380f4337fe1706ae17f7cd0ea59c3ea7ffe0afb5bd9b2c1a0d10c64421fb2feb06fff092a0508d6ee892e69ce01a6dec63d02f4e5aaf27f32de9667f629bd2c3bcf50286c198a7d9334018ac4be0ca82c19b514d69b72f1dc4f327fac2fd2141ccdb425cf422858094bd281f51d16c9bba42601dab8c3a94ab7d07e1c5e71b4438982aebb0b5eb3f174716e4a977e429ff2596bc196ab9fc63d06022fadddf96c5e21a12de866e1fe452ec05dc9eb7836a3032fae1fff996618ef02eb1e9d2a01ff5ead0e50d2991b59fc66b2a1a7ad6bd8d6b5b2fc5e82849febf8736ab90d057a97162757b775df802ead4760172cb3a2aa743fbde543040ba3501bfc013ad9adb291f9fb80e5a62070aab7898ac804c697d1f6083dfcf27eb51ed7797ece8cdb621cace0568691d54d3798e1fdbd3ff97a6d7131007a1ff929fd0624facfc5f28a99961df9a5df7d28a8745cd593f797fb34d5cb25ad034f90a1bd023c4820c8d569cc6d929b0d8613e39aa1f5203699621369acaa56f5b480ffe3fba27209f039ea9839aacad0c43bf5deb282d0eef6b0792d2bdae78e70e55f9b8f75e05acd4b884d30dfcbb7d3c5a75bcb18d9ac461719e2d7990d3727d995edcc89b078ed1adaaa0f43bfbc200a9b43f8b2dbf226b171cb54fbe3e528adfd5165f4e4d2b44970e643abd5f60fafd00c1b13828fab3ba6580d46afd78a75161aa2129f223a307bd926c2c4418f937437dbc923f265dbccfb929f59fc946bd2f693bd751687083a5913ecb530a62e09c7b04e9de60f9f1c4123a85f87d582d1164f541c326426efb72a810c7041adfc7eac4d1a97658f4608f4992f9a1d404b12f2cb5914ebca7a154535062d7f1f7afa81ecbc462ac431437e2e326c1aeb55024d9fa59036a28d19718399df241e4e018ad968b00ce51f948bb9dca8662b311f9bdebd9f3f1f1c93b7a86d1b8ffaa91ea837a2fa10e12124bf22bc1ae95271d62de034a6616ce65c0b30a2590aa9ceb2049544549eeff4926eb98e768c9f27f9b4adf66475d56c7c2a08ed585797f895d0a793d72b200a0692e37113fc11df7de91580e0b14d698ebeef45f4054ad2df061b4843266adf9bd8c029dd30927e92d505ca235012e91dce2cbbb2f8fa1e749d41294ded3dba37b89570551c9ea17381bd54177e25c774f99987dfb582ca312e7b08beddd965ad9c6e85181492c8f880e627c84af7894289d93f4f0bc8f7d59cbbd020acbcc08352412884e29ef7f4784f7998a94770119905bf08ba518337000adf9f0aa314be1aeba39308212473fb5a9f5b3aa67c3d8d30995ad10fa08df42fd6549b73f4e7b865acbdac30b8ab5bf0576bcf7aae8eb65b30432ecced13cb4d17cd0975d69306612557da098cc954769f358e88872e3c388953b1827dd97c859bed15ef03975711965d3db733870bb0026122b36d3be65e9a45d8a36daa96c2c1c7f8ca2f4027cc266dcd9b379f69b694365d0015efde987c49e8ccd57745b0f8f1d4c2de3e18b212e360f64b83688113dd975d23fee38e8c7f04ecabbc87034dff53247dd4bba8701155cc9d6d43cd9d43ee59b28c6f61af15ac88c9a4c1a3d98ca316f21ce2e2d6d3bbdebe8a9211d25728e716d36f0872cfb3eb65a84216368937c58894b9f88c948b8b68d28c1c3d43c6f95a3f40265ce54004a0d0c115f104eb80ae70d6bdcbb69a1c2193584e43c11f1588391d", 0x1000, 0x6}, {&(0x7f0000002480)="981737822f01bd2dbde9c74a2f83cf3ab271de4d70968f4717a0404976290b17a3bd26ac1aad1d12e819e1f07ee3a118b83a25db0c3183bb40", 0x39, 0x101}, {&(0x7f00000024c0)="ab124343d72d5da37984974a7a9a8bca692333de263a71ca2630169c4e3c34ad0b3225529383a86d0f09e80fc68a243b146dc7403f0846060a697b588b1b2afc583efea264b6e155a18891e36a94d108e3fe4cbcb23cc3009d765c28aba3888c11c4adcdf48b4d983ee0a72b1b9eaa8cc62a9f8d34c0489d94cfced9525bccbc5fbf95e21ecf69e05d8e6e555fe666962db4afff3a812d41d8421755bd964d94da1b1d2ba7f7adc63f707709fd", 0xad, 0x1}, {&(0x7f0000002580)="c3384a160dd77e92f2bd4e296ef07edf98db7b464475c9d51aa48912afe0c9a01257327df1829cb2bbd0459110e8f18455a933bb33496b9a9c06714219615297eaab428174b2ff1f7096488f8fc04e00193c21ec82d955119331cb15187a8cf2d28e888de6a750855d46e8a298739909722d9c97", 0x74, 0x3}], 0x10, &(0x7f0000002700)={[{@nouuid='nouuid'}], [{@smackfsroot={'smackfsroot', 0x3d, 'keyringproc'}}, {@dont_hash='dont_hash'}, {@smackfstransmute={'smackfstransmute', 0x3d, '/dev/udmabuf\x00'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '/dev/udmabuf\x00'}}, {@dont_hash='dont_hash'}, {@euid_eq={'euid', 0x3d, r1}}]}) [ 2503.587446][T13954] CPU: 1 PID: 13954 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2503.595118][T13954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2503.605175][T13954] Call Trace: [ 2503.608463][T13954] dump_stack+0x172/0x1f0 [ 2503.612782][T13954] should_fail.cold+0xa/0x15 [ 2503.617371][T13954] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2503.623191][T13954] ? ___might_sleep+0x163/0x280 [ 2503.628136][T13954] __should_failslab+0x121/0x190 [ 2503.633081][T13954] should_failslab+0x9/0x14 [ 2503.637582][T13954] kmem_cache_alloc_trace+0x2d1/0x760 [ 2503.642937][T13954] ? rcu_read_lock_sched_held+0x110/0x130 [ 2503.648635][T13954] ? __kmalloc+0x5d5/0x740 [ 2503.653031][T13954] alloc_workqueue_attrs+0x82/0x120 [ 2503.658208][T13954] apply_wqattrs_prepare+0xbb/0x970 [ 2503.663390][T13954] apply_workqueue_attrs_locked+0xcb/0x140 [ 2503.669171][T13954] apply_workqueue_attrs+0x31/0x50 [ 2503.674279][T13954] alloc_workqueue+0x84c/0xe70 [ 2503.679049][T13954] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 2503.684760][T13954] ? __init_waitqueue_head+0x36/0x90 [ 2503.690027][T13954] hci_register_dev+0x209/0x860 [ 2503.694871][T13954] __vhci_create_device+0x2d0/0x5a0 [ 2503.700046][T13954] vhci_write+0x2d0/0x470 [ 2503.704372][T13954] new_sync_write+0x4c7/0x760 [ 2503.709039][T13954] ? default_llseek+0x2e0/0x2e0 [ 2503.714050][T13954] ? copy_page_to_iter+0x47b/0xd00 [ 2503.719152][T13954] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2503.725366][T13954] ? put_page+0xce/0x130 [ 2503.729592][T13954] __vfs_write+0xe4/0x110 [ 2503.733905][T13954] __kernel_write+0x110/0x3b0 [ 2503.738559][T13954] write_pipe_buf+0x15d/0x1f0 [ 2503.743211][T13954] ? do_splice_direct+0x2a0/0x2a0 [ 2503.748210][T13954] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2503.754425][T13954] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2503.760468][T13954] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2503.766695][T13954] __splice_from_pipe+0x39a/0x7e0 [ 2503.771700][T13954] ? do_splice_direct+0x2a0/0x2a0 [ 2503.776702][T13954] ? do_splice_direct+0x2a0/0x2a0 [ 2503.781700][T13954] splice_from_pipe+0x108/0x170 [ 2503.786525][T13954] ? splice_shrink_spd+0xd0/0xd0 [ 2503.791445][T13954] default_file_splice_write+0x3c/0x90 [ 2503.796878][T13954] ? generic_splice_sendpage+0x50/0x50 [ 2503.802328][T13954] direct_splice_actor+0x126/0x1a0 [ 2503.807432][T13954] splice_direct_to_actor+0x369/0x970 [ 2503.812780][T13954] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2503.818302][T13954] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2503.824517][T13954] ? do_splice_to+0x190/0x190 [ 2503.829184][T13954] ? rw_verify_area+0x118/0x360 [ 2503.834021][T13954] do_splice_direct+0x1da/0x2a0 [ 2503.838854][T13954] ? splice_direct_to_actor+0x970/0x970 [ 2503.844383][T13954] ? rw_verify_area+0x118/0x360 [ 2503.849209][T13954] do_sendfile+0x597/0xd00 [ 2503.853608][T13954] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2503.858886][T13954] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2503.865126][T13954] ? _copy_from_user+0xdd/0x150 [ 2503.869981][T13954] __x64_sys_sendfile64+0x15a/0x220 [ 2503.875158][T13954] ? __ia32_sys_sendfile+0x230/0x230 [ 2503.880420][T13954] ? do_syscall_64+0x26/0x610 [ 2503.885081][T13954] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2503.890352][T13954] ? trace_hardirqs_on+0x67/0x230 [ 2503.895352][T13954] do_syscall_64+0x103/0x610 [ 2503.899923][T13954] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2503.905788][T13954] RIP: 0033:0x457f29 [ 2503.909660][T13954] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2503.929238][T13954] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 04:12:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x800, 0x0) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000040)='syz0\x00') ioctl$SIOCRSSCAUSE(r1, 0x89e1, &(0x7f0000000100)=0x7) [ 2503.937625][T13954] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2503.945570][T13954] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2503.953518][T13954] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2503.961462][T13954] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2503.969408][T13954] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2503.987688][T13954] Bluetooth: Can't register HCI device [ 2504.072171][T14110] binder: 14107:14110 ioctl c018620c 20000240 returned -1 04:12:00 executing program 5 (fault-call:5 fault-nth:21): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:12:00 executing program 2: r0 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0x0, 0x6, 0x8}, 0xc) ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f0000000040)) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2504.116693][T14106] XFS (loop4): unknown mount option [smackfsroot=keyringproc]. [ 2504.128655][T14110] binder: 14107:14110 ioctl c018620c 20000240 returned -1 04:12:00 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000140)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) fadvise64(r0, 0x0, 0xb, 0x8005) openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0) 04:12:00 executing program 4: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ubi_ctrl\x00', 0x101000, 0x0) setsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f00000001c0)=0x8, 0x4) r1 = accept4$x25(0xffffffffffffffff, &(0x7f0000000040)={0x9, @remote}, &(0x7f0000000080)=0xfffffffffffffe55, 0x800) getsockopt$IP_VS_SO_GET_SERVICE(r1, 0x0, 0x483, &(0x7f00000000c0), &(0x7f0000000140)=0x68) bind$x25(r1, &(0x7f0000000280)={0x9, @null=' \x00'}, 0xfffffffffffffd75) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r1, 0x4b47, 0x0) signalfd(r0, &(0x7f0000000200)={0xea}, 0x8) 04:12:00 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed8a, 0x2) [ 2504.251308][T14310] binder_ioctl_get_node_info_for_ref: 8 callbacks suppressed [ 2504.251315][T14310] binder: 14291 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2504.251327][T14310] binder: 14291:14310 ioctl c018620c 20000240 returned -22 04:12:01 executing program 1: fcntl$getownex(0xffffffffffffff9c, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x10, &(0x7f0000000040)={0x3}) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2504.338170][T14292] FAULT_INJECTION: forcing a failure. [ 2504.338170][T14292] name failslab, interval 1, probability 0, space 0, times 0 [ 2504.368933][T14292] CPU: 0 PID: 14292 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2504.369514][ C1] net_ratelimit: 18 callbacks suppressed [ 2504.369522][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2504.376615][T14292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2504.376622][T14292] Call Trace: [ 2504.376652][T14292] dump_stack+0x172/0x1f0 [ 2504.382348][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2504.387978][T14292] should_fail.cold+0xa/0x15 [ 2504.398100][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2504.401273][T14292] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2504.401296][T14292] ? ___might_sleep+0x163/0x280 [ 2504.405616][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2504.411293][T14292] __should_failslab+0x121/0x190 [ 2504.411316][T14292] should_failslab+0x9/0x14 [ 2504.437906][T14292] kmem_cache_alloc_trace+0x2d1/0x760 [ 2504.437926][T14292] ? rcu_read_lock_sched_held+0x110/0x130 [ 2504.458395][T14292] ? __kmalloc+0x5d5/0x740 [ 2504.462836][T14292] alloc_workqueue_attrs+0x82/0x120 [ 2504.462854][T14292] apply_wqattrs_prepare+0xbb/0x970 [ 2504.462877][T14292] apply_workqueue_attrs_locked+0xcb/0x140 [ 2504.479035][T14292] apply_workqueue_attrs+0x31/0x50 [ 2504.484162][T14292] alloc_workqueue+0x84c/0xe70 [ 2504.488940][T14292] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 2504.494675][T14292] ? __init_waitqueue_head+0x36/0x90 [ 2504.499972][T14292] hci_register_dev+0x209/0x860 [ 2504.504829][T14292] __vhci_create_device+0x2d0/0x5a0 [ 2504.510028][T14292] vhci_write+0x2d0/0x470 [ 2504.514370][T14292] new_sync_write+0x4c7/0x760 [ 2504.519058][T14292] ? default_llseek+0x2e0/0x2e0 [ 2504.523925][T14292] ? copy_page_to_iter+0x47b/0xd00 [ 2504.529051][T14292] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2504.535290][T14292] ? put_page+0xce/0x130 [ 2504.539545][T14292] __vfs_write+0xe4/0x110 [ 2504.543883][T14292] __kernel_write+0x110/0x3b0 [ 2504.545634][T14438] binder: 14427 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2504.545647][T14438] binder: 14427:14438 ioctl c018620c 20000240 returned -22 [ 2504.548562][T14292] write_pipe_buf+0x15d/0x1f0 [ 2504.548579][T14292] ? do_splice_direct+0x2a0/0x2a0 [ 2504.548597][T14292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2504.548608][T14292] ? splice_from_pipe_next.part.0+0x255/0x2f0 04:12:01 executing program 2: ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000100)={0xffffffffffffffff}) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000140)=@req3={0x101, 0x1000, 0x8000, 0xfee, 0xffffffff, 0x8, 0x3}, 0x1c) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x4a0001, 0x0) ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f0000000080)={0x8, &(0x7f0000000040)=[{0x8, 0x1}, {0x200, 0x10001}, {0x401, 0x7fffffff}, {0x8, 0x3}, {0x3f, 0x2f4}, {0x5, 0x1f}, {0x3, 0x1}, {0x100000000, 0x800}]}) ioctl$BINDER_WRITE_READ(r1, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xcc, 0xe4, 0x6, {"6f6b3ee134a00689d5705042affc94361a5cd8558e347879802b55a3a895b2d9a906da7d1052adaffcd99fd1e17e345ccf86adcea58e13ad5c19bf6c5ae87dd8fdfd8bd198dff0730ce2e36210804ce0c158a0f853b378719fa5c2f55fffd4fc651d3bc4b01ae08cbbce427ed665c46b33010fc743978e20ad2b24c9754e1a782776f6edb8533c46ab4e8a3ae70fa9957e92730ea8bff0efddf5f5cb0e5a29acb1820b4b5dd87f8ff9983d1225b31d09c6819ae791a36b93409d115acb6144ea8dca188cd71a87fe1140b639"}}, {0x0, "099362a00ea74152a20c388eb5da15e74ae74a5d83a4334ec0bfa4d8245459963ed3e37146a650d8688089411765772a734932ef7507f92f1b1ded3d0554b29be2fee9b2aec6b3e9460cc3d51efd87ca9709cb615b03b5290a9b2f76154192f27272e96dc99eb8b4bcde701f796f76acfcca3cc23e06a9c45f10ff57e66c1959393006d2d0e071aa6ae910b2d30d0df39e53c3bd15f2d67d8c5ff807e396a3911219e30d8ed8946736b1aa20b011d9d5487a25af7a77c573aa808e5d43a6bdf035c9e4a4ef65f38e33089782282db5f1ad41147989ba88d386b1d5e87cb0f64ccc6aad66c11d96de0ac6bf087cbc408745169023fe"}}, &(0x7f0000000180)=""/150, 0x1db, 0x96, 0x1}, 0x20) 04:12:01 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) ioctl$RTC_AIE_ON(r1, 0x7001) getxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='trusted.overlay.redirect\x00', &(0x7f00000000c0)=""/118, 0x76) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) [ 2504.548620][T14292] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2504.548636][T14292] __splice_from_pipe+0x39a/0x7e0 [ 2504.548649][T14292] ? do_splice_direct+0x2a0/0x2a0 [ 2504.548674][T14292] ? do_splice_direct+0x2a0/0x2a0 [ 2504.578448][T14438] binder: 14427 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2504.578461][T14438] binder: 14427:14438 ioctl c018620c 20000240 returned -22 [ 2504.580314][T14292] splice_from_pipe+0x108/0x170 [ 2504.580333][T14292] ? splice_shrink_spd+0xd0/0xd0 [ 2504.580362][T14292] default_file_splice_write+0x3c/0x90 [ 2504.580374][T14292] ? generic_splice_sendpage+0x50/0x50 [ 2504.580389][T14292] direct_splice_actor+0x126/0x1a0 [ 2504.580407][T14292] splice_direct_to_actor+0x369/0x970 [ 2504.580422][T14292] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2504.580444][T14292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2504.592717][T14292] ? do_splice_to+0x190/0x190 [ 2504.602717][T14292] ? rw_verify_area+0x118/0x360 [ 2504.602734][T14292] do_splice_direct+0x1da/0x2a0 [ 2504.602751][T14292] ? splice_direct_to_actor+0x970/0x970 04:12:01 executing program 2: getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, 0x0, &(0x7f0000000240)) r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) [ 2504.602774][T14292] ? rw_verify_area+0x118/0x360 [ 2504.602799][T14292] do_sendfile+0x597/0xd00 [ 2504.602818][T14292] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2504.602838][T14292] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2504.602855][T14292] ? _copy_from_user+0xdd/0x150 [ 2504.602873][T14292] __x64_sys_sendfile64+0x15a/0x220 [ 2504.602895][T14292] ? __ia32_sys_sendfile+0x230/0x230 [ 2504.660514][T14292] ? do_syscall_64+0x26/0x610 [ 2504.660534][T14292] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2504.660551][T14292] ? trace_hardirqs_on+0x67/0x230 [ 2504.660569][T14292] do_syscall_64+0x103/0x610 [ 2504.660589][T14292] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2504.660601][T14292] RIP: 0033:0x457f29 [ 2504.660616][T14292] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2504.660622][T14292] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2504.660634][T14292] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 04:12:01 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x2, 0x18) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000080)={0x3f, 0xb4}) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@empty, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@dev}}, &(0x7f0000000240)=0xe8) r3 = getuid() getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000280)={{{@in6=@dev, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in6=@initdev}}, &(0x7f0000000380)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000003c0)={{{@in, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@initdev}}, &(0x7f00000004c0)=0xe8) r6 = getuid() fstat(r0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000640)={{{@in=@multicast1, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6}}, &(0x7f0000000740)=0xe8) stat(&(0x7f0000000780)='./file0\x00', &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r11 = getegid() r12 = getegid() fstat(r0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r14 = getegid() getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000008c0)={0x0, 0x0, 0x0}, &(0x7f0000000900)=0xc) lsetxattr$system_posix_acl(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000100)='system.posix_acl_default\x00', &(0x7f0000000940)={{}, {0x1, 0x5}, [{0x2, 0x0, r2}, {0x2, 0x6, r3}, {0x2, 0x6, r4}, {0x2, 0x0, r5}, {0x2, 0x6, r6}, {0x2, 0x4, r7}, {0x2, 0x4, r8}, {0x2, 0x6, r9}], {0x4, 0x5}, [{0x8, 0x6, r10}, {0x8, 0x3, r11}, {0x8, 0x0, r12}, {0x8, 0x5, r13}, {0x8, 0x4, r14}, {0x8, 0x4, r15}], {}, {0x20, 0x4}}, 0x94, 0x1) [ 2504.660643][T14292] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2504.660650][T14292] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2504.660658][T14292] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2504.660667][T14292] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2504.686125][T14292] Bluetooth: Can't register HCI device [ 2504.769398][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2504.797149][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2504.840931][T14480] binder: 14442:14480 ioctl c018620c 20000240 returned -1 [ 2504.851848][T14481] binder: 14479 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2504.851861][T14481] binder: 14479:14481 ioctl c018620c 20000240 returned -22 [ 2504.870894][T14570] binder: 14479 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2504.870906][T14570] binder: 14479:14570 ioctl c018620c 20000240 returned -22 04:12:01 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed8b, 0x2) 04:12:01 executing program 3: ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000040)=0x0) ptrace$getenv(0x4201, r0, 0x8, &(0x7f0000000080)) r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f00000002c0)) [ 2504.929401][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2504.935204][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:12:01 executing program 5 (fault-call:5 fault-nth:22): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:12:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x4, 0x0) write$FUSE_BMAP(r1, &(0x7f0000000040)={0x18, 0xfffffffffffffffe, 0x3, {0xf0}}, 0x18) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:12:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) unlink(&(0x7f0000000000)='./file0\x00') mincore(&(0x7f0000ffb000/0x4000)=nil, 0x4000, &(0x7f0000000100)=""/194) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x734d5f6e25ffa951, 0x0, 0x0, 0xf0607924, 0x0, 0x0}) 04:12:01 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x200, 0x482802) getsockopt$inet_sctp_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f0000000080), &(0x7f00000000c0)=0x8) [ 2505.056300][T14663] binder: 14659 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2505.056314][T14663] binder: 14659:14663 ioctl c018620c 20000240 returned -22 [ 2505.143889][T14742] binder: 14677 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2505.143905][T14742] binder: 14677:14742 ioctl c018620c 20000240 returned -22 [ 2505.148930][T14720] FAULT_INJECTION: forcing a failure. [ 2505.148930][T14720] name failslab, interval 1, probability 0, space 0, times 0 04:12:01 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed8c, 0x2) 04:12:01 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) r1 = dup(r0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000040)={{0xf10c, 0x5, 0x6, 0x9}, 'syz0\x00', 0x35}) 04:12:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x84, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0)='TIPCv2\x00') sendmsg$TIPC_NL_SOCK_GET(r1, &(0x7f0000000600)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0x354, r2, 0x0, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}]}, @TIPC_NLA_BEARER={0xa8, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x9, @loopback, 0x67e}}, {0x14, 0x2, @in={0x2, 0x4e24, @loopback}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x5}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @empty}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x0, @mcast2, 0x6}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xc7}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}]}, @TIPC_NLA_NODE={0x18, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}]}, @TIPC_NLA_NODE={0x24, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x55234152}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x800}]}, @TIPC_NLA_MEDIA={0x100, 0x5, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7ff}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}]}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffffffffffb}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}]}, @TIPC_NLA_LINK={0x54, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_NET={0x24, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0xfffffffffffffff9}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x300000000}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x6}]}, @TIPC_NLA_SOCK={0x8, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_LINK={0xb4, 0x4, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9c}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xf8a}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xeb0}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8000}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}]}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}]}]}, 0x354}, 0x1, 0x0, 0x0, 0x44000}, 0x48004) r3 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) ioctl$VIDIOC_G_JPEGCOMP(r3, 0x808c563d, &(0x7f0000000100)) 04:12:01 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040)='/dev/udmabuf\x00', 0x2) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = accept4$unix(0xffffffffffffff9c, &(0x7f0000000080), &(0x7f0000000100)=0x6e, 0x80800) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000140)=0x80, 0x4) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) [ 2505.209522][T14720] CPU: 0 PID: 14720 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2505.217197][T14720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2505.227255][T14720] Call Trace: [ 2505.230562][T14720] dump_stack+0x172/0x1f0 [ 2505.234895][T14720] should_fail.cold+0xa/0x15 [ 2505.239481][T14720] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2505.245294][T14720] ? ___might_sleep+0x163/0x280 [ 2505.250157][T14720] __should_failslab+0x121/0x190 [ 2505.255105][T14720] should_failslab+0x9/0x14 [ 2505.259616][T14720] kmem_cache_alloc_node+0x264/0x710 [ 2505.264916][T14720] alloc_unbound_pwq+0x4c5/0xcf0 [ 2505.269868][T14720] apply_wqattrs_prepare+0x35e/0x970 [ 2505.275172][T14720] apply_workqueue_attrs_locked+0xcb/0x140 [ 2505.280993][T14720] apply_workqueue_attrs+0x31/0x50 [ 2505.286107][T14720] alloc_workqueue+0x84c/0xe70 [ 2505.290884][T14720] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 2505.296610][T14720] ? __init_waitqueue_head+0x36/0x90 [ 2505.301901][T14720] hci_register_dev+0x209/0x860 04:12:02 executing program 1: r0 = pkey_alloc(0x0, 0x2) pkey_mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000000, r0) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/mls\x00', 0x0, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x84000010}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x300, 0x70bd28, 0x25dfdbfb, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004800}, 0x8001) r3 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2505.301925][T14720] __vhci_create_device+0x2d0/0x5a0 [ 2505.301943][T14720] vhci_write+0x2d0/0x470 [ 2505.311953][T14720] new_sync_write+0x4c7/0x760 [ 2505.311970][T14720] ? default_llseek+0x2e0/0x2e0 [ 2505.311990][T14720] ? copy_page_to_iter+0x47b/0xd00 [ 2505.312010][T14720] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2505.312029][T14720] ? put_page+0xce/0x130 [ 2505.341374][T14720] __vfs_write+0xe4/0x110 [ 2505.345729][T14720] __kernel_write+0x110/0x3b0 [ 2505.350410][T14720] write_pipe_buf+0x15d/0x1f0 [ 2505.350427][T14720] ? do_splice_direct+0x2a0/0x2a0 [ 2505.350446][T14720] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2505.350460][T14720] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2505.350473][T14720] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2505.350490][T14720] __splice_from_pipe+0x39a/0x7e0 [ 2505.350503][T14720] ? do_splice_direct+0x2a0/0x2a0 [ 2505.350521][T14720] ? do_splice_direct+0x2a0/0x2a0 [ 2505.366408][T14720] splice_from_pipe+0x108/0x170 [ 2505.366427][T14720] ? splice_shrink_spd+0xd0/0xd0 [ 2505.366456][T14720] default_file_splice_write+0x3c/0x90 [ 2505.366468][T14720] ? generic_splice_sendpage+0x50/0x50 [ 2505.366482][T14720] direct_splice_actor+0x126/0x1a0 [ 2505.366500][T14720] splice_direct_to_actor+0x369/0x970 [ 2505.366515][T14720] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2505.366541][T14720] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2505.378804][T14720] ? do_splice_to+0x190/0x190 [ 2505.378825][T14720] ? rw_verify_area+0x118/0x360 [ 2505.378843][T14720] do_splice_direct+0x1da/0x2a0 [ 2505.378860][T14720] ? splice_direct_to_actor+0x970/0x970 [ 2505.378882][T14720] ? rw_verify_area+0x118/0x360 [ 2505.378899][T14720] do_sendfile+0x597/0xd00 [ 2505.378924][T14720] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2505.378944][T14720] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2505.388951][T14720] ? _copy_from_user+0xdd/0x150 [ 2505.388979][T14720] __x64_sys_sendfile64+0x15a/0x220 [ 2505.388998][T14720] ? __ia32_sys_sendfile+0x230/0x230 [ 2505.389013][T14720] ? do_syscall_64+0x26/0x610 [ 2505.389029][T14720] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2505.389047][T14720] ? trace_hardirqs_on+0x67/0x230 04:12:02 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) [ 2505.389065][T14720] do_syscall_64+0x103/0x610 [ 2505.389084][T14720] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2505.389100][T14720] RIP: 0033:0x457f29 [ 2505.414748][T14720] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2505.414757][T14720] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2505.414773][T14720] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2505.414781][T14720] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2505.414790][T14720] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2505.414798][T14720] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2505.414807][T14720] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2505.457926][T14720] Bluetooth: Can't register HCI device [ 2505.489400][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2505.519569][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:12:02 executing program 4: openat$udambuf(0xffffffffffffff9c, &(0x7f0000000080)='/dev/udmabuf\x00', 0x2) [ 2505.552869][T14890] binder: 14871 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2505.552881][T14890] binder: 14871:14890 ioctl c018620c 20000240 returned -22 [ 2505.645639][T14909] binder: 14888:14909 ioctl c018620c 20000240 returned -1 04:12:02 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed8d, 0x2) 04:12:02 executing program 5 (fault-call:5 fault-nth:23): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2505.684131][T14890] binder: 14871 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2505.684144][T14890] binder: 14871:14890 ioctl c018620c 20000240 returned -22 04:12:02 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) open(&(0x7f0000000040)='./file0\x00', 0x800, 0x80) r1 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x2, 0x2) renameat(r1, &(0x7f0000000080)='./file0\x00', r1, &(0x7f0000000140)='./file0\x00') ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) 04:12:02 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040)='/dev/udmabuf\x00', 0x2) r1 = open(&(0x7f0000000240)='./file1\x00', 0x82000, 0x8191) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r1, 0xc08c5335, &(0x7f0000000080)={0x7bf, 0x1, 0x9, 'queue1\x00', 0x9}) ioctl$PERF_EVENT_IOC_RESET(r1, 0x2403, 0x4) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000140)=ANY=[]) openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/validatetrans\x00', 0x1, 0x0) 04:12:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x6020, 0x0) setsockopt$sock_void(r1, 0x1, 0x8024, 0x0, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000100)={0x81, {{0x2, 0x4e24, @multicast1}}}, 0x88) 04:12:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:12:02 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x101000, 0x0) [ 2505.892334][T15109] FAULT_INJECTION: forcing a failure. [ 2505.892334][T15109] name failslab, interval 1, probability 0, space 0, times 0 [ 2505.938726][T15203] binder: 15171 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2505.938740][T15203] binder: 15171:15203 ioctl c018620c 20000240 returned -22 [ 2505.943574][T15109] CPU: 0 PID: 15109 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2505.962170][T15109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2505.972223][T15109] Call Trace: [ 2505.975522][T15109] dump_stack+0x172/0x1f0 [ 2505.979868][T15109] should_fail.cold+0xa/0x15 [ 2505.984478][T15109] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2505.990297][T15109] ? ___might_sleep+0x163/0x280 [ 2505.995156][T15109] __should_failslab+0x121/0x190 [ 2505.998927][T15203] binder: 15171:15203 ioctl c018620c 20000240 returned -22 [ 2506.000097][T15109] should_failslab+0x9/0x14 [ 2506.000117][T15109] kmem_cache_alloc_node+0x264/0x710 [ 2506.000146][T15109] alloc_unbound_pwq+0x4c5/0xcf0 [ 2506.000168][T15109] apply_wqattrs_prepare+0x35e/0x970 [ 2506.000191][T15109] apply_workqueue_attrs_locked+0xcb/0x140 [ 2506.017859][T15221] binder: 15215:15221 ioctl c018620c 20000240 returned -1 [ 2506.022071][T15109] apply_workqueue_attrs+0x31/0x50 [ 2506.022089][T15109] alloc_workqueue+0x84c/0xe70 [ 2506.022112][T15109] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 2506.022133][T15109] ? __init_waitqueue_head+0x36/0x90 [ 2506.022163][T15109] hci_register_dev+0x209/0x860 [ 2506.065947][T15109] __vhci_create_device+0x2d0/0x5a0 [ 2506.071153][T15109] vhci_write+0x2d0/0x470 [ 2506.075495][T15109] new_sync_write+0x4c7/0x760 [ 2506.080183][T15109] ? default_llseek+0x2e0/0x2e0 [ 2506.085044][T15109] ? copy_page_to_iter+0x47b/0xd00 [ 2506.090172][T15109] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2506.096415][T15109] ? put_page+0xce/0x130 [ 2506.100692][T15109] __vfs_write+0xe4/0x110 [ 2506.105026][T15109] __kernel_write+0x110/0x3b0 [ 2506.109709][T15109] write_pipe_buf+0x15d/0x1f0 [ 2506.109725][T15109] ? do_splice_direct+0x2a0/0x2a0 [ 2506.109742][T15109] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2506.109756][T15109] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2506.109770][T15109] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2506.109788][T15109] __splice_from_pipe+0x39a/0x7e0 [ 2506.109801][T15109] ? do_splice_direct+0x2a0/0x2a0 [ 2506.109819][T15109] ? do_splice_direct+0x2a0/0x2a0 [ 2506.109832][T15109] splice_from_pipe+0x108/0x170 [ 2506.109848][T15109] ? splice_shrink_spd+0xd0/0xd0 [ 2506.109878][T15109] default_file_splice_write+0x3c/0x90 [ 2506.109891][T15109] ? generic_splice_sendpage+0x50/0x50 [ 2506.109906][T15109] direct_splice_actor+0x126/0x1a0 [ 2506.109926][T15109] splice_direct_to_actor+0x369/0x970 [ 2506.109943][T15109] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2506.125833][T15109] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2506.125849][T15109] ? do_splice_to+0x190/0x190 [ 2506.125868][T15109] ? rw_verify_area+0x118/0x360 [ 2506.148232][T15109] do_splice_direct+0x1da/0x2a0 [ 2506.148250][T15109] ? splice_direct_to_actor+0x970/0x970 [ 2506.148275][T15109] ? rw_verify_area+0x118/0x360 [ 2506.148293][T15109] do_sendfile+0x597/0xd00 [ 2506.148315][T15109] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2506.148335][T15109] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 04:12:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x8000, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r1, &(0x7f0000000100)="3bcf314307f5156f3f6319565d522059dfc45064b474e3933e9d1250c3a873b45a916ad03c3a699ea210034147b608b5e2c0536df3201e81514db10d5d931f1586db8a06fc716a757ba04af17d52190538741cd2d0c7c3faaf352caab308fdf527ae67d48700980f73cb17c60a0fe247514e1a89ce18e66a9d4cb568f97163564f"}, 0x10) setsockopt$inet6_udp_int(r1, 0x11, 0x66, &(0x7f0000000080)=0x71, 0x4) 04:12:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) r1 = fcntl$dupfd(r0, 0x406, r0) ioctl$VHOST_SET_VRING_ENDIAN(r1, 0x4008af13, &(0x7f0000000000)={0x0, 0x80000001}) ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0) 04:12:02 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed8e, 0x2) [ 2506.173986][T15109] ? _copy_from_user+0xdd/0x150 [ 2506.174008][T15109] __x64_sys_sendfile64+0x15a/0x220 [ 2506.174026][T15109] ? __ia32_sys_sendfile+0x230/0x230 [ 2506.196211][T15109] ? do_syscall_64+0x26/0x610 [ 2506.196228][T15109] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2506.196247][T15109] ? trace_hardirqs_on+0x67/0x230 [ 2506.216105][T15109] do_syscall_64+0x103/0x610 [ 2506.216125][T15109] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2506.216141][T15109] RIP: 0033:0x457f29 04:12:03 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = fcntl$getown(r0, 0x9) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock\x00', 0x100, 0x0) perf_event_open(&(0x7f0000000040)={0x4, 0x70, 0x7fffffff, 0x3, 0x0, 0x6, 0x0, 0x1, 0x10, 0x2, 0x2, 0x5, 0x0, 0x0, 0xff, 0x3a2d, 0x3, 0x6, 0x100000000, 0xfffffffffffffff8, 0x4141, 0x9, 0x12d, 0x5, 0xc0cc, 0x1, 0x0, 0x1f, 0x7, 0x4, 0x581c1d86, 0x3, 0xf8, 0x4, 0x4, 0x400, 0xffff, 0xffffffffffffff82, 0x0, 0x7f9b, 0x1, @perf_config_ext={0x40}, 0x4000, 0x2, 0xb60, 0x7, 0x4499, 0x0, 0x8}, r1, 0xf, r2, 0x8) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) [ 2506.281419][T15109] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2506.301026][T15109] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2506.310606][T15109] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2506.310616][T15109] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2506.310624][T15109] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 04:12:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x6c, 0x0, 0x0}) [ 2506.310633][T15109] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2506.310658][T15109] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2506.313285][T15109] Bluetooth: Can't register HCI device [ 2506.333121][T15229] binder: 15228:15229 ioctl c018620c 20000240 returned -1 [ 2506.340763][T15230] binder: 15225:15230 ioctl c018620c 20000240 returned -22 [ 2506.342146][T15230] binder: 15225:15230 ioctl 4008af13 20000000 returned -22 [ 2506.342234][T15230] binder: 15225:15230 ioctl af01 0 returned -22 [ 2506.342323][T15230] binder: 15225:15230 ioctl af02 0 returned -22 [ 2506.343056][T15229] binder: 15228:15229 ioctl c018620c 20000240 returned -1 [ 2506.345689][T15230] binder: 15225:15230 ioctl c018620c 20000240 returned -22 [ 2506.345772][T15230] binder: 15225:15230 ioctl 4008af13 20000000 returned -22 [ 2506.354039][T15241] binder: 15225:15241 ioctl af01 0 returned -22 04:12:03 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) prctl$PR_SET_SECUREBITS(0x1c, 0x6c77e6364fefb2c7) 04:12:03 executing program 5 (fault-call:5 fault-nth:24): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:12:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0\x00', 0x10000, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000100)=0x8, 0x4) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current\x00', 0x2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x1, 0x0) 04:12:03 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed8f, 0x2) 04:12:03 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x6, 0x48000) ioctl$RNDADDENTROPY(r1, 0x40085203, &(0x7f0000000080)={0x80, 0x7c, "f032094a5473c13e9af2bd47ad2173e95463417796a493388a11b377df93dae089b31d5cf2101fe7df794d2fdd8977a0912d51f4a115e57475599d24688e937e1cd59cf2ec0f216c1f4310dea85382bbcac270ab185b1e3d20d818ef71584ba66e15b221d070a1ea5f717733a548ac6c3d785db6ea31e65f589ce276"}) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) [ 2506.354131][T15230] binder: 15225:15230 ioctl af02 0 returned -22 [ 2506.609181][T15468] binder: 15443:15468 ioctl c018620c 20000240 returned -1 [ 2506.640723][T15496] binder: 15448:15496 ioctl c018620c 20000000 returned -22 04:12:03 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)={0x0, 0x1b8}) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0) 04:12:03 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x20000, 0x0) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000080)={0x0}) ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f00000000c0)={0x0, 0x0}) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000140)={0x8001, 0x0, 0x2, 0xb3}) ioctl$DRM_IOCTL_SG_FREE(r1, 0x40106439, &(0x7f0000000180)={0x4, r4}) ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000100)={r2, r3}) [ 2506.741626][T15545] FAULT_INJECTION: forcing a failure. [ 2506.741626][T15545] name failslab, interval 1, probability 0, space 0, times 0 [ 2506.763836][T15545] CPU: 0 PID: 15545 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2506.771506][T15545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2506.781562][T15545] Call Trace: [ 2506.784861][T15545] dump_stack+0x172/0x1f0 [ 2506.789211][T15545] should_fail.cold+0xa/0x15 [ 2506.793816][T15545] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2506.799646][T15545] ? ___might_sleep+0x163/0x280 [ 2506.804513][T15545] __should_failslab+0x121/0x190 [ 2506.809461][T15545] should_failslab+0x9/0x14 [ 2506.813969][T15545] kmem_cache_alloc+0x2b2/0x6f0 [ 2506.818829][T15545] __d_alloc+0x2e/0x8c0 [ 2506.823005][T15545] d_alloc+0x4d/0x2b0 [ 2506.827000][T15545] d_alloc_parallel+0xf4/0x1bc0 [ 2506.831875][T15545] ? __d_lookup_rcu+0x6c0/0x6c0 [ 2506.836730][T15545] ? __d_lookup+0x40c/0x760 [ 2506.841233][T15545] ? lockdep_init_map+0x1be/0x6d0 [ 2506.846311][T15545] ? lockdep_init_map+0x1be/0x6d0 [ 2506.851347][T15545] __lookup_slow+0x1ab/0x500 [ 2506.855940][T15545] ? vfs_unlink+0x560/0x560 [ 2506.855967][T15545] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2506.855990][T15545] ? d_lookup+0x19e/0x260 [ 2506.856010][T15545] lookup_one_len+0x16d/0x1a0 [ 2506.856026][T15545] ? lookup_one_len_unlocked+0x100/0x100 [ 2506.856050][T15545] start_creating+0xbf/0x1e0 [ 2506.856066][T15545] debugfs_create_dir+0x26/0x3d0 [ 2506.889912][T15545] hci_register_dev+0x299/0x860 [ 2506.894780][T15545] __vhci_create_device+0x2d0/0x5a0 [ 2506.899992][T15545] vhci_write+0x2d0/0x470 [ 2506.904337][T15545] new_sync_write+0x4c7/0x760 [ 2506.909028][T15545] ? default_llseek+0x2e0/0x2e0 [ 2506.913891][T15545] ? copy_page_to_iter+0x47b/0xd00 [ 2506.919012][T15545] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2506.919028][T15545] ? put_page+0xce/0x130 [ 2506.919054][T15545] __vfs_write+0xe4/0x110 [ 2506.933817][T15545] __kernel_write+0x110/0x3b0 [ 2506.938506][T15545] write_pipe_buf+0x15d/0x1f0 [ 2506.943189][T15545] ? do_splice_direct+0x2a0/0x2a0 [ 2506.948222][T15545] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2506.952530][T15717] Unknown ioctl -1073191926 [ 2506.954460][T15545] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2506.954478][T15545] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2506.954495][T15545] __splice_from_pipe+0x39a/0x7e0 [ 2506.954513][T15545] ? do_splice_direct+0x2a0/0x2a0 [ 2506.965054][T15545] ? do_splice_direct+0x2a0/0x2a0 [ 2506.965069][T15545] splice_from_pipe+0x108/0x170 [ 2506.965086][T15545] ? splice_shrink_spd+0xd0/0xd0 [ 2506.973218][T15717] Unknown ioctl -1073191926 [ 2506.976325][T15545] default_file_splice_write+0x3c/0x90 [ 2506.976339][T15545] ? generic_splice_sendpage+0x50/0x50 [ 2506.976355][T15545] direct_splice_actor+0x126/0x1a0 [ 2506.976376][T15545] splice_direct_to_actor+0x369/0x970 [ 2507.013562][T15717] Unknown ioctl -1071619020 [ 2507.016654][T15545] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2507.016677][T15545] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2507.016690][T15545] ? do_splice_to+0x190/0x190 04:12:03 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x2, 0x501000) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000080)={'veth0_to_bridge\x00', 0x401}) setsockopt$TIPC_MCAST_BROADCAST(r1, 0x10f, 0x85) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x100, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000100)={0x0, 0x88, "59a72236a2a6dea17aa94a3b8b0a4f158b6b9c85605f47e5a49ff8bdf64b0c03bea910c844a4f72df58632356c65c88abedc72462669e727ce101a232953a338ca74a19343b428ba62503febe6d64b21f66931806bf8c2f71027e069ac3961a6dbdf652180170d55cd9f8a757201377fb052084e057b073f507a203b42930c98dbd9c0389cd41bab"}, &(0x7f00000001c0)=0x90) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000300)=ANY=[@ANYRES32=r3, @ANYBLOB="c00000006501f3e020d1cac40bb11a5dd864a916a8e4b8a6df4505a06b097ba6d2c0998020f3767c1cac871808003829cf85ec4f132ef07ebcb69d09bea818a316dfaed20a978a8ebb97a2f2f48dfed975762da7d4fcfbfb47a41d11ed35c74a18b818e354b4fb63c4fdd50be2a1f9bc5676e909ea120a8b0b3c37c4e4f0d19795630900c26b1e14bd0f0263667e76b7148e20857941e025a6984c327303bfc0acc8d3ddef2353a9c3ee0752cc4c80fda555e2399d95038ed917b68c85fe8587f4c6af35"], &(0x7f0000000200)=0xc8) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) 04:12:03 executing program 2: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cachefiles\x00', 0x80000, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000280)={{{@in6=@empty, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@remote}}, &(0x7f00000001c0)=0xe8) r2 = geteuid() sendmsg$nl_route(r0, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000200)={&(0x7f0000000380)=@ipv4_newrule={0x64, 0x20, 0x0, 0x70bd2a, 0x25dfdbff, {0x2, 0xfd72a03e19cd145d, 0x80, 0x4, 0x49, 0x0, 0x0, 0x2, 0xc}, [@FRA_DST={0x8, 0x1, @rand_addr=0x8}, @FRA_SRC={0x8, 0x2, @multicast1}, @FRA_GENERIC_POLICY=@FRA_UID_RANGE={0xc, 0x14, {r1, r2}}, @FRA_GENERIC_POLICY=@FRA_IP_PROTO={0x8, 0x16, 0x2c}, @FRA_GENERIC_POLICY=@FRA_PRIORITY={0x8, 0x6, 0x20}, @FRA_GENERIC_POLICY=@FRA_PRIORITY={0x8, 0x6, 0x5}, @FRA_FLOW={0x8, 0xb, 0xb1}, @FRA_FLOW={0x8, 0xb, 0x25}]}, 0x64}, 0x1, 0x0, 0x0, 0x40}, 0x24000090) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x311842, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000080)={0x0, 0x9, 0x80, &(0x7f0000000040)=0x400}) syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0xfffffffffffffff9, 0x40000) r4 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:12:03 executing program 1: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x10003, 0x0) ioctl$EVIOCGKEYCODE(r0, 0x80084504, &(0x7f0000000100)=""/244) socket$rds(0x15, 0x5, 0x0) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000040)={0x0, 0x0, 0x10000, 0x7}) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000080)={0x9, r2, 0x2, 0x2000000000000000}) 04:12:03 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed90, 0x2) [ 2507.016710][T15545] ? rw_verify_area+0x118/0x360 [ 2507.016726][T15545] do_splice_direct+0x1da/0x2a0 [ 2507.016742][T15545] ? splice_direct_to_actor+0x970/0x970 [ 2507.016763][T15545] ? rw_verify_area+0x118/0x360 [ 2507.033283][T15717] Unknown ioctl 1074816057 [ 2507.038371][T15545] do_sendfile+0x597/0xd00 [ 2507.038398][T15545] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2507.038420][T15545] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2507.038436][T15545] ? _copy_from_user+0xdd/0x150 [ 2507.038456][T15545] __x64_sys_sendfile64+0x15a/0x220 [ 2507.038474][T15545] ? __ia32_sys_sendfile+0x230/0x230 [ 2507.038488][T15545] ? do_syscall_64+0x26/0x610 [ 2507.038508][T15545] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2507.048461][T15717] Unknown ioctl -1073191926 [ 2507.052838][T15545] ? trace_hardirqs_on+0x67/0x230 [ 2507.052865][T15545] do_syscall_64+0x103/0x610 [ 2507.052886][T15545] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2507.052898][T15545] RIP: 0033:0x457f29 [ 2507.052912][T15545] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2507.052920][T15545] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2507.052932][T15545] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2507.052940][T15545] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2507.052948][T15545] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2507.052961][T15545] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2507.072112][T15545] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2507.193747][T15717] Unknown ioctl -1073191926 [ 2507.201167][T15768] Unknown ioctl -1073191926 [ 2507.201905][T15768] Unknown ioctl -1071619020 [ 2507.225289][T15787] Unknown ioctl 1074816057 04:12:04 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000240)='/dev/udmabuf\x00', 0x2) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) write$P9_RLINK(r1, &(0x7f0000000080)={0x7, 0x47, 0x2}, 0x7) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x4c, r2, 0x2, 0x70bd2a, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xffffffff}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @empty}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4014}, 0x8000) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) [ 2507.239899][T15819] binder: 15766:15819 ioctl c018620c 20000240 returned -1 [ 2507.256942][T15838] binder: 15765:15838 ioctl c018620c 20000240 returned -22 [ 2507.282780][T15879] binder: 15765:15879 ioctl c018620c 20000240 returned -22 04:12:04 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed91, 0x2) 04:12:04 executing program 5 (fault-call:5 fault-nth:25): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:12:04 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) r1 = pkey_alloc(0x0, 0x0) r2 = fcntl$dupfd(r0, 0x406, r0) getsockopt$inet_sctp_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4) pkey_free(r1) 04:12:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000040)={0x6, 0x9, 0x8, 0x1000, 0x476bcc84, 0x3, 0x0, 0x10001, 0x101, 0xd4a, 0x9}, 0xb) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000080)=@assoc_id=0x0, &(0x7f0000000100)=0x4) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000140)=@sack_info={r2, 0x80, 0xfffffffffffffff7}, &(0x7f0000000180)=0xc) 04:12:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$BLKFRASET(r1, 0x1264, &(0x7f0000000040)=0x4) [ 2507.458143][T15988] binder: 15983:15988 ioctl c018620c 20000240 returned -22 04:12:04 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x185100, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000080)={0x3, 0x3f}) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) 04:12:04 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed92, 0x2) [ 2507.525497][T16023] binder: 16008:16023 ioctl c018620c 20000240 returned -1 [ 2507.528679][T15988] binder: 15983:15988 ioctl c018620c 20000240 returned -22 [ 2507.560613][T16023] binder: 16008:16023 ioctl c018620c 20000240 returned -1 [ 2507.583530][T16047] FAULT_INJECTION: forcing a failure. [ 2507.583530][T16047] name failslab, interval 1, probability 0, space 0, times 0 [ 2507.616915][T16047] CPU: 0 PID: 16047 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2507.624581][T16047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2507.634637][T16047] Call Trace: [ 2507.637943][T16047] dump_stack+0x172/0x1f0 [ 2507.642283][T16047] should_fail.cold+0xa/0x15 [ 2507.646892][T16047] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2507.652710][T16047] ? ___might_sleep+0x163/0x280 [ 2507.657583][T16047] __should_failslab+0x121/0x190 [ 2507.662527][T16047] should_failslab+0x9/0x14 [ 2507.667054][T16047] kmem_cache_alloc+0x2b2/0x6f0 [ 2507.671904][T16047] ? lookup_one_len+0x10e/0x1a0 [ 2507.676760][T16047] alloc_inode+0xb8/0x190 04:12:04 executing program 2: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$BLKTRACESTOP(r0, 0x1275, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0x0, 0x800) ioctl$BINDER_WRITE_READ(r1, 0xc018620c, &(0x7f0000000240)={0x147, 0x0, &(0x7f00000015c0)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYRES32=r0, @ANYPTR64=&(0x7f0000000580)=ANY=[@ANYRES32=0x0, @ANYBLOB="494643d029617209ce1856a91c903570a4077aa6295689cf07e7ed2f6fd9919598fd0f51410f2819aa86baee4ba23b36c14dca5fa58c49015be889fb86fcee28b8e461aae1a01e4bc2408b12e313724990cf45143b306d3a4facb46789cebcf19daf75b6edd8545c81d5a3195be3da7cad2af8f6e86dd3a98b3ad9681b4ea4bb948ba1e3d788cd7eb10b07e13ebfda78b1780750947c2c6479d451d7a94173963f7245bbeae5eec38114b81d4bbdccee48c3a3ccc08d03fa0dc7d7684c20ed6e9cf19590d39451f29f79a5568e17836e5064508861a589c7ff3725bb4ee61becf90136253737363bfc2b2936f1973deebf163c0b67c16d8ddfa79ceab8512a3dcdc93c290626ffa662b8a00d145e4f56f6afb66d651f7db342c9b22b6af3567052db06cf3bf17a3ce57c71a9b1db6aa8eb2eee866f83393255ac4911f6d7c0ab46ec9562896bc2aa548e8dc49941d45a12d7b43f943f8643a4aa38237f1b4bc202d9bef1f13fb791d180c14a9db1378d5577a26a7659442821f00855b4d39c03387befabe3366779851c464a0a6bbac1605490d367557e2cb84f5711abbd50c919bdd3278defb60599db7c801ff5cbfdaeb767a790d5477e852facd8397d60b2a8bfeb0454f96017981b63d477ca10b6fe8e2b6b05a3c2ce20e3ffe85457d78274f5ca47d53820282f81b9052277ce06706aa045be3e0f2c755ab7dcc9232adc61e762612ff81f9b3573fafcd4e256ffac66293a4ee3b7c99ec0548fe936917695fc64907b9267b64b4f43ff27aa2e9e283800e1c575227c2b39b1e546045ea9948c0af0d469581fbf1c1affe7fe3a3a3c84f8bd87ec004f5ccae7378d10361ea056a8dea10749545bfa5454b4b58bf0c97d7fe7487a0ebf78beaf30242e46cf8a64c9e3799f73efafdbde54f8f00a5d5102da94372c38c3620e17cd46f89473a5c1fe727385a1416c43623a241e06e0985ed10f58fa2906b24d42054edce769ac246d5580e532c854284907bc13f90edda0b6d37127a2ec5271837f221b85a541a07103f3d22274d928c53ea82fd088fa7b465fc3019d9afd80596247950d0d78b5268b2bac0291402e770299951172a004b423ef33f22c620cdc471dc151f3f141f6fcce9fd556424317e3a66ca4e2dae684c535055966ee700b91e64297289f5e5d3818fcb11ea75570a37d84f21dc0d19871b241f638c65b07d350113c080478adffe487926208fdd7fc95dc662ccd57c30dfd1fba8b1d0d25be480b25decbd04cbad9c2b7f43bea68610c8fd631fd79ea3967b3d2c89bf8edd42bb89b5049e6656300f9d68c52f0d3b00f1b52a64a5a0093b1f9c845eba467e15670e109ba574fc34e0f8bfa867398e0b686693ce04f8fe4afc50d53b85c7efddb58173189cc4b990ad9a1270898bc8debdddce5f9d273d95972fedac4313a70fbf8f8e945cea3d34e7a0736757a0078581393bcc5df5cb760722b88c1ed06b180f948ba328b08081c4f4b8a48c6e053112d7850811dacfba0916ef639422c6c3b7dee18d7a52d5afe562d88e8a7752d09b449079240a41c77282826785e3139c6a76053042232c869d2dc2babc157dcb6a711e86e2db2fbe29b5131235d8cc0322753fc2932e83e9f64d505db610d4d6976a94d16cbb21230fb3ee32dedd0ae656a386bbd076abfa2bfd291e5b6f7d4d366f3d7d542a4ec4f014933573a2760c14539f3fcf238a29afa4d243f40f91b96e160ab863a3f983e5cce04b936a3bc0efd55f4a0a932088422b4bd2e96b077ede6b66834636182c6429c0436206602867f5182a7f744e75efab36b1e266c5e8f01d9904717ddfbcd7780b984b87f4f55407c40e13234dc9c923a7fb10af5c3c47907255ae95f7a30be3b9dfccb45036e97d2baf0f320a0cdc306481efe80d49b0b06e9931d04f15c9cf02b09410abdc316c1c1bcb8cbcfc979b96855f061cacfd81a0157b84621fb5cff3f388709759d079a032a6529819bb8f194753a40332dd6092de2aef71d43f9cbc376e6f3f390009e49ab7404ca0ee21ae6389d904e325787f83c56791c0099f799edec8948e60f6ff75082428874e26351302e36bd3d2772074bc00035c155866b3265fe4126bcc02c7bd3f4185bf65009ef2197af4ce52f536d8be39abb56eb4fb51b6bdc2f8837004f99c7627c9dcfeff409d0751dd9269cdca88bf5e0273f9f108508c2ce700a93e897da2b0a5971072c1c9836d5be7d5c8f7017e4a1aae6f3db2f07d11cdcab91f1a6836953d2e64436b85830e04b7dcc8c64cc7913cc9dcb79586f7bcc93f54bb736f0536b63d265a509ba63d056d386a1196f2c41f4017a565ba1e1c417924d8c60c0627147e6470518db1aa216571b20d660ca1309ae2bd6a1a67cb11cefe1d31008f6737182b36bec14fca7d907308a50907bf33609934469d757f693aa8b1b6e1ee3efddc4a35b45c83ff0f7f8dd24037e2423c51487afbdef68e490239b3933fea09a975a61cd3fb268b8d009d7f82ee625139ad97ef6c0d0fc198450ed5ad74a85598ee8d005adef3f4222600c42f4861763c6d026291c6992ba56cd238f154a25f02e4c7edf0aa09fa42f1b91cd27301887d95e2a3ed0d9a7342bb31d06c1799c065567148a8ca6f4b7d245e0f4532949abf0d61c649cbadfb032ce24c4d14b2b73c638bcf2e6b7fe7da6243d629532becaec1d561e25590fa34c97b5b9d6f50cbf7c73b2854c1f665bcb3ced36ecdaf121ace5e3124a1b49b275d0480f40772e8d1951cd2a57754188b70682fed7016592649c8bf576a9d713699bc4e9561f5af4ad9f5e83a633a62f109402446190193fee1cfc2b64ba66468afa22434e8519dc155a89c2f0f01d3feebd064a30514299665bd047c0324268561ab54bfcf9f4082e80111c870e0353a17d8c43d4f44b1e5127d5bd8ff6d54fb21ab18f847cfbf9c618015460d9a6ba2c5e18e38f4a0c7a769a7ee4de4cc75c645b9764c23f8b0ed8e34e4cd57f258d637e20a9e95c35f3f1a51d30f668d67deed29579bbb5a5e77be0cb263511d8b8d6ceaacc4fc72b52b3654841faa8866f87390cd43dc03c183cf44a73b75b2ece20a92625d1ba97b6a5704fe28c1d3b43065c2e94b9552ec307f11b9b6b7bfc952f425dacdcb98afb2be4cb2699d342d57d02beb9ef2b6dc864c94295afd9792ee6f03ddd5982614ef627f6ba2587f7bdc25d216205c4016126352115067f5d7d9ea61bf9a31898228b41302b686ca2392ecf91165226c5b31c1ac6bd5cbcda1c7087a405dc77ec2b11c1c57af3de0497fe2d98fb61b7e328e3f5821b85cee6cd478f3eb40da9a0c10e4ec7be44c9bd37dec8974ce230e5a3d5d867bd96460498653b53c54be85325e757da0e1cd299aadd50d8f8f46fb5c3dbc1abcb1f35abf9defb158900d2186cb8a109e790c7cc2f85fa5dc01775b75a9e324453e29a4db58a180733045548167666321a4c5e8f59813eb0e89f6ec1ed1ebafadc8981d50d88e65181bd03011f9a2455b8564a2b2e6354062ff7072d5133e7d6b1dd9850e8f9ba6553ebadf55ae6bbe867eebe7cc6c59caa14d36642ddc2a8ad42d98ce2c3fab0930d3cf6e5ae4609486c315031d24ee6b55b71d2a6b174586b88a1aaf4593fb1cd6917b7b82950a70f3c6634cf44b73471fa25366c99cb70446bae9a0e152c0071fa8b7bf7d244e021e6d5ec1570c86ad38d392786b61b9810b7af6108abf5e412c79e24c94bfea61f27f0d9ae5bb21b874fbe40f081a6f873611d20263b276a93adec3f8e07ebb17e3ac1f5855d138f8a9a06fbccde84b9f66ac13781f98d9edded0a23ef2df41d16229fa9f6b110227dca73906321f9c4b2079a71ecf3d7a2e89a44d461b2933beaf0455ffec4df1d600d3663ea7cff654a8bca2f0202fd0e2155f62359e0b67c28d15a6307d822058fa21328c5314e302e9fc21c8d9d70ecc17ccf6a1ce84e118a396014cfe92028454d636bbaeca062a5b3e72de56115ab929115fccdd1963f7e055be47f725cfd6abc9485801df3933dbe16e063b635f511cb7d868462c1c12a6af3a657d1724d6276be8ddc1e0866f527653269b317e36376a5d24a11f74bc37924529a377b86fa65ee63d8e565c5637ce3cbf51ee3562163c7ab6b02426b72673f22b72468c066f465d06771fd6dcc0409a8c3cded52449843a6bcdb2d4b783a337f6e60c224eac01df0c6c5065cdbac68a4415ced63e8c9b2c6b54b78d3d3cfda341cca43b09bdc09fa983c743e060a26f059ddbff5a761e04ecfa21e094dda53965e88fc5ace38cbad7df812fbd00a6ca71892f12a3994f85c3e3c98804a7bfe52760fdc20d461ea90583ba348ee14ba352258cf72a90350658a5411f51afcfe135c48b61bda8998424d01b86df15c9dabcd792cc251566a89df66d9dcfa2b7d93a62852e009e431bf64470b6e0303f6d6695281065b9f6da33c232850d326789705b799cc3fd4494b83be6962d3642318abdae848ef121da78d298d7402c9b0b210ad53545046993445367287d721014d37e324dabaf1705ca2ac511e54a2f01e198b37c0df7ebfca5dd8733d02289b3b2b6344d5ec88e5e73bc56c2683cc8617fff47775b3a609a3485b43ec34f1f0006f4334d75e871b980183eef379c8ffac4e6d6c4a8fad5dad2d535c14730f12d490ec26da48d85cbbdb7216281d6fb4625929b46ff4ac245b7d38014b88e4edea464eb2c4bb18364b43eb768d393374b9f90276307fe0673be289ba5b81e42b01155956d871d1adf223037ee03f4bbfa584ef7fbb64647f2fbb2e96087bbd480b301615145dd84f4ea8b25996a86318c5bf8a7ac753bf0a2790dc85cd04bb545df91a632c5e54d0171c1afee8682f48a38a07d8530583979ec481bcca3318a9136946a36520cecc1e9706f89df1cbc7591eaa318650787f4c7aab134746bad45ad2306f9b37855009db542336b6267a3672a6e93e3adaecbecda18acfa267977c36e34a98d87a5274a58ac7b6547414a824d8039accc3588209fff1bbf88370c2793cc0b1e2d3541a885a9fd54fa68e80345210109a65c92280e1cef1d58613f6bf478d9d38a773d9a7f60cd41b631909b589fe4da1c512cf88b72a7d976023cd96b9f71d91602e36de00920836d47b8a8911b424103c7e2beb36fe4eebabf2d838751ab8505cc0bd6b53aee1837a10bf1a0d37e9754768a7894bfa47aa62993a1d8ffc24caa324947ba1d2a0ca02ceb0a5af363eb6f7961e18d587ef4406db161cb7c929a96f0c77059e5db6f6b1ab503cbb26ac49518d3065a275fca1e7a131aba0b08d26bd1cbc70a2fbe66dbe51d9116cfdae7080d1d3c745b7f79bda3f26105beed95158817ae75a168c99521aa82a8a389bde72af97ab18129fd755c14b8b49b2be8c3c1ffb2f5b1e455de9a28a4eb1fc9f2fa29db1f2fb98a2fdebe2b9e37927fd997f4c04e8ec0751bd5c9e13ea36bc4043414abb35eae240c60b63884ce9615dd4bc5d145277aba346970c723b030386caee0d5b8a3a15061748a90b76afebfcfd6df75a9d015f1cbe9f0e4b02ede40e6574b83df66c9e37c67065560dccd1f201ac93ac9200d9347a1e1c923c94bf7c0431df061e36fc5384f603e409fc87a70f63eaba2197b5c63a04ab5f059c732e8d289fc8a59ca6d9743ebcdb6751cf8385989f36e3be391d60b9ad61bb2667034c31e5ac98f670ffa2c21b4bf475985b024198edeec52d1f27e47dca2de9aef45ce9f746fba42549a4436583eecdef5869ab91469ea3b5046a9fafe0f5bdd00336", @ANYPTR64, @ANYRES16=r0, @ANYRES32=r1], @ANYRESHEX=r0, @ANYRESDEC=0x0, @ANYRES64], @ANYRES16=r1, @ANYRESHEX=r0, @ANYRESDEC=r0, @ANYPTR64=&(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESHEX=r0, @ANYRES32=r0, @ANYRES64=r1, @ANYRES32=r0, @ANYRESHEX=r1, @ANYRESOCT=r0, @ANYRESOCT=r1, @ANYRESHEX=r0], @ANYBLOB="597e51953da4c111f19db357ad838dd99eb87cdbb0f17900ab2d85df8cfe35e95527610c6d5787c14b4bd654bca91f7fbfc00a39bcb62430a57469", @ANYBLOB="992fd4f9c00343981c27f773962c150eafadf7f228a64c1c3c1181accb7b9bb6ff8dafd49920acbfb97e40125c4000ca293be2bb23a09b3cd8506a8bbf1f930bc10f23499b55356a4fabebf9feda43cd2bee97bbb486de0266702994f51c4039fb99d5c0d6c53ae236ff5494c723b316748abb816c90165596f0771d422a0a3b02c257088b1d6f102a489829c636605333a43b9ebbd86bea1ecfdeea5de52558e7f7976d38384fb948efacdd038623", @ANYRESHEX, @ANYBLOB="863e1aa672bca9b955d8d4f635cf94bb96b6f046fda136b5dab3886150842d202d3f66134432a426b75985aefbb4e65a1f0896b62a1064aca5c8de5d87c08662c690783b6bf334a3d296cd938f8a1cb6d84e5f330241ba9adf791ae00c1972b7137b1c64bc7d70949eecb34c34b150dc3268bd06b13e3327ff818cf5be2098e48d8ed5f020e5a1722ddde4d42054c38b4ee60a1b547d295384fdd6e99e3a44cbee402982de06e480f9f4cbf1b84a32a770c5604d6a963b027172c1fa2ab34f52995fb0c376b5722502fa9a81f71258636960fce5585b1b", @ANYBLOB="f3f4c06c6cd4c46e32b29a78b828bccdc4b2ec4efaa6dc900c70a1506c1da4c00531847ef55f399d4c09c97e90efa00c5a203c5a3ad93461a82e484c898a1878f562d4ea6190c2ae981f1b31a3e5b97727618738d2139d0e9cfc0e7ef0c990f13ad575d02e7d2e438643fec8bffe06a566f74dd77b9e678281df6629e7ea83709f0f9906d8f5395e8bb29232929f73274b2424905d2ea7935360e92a04d46e985ffd25dc90c9f75e9beedc2233273f06b4d90e2c4838980c7a4dfb403a47b7e525daf63a3101ee5335739c52823eeca1db024df9d4e58cc76e"], 0x0, 0x0, 0x0}) [ 2507.681095][T16047] new_inode_pseudo+0x19/0xf0 [ 2507.685771][T16047] new_inode+0x1f/0x40 [ 2507.689851][T16047] debugfs_get_inode+0x1a/0x130 [ 2507.694704][T16047] debugfs_create_dir+0x7a/0x3d0 [ 2507.699650][T16047] hci_register_dev+0x299/0x860 [ 2507.704516][T16047] __vhci_create_device+0x2d0/0x5a0 [ 2507.708153][T16208] binder: 16205:16208 ioctl c018620c 20000240 returned -22 [ 2507.709732][T16047] vhci_write+0x2d0/0x470 [ 2507.709754][T16047] new_sync_write+0x4c7/0x760 [ 2507.709771][T16047] ? default_llseek+0x2e0/0x2e0 04:12:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x400, 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r1, 0xc0f85403, &(0x7f0000000100)={{0x0, 0x1, 0x8, 0x1, 0x9}, 0x400, 0x5, 'id0\x00', 'timer1\x00', 0x0, 0x80000000, 0x7, 0x40, 0x3}) ioctl$KVM_S390_UCAS_UNMAP(r1, 0x4018ae51, &(0x7f0000000080)={0x1000000000, 0x80, 0x3}) ioctl$ASHMEM_SET_PROT_MASK(r1, 0x40087705, &(0x7f0000000040)={0x4, 0x1}) [ 2507.709786][T16047] ? copy_page_to_iter+0x47b/0xd00 [ 2507.709810][T16047] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2507.709830][T16047] ? put_page+0xce/0x130 [ 2507.746385][T16047] __vfs_write+0xe4/0x110 [ 2507.750732][T16047] __kernel_write+0x110/0x3b0 [ 2507.755422][T16047] write_pipe_buf+0x15d/0x1f0 [ 2507.760102][T16047] ? do_splice_direct+0x2a0/0x2a0 [ 2507.765131][T16047] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2507.771374][T16047] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2507.777450][T16047] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2507.783703][T16047] __splice_from_pipe+0x39a/0x7e0 [ 2507.788732][T16047] ? do_splice_direct+0x2a0/0x2a0 [ 2507.793761][T16047] ? do_splice_direct+0x2a0/0x2a0 [ 2507.793777][T16047] splice_from_pipe+0x108/0x170 [ 2507.793797][T16047] ? splice_shrink_spd+0xd0/0xd0 [ 2507.808586][T16047] default_file_splice_write+0x3c/0x90 [ 2507.814032][T16047] ? generic_splice_sendpage+0x50/0x50 [ 2507.819507][T16047] direct_splice_actor+0x126/0x1a0 [ 2507.824638][T16047] splice_direct_to_actor+0x369/0x970 04:12:04 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed93, 0x2) [ 2507.830014][T16047] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2507.835582][T16047] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2507.841811][T16047] ? do_splice_to+0x190/0x190 [ 2507.846487][T16047] ? rw_verify_area+0x118/0x360 [ 2507.849143][T16215] binder: 16213:16215 ioctl c018620c 20000240 returned -22 [ 2507.851348][T16047] do_splice_direct+0x1da/0x2a0 [ 2507.851365][T16047] ? splice_direct_to_actor+0x970/0x970 [ 2507.851390][T16047] ? rw_verify_area+0x118/0x360 [ 2507.851407][T16047] do_sendfile+0x597/0xd00 [ 2507.851430][T16047] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2507.851449][T16047] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2507.851464][T16047] ? _copy_from_user+0xdd/0x150 [ 2507.851484][T16047] __x64_sys_sendfile64+0x15a/0x220 [ 2507.868168][T16215] binder: 16213:16215 ioctl c018620c 20000240 returned -22 [ 2507.869024][T16047] ? __ia32_sys_sendfile+0x230/0x230 [ 2507.869046][T16047] ? do_syscall_64+0x26/0x610 [ 2507.916908][T16047] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2507.922206][T16047] ? trace_hardirqs_on+0x67/0x230 [ 2507.927241][T16047] do_syscall_64+0x103/0x610 04:12:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x800000000000000) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x10041, 0x0) ioctl$VIDIOC_S_SELECTION(r1, 0xc040565f, &(0x7f0000000100)={0xf, 0x101, 0x5, {0x0, 0x5, 0x100000001, 0xd577}}) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) ioctl$VIDIOC_S_SELECTION(r2, 0xc040565f, &(0x7f0000000040)={0x7, 0x101, 0x4, {0x4, 0x8, 0x3, 0x8}}) 04:12:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) open_by_handle_at(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="5b00000008100000ba7072328aa02f69c9c2d5a1b8079452a1d3d2a0b1d182402213b44c1f228c90168b0c805c5a51b21adcd8cce2f82088a29eb74b51c44342c25c63a04f5d81f18c04d2da4a9e2efc0ae3e31483b743daa5"], 0x58000) setsockopt$RDS_CANCEL_SENT_TO(r1, 0x114, 0x1, &(0x7f00000001c0)={0x2, 0x4e22, @empty}, 0x10) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000200)='trusted.overlay.redirect\x00', &(0x7f0000000100)='./file0\x00', 0x8, 0x1) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='highspeed\x00', 0xa) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATFS(r1, &(0x7f0000000280)={0x43, 0x9, 0x1, {0x100000001, 0x152d, 0xfffffffffffffc00, 0x80000001, 0x9, 0x4d, 0x200, 0x5, 0x82}}, 0x43) 04:12:04 executing program 4: pipe(&(0x7f0000000100)={0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000280)={r0, &(0x7f0000000140)="aed0d0f411a78c97e93619c1ceebf38f5280a5028e16181e09d81e781cb697badfde66df6c1def0a3d905df778344dc15a403c3b2dbec152b95574c8cede3c52d533f83e56c998ec48ab5ce1817dbc9c91e0f1f9bcca85657b1fa41666684a051653a7184ce165016f6400", &(0x7f00000001c0)="438a71a97a18b6e4f12530f62e539d81408581cc7120284f7715dec0363c2c5fba0c9188aa0f561bcd787228df1c0a000d63618ba08dcaca29cf3245e524b48bb00ccabd900e1125b2dc80084ac460ac59a9144e21228f01753e074d0e89ba4a91ebf7e160cd8c2e43519d565db4fbd36b5363b7da0f20ae8cf9cc77fe0ad0a1098297f038292159a875e1c831dad5fd22042e1c7aa4005296e356567f39f72c46749c94302991f31df1f33bd860a52197042e0dc03e903fd94e692d", 0x3}, 0x20) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x40800, 0x0) read$eventfd(r1, &(0x7f0000000080), 0x8) r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$EVIOCGABS2F(r1, 0x8018456f, &(0x7f00000000c0)=""/51) ioctl$UDMABUF_CREATE_LIST(r2, 0x4b47, 0x0) [ 2507.931842][T16047] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2507.937724][T16047] RIP: 0033:0x457f29 [ 2507.941383][T16221] binder: 16219:16221 ioctl c018620c 20000240 returned -22 [ 2507.941610][T16047] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2507.951212][T16221] binder: 16219:16221 ioctl c018620c 20000240 returned -22 [ 2507.968370][T16047] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2507.968387][T16047] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2507.968395][T16047] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2507.968404][T16047] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2507.968412][T16047] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2507.968420][T16047] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2508.085170][T16232] binder: 16227:16232 ioctl c018620c 20000240 returned -1 04:12:04 executing program 5 (fault-call:5 fault-nth:26): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:12:04 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x181000, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000080)) 04:12:04 executing program 2: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x2024000, 0x0) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc018620c, &(0x7f0000000240)={0x259, 0x0, &(0x7f0000000040)=ANY=[@ANYRES16=r1, @ANYRESOCT=r1, @ANYRES16=r0, @ANYRESDEC, @ANYPTR=&(0x7f0000000280)=ANY=[@ANYRESHEX=r0, @ANYRES16=r0, @ANYBLOB="b6d3e48a6414f1db81ec4df8e27986c916886e891c6e7b3b12c6b4867b6226bf236b36149b4680451d088064fb44ae687ffc671ce496532398ca84e076d74d0c6f5bd5e59285a3c0dfb974272213d3ba17bd2e494f6c7bfe8ea7cca61eef50d86511011182cc447e95d57de61ab2924b3ade1bb550411244a12e19af1c55b535208bb8b1ee680d4d5b16b58554578d14992d5264ee1173b09dbc06b1f904655e44cc1a5107ed074ccb85e8a33d450197297ec866085dfea7b7ee5f0236ab4154c42db7a66c53ae855526b500f32c0394014a863032368f99dea6154912e997d8c24797d998e6ec1670da75badbcd271eb4d23f95b6b6a72f941d91c59d24a3940d2119a2b6e26a3d2dea76e94a036c750b8782ebf59177fa341d66da6f08b857dd249ad8c944dd3e6d9c56414fbc0a5c6abf4fbf0c6c411293e915d0f35af106ee04576ecbaf0eb866557b15215c58525b3e2933e62709eed723c13a258ad9d7fc80ac5d5e763a0f0eee6bd4472f1706291f8d40fc11bf3c9a4d2bf9b626aace2cf5fb2191386dea94ded25a2f953586ee4f45f0f57a458408e7594f3e2e6331cf2b6943c388e39d0bb03c094e8535c40f791b7ed87fd19e968aa019a892c1be1afb417ba35dde4620f4ded6d498ac7849eacd38a89e5a461086f60fb71f27f7a19a4a587a60f645bb0fa625e2807418c16cdebe809747dcc411a647fa79ccf198c7423de29af7e01b7252436c70f0bef350240c5456de34d7338d0f4aa0f03cc392c2dc84a55d7db991237f16c724b5f8f469b8cba2138ea3042618128db971df4a7fb2f37d4351d6307f9c40d8196c16d56138b29420f9d953cc817f38390e263fc98d48d7028adb241ba3b4ab53ef606b0ac8ccdab24cd5c275e7366dee3b72603429877d56dd441ab1263d658e2acb9411e0b7e55c05b519bf48317da2a4e2c434d876993b253e7d0f7c6211e97aeefd74b8af3e877244d8575bf89e5e9ad6108b9d4a1cfd67741470bbcc3bddfc9c35b191bdb5a1807439a3fa2b89cdcc04019cbca0b5ecb55dc60c4a674534c124f4fe3869ee109401c1c19f2a47deb9e4dcbee5ac87e41361acb5e38dfb11f670612d4b9ae141afce7a7489eeaec4b4ecabf6915f02dc335a8d34813b4e34f1874ac3f412143e3c23ceda3668ad9fe7fc8fce029eb8b9836918bf02e539ab6d431fdf36689aacd76e67f61cc0e46d278d2f78171a1cd24ee34f3c1685ebad4596a82bbe1fbfd236a841fe8bac6c033114fa44d30ca9181fe92b04c5a441ca58fac11f4195c88fe9c65aeaa5812f6c7d2e2203dd8fc59dc35b302ee0a48acffde30bf71aff80881248ffb734073ce8e6fb9a5bd22fea4d9561b0ac9e8a0fa587ba635087af095997b49f0d27e176090af1985643ca2aa0365e4794d3906010bc1b4af19237e63af49db6154a79ca7604ed8e37c1c14d8b1c443ecb0f25600cee32005a97657e267a9d02c65d764eb92bf2b1dcd0a8782861a4ac5049219a270d9fb9e39f30ba49edba509deca16346d68bd2a23e55085afa4ccaf4bdb6ddc66153da4e4e99e5947d951060b97bb22b4334865cc2d0607bc749c1aa638db1a26177b23bcc6ef850a982715e87b7752871d75884b0647d3c8bc8ccc01552d122fb267eb210762037bb240f4416535db2aaa2797313bed819661a46f62b7d9b9b8252905ab571b0be761628b2ae19de98f53dac9940f2020a633663a36ce05b2c4951056327ace1372258d798e20c794a17e7ef8cd70505e69db266c64b8c70a1d49f03780d282630554f1d8fc6503205f2805023672b720b7871ac33785b634565026146e70048c0d0f49c9ac3ae84fbe2febd9ea5b462e59b8e0dbe9299534b5661a34399864af89d9b48a77cd2ef672c0f3b7584551c70a6b3c69b0432d5256bca8a0b0c2c669c5cbc0d6a1f049596ab3d12c0fbd67df9f6294af3edb58ca99ca562d1f7a3120f4942be4a991151658e0c6d439bce4a2cab37b7f39ad6eb66b0bb9b4d97c5a2b9605aa20228c3f2b81e8bf48051c82fa3a0d3e3112a50ffcaf5c982afdbad6bb088ce1063b610eac228b1caa775d143ffa2c6533f3899c7232e9d696bb9ffc438b3a435ef4fd8e38c404396d970d0c500204e5c9d3c23d7d244d80731229f95eeadf89d0b487af9edcff7a2e008d3c5ea8b867efe34501f30e8fd786b22e8b484537829e13bb4444940005d3475d14dde2281a13b24d3530bb6464f444daf0dfa9a3b9c35a009a25e3defb7e60dc4268057e4301b38dde2ab837601cdac6a8f100d5dc81014cfa8d912f9014bcc59b783e19b871d8f7f1183c8ab98a92579fcf896f9f0a8693c6fb79b4d8133796fcb74b4f693076b34395f0548ef0c73551838e6fcd4a394fd1cc1f2825ddaa2a0209d052a4f60b90689530cf9da4219375dad39b0349d8ddc7c42ff7b2644803b2833fa497973f068b24b39dbec97166d22ed821324dbf6adc238fa87221acf363c50017f654b4221fbdfb2bef6a64f90088024309373f099d58175be4b1af0fab9fb08f4eec989e3157b4060525751b9923c00b4392c1812e9146e9597b85d24f217bbb71b95c297e08d9b466384e156087037f91983479e1e6af3a6d3264a5296abad0101e7c210aa77fe4068c50e34f47ccf7573f66b6be2d42cd39969f91f760882ba91406c77140edb743fe94c151a88777d354bcb137bf382854a3d5e885f9887a4b78341bd87c5193e911bb9c368680ffc9d10da5a9c656e40be746190c5beebac98d9d66923878c7c8d6906083c7d5913946e644f9c34901eb9d518973054d783a42152198519e7624d1de7934b7275b993128542ce4158a71e88656099ce243906beb1e21472f396d4b9df72ef9daaa4818e0e34d9196aa73e476f7f33a9540842bdc4ef64cb4af76e27c85bab41c91957a5d974a53e2c0b07c72995b8340254f371c6df3518b2d70050b8215da6bcf1a76b6ea62420d1311fd355a65729bf939756a71e706243fbd7f5c6df4144a34a0c4961bbfe7a6ea0217099d41e80024d74a8478b9bcad2a43fbc51ada4ca80ac9cccf5b0c1550e38a8b5ba99f43c0918b85a1e1f1f313ad1ca97ed6b82f9d323d9578ce41cc5b4d0259ee0e043c04c4017d5edbd061fdb700e6bdff1a1d31bb4bdaca87f4236818ec85ac3be8b1e18e13124ee76d265e029c8df4e158fc74dc72c0e5dc1d120666995c68cb307ff6808c1ff47bea1d38a47b392de7d9980cbf9dd9abccea307f551707759ff10f5c8f9043b949787e51244e9587ecc2c6d5a89a5cf9940326347703bef63f18fa68b428c470d8cc0de1a19a21d344c833a47272fea1e8817309fd4f1d086f4715f25223ce98c6986d6dfc7d76f635d277b59520787ef7da0e6218f15c8f080da4a389214962c77363fdac0f8732a2b111f343b7a8cba30a0095f695d9ce144c55f819c425f63d53d5c9c71bd890bc30a2b36229c00f83c8a13d80df814ea83162ffad50a9b68375b1a051c9634d3d45d1335c0378341d09233f375d9078a55fa248eacf42924bd8d1eaac0771470dd47039b4d2cfc38696a54eb2a662667adad176c054a6dcce586ea5ff7854f89f51c17fc06189c5ae323101448bc1523a43c842d63d2b304df56308483bb777f967c69085c68698a31cc1804cc1902efaf2104f0feaaf7e81f5a1ac6948d2382ae64045f1f551189dcce188538a2087ece1aa8744ee5e1cc33fb0bc7738ed04275911c03a7b04b1d6683f07e1e0e47ee97067c849b10cb775449eadd90b6de249bc2a4638f38ed0ad2b6624ae2872208e35f147328ad406bef4852e060ba15be3fea82512807b10587f60e8ebc45123062eccabfcd79441f699fcd0eaf02bef42bc7ba7a071e6c5767b2cabb278d2f08f1555f61aa687e0edc9b64d732322ab52e1f7bd02a79e9d9e5139b57537532ae651a501c53a74a1c589ba425b5c25392eaa6813a455dd751e8aa3bbb84966530cdb5685714dc06596002ff8022b39b06c4775738eb107a324716d7be4cde7f360bb4954b398156df5c96ad41cdac68187f766ecc1c0d08b8ba3fc0845b5b1ad689aecc0d201e9ccf2baf586039cb8086184fe5a151e9a2af703af05d37eae8d0526b5a1507e244e3a54c963567778d141b046005296aa90ca9b8915b197f19cfb3414de7efd74679cab0d07cec00bc6e8b1da73ba312ccc88320e827d2304009309e0fa48e12941a8b5ed6d6662ba96f58de451cc65468c2bf4fc15d2478f23fcf76004d8e9d4be38da68d8ab49ab75b1a118a9bdb3623afaee6fbce34ce136e7b8ea1171289ddbf1742af0d14dd81f5b8915073b954a087a66b73b11dcaadd7a919a15645e1c60fad03b05852b8693a8de0eb298e971dd6eb94f6745a2a3df101e805042d143438bf65c19835614e5d7d0f50e27736b9c049b181d8a8f31315c696e274178adaee3fa49eb809aae410f2a0aad326bd7980f33cc3a01c4eef24c29c7d497304ed8206a0bf7419af6a7f4dbc74b77e706d76afbe50634f6a663c3520f55fb02153c966c47e25e93c01c833b7a06c3c01612248e236091ef47f8b883392f62184dfffc48ee75bb5a373b69b4ca1b754d92ffa9e7cdcf4e5ad1a4076d462e12c92ccbd0baa2d5113029c8e0173d98f857ba71e9af0f06f12d6a29aba2e85b2491ba113f701c75b884a8d5358fee0ca1ec38f64b526d16c53270ee4e282501decfe730a26747a23b4dcbfd99e6393a975b1382dc177bed7e682c15b90ed4195920ca6fa71506b28a784e06c107cb9307d17ee1a4b5bbc140e680fb377ce2ba48ac253125ceed7379afc85fdbc47d128d2eedcc3987b60234f6fdbb2c65bf8beaf2d16d983f2bde553b755b39c1ad56859ee373498dd5e0b5298e67633e207ad38d44fca0c5d001e0fb782e6b3a4ec126cb8da0d082748d98004138b7600c5c18bd9d18cd1a0426fd59e7a97db6ed4e3dfc3344f3ab5eb1f469e73c621f562a89999bcd54634b2446b72c13645d6da8c4bd69e76759c0547d02dd24fcf4e5bc967cbf572cf6a6cdd70cf442eb8626a28c515e42433df28998cc954bdf168a26edcb2de1ac38cfc3797fc9766c3289f177255c0325ae7d19e9ba71b8e4f9fb02146c195c6d44e0272719edddb6d1a881dcbb5bb55e06d1fa0f7baf35cfbb193ccb95bd6065dfb69d1f28f5ec845c742e5f82b49f97ecfa0f50247d32f175e9d160a98fd89c649d4b2dbb9a96892b1858656cd03026e7967171091a9569ca11e027c8d26f79a5975946da0f5648584c57fe4f295997b8d35a91222cd487d9518039d47a719b2a7df52846514062c21d3eb7e0459c4c995405ebec4c33d3458b748e8cc463aeff92905ceb11dc18295ade019070f6c94979801afd2aff7563b368bad9e9f043af3c2ef83d2f5060770bb97cbc8ed3d5405738ad2f05bcd624a588cada415a9b31a3bde3cff7ff00a931ff7470cac7d97a080e1e5b23c0d3b2609cca93e12cbdc8739e5a138351c01282e369deedf2fb6c4be15491438970af2ccd1386dc8b356a7c8a8eb840d4c5adb7cb29049bf8c2c2e67bcf90074404b96e42ee36b35706ef8f354d2c1207292ab0712c743c6bf018521ba349c143a55d4471793fdc77552d9a10e9cf0feb9d355d29c1a6ba87252566e84fc7d546d32b12850413804f18753c5cfa5972089904ebeebf1790a3f9512cb2fc15f17da6124e0831995dedcb7867b941614785f5709c010362001df184e057b9db42751a48a43e5b568d11cc994b5a7b932b9639b424da34487aca82b83cd43", @ANYRES64=r0]], 0x0, 0x0, 0x0}) 04:12:04 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed94, 0x2) 04:12:04 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/checkreqprot\x00', 0x401, 0x0) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f00000000c0)={0x2, 0x0, [{0x8000000f, 0x85, 0x4, 0x9, 0x2}, {0x80000001, 0x3, 0x2, 0x4}]}) [ 2508.193634][T16281] binder: 16278:16281 ioctl c018620c 20000240 returned -22 [ 2508.220610][T16300] binder: 16278:16300 ioctl c018620c 20000240 returned -22 04:12:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:12:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000000)={0x1c, 0x0, &(0x7f0000000040)=ANY=[@ANYRESDEC=r0, @ANYRES64=r0], 0x0, 0x0, 0x0}) r1 = dup(r0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000180)={0x4}) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x3f, &(0x7f00000001c0)=""/239, &(0x7f00000002c0)=0xef) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000080), 0x4) ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, &(0x7f0000000100)="f1fa741b92e71d92fb937f4054713f41ffb4fd4958656e6483182966ffb890673769ebad5784a39e905840978efbee4f701143cc4ed45d099a0d03f8935811788154de") ioctl$RTC_WIE_ON(0xffffffffffffffff, 0x700f) 04:12:05 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)=ANY=[@ANYBLOB="bf18130000e70116"]) r1 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x5, 0x2201) ioctl$KDDISABIO(r1, 0x4b37) [ 2508.322203][T16386] FAULT_INJECTION: forcing a failure. [ 2508.322203][T16386] name failslab, interval 1, probability 0, space 0, times 0 [ 2508.349508][T16386] CPU: 1 PID: 16386 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2508.357180][T16386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2508.367242][T16386] Call Trace: [ 2508.370549][T16386] dump_stack+0x172/0x1f0 [ 2508.374873][T16386] should_fail.cold+0xa/0x15 [ 2508.379449][T16386] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2508.385256][T16386] ? ___might_sleep+0x163/0x280 [ 2508.390090][T16386] __should_failslab+0x121/0x190 [ 2508.395007][T16386] should_failslab+0x9/0x14 [ 2508.399500][T16386] kmem_cache_alloc+0x2b2/0x6f0 [ 2508.404330][T16386] ? __put_user_ns+0x70/0x70 [ 2508.408899][T16386] ? alloc_inode+0xb8/0x190 [ 2508.413382][T16386] security_inode_alloc+0x39/0x160 [ 2508.418471][T16386] inode_init_always+0x56e/0xb50 [ 2508.423396][T16386] alloc_inode+0x83/0x190 [ 2508.427701][T16386] new_inode_pseudo+0x19/0xf0 [ 2508.432366][T16386] new_inode+0x1f/0x40 [ 2508.436423][T16386] debugfs_get_inode+0x1a/0x130 [ 2508.441265][T16386] debugfs_create_dir+0x7a/0x3d0 [ 2508.446192][T16386] hci_register_dev+0x299/0x860 [ 2508.451024][T16386] __vhci_create_device+0x2d0/0x5a0 [ 2508.456296][T16386] vhci_write+0x2d0/0x470 [ 2508.460610][T16386] new_sync_write+0x4c7/0x760 [ 2508.465271][T16386] ? default_llseek+0x2e0/0x2e0 [ 2508.470105][T16386] ? copy_page_to_iter+0x47b/0xd00 [ 2508.475222][T16386] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2508.481446][T16386] ? put_page+0xce/0x130 [ 2508.485681][T16386] __vfs_write+0xe4/0x110 [ 2508.489990][T16386] __kernel_write+0x110/0x3b0 [ 2508.494645][T16386] write_pipe_buf+0x15d/0x1f0 [ 2508.499304][T16386] ? do_splice_direct+0x2a0/0x2a0 [ 2508.504321][T16386] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2508.510540][T16386] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2508.516584][T16386] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2508.522801][T16386] __splice_from_pipe+0x39a/0x7e0 [ 2508.527799][T16386] ? do_splice_direct+0x2a0/0x2a0 [ 2508.532801][T16386] ? do_splice_direct+0x2a0/0x2a0 [ 2508.537799][T16386] splice_from_pipe+0x108/0x170 [ 2508.542630][T16386] ? splice_shrink_spd+0xd0/0xd0 [ 2508.547551][T16386] default_file_splice_write+0x3c/0x90 [ 2508.552991][T16386] ? generic_splice_sendpage+0x50/0x50 [ 2508.558436][T16386] direct_splice_actor+0x126/0x1a0 [ 2508.563525][T16386] splice_direct_to_actor+0x369/0x970 [ 2508.568872][T16386] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2508.574397][T16386] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2508.580619][T16386] ? do_splice_to+0x190/0x190 [ 2508.585283][T16386] ? rw_verify_area+0x118/0x360 [ 2508.590110][T16386] do_splice_direct+0x1da/0x2a0 [ 2508.594938][T16386] ? splice_direct_to_actor+0x970/0x970 [ 2508.600471][T16386] ? rw_verify_area+0x118/0x360 [ 2508.605301][T16386] do_sendfile+0x597/0xd00 [ 2508.609700][T16386] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2508.614985][T16386] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2508.621221][T16386] ? _copy_from_user+0xdd/0x150 [ 2508.626051][T16386] __x64_sys_sendfile64+0x15a/0x220 [ 2508.631231][T16386] ? __ia32_sys_sendfile+0x230/0x230 [ 2508.636497][T16386] ? do_syscall_64+0x26/0x610 [ 2508.641156][T16386] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2508.646419][T16386] ? trace_hardirqs_on+0x67/0x230 [ 2508.651434][T16386] do_syscall_64+0x103/0x610 [ 2508.656025][T16386] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2508.661893][T16386] RIP: 0033:0x457f29 [ 2508.665796][T16386] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2508.685381][T16386] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2508.693767][T16386] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2508.701733][T16386] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2508.709696][T16386] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 04:12:05 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x40200, 0x0) [ 2508.717647][T16386] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2508.725595][T16386] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2508.757348][T16452] binder: 16450:16452 ioctl c018620c 20000000 returned -1 04:12:05 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed95, 0x2) [ 2508.821681][T16458] binder: 16455:16458 ioctl c018620c 20000000 returned -22 04:12:05 executing program 5 (fault-call:5 fault-nth:27): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 04:12:05 executing program 4: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001100)='/dev/autofs\x00', 0x202000, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000001140)={'team_slave_0\x00', {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xf}}}) r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r1, 0x4b47, 0x0) r2 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0xffffffff, 0xc8000) getrusage(0xffffffffffffffff, &(0x7f0000001180)) getsockopt$ARPT_SO_GET_ENTRIES(r2, 0x0, 0x61, &(0x7f0000001240)={'filter\x00', 0x1000, "24f6e0fb6a93ece29b66c40681305671b2ab34cf47707cea10e3ebd5165838bd1da3872d112de72dc4c42697dbcda52181e32fb6b1a42a0de19b0ddf528f12eeafb4c92d54760ac135b5578fe7f142c05ef59cc9484346c732db1bf0ab641f46d5df1c75c0d78c01513e71322eeb62d06c524ee378d6410f425ff4c8c1487902e0d18b610fd80c762d72bd0b0a6de1b8cf91a93b046430ed55b0ab1a9315bf2a64a8eff091ce05d1629816293fdfcbc657841566e667bd523517c4682dd85402cc601fc1b3efa09f89bbf337cbfc73e4557115fe495d823b364e0cef81b6105fa7700a4d50f3ce5834d3883e1422b755dfde664433b266d0a94143d735e6824c787ee82d7bdc77e5b2ea30970186a4f319449bf762d3ddf2f9ee0edd52639557e017ac352904b3065cba5e048bfa4a5dee13d2daca936e6dae903546bf2b45ba0041196ce3105f369e6a461d356e5d8b60d893e53755836d23c155e55ab21a12f2a4dac17ed4f45292ef6c2902d016fcc6dd2ae0d66c3135169f5f94c22f61a0d8b960d79ec3672d0724c0c254f08bcb9f362e3f5de2445fdae54d2c0b0d79db844790b40ca56eb28446e9d43bedbd350c2ddac9c58ff109007f12bb2a9176ae1dad034f5d13ae31eeca47edf921f646f508397f66d586a5cd967b32c80bd6c14e82441dc4fbe038dd07a069aa239e2de3d8b8d71f65dad72acd3704cacdcf286fc7f63e781939acc41d5e759f9fc8ab527863eddb8a13b333e72716f2c6d23deaa07142e2e32a4e980a04a7fda7cd750437f06ab6c0dd46535fa0c2f98e21d34f6a77a50548677db9476f53301f5b17474d3b78272c3169763dae023cc30b818140d3fe7924381fd4e8c7d615b023cdbd27742231fabf05367ec482823a8d349f4d0a3b0ebe99f5f93c373b626751e3830770127bc8d049c91403125267df3a7f686483b567a47a153274341e4dced8d12110d9f8526da08da03694385b33931528a39aa15190424771b141a78c62e3006b917c269f22f091e39209357324d61781694858724cb417eb81da1fa9c3a653f7bd4982f4e936e98821347f6a4d03d6d2c94aa525373c6f2edca6356b6fc488868c4ef4a1940c713917dc7c299d6e271ef31365ab27ae009ebba0641e619ca5f9865e0e0774e60e84405e8519121adb9db5e5b0e401b1b6afaa576b1911bffd1fa43ab26cd4952f7bb6559f11e453a6d5b089e1b725c61c3736d15616310ee2c61a3aab0704e4695c9d27e5011cc09482507dcd977b477228d5cf7c2c48862f83f766a72252249d745323daff6fb30f323880aff23f12124e9bd839d4c73b6a17cee73860c07cabe301c09ce020494f778972452232578eadeca5008ff9ca38654f57fa703f097907d287a7e2a7057470092c3a9d61422f408dcc291451a5e7fac13ec30d46c0c72b9dd2279965188ce8988547ede4accaeef0a76e7cd25d5d213c9f5930b09c8ed9962f37bb82fd21085a44b1d4b1d48cf054675a3a0b7680ad443a979d45f19fed6321f734e95ae7feea27f9a9f21d62b6809dfc683d0ea4a9fc3bea4d9ee5a4a6395c43df52e06882b4d953c8a8f528c49118dd2f1d73bf44035ebe4cf91d5640695245cb7bbdc7775b1ea2c5375e1a19fca4af3b1289c4c207200b3bd4d4135d042c547b61577cde9ea0e7e6bf172d1d37fae590f583b417c1be699f60169b80544375ac62126efc8c317480e611c7c01059a8b003412d7e0b061de7f1cd14896df2db7e547c4c73f283f7477b7b1737a1c881e419e267dcc2ecb0420d73bef811d6953e1764f74ed9fcbe2c71ca762ecf17e7590d9936dab6705769fdbea41d5c90340eb36796b855cfb482d44a3ee069d977a86dc3a4ad6b3d451d662efb2b1244f83dcd15abf4d11b5218068e4a12391739e3b6c47991c2907af1673b9f579fb786858a728d0ef6ff11bc16e88bc9dd76cb85d6c9c4fd16db87d9f6859b5e3001dd66b5a9c1b3e6986a308510f9d26a06c06dea6ed02c2283cca364f3ff7f385d41543598e8d2c97c071ac01533987617463019163c2dc39f529e966a6f993749b9e3b09abd66839554991a166b3b9239971c81129b50b4b2f791b71de21ed642688b761e7bd8850feb87448ef4fa8b89b26f01a4f91a0a6ecb6970514a9463ea4eb16711490eff14114eb6619798f8808aa57050e4a741180fd07b0da2b00397535271dc816f3b77ed024c8c6c91c25d202ed8eccce5104f40f48b4d51116811bb1eaee234aedaa6dba65f966e88f83c5949e3b40f6d32952998d9cdb9e7e461b09efc43ad1116097d5f9d322a8ffe0d3459e2e793caae5030c259a5c122f814324d82f8d21f42c8af38ae8275f0c58a3be8dc355706ed7e35b02124fd5df3623baac7d16dba531b2dbfc0c6aa801c34c67f63d942e50db3c9a50065bc6cf4baf699118198f1071668fa93bf2f01b21478d65670dec0c441e24db67057d48dd70412d94889f76e56782fefd136dec2867e7a153ae182f9914bbf5c57ecf926e00413c77e8397baf2558a819e6f828e497a44341b280acd69b4716452e2ecdc6e2decb8df4d71d8b698f6e242cdb309ac4857939f5a8c75585fded06116d9839ddc74ab255fbf690897bc6fa285f3d9e9f5d50115bef69a8be8e81a1d8e7f5f8e7a70addb03e869f1c19a624ffc89ffccbabe38321e63826d737b1d414f8720331ce7c079a0e99a63d2040c97852bfb6fbd9f1127a53e5d87e51566a9ae8734bec808fe8829282240973c3f6c3637742c45f16f40622f4ace0c94fb601e4a37a2b950f1f1e839e41f70df8e8c2e99e2c03fcd62d67fafcc8ef05f7f2f1d5f028f7b2d801823c5582f71675eb043c2db4e44ee80aa75ab7a3bfadc22ef506e3c04dbb413fd0dabfe00ab0cd58fef63106c111d2904ac46370d91ebf5f138a6cb482c2bdef282aba02203ce88cf8d7425738aaffe532f0123cf475013c461a4f67137be750e77e09b60e0a36dc55ba162350ddd19a43f6a2e3471080dba37e8dd289a5ce64a24bd0bacd99f4ab1b68700e933eac19282450179c23ca805ffff21fb4c7410f33b84e27070bf0889d311e44062f5d48d5fb039da575d525ea9ee3cb78e6b8245d580e4382e45acd531a6c38e07acbd0df55cbe4bd8700af9541b9825cb41341c527839c82da9c625f01c586bfb9c3785bc968915e1ca844fae27ae140ec1c635f5c1777cc69ee2f51fe3ea3e785763d71e11438ee0938c5b0e362416f90cbfee65c8c6a7fabaa3cd6f6da302833e8d55e21b5fc8a5ac7191fce41d0705229fc1f6b35d9f0824ab24f2eaba431e839bbdb247ec836fba3fe0a41b4c298563f8874b9e589bff37224aa3242b74ec4df957917172e7203cfa59bf81816749d55c9d3cfa5d83bff3a67c3cc532576ccf780e55f227bf1e3df12d9d92f52ed5ecc90e045afb9a6fa47f76b909ac69a9b1cbf44518b1394f41201e6256afc0b50d1a344dc8b8d097c600d75182d7318d9081413b700bcd2149633a5591343efeb587c1f65f4d7fe63bbf068253e753e303745280d5e6ac434beb16ad104f7453bc15d76e56fa5c1aee620a7baa976cb41fe96c7353495d922d47907d54a1b24676e08d004051daca1fffc39282636a07684c211db096d33cf51bc117a60f5c527430768ec73ad0a73438a02bdea55dd568f81e71c2414dff8754c884f47a35719f9bbe820b775eebcd6a82a37f6a9117060e6d33c5d95278212673b9df280628004a070290711ef4f6cceabcd0ee928572d908e47308ee6fb5e4de22070d5f834ac1fabaf6142a8da60d7fa1c2067fded43ff910272a42ea8268e01aaf7be3281fc043d5e17992ddbc077bbfc58cbd9eceb15a9e7bfd2ad8a48037c02eaa728e73daa5ff461ce56c6cfb19c1567b6828c0480a06f7d810bb8e40bf06a3a6067f7dbc16ab5b45576b4bd4be279250b16928497488a73151ba6c4d0bf8b76226d83764beec578c78a23e03793741e2a95f0484d5eabe8b2a4ad41854df2ba72eab3b849e9a5778c47d021b0bdd6f120af98af9ec0c18dd1c9a2c83e6c7d9f3b31f9b9deee0e83e08ebe17d74ab6e32f28dd576b9d0c69a9ddb772978b9c795639dd7f57336fa6dd30d1bef95e05ce1ab44b6562d22615817ca6587c8cfdad8f4b52434cfbc411310131ad9d6c9dd4a2ce21e087441a77984e4cd87b29aedec8ce3d65c8b9768c329790dcc0b0545246730217651b447c999ced715c6fd412dd592fa6cee55fcffbc1d7f21bcfdf28617420782309726053a235d9999acb6845054f2cf4c64019147b43b04f9c9b20d4fb74b72022f5d9595998c6a3715d75206bf845c963d4178c818ba439e8ed0e9efb65978a02ef824aec10578580a6c7fe15ee6c57a35383e72650ada9ba7c67e8b32208e05738103bc0f6819c91b2de366c60f6268420674f70afc36ff915f46a8d2080711422945d0363372fac84d2179696d6377fa22a06477f13bbcfb1c319dcbe9f81223cccda9c928dc063bf0b93320752ce5f55c31004b0206b3a67437ae5dad42a592fd8f129867e35dcb4313bbcc7ddd8a80b80565514f502a31047f0493f144905070ba3b4b9f8186eb2d4c4d687b2878e22665bd909ac2d297ebd4b2476c0350615eea6f71025d44c30b510a6103013d27ab5093e130dd3b5bb336622594ebdf748e447cca1c1c1fa94495356f778f47e3a8ef7251a00729fda194f1d570dffb123a6b506d98f203cd3943786391fe77e64bdd911abc1f3aae85d4a8a2a7f0cc720e48fa00a6cae13f4dccfe08ee373a60b9d96f08e427405b6cdf4d8e1084ea0f74582e6357082eb6f3851edf37c7f468cea1e80e39aca93babf6807eed434e36854ceb3890451ae7a34bddd8508893699c914aace433ba754dfbb2bd196139fdd278cb2ccfe9cd8d9a275749fa9b228dd1067bf415db8fccfe36a1914237ae501a10f6dc7bc709f2c7681cdb88657a8abe44c7563a3462e2ccd89104bea94ada3b3e3023186291ac6fe089d67c3cbf92756efd8a4bd826220e383328697843e4a12f346169e27729483f1939821f824737b8bd8a97282165cdacc657e6c9448fac42be4a6767046b2a7727ec415e35f712f689cf8f55f0f65450857fe6c2969dec8600eeb455ccf132d6299a71f355cd0456fd35059f94934c9d84497bf16697f54e72fb721c3c18ad729ed2eba7c12c883c70e9a7f696ffa0e33b7757d7f6ec8d7c63ee8791b715ba8c54664368798674f7b1f5132cede1662e7dfe6756fc146d59a0b3c5ad4fe759b4c2c21f81a44072c983c863ce7b2dd342fa5f510bdd4cd3a23cae660fa4dced789f0ef4ba31d0f17e88e81837c32624643306d49b894757670df0334070529c00f80630a39ea70b3b893229cb0905e41d3d371921cebd218806656ea9a46936ca04b106f4f8fce9068183b193147ca84cd20b7e1270f30273035d0b1d134eb11a1542805eab6af46ad2590c39fef040dcbe93ef91c093e281688b2dd419fb475eb2898123e942ed806731cbefb17f2795fcbd865068e41181201a512548d929820dfcd9c2d40e8768a012029c1adead9e470fb1e6b9fb98d9aa09dcabc4cf421846cc76cebe41ca1e97200dc2403cea622efc570fda87cf6ef857c0f46b3aad64376c35a1b6b5eddc6285da0609bcc6a742d2460a911898a12ddbd091856eb2f12232274574aceebcb1765a104a4fd26df68d5242f0b71cdcb7182d321f6672013d848e670425d8a214f224edb6be4d4fbe12676aa17020d768591cf658a42d3b6737d33cafa0c39c7c1cd48b896de6decbf221a9395ecca1181fc7972c8e0c6cabc7ca0d4c76dab4731313fc9fefacdddfddcca4fef75487b8d832aeb25d9b39ac045fd7d4a1171fb62f65792d7907361954098ad5d167912552ee6879091d32012951aa3908112605dc27d43af6cbc965afced2ca441a138595efffa4da8a7c727f7956daa073d40f720f11dd940baa133aa4a0cb2797242be7289bb943b1888342004ae22ce6d9621a3fe64f011a85369095c8"}, &(0x7f00000010c0)=0xffffffffffffffa5) 04:12:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/capi/capi20\x00', 0x8000, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000140)=0x3, 0x4) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000000240)={0x5, {{0x2, 0x4e20, @remote}}, 0x1, 0x1, [{{0x2, 0x4e23, @multicast2}}]}, 0x110) r2 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x9, 0x101000) getsockopt(r2, 0x4, 0x2, &(0x7f0000000100)=""/61, &(0x7f0000000180)=0x3d) setsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000040)=0x63, 0x2) [ 2508.888204][T16458] binder: 16455:16458 ioctl c018620c 20000000 returned -22 [ 2508.972834][T16573] binder: 16571:16573 ioctl c018620c 20000080 returned -1 [ 2509.008024][T16573] binder: 16571:16573 ioctl c018620c 20000080 returned -1 [ 2509.010894][T16572] FAULT_INJECTION: forcing a failure. 04:12:05 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x200001) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f0000000100)={0x14, 0x88, 0xfa00, {r2, 0x3c, 0x0, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x18}}}}, 0x90) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)=ANY=[@ANYBLOB="71e20d25ffffffff"]) 04:12:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/commit_pending_bools\x00', 0x1, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000100)={0x0, 0xb8, "b14acb611e541ef6340dec8abb8ff37f1704961de34987a408339a714836934d54c0a171768a494b94bf049e3ebd1aa160f4434cef7c2ad152dd077a8e7526f4bd5eefd1b5b40dad741f405ba53c5201c836fcc64516cf5e7d54f02f4c92d4f5916512ebfb23990a4bb1f59da25e73b75795976f7a17912539c6300b519940796a3cb38cbf5fcc1841a791a9827421b02a809502a94fab1a651cd7dba7d5e718b1d5b77d9d33d6782161889b913019a37a8cb1fca07bb47c"}, &(0x7f0000000080)=0xc0) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000001c0)={r2, 0xf4, &(0x7f0000000280)=[@in6={0xa, 0x4e20, 0x7, @local}, @in6={0xa, 0x4e20, 0x0, @empty, 0x6}, @in={0x2, 0x4e23, @empty}, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xa}}, @in6={0xa, 0x4e22, 0x101, @remote, 0x3}, @in6={0xa, 0x4e20, 0x8c, @local, 0x3}, @in6={0xa, 0x4e24, 0x6, @dev={0xfe, 0x80, [], 0x2a}, 0x2}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e20, 0x3, @ipv4={[], [], @local}, 0x7f}, @in6={0xa, 0x4e20, 0x1, @dev={0xfe, 0x80, [], 0x20}, 0x1}]}, &(0x7f0000000200)=0x10) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000000)={0x7, 0xa61, 0xc4, 0x2, 0xfff, 0x3}) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) setsockopt$l2tp_PPPOL2TP_SO_DEBUG(r1, 0x111, 0x1, 0x8001, 0x4) [ 2509.010894][T16572] name fail_page_alloc, interval 1, probability 0, space 0, times 0 04:12:05 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed96, 0x2) 04:12:05 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x101000, 0x0) ioctl$TIOCLINUX4(r1, 0x541c, &(0x7f0000000080)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)=0x0) sched_getscheduler(r2) [ 2509.107130][T16572] CPU: 1 PID: 16572 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2509.114810][T16572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2509.124865][T16572] Call Trace: [ 2509.128163][T16572] dump_stack+0x172/0x1f0 [ 2509.132522][T16572] should_fail.cold+0xa/0x15 [ 2509.137120][T16572] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2509.142933][T16572] ? ___might_sleep+0x163/0x280 [ 2509.147803][T16572] should_fail_alloc_page+0x50/0x60 04:12:05 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x400100, 0x0) r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 04:12:05 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.stat\x00', 0x0, 0x0) ioctl$SIOCGSTAMP(r1, 0x8906, &(0x7f0000000080)) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)) [ 2509.153018][T16572] __alloc_pages_nodemask+0x1a1/0x7e0 [ 2509.158391][T16572] ? find_held_lock+0x35/0x130 [ 2509.163183][T16572] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2509.168910][T16572] ? lock_downgrade+0x880/0x880 [ 2509.173762][T16572] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2509.179994][T16572] alloc_pages_current+0x107/0x210 [ 2509.185080][T16572] __get_free_pages+0xc/0x40 [ 2509.189644][T16572] inode_doinit_with_dentry+0x990/0x1190 [ 2509.195252][T16572] ? selinux_add_opt+0x2f0/0x2f0 [ 2509.200190][T16572] ? ktime_get_coarse_real_ts64+0x1ba/0x2b0 [ 2509.206058][T16572] selinux_d_instantiate+0x28/0x40 [ 2509.211152][T16572] security_d_instantiate+0x5d/0x100 [ 2509.216428][T16572] d_instantiate+0x60/0xa0 [ 2509.220946][T16572] debugfs_create_dir+0x122/0x3d0 [ 2509.225949][T16572] hci_register_dev+0x299/0x860 [ 2509.230897][T16572] __vhci_create_device+0x2d0/0x5a0 [ 2509.236072][T16572] vhci_write+0x2d0/0x470 [ 2509.240396][T16572] new_sync_write+0x4c7/0x760 [ 2509.245053][T16572] ? default_llseek+0x2e0/0x2e0 [ 2509.249905][T16572] ? copy_page_to_iter+0x47b/0xd00 [ 2509.254994][T16572] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2509.261209][T16572] ? put_page+0xce/0x130 [ 2509.265442][T16572] __vfs_write+0xe4/0x110 [ 2509.269759][T16572] __kernel_write+0x110/0x3b0 [ 2509.274424][T16572] write_pipe_buf+0x15d/0x1f0 [ 2509.279187][T16572] ? do_splice_direct+0x2a0/0x2a0 [ 2509.284187][T16572] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2509.290401][T16572] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2509.296446][T16572] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2509.302670][T16572] __splice_from_pipe+0x39a/0x7e0 [ 2509.307670][T16572] ? do_splice_direct+0x2a0/0x2a0 [ 2509.312686][T16572] ? do_splice_direct+0x2a0/0x2a0 [ 2509.317689][T16572] splice_from_pipe+0x108/0x170 [ 2509.322515][T16572] ? splice_shrink_spd+0xd0/0xd0 [ 2509.327433][T16572] default_file_splice_write+0x3c/0x90 [ 2509.332883][T16572] ? generic_splice_sendpage+0x50/0x50 [ 2509.338326][T16572] direct_splice_actor+0x126/0x1a0 [ 2509.343417][T16572] splice_direct_to_actor+0x369/0x970 [ 2509.348777][T16572] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2509.354300][T16572] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2509.360519][T16572] ? do_splice_to+0x190/0x190 [ 2509.365185][T16572] ? rw_verify_area+0x118/0x360 [ 2509.370008][T16572] do_splice_direct+0x1da/0x2a0 [ 2509.374832][T16572] ? splice_direct_to_actor+0x970/0x970 [ 2509.380357][T16572] ? rw_verify_area+0x118/0x360 [ 2509.385182][T16572] do_sendfile+0x597/0xd00 [ 2509.389577][T16572] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2509.394840][T16572] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2509.401053][T16572] ? _copy_from_user+0xdd/0x150 [ 2509.405881][T16572] __x64_sys_sendfile64+0x15a/0x220 [ 2509.411054][T16572] ? __ia32_sys_sendfile+0x230/0x230 [ 2509.416311][T16572] ? do_syscall_64+0x26/0x610 [ 2509.420962][T16572] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2509.426221][T16572] ? trace_hardirqs_on+0x67/0x230 [ 2509.431223][T16572] do_syscall_64+0x103/0x610 [ 2509.435795][T16572] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2509.441670][T16572] RIP: 0033:0x457f29 [ 2509.445539][T16572] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2509.465128][T16572] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2509.473520][T16572] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2509.481465][T16572] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2509.489867][T16572] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2509.497813][T16572] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2509.505762][T16572] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2509.530793][T16784] binder: 16588:16784 ioctl 40286608 20000000 returned -22 [ 2509.539596][T16784] binder_ioctl_get_node_info_for_ref: 17 callbacks suppressed [ 2509.539603][T16784] binder: 16588 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2509.539614][T16784] binder: 16588:16784 ioctl c018620c 20000240 returned -22 [ 2509.567754][T16786] binder: 16588:16786 ioctl 40286608 20000000 returned -22 [ 2509.594571][T16784] binder: 16588 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2509.594584][T16784] binder: 16588:16784 ioctl c018620c 20000240 returned -22 [ 2509.608528][T16790] binder: 16789:16790 ioctl c018620c 20000240 returned -1 04:12:06 executing program 5 (fault-call:5 fault-nth:28): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2509.649420][ C1] net_ratelimit: 22 callbacks suppressed [ 2509.649428][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2509.661003][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2509.666814][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2509.672718][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:12:06 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed97, 0x2) 04:12:06 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000080)='/dev/udmabuf\x00', 0x2) r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x1f, 0x400) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffff9c, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x6c, &(0x7f00000000c0)=[@in={0x2, 0x4e24, @multicast1}, @in={0x2, 0x4e23, @broadcast}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x29}}, @in6={0xa, 0x4e22, 0x2, @empty, 0x600000000}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000180)={r2, @in6={{0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}, 0x291}}, 0x30341693, 0x1}, &(0x7f0000000240)=0x90) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) ioctl$SCSI_IOCTL_SYNC(r0, 0x4) 04:12:06 executing program 2: r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r1 = dup3(r0, r0, 0x80000) setsockopt$RXRPC_SECURITY_KEY(r1, 0x110, 0x1, &(0x7f0000000040)='/selinux/avc/cache_stats\x00', 0x19) r2 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) 04:12:06 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000008000000080"]) 04:12:06 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2509.867406][T17001] FAULT_INJECTION: forcing a failure. [ 2509.867406][T17001] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2509.900261][T17001] CPU: 1 PID: 17001 Comm: syz-executor.5 Not tainted 5.0.0+ #15 04:12:06 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) [ 2509.907939][T17001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2509.918011][T17001] Call Trace: [ 2509.921313][T17001] dump_stack+0x172/0x1f0 [ 2509.925658][T17001] should_fail.cold+0xa/0x15 [ 2509.930266][T17001] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2509.936070][T17001] ? ___might_sleep+0x163/0x280 [ 2509.940916][T17001] should_fail_alloc_page+0x50/0x60 [ 2509.946103][T17001] __alloc_pages_nodemask+0x1a1/0x7e0 [ 2509.951457][T17001] ? find_held_lock+0x35/0x130 [ 2509.956215][T17001] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2509.961951][T17001] ? lock_downgrade+0x880/0x880 [ 2509.966795][T17001] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2509.973026][T17001] alloc_pages_current+0x107/0x210 [ 2509.978119][T17001] __get_free_pages+0xc/0x40 [ 2509.982686][T17001] inode_doinit_with_dentry+0x990/0x1190 [ 2509.988296][T17001] ? selinux_add_opt+0x2f0/0x2f0 [ 2509.993217][T17001] ? ktime_get_coarse_real_ts64+0x1ba/0x2b0 [ 2509.999095][T17001] selinux_d_instantiate+0x28/0x40 [ 2510.004187][T17001] security_d_instantiate+0x5d/0x100 [ 2510.009458][T17001] d_instantiate+0x60/0xa0 [ 2510.013858][T17001] debugfs_create_dir+0x122/0x3d0 [ 2510.018872][T17001] hci_register_dev+0x299/0x860 [ 2510.023709][T17001] __vhci_create_device+0x2d0/0x5a0 [ 2510.028899][T17001] vhci_write+0x2d0/0x470 [ 2510.033211][T17001] new_sync_write+0x4c7/0x760 [ 2510.037865][T17001] ? default_llseek+0x2e0/0x2e0 [ 2510.042696][T17001] ? copy_page_to_iter+0x47b/0xd00 [ 2510.047806][T17001] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2510.054033][T17001] ? put_page+0xce/0x130 [ 2510.058260][T17001] __vfs_write+0xe4/0x110 [ 2510.062569][T17001] __kernel_write+0x110/0x3b0 [ 2510.067223][T17001] write_pipe_buf+0x15d/0x1f0 [ 2510.071877][T17001] ? do_splice_direct+0x2a0/0x2a0 [ 2510.076965][T17001] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2510.083179][T17001] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2510.089219][T17001] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2510.095459][T17001] __splice_from_pipe+0x39a/0x7e0 [ 2510.100471][T17001] ? do_splice_direct+0x2a0/0x2a0 [ 2510.105487][T17001] ? do_splice_direct+0x2a0/0x2a0 [ 2510.110501][T17001] splice_from_pipe+0x108/0x170 [ 2510.115343][T17001] ? splice_shrink_spd+0xd0/0xd0 [ 2510.120265][T17001] default_file_splice_write+0x3c/0x90 [ 2510.125696][T17001] ? generic_splice_sendpage+0x50/0x50 [ 2510.131147][T17001] direct_splice_actor+0x126/0x1a0 [ 2510.136255][T17001] splice_direct_to_actor+0x369/0x970 [ 2510.142398][T17001] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2510.147920][T17001] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2510.154145][T17001] ? do_splice_to+0x190/0x190 [ 2510.158800][T17001] ? rw_verify_area+0x118/0x360 [ 2510.163627][T17001] do_splice_direct+0x1da/0x2a0 [ 2510.168467][T17001] ? splice_direct_to_actor+0x970/0x970 [ 2510.174018][T17001] ? rw_verify_area+0x118/0x360 [ 2510.178858][T17001] do_sendfile+0x597/0xd00 [ 2510.183254][T17001] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2510.188517][T17001] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2510.194752][T17001] ? _copy_from_user+0xdd/0x150 [ 2510.199581][T17001] __x64_sys_sendfile64+0x15a/0x220 [ 2510.204765][T17001] ? __ia32_sys_sendfile+0x230/0x230 [ 2510.210036][T17001] ? do_syscall_64+0x26/0x610 [ 2510.214691][T17001] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2510.219954][T17001] ? trace_hardirqs_on+0x67/0x230 [ 2510.224956][T17001] do_syscall_64+0x103/0x610 [ 2510.229527][T17001] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2510.235393][T17001] RIP: 0033:0x457f29 [ 2510.239276][T17001] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2510.258864][T17001] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2510.267249][T17001] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2510.275201][T17001] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2510.283158][T17001] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2510.291108][T17001] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2510.299053][T17001] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 04:12:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x1ff, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x41, &(0x7f0000000280)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000d723615cf6dbefc60000000000000000000000000000000000000000ad4042a3923a00000000000000000000000000000000a1eaf52e14505f1bf0f20ea2fce9c34da354cc0b9ede00f457603e250bb986d57f713b84ba2603c0e35811fb81fa373b76612457116338f4d117969f2213ae870607350401a90213f0eca8ade7402267529dceecacf33d8dd9da84e3b43ad45211c5fcb54c8aa55e6420756e3560bb06f175855cf78d284387f86911e66a2bbe83a35240c736ee1f641920429210fca2764d79a95e39fa390cd2ee959e137987fbb4ecb59728df012a02e478c4998b08866173b62717f5579bf4eddd806bf6d297e1684a35f23da8a1032118e16e8cfa90ed5b2f4f190e8cc4ff96338268fbbea9dd6aab8e1718df3fdd29a0b8684fdf73e831d38d2670690f57a43e27162a8a31c53fcbbb1ce4a5c6edb1cd6c756f2cea6a6b4c8265b4308dec200cc97abc70a9b155682a26dfe5e2a77741192c94a3f5f03b925a6c8b74beb9e2494e967d3da18e97f1ed"], 0x48) arch_prctl$ARCH_MAP_VDSO_64(0x2003, 0x2000000) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2510.332084][T17015] binder: 17006 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2510.332097][T17015] binder: 17006:17015 ioctl c018620c 20000240 returned -22 04:12:07 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r2, &(0x7f0000d83ff8)=0x1ed98, 0x2) 04:12:07 executing program 3: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000100)=ANY=[@ANYBLOB="c800003b000000005c6f5cbbcdcde9321e2622043c73240c3b3394e6bc146ac144342e867f8f8e22c477dc62680b9a3864cb13207448aa0d586fb4935969915498c7c6a40680ab13daa04e7c678b07b8d05017ae0c5f140b8bf7fdb7c6918fc8728bab6e8397138fb847e176ec95dff30ece384175b1af22277cc3a1c0af88041f3f81145e10235e7ad4f3904f0d0561e878d4166da21f6600000000000000"]) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rtc0\x00', 0x800000000410803, 0x0) munlockall() getsockopt$TIPC_NODE_RECVQ_DEPTH(r1, 0x10f, 0x83, &(0x7f0000000080), &(0x7f00000000c0)=0x4) 04:12:07 executing program 5 (fault-call:5 fault-nth:29): r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhci\x00', 0x6) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="ffc1"], 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) [ 2510.407061][T17022] binder: 17020:17022 ioctl c018620c 20000240 returned -1 [ 2510.414201][T17023] binder: 17006 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2510.414214][T17023] binder: 17006:17023 ioctl c018620c 20000240 returned -22 04:12:07 executing program 4: r0 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x800, 0x101000) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000080)={{0x8, 0x5}, 'port1\x00', 0x80, 0x1, 0x10001, 0x710, 0x3, 0x8001, 0x6, 0x0, 0x1, 0x1}) r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r1, 0x4b47, 0x0) 04:12:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000000)={0xffffffffffffff1e, 0x0, &(0x7f0000000040)=ANY=[], 0xfffffffffffffe4d, 0x0, 0x0}) dup2(r0, r0) fcntl$getownex(r0, 0x10, &(0x7f0000000080)) 04:12:07 executing program 4: r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/udmabuf\x00', 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x4b47, 0x0) r1 = fcntl$dupfd(r0, 0x3, r0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r1, 0x400c6615, &(0x7f0000000200)) getsockopt$inet_sctp_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000240), &(0x7f0000000280)=0xb) write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f00000001c0)={0xc, 0x8, 0xfa00, {&(0x7f0000000040)}}, 0x10) [ 2510.604284][T17156] binder: 17099 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2510.604308][T17156] binder: 17099:17156 ioctl c018620c 20000000 returned -22 [ 2510.648649][T17110] ================================================================== [ 2510.656760][T17110] BUG: KASAN: use-after-free in lockdep_register_key+0x3b9/0x490 [ 2510.664479][T17110] Read of size 8 at addr ffff8880925f4958 by task syz-executor.5/17110 [ 2510.672701][T17110] [ 2510.675030][T17110] CPU: 1 PID: 17110 Comm: syz-executor.5 Not tainted 5.0.0+ #15 [ 2510.682657][T17110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2510.692695][T17110] Call Trace: [ 2510.695968][T17110] dump_stack+0x172/0x1f0 [ 2510.700279][T17110] ? lockdep_register_key+0x3b9/0x490 [ 2510.705637][T17110] print_address_description.cold+0x7c/0x20d [ 2510.711593][T17110] ? lockdep_register_key+0x3b9/0x490 [ 2510.716946][T17110] ? lockdep_register_key+0x3b9/0x490 [ 2510.722319][T17110] kasan_report.cold+0x1b/0x40 [ 2510.722766][T17156] binder: 17099 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2510.722778][T17156] binder: 17099:17156 ioctl c018620c 20000000 returned -22 [ 2510.727080][T17110] ? lockdep_register_key+0x3b9/0x490 04:12:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) r1 = syz_open_dev$mouse(&(0x7f0000000100)='/dev/input/mouse#\x00', 0xb9, 0x800) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000000340)={0x0, @in={{0x2, 0x4e23, @loopback}}, 0x3, 0x5ea, 0x80, 0xffffffffa14fd823, 0x7fffffff}, &(0x7f0000000080)=0x98) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r1, 0x84, 0x23, &(0x7f0000000400)={r2, 0x10000}, 0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e21, 0x7, @local, 0x6}}, 0x27, 0x5, 0x80, 0x9, 0x7}, &(0x7f0000000200)=0x98) setsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000280)=@assoc_value={r3, 0x10001}, 0x8) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x14) ioctl$SNDRV_RAWMIDI_IOCTL_DROP(r1, 0x40045730, &(0x7f0000000040)=0x5) ioctl$EVIOCGVERSION(r0, 0x80044501, &(0x7f00000002c0)=""/79) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000000)={r3, 0x6, 0x81, 0x4, 0x2, 0x7}, 0x14) [ 2510.748178][T17110] __asan_report_load8_noabort+0x14/0x20 [ 2510.753978][T17110] lockdep_register_key+0x3b9/0x490 [ 2510.759157][T17110] alloc_workqueue+0x427/0xe70 [ 2510.763900][T17110] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 2510.769597][T17110] ? __init_waitqueue_head+0x36/0x90 [ 2510.774861][T17110] hci_register_dev+0x1b8/0x860 [ 2510.779685][T17110] ? hci_init_sysfs+0x7c/0xa0 [ 2510.784356][T17110] __vhci_create_device+0x2d0/0x5a0 [ 2510.789544][T17110] vhci_write+0x2d0/0x470 [ 2510.793854][T17110] new_sync_write+0x4c7/0x760 [ 2510.798513][T17110] ? default_llseek+0x2e0/0x2e0 [ 2510.803338][T17110] ? copy_page_to_iter+0x47b/0xd00 [ 2510.808426][T17110] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2510.814637][T17110] ? put_page+0xce/0x130 [ 2510.818854][T17110] __vfs_write+0xe4/0x110 [ 2510.823157][T17110] __kernel_write+0x110/0x3b0 [ 2510.827806][T17110] write_pipe_buf+0x15d/0x1f0 [ 2510.832455][T17110] ? do_splice_direct+0x2a0/0x2a0 [ 2510.837451][T17110] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2510.843661][T17110] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2510.849701][T17110] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2510.855913][T17110] __splice_from_pipe+0x39a/0x7e0 [ 2510.860920][T17110] ? do_splice_direct+0x2a0/0x2a0 [ 2510.865955][T17110] ? do_splice_direct+0x2a0/0x2a0 [ 2510.870954][T17110] splice_from_pipe+0x108/0x170 [ 2510.875780][T17110] ? splice_shrink_spd+0xd0/0xd0 [ 2510.880705][T17110] default_file_splice_write+0x3c/0x90 [ 2510.886152][T17110] ? generic_splice_sendpage+0x50/0x50 [ 2510.891612][T17110] direct_splice_actor+0x126/0x1a0 [ 2510.896713][T17110] splice_direct_to_actor+0x369/0x970 [ 2510.902058][T17110] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2510.907577][T17110] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2510.913786][T17110] ? do_splice_to+0x190/0x190 [ 2510.918456][T17110] ? rw_verify_area+0x118/0x360 [ 2510.923288][T17110] do_splice_direct+0x1da/0x2a0 [ 2510.928112][T17110] ? splice_direct_to_actor+0x970/0x970 [ 2510.933630][T17110] ? rw_verify_area+0x118/0x360 [ 2510.938453][T17110] do_sendfile+0x597/0xd00 [ 2510.942844][T17110] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2510.948105][T17110] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2510.954322][T17110] ? _copy_from_user+0xdd/0x150 [ 2510.959153][T17110] __x64_sys_sendfile64+0x15a/0x220 [ 2510.964328][T17110] ? __ia32_sys_sendfile+0x230/0x230 [ 2510.969590][T17110] ? do_syscall_64+0x26/0x610 [ 2510.974241][T17110] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2510.979499][T17110] ? trace_hardirqs_on+0x67/0x230 [ 2510.984495][T17110] do_syscall_64+0x103/0x610 [ 2510.989080][T17110] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2510.994943][T17110] RIP: 0033:0x457f29 [ 2510.998813][T17110] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2511.018405][T17110] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2511.026786][T17110] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2511.034730][T17110] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2511.042672][T17110] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2511.050614][T17110] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2511.058555][T17110] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2511.066513][T17110] [ 2511.068814][T17110] Allocated by task 12115: [ 2511.073209][T17110] save_stack+0x45/0xd0 [ 2511.077338][T17110] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 2511.082944][T17110] kasan_kmalloc+0x9/0x10 [ 2511.087254][T17110] __kmalloc+0x15c/0x740 [ 2511.091490][T17110] alloc_workqueue+0x13c/0xe70 [ 2511.096228][T17110] hci_register_dev+0x1b8/0x860 [ 2511.101050][T17110] __vhci_create_device+0x2d0/0x5a0 [ 2511.106220][T17110] vhci_write+0x2d0/0x470 [ 2511.110525][T17110] new_sync_write+0x4c7/0x760 [ 2511.115174][T17110] __vfs_write+0xe4/0x110 [ 2511.119475][T17110] __kernel_write+0x110/0x3b0 [ 2511.124140][T17110] write_pipe_buf+0x15d/0x1f0 [ 2511.128790][T17110] __splice_from_pipe+0x39a/0x7e0 [ 2511.133787][T17110] splice_from_pipe+0x108/0x170 [ 2511.138609][T17110] default_file_splice_write+0x3c/0x90 [ 2511.144057][T17110] direct_splice_actor+0x126/0x1a0 [ 2511.149139][T17110] splice_direct_to_actor+0x369/0x970 [ 2511.154493][T17110] do_splice_direct+0x1da/0x2a0 [ 2511.159324][T17110] do_sendfile+0x597/0xd00 [ 2511.163712][T17110] __x64_sys_sendfile64+0x15a/0x220 [ 2511.168883][T17110] do_syscall_64+0x103/0x610 [ 2511.173448][T17110] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2511.179313][T17110] [ 2511.181620][T17110] Freed by task 12115: [ 2511.185663][T17110] save_stack+0x45/0xd0 [ 2511.189792][T17110] __kasan_slab_free+0x102/0x150 [ 2511.194712][T17110] kasan_slab_free+0xe/0x10 [ 2511.199184][T17110] kfree+0xcf/0x230 [ 2511.202967][T17110] alloc_workqueue+0xc3e/0xe70 [ 2511.207714][T17110] hci_register_dev+0x1b8/0x860 [ 2511.212539][T17110] __vhci_create_device+0x2d0/0x5a0 [ 2511.217711][T17110] vhci_write+0x2d0/0x470 [ 2511.222018][T17110] new_sync_write+0x4c7/0x760 [ 2511.226665][T17110] __vfs_write+0xe4/0x110 [ 2511.230970][T17110] __kernel_write+0x110/0x3b0 [ 2511.235639][T17110] write_pipe_buf+0x15d/0x1f0 [ 2511.240285][T17110] __splice_from_pipe+0x39a/0x7e0 [ 2511.245278][T17110] splice_from_pipe+0x108/0x170 [ 2511.250098][T17110] default_file_splice_write+0x3c/0x90 [ 2511.255525][T17110] direct_splice_actor+0x126/0x1a0 [ 2511.260607][T17110] splice_direct_to_actor+0x369/0x970 [ 2511.265948][T17110] do_splice_direct+0x1da/0x2a0 [ 2511.270768][T17110] do_sendfile+0x597/0xd00 [ 2511.275156][T17110] __x64_sys_sendfile64+0x15a/0x220 [ 2511.280328][T17110] do_syscall_64+0x103/0x610 [ 2511.284899][T17110] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2511.290761][T17110] [ 2511.293063][T17110] The buggy address belongs to the object at ffff8880925f4840 [ 2511.293063][T17110] which belongs to the cache kmalloc-512 of size 512 [ 2511.307084][T17110] The buggy address is located 280 bytes inside of [ 2511.307084][T17110] 512-byte region [ffff8880925f4840, ffff8880925f4a40) [ 2511.320328][T17110] The buggy address belongs to the page: [ 2511.325931][T17110] page:ffffea0002497d00 count:1 mapcount:0 mapping:ffff88812c3f0940 index:0xffff8880925f4340 [ 2511.336043][T17110] flags: 0x1fffc0000000200(slab) [ 2511.340969][T17110] raw: 01fffc0000000200 ffffea000207a688 ffffea00027bb588 ffff88812c3f0940 [ 2511.349527][T17110] raw: ffff8880925f4340 ffff8880925f40c0 0000000100000005 0000000000000000 [ 2511.358080][T17110] page dumped because: kasan: bad access detected [ 2511.364458][T17110] [ 2511.366763][T17110] Memory state around the buggy address: [ 2511.372365][T17110] ffff8880925f4800: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 2511.380400][T17110] ffff8880925f4880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2511.388439][T17110] >ffff8880925f4900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2511.396470][T17110] ^ [ 2511.403377][T17110] ffff8880925f4980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2511.411410][T17110] ffff8880925f4a00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 2511.419436][T17110] ================================================================== [ 2511.427464][T17110] Disabling lock debugging due to kernel taint [ 2511.433587][T17110] Kernel panic - not syncing: panic_on_warn set ... [ 2511.440185][T17110] CPU: 1 PID: 17110 Comm: syz-executor.5 Tainted: G B 5.0.0+ #15 [ 2511.449173][T17110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2511.459203][T17110] Call Trace: [ 2511.462499][T17110] dump_stack+0x172/0x1f0 [ 2511.466816][T17110] panic+0x2cb/0x65c [ 2511.470696][T17110] ? __warn_printk+0xf3/0xf3 [ 2511.475259][T17110] ? lock_downgrade+0x880/0x880 [ 2511.480620][T17110] ? lockdep_register_key+0x3b9/0x490 [ 2511.485971][T17110] ? trace_hardirqs_off+0x62/0x220 [ 2511.491062][T17110] ? trace_hardirqs_off+0x59/0x220 [ 2511.496166][T17110] ? lockdep_register_key+0x3b9/0x490 [ 2511.501534][T17110] end_report+0x47/0x4f [ 2511.505790][T17110] ? lockdep_register_key+0x3b9/0x490 [ 2511.511153][T17110] kasan_report.cold+0xe/0x40 [ 2511.515810][T17110] ? lockdep_register_key+0x3b9/0x490 [ 2511.521160][T17110] __asan_report_load8_noabort+0x14/0x20 [ 2511.526763][T17110] lockdep_register_key+0x3b9/0x490 [ 2511.531936][T17110] alloc_workqueue+0x427/0xe70 [ 2511.536678][T17110] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 2511.542371][T17110] ? __init_waitqueue_head+0x36/0x90 [ 2511.547630][T17110] hci_register_dev+0x1b8/0x860 [ 2511.552452][T17110] ? hci_init_sysfs+0x7c/0xa0 [ 2511.557118][T17110] __vhci_create_device+0x2d0/0x5a0 [ 2511.562292][T17110] vhci_write+0x2d0/0x470 [ 2511.566596][T17110] new_sync_write+0x4c7/0x760 [ 2511.571258][T17110] ? default_llseek+0x2e0/0x2e0 [ 2511.576087][T17110] ? copy_page_to_iter+0x47b/0xd00 [ 2511.581174][T17110] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2511.587424][T17110] ? put_page+0xce/0x130 [ 2511.591644][T17110] __vfs_write+0xe4/0x110 [ 2511.595945][T17110] __kernel_write+0x110/0x3b0 [ 2511.600604][T17110] write_pipe_buf+0x15d/0x1f0 [ 2511.605258][T17110] ? do_splice_direct+0x2a0/0x2a0 [ 2511.610255][T17110] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2511.616465][T17110] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 2511.622505][T17110] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2511.628806][T17110] __splice_from_pipe+0x39a/0x7e0 [ 2511.633902][T17110] ? do_splice_direct+0x2a0/0x2a0 [ 2511.638912][T17110] ? do_splice_direct+0x2a0/0x2a0 [ 2511.643908][T17110] splice_from_pipe+0x108/0x170 [ 2511.648731][T17110] ? splice_shrink_spd+0xd0/0xd0 [ 2511.653643][T17110] default_file_splice_write+0x3c/0x90 [ 2511.659089][T17110] ? generic_splice_sendpage+0x50/0x50 [ 2511.664525][T17110] direct_splice_actor+0x126/0x1a0 [ 2511.669609][T17110] splice_direct_to_actor+0x369/0x970 [ 2511.674956][T17110] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2511.680482][T17110] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2511.686694][T17110] ? do_splice_to+0x190/0x190 [ 2511.691372][T17110] ? rw_verify_area+0x118/0x360 [ 2511.696560][T17110] do_splice_direct+0x1da/0x2a0 [ 2511.701386][T17110] ? splice_direct_to_actor+0x970/0x970 [ 2511.706910][T17110] ? rw_verify_area+0x118/0x360 [ 2511.711735][T17110] do_sendfile+0x597/0xd00 [ 2511.716127][T17110] ? do_compat_pwritev64+0x1c0/0x1c0 [ 2511.721385][T17110] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2511.727600][T17110] ? _copy_from_user+0xdd/0x150 [ 2511.732433][T17110] __x64_sys_sendfile64+0x15a/0x220 [ 2511.737625][T17110] ? __ia32_sys_sendfile+0x230/0x230 [ 2511.742882][T17110] ? do_syscall_64+0x26/0x610 [ 2511.747541][T17110] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2511.752800][T17110] ? trace_hardirqs_on+0x67/0x230 [ 2511.757804][T17110] do_syscall_64+0x103/0x610 [ 2511.762370][T17110] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2511.768232][T17110] RIP: 0033:0x457f29 [ 2511.772100][T17110] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2511.791675][T17110] RSP: 002b:00007f5e93c9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2511.800057][T17110] RAX: ffffffffffffffda RBX: 00007f5e93c9ac90 RCX: 0000000000457f29 [ 2511.807998][T17110] RDX: 0000000020d83ff8 RSI: 0000000000000004 RDI: 0000000000000003 [ 2511.815942][T17110] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2511.823885][T17110] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f5e93c9b6d4 [ 2511.831829][T17110] R13: 00000000004c4ece R14: 00000000004d8bf8 R15: 0000000000000005 [ 2511.840760][T17110] Kernel Offset: disabled [ 2511.845076][T17110] Rebooting in 86400 seconds..