etpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket(0x10, 0x80002, 0x0)
connect$netlink(r4, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x2}, 0xc)
getpeername$packet(r4, &(0x7f00000000c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000000)={r5, 0x1, 0x6}, 0x10)
getresuid(&(0x7f00000000c0), &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140))
setsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000003c0)={{{@in=@rand_addr=0x64010102, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4e24, 0x8, 0x4e24, 0x5, 0x2, 0xa0, 0x20, 0x3c, r5, r6}, {0x17, 0x1, 0x7f, 0x2, 0x3, 0x9, 0x1, 0x2}, {0x7ff, 0x26b, 0x6, 0x10001}, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0x3a}, 0x4d4, 0x2b}, 0xa, @in=@remote, 0x3504, 0x0, 0x2, 0x1b, 0x8000, 0xe2, 0x3ff}}, 0xe8)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000080)=0xc)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d}, 0x28)

02:19:21 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:21 executing program 5:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a137de02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306405f4b26df47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12dc898284e5b388c10143aafed678ceb25bc3863b71f2d85df59aa577adf9fe3413f77a9578cd0626dc70f415e6db09246f6ed3156cf0bd5d8ecf0b48192dacdf4c3a19b57be2790d9a3cb5c7b8e0c0b25e0390d17757b042b8361c29d68340d9855456c17fb9caa548805280892c9133797072d81"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
r1 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$setperm(0x5, r1, 0x0)
r2 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$setperm(0x5, r2, 0x0)
keyctl$instantiate_iov(0x14, r1, &(0x7f00000000c0)=[{&(0x7f0000000040)="af0b24a0a7712fcbbdad89cf314023497d17e08cb07a2df6c994b793042cd49d8e3c4948d5735287bf3472bc5d6a66c39c27c908864117edf95935de35e5d3662ad987fd8e85d0c5efef2c6e863545eeaef09e2197cb04d79405", 0x5a}], 0x1, r2)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d}, 0x28)

02:19:21 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000180)={0x20, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xa66a}]}]}, 0x20}}, 0x4000)
io_uring_register$IORING_UNREGISTER_EVENTFD(r0, 0x5, 0x0, 0x0)
sendfile(r2, r1, 0x0, 0x100000a00)
r4 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00')
sendmsg$TIPC_CMD_SET_NODE_ADDR(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r6, 0x1, 0x0, 0x0, {{}, {}, {0x8, 0x11, 0x7ff}}}, 0x24}}, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r4, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="280000009c45fdc1b39401862c04814776508775e429798e8d43dfb300d792dd05185bc09827e86c7cc676d6247b5674874f74876ef34ab0ae8d23abed629c91a1e0f64959ed5b2da1a4eeeef834372bb06a39726d76867abdc081ce7537716712f98e", @ANYRES16=r6, @ANYBLOB="080027bd7000fbdbdf02410000000c00136574683a77673000"], 0x28}, 0x1, 0x0, 0x0, 0x20000880}, 0x8000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
r8 = dup(r7)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r8, 0xc02064b9, &(0x7f0000000140)={&(0x7f0000000040)=[0x4], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0], 0x1, 0x7, 0xe0e0e0e0})

02:19:21 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES16=r3, @ANYBLOB="9f8200000000000000001400000004000780"], 0x18}}, 0x0)
sendfile(r2, r1, 0x0, 0x100000a00)

[  743.555857][T25243] binder: 25239:25243 ioctl c0306201 20000240 returned -14
02:19:21 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r3 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:21 executing program 5:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xfffff000}, 0x28)

[  743.733529][   T27] audit: type=1804 audit(1591064361.828:572): pid=25245 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir748288076/syzkaller.SkDIdO/716/cgroup.controllers" dev="sda1" ino=16359 res=1
[  743.832858][T25257] binder: 25255:25257 ioctl c0306201 20000240 returned -14
[  743.847520][   T27] audit: type=1804 audit(1591064361.888:573): pid=25247 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir362012453/syzkaller.Xy8hzh/752/cgroup.controllers" dev="sda1" ino=16355 res=1
02:19:22 executing program 1:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x400200, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00')
sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001180)={0x5c, r2, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @mcast2}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}]}, 0x5c}}, 0x0)
sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, r2, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x2}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'geneve0\x00'}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0x800}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @rand_addr=0x64010102}, @L2TP_ATTR_MTU={0x6, 0x1c, 0x3ff}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'veth1_vlan\x00'}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000810}, 0x8000)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r3, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d}, 0x28)

02:19:22 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r3 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:22 executing program 5:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xfffff000}, 0x28)

[  744.044187][T25264] binder: 25262:25264 ioctl c0306201 20000240 returned -14
02:19:22 executing program 3:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_CAPBSET_DROP(0x18, 0x21)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d}, 0x28)
accept$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast2}, &(0x7f0000000080)=0x10)

02:19:24 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aee", 0xa6}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:19:24 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r3 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:24 executing program 2:
ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000040)={0x2, 0x4, 0x4, 0x100, 0x2b, {0x77359400}, {0x5, 0x1, 0x81, 0x0, 0x0, 0x3, "583861de"}, 0x80000000, 0x3, @offset=0x8, 0xfff, 0x0, <r0=>0xffffffffffffffff})
ioctl$sock_inet6_tcp_SIOCATMARK(r0, 0x8905, &(0x7f00000000c0))
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket(0x10, 0x80002, 0x0)
connect$netlink(r2, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x2}, 0xc)
getpeername$packet(r2, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000000)={r3, 0x1, 0x6}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, [], r3, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r4, 0x8001a0, 0x1c, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x0, 0x1a, &(0x7f0000000000), &(0x7f0000000100)="103db1a802c2c737370a1fa02652e5d3a25a8b4fd2c10cc498ba"}, 0x40)

02:19:24 executing program 1:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
socket$inet6_icmp(0xa, 0x2, 0x3a)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d}, 0x28)

02:19:24 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x18, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f0000000040)=0x5, 0x1)
bind$bt_hci(r4, &(0x7f0000000140)={0x1f, 0x1}, 0x6)
sendfile(r2, r1, 0x0, 0x100000a00)
syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00')

02:19:24 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x18, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f0000000040)=0x5, 0x1)
bind$bt_hci(r4, &(0x7f0000000140)={0x1f, 0x1}, 0x6)
sendfile(r2, r1, 0x0, 0x100000a00)
syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00')

02:19:24 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
dup(r3)
mmap(&(0x7f00001d5000/0x1000)=nil, 0x1000, 0x200000e, 0x80010, r3, 0xe105b000)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)=ANY=[@ANYBLOB="1800ab04", @ANYRES16=r4, @ANYBLOB="9f82000000000000006f1400000004000780"], 0x18}}, 0x0)
sendfile(r2, r1, 0x0, 0x100000a00)

[  746.696171][T25288] binder: 25279:25288 ioctl c0306201 20000240 returned -14
02:19:24 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
r3 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  746.813428][   T27] audit: type=1804 audit(1591064364.908:574): pid=25285 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir362012453/syzkaller.Xy8hzh/754/cgroup.controllers" dev="sda1" ino=16374 res=1
02:19:25 executing program 1:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
socket$inet6_icmp(0xa, 0x2, 0x3a)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d}, 0x28)

[  746.905468][   T27] audit: type=1804 audit(1591064364.968:575): pid=25286 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir160301940/syzkaller.iJNs2Z/697/cgroup.controllers" dev="sda1" ino=16358 res=1
[  746.970532][T25299] binder: 25296:25299 ioctl c0306201 20000240 returned -14
[  747.075539][   T27] audit: type=1804 audit(1591064365.168:576): pid=25295 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir748288076/syzkaller.SkDIdO/718/cgroup.controllers" dev="sda1" ino=16372 res=1
02:19:25 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
r3 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:25 executing program 1:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
socket$inet6_icmp(0xa, 0x2, 0x3a)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d}, 0x28)

02:19:25 executing program 3:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cpuinfo\x00', 0x0, 0x0)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r0, 0x4010aeab, &(0x7f0000000180)={0x3, 0x10000})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r1, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d}, 0x28)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r3=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r3, 0xee00)
mount$9p_xen(&(0x7f0000000040)='syz\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000100)={'trans=xen,', {[{@loose='loose'}, {@fscache='fscache'}, {@access_uid={'access', 0x3d, r3}}], [{@appraise='appraise'}]}})

[  747.228949][T25305] binder: 25304:25305 ioctl c0306201 20000240 returned -14
02:19:27 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:19:27 executing program 5:
perf_event_open(&(0x7f00000002c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x1028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x4000, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, [], 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000280)={r1, 0x8c, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=r2, 0x4)
r3 = socket$isdn_base(0x22, 0x3, 0x0)
recvmsg(r3, &(0x7f0000000840)={&(0x7f0000000540)=@l2={0x1f, 0x0, @none}, 0x80, &(0x7f0000000700)=[{&(0x7f00000005c0)=""/19, 0x13}, {&(0x7f0000000600)=""/66, 0x42}, {&(0x7f0000000680)=""/95, 0x5f}, {&(0x7f0000000780)=""/142, 0x8e}], 0x4, &(0x7f0000000dc0)=""/216, 0xd8}, 0x40000000)
r4 = syz_open_dev$vcsu(&(0x7f0000000140)='/dev/vcsu#\x00', 0x1000, 0x400040)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xa, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe000000861c1f73a67246a700b7000000000000009500000000000000e3a333a0daf2f73451c0ab7a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0ffff00003e18ab940ae4724d98f521cbe75b5c521ddc4be938329da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0100008000000000c13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb7e1bea666a48699c869bf0fc4b6b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d24d8fc0a80c354715072705fc2e0cffc9bb7703e7f0f5aecb63144c6f41dff04d3beec1c91532641ca6b9949b1f6c52f169b1ce42fe43b1fde9ae7e1f0539709dd4c216857b85468d02c3ed0625d960a71f4a5d65d3895680143240a78a4bc5573bac110774f648ee35db9ec4832173839a1ba31ffb8a11bdd2e83f4891bbd8be5be4582288c357c106b8e05a04ff5f9b0c66f898633ea5bbb1223a49b317111865226b02ce7ce7a0774e57e82a4dbd53f7fca1507cf90eb5742ae8fc7eabdd4949f7df6a9b64fc83c5f8b958c41cb38b98db47db1c710411f6f416860c45dd5e79494e07e405118dc340c8fbe43f9abb27614f130ec8258f6e9273b8d17b6af5e23f64a55a97380795b3b794d6b846e6f8e1ff73fb513c5e26e88ec15ca78baf138633d595674dd4a975eb5cfc0769c5fa14ec289e387624e497691992d9ed905000000000000002437ce2cc8c52e8bbd2cc2df2e7b49ad7590c45a75f6acee7b4558cf83bc11316d715d66dcb4c5f8e494e4bbdefd5dd9477d5c500ca99d211c49fdb9250aaa12d620fe3c90e7c9b04602d99a53cebd9218514f4e496c20301160927879174cfceb0948579a6dc923eb6db06d7ae0663396c6a756d77b8a2b9c7ebf0036c9a17b6c23537078950e02d0f6809d4526a0aae0175effeefa8d4545e8c0d8cd14d4ba47a1f1e9e78ad5e79a835519e1fc460360ea0d3642d7105a54016aea8fff672920bee533a1c58a627d1412abb8cc7bdf5a25c063bd34d213c9b52d7509a61e9ffcbca3fc860b4c3aa379371e6c2c95983597ac3faa187088b9f0cacff2a6846811dd6c9ac6f98ff54085af39f8718699547ae8a4fc6e227c79d70ee402ccb111"], &(0x7f0000000040)='GPL\x00', 0xfffffffc, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x2, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x1, 0x2}, 0x10, r2, r4}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r5, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d}, 0x28)
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x5c1101, 0x0)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f00000004c0)={0x2, &(0x7f00000001c0)=[{<r7=>0x0}, {}]})
ioctl$DRM_IOCTL_GET_CTX(r6, 0xc0086423, &(0x7f0000000500)={r7, 0x2})

02:19:27 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
r3 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:27 executing program 2:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xbaffffff}, 0x28)

02:19:27 executing program 3:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000414000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbc85bb22444e03a4f3fd39da854ec5ee5d610884b75c8d302000017293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be21c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d}, 0x28)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000040)={'dummy0\x00', 0x200})

02:19:27 executing program 1:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d}, 0x28)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100000c3d364064190100d4f6000000010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
r2 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000700)='/dev/capi20\x00', 0x202, 0x0)
ioctl$CAPI_GET_ERRCODE(r2, 0x80024321, &(0x7f0000000a00))
syz_usb_control_io$cdc_ncm(r1, &(0x7f00000000c0)={0x14, &(0x7f0000000040)={0x0, 0x6, 0x31, {0x31, 0x10, "745b80e327ae73721fe95765107a0ba2f7e1a723bf7be2d70de2634e028faaf9714e9d635fdbbcc959a3aedb7d63c4"}}, &(0x7f0000000080)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f00000004c0)={0x44, &(0x7f0000000100)={0x20, 0x9, 0x55, "7304a1eb8f112bf68ef1d6550cea7da3a5fd1c185a037466a6f51c075e4f786de465d2c1585b148fabf8fe12f55f6506a95ee65100ceb607cbf443f8ef0f912ea3a50b696fd6be2702a1217aaf6b636ded5d02ee89"}, &(0x7f0000000180)={0x0, 0xa, 0x1, 0x1}, &(0x7f00000001c0)={0x0, 0x8, 0x1, 0xfc}, &(0x7f0000000280)={0x20, 0x80, 0x1c, {0x7e32, 0x3, 0xde, 0x3f, 0x0, 0x6e5, 0x8, 0x5, 0x3, 0xffff, 0x1ff, 0xfff}}, &(0x7f00000003c0)={0x20, 0x85, 0x4, 0x7}, &(0x7f0000000400)={0x20, 0x83, 0x2}, &(0x7f0000000440)={0x20, 0x87, 0x2, 0x7f}, &(0x7f0000000480)={0x20, 0x89, 0x2, 0x1}})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
getsockopt$EBT_SO_GET_ENTRIES(r4, 0x0, 0x81, &(0x7f0000000640)={'nat\x00', 0x0, 0x3, 0x4e, [], 0x7, &(0x7f0000000540)=[{}, {}, {}, {}, {}, {}, {}], &(0x7f00000005c0)=""/78}, &(0x7f00000006c0)=0x78)

[  749.778075][T25326] binder: 25323:25326 ioctl c0306201 20000240 returned -14
02:19:27 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:28 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x18, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0)
sendfile(r2, r1, 0x0, 0x100002000)

02:19:28 executing program 3:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000414000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbc85bb22444e03a4f3fd39da854ec5ee5d610884b75c8d302000017293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be21c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d}, 0x28)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000040)={'dummy0\x00', 0x200})

[  750.033679][T25334] binder: BINDER_SET_CONTEXT_MGR already set
[  750.063674][T25334] binder: 25333:25334 ioctl 40046207 0 returned -16
[  750.088587][T25336] binder: 25333:25336 ioctl c0306201 20000240 returned -14
02:19:28 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:28 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:28 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x18, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0)
sendfile(r2, r1, 0x0, 0x100000af0)

[  750.272929][ T9361] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  750.317789][   T27] audit: type=1804 audit(1591064368.408:577): pid=25337 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir160301940/syzkaller.iJNs2Z/699/cgroup.controllers" dev="sda1" ino=16382 res=1
[  750.327317][T25347] binder: 25344:25347 ioctl c0306201 20000240 returned -14
[  750.384236][T25348] binder: 25345:25348 ioctl c0306201 20000240 returned -14
[  750.523369][ T9361] usb 2-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=f6.d4
[  750.538987][ T9361] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  750.556381][   T27] audit: type=1804 audit(1591064368.648:578): pid=25349 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir362012453/syzkaller.Xy8hzh/758/cgroup.controllers" dev="sda1" ino=16347 res=1
[  750.601924][ T9361] usb 2-1: config 0 descriptor??
[  750.880995][ T9361] RobotFuzz Open Source InterFace, OSIF 2-1:0.0: version f6.d4 found at bus 002 address 007
02:19:30 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:19:30 executing program 2:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xffffffba}, 0x28)

02:19:30 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:30 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x18, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0)
sendfile(r2, r1, 0x0, 0x100000a3b)

02:19:30 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x18, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0)
sendfile(r2, r1, 0x0, 0x100000a35)

02:19:30 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x18, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0)
sendfile(r2, r1, 0x0, 0x100000a30)

[  752.813723][   T12] usb 2-1: USB disconnect, device number 7
[  752.957037][T25387] binder: 25380:25387 ioctl c0306201 20000240 returned -14
02:19:31 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  753.109668][   T27] audit: type=1804 audit(1591064371.199:579): pid=25392 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir362012453/syzkaller.Xy8hzh/759/cgroup.controllers" dev="sda1" ino=16346 res=1
02:19:31 executing program 2:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0xab, 0xe00, 0x22d}, 0x28)

[  753.174362][T25395] binder: 25394:25395 ioctl c0306201 20000240 returned -14
[  753.192656][   T27] audit: type=1804 audit(1591064371.269:580): pid=25382 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir160301940/syzkaller.iJNs2Z/700/cgroup.controllers" dev="sda1" ino=16375 res=1
02:19:31 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  753.355213][   T27] audit: type=1804 audit(1591064371.319:581): pid=25385 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir654164503/syzkaller.xp69HG/730/cgroup.controllers" dev="sda1" ino=16362 res=1
02:19:31 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x18, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0)
sendfile(r2, r1, 0x0, 0x100000a2f)

[  753.484023][T25401] binder: 25400:25401 ioctl c0306201 20000240 returned -14
02:19:31 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:31 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x18, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0)
sendfile(r2, r1, 0x0, 0x100000a2e)

[  753.689329][T25410] binder: 25405:25410 ioctl c0306201 20000240 returned -14
[  753.735355][   T27] audit: type=1804 audit(1591064371.829:582): pid=25403 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir748288076/syzkaller.SkDIdO/723/cgroup.controllers" dev="sda1" ino=16348 res=1
[  753.856616][   T27] audit: type=1804 audit(1591064371.949:583): pid=25411 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir160301940/syzkaller.iJNs2Z/701/cgroup.controllers" dev="sda1" ino=16372 res=1
02:19:34 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:19:34 executing program 3:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0x1000000}, 0x28)

02:19:34 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x18, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0)
sendfile(r2, r1, 0x0, 0x100000a2b)

02:19:34 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:34 executing program 2:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf000}, 0x28)

02:19:34 executing program 5:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x9d, 0xe00, 0x22d}, 0x28)

[  755.997966][T25425] binder_alloc: 25423: binder_alloc_buf, no vma
[  756.008966][T25425] binder: 25423:25425 ioctl c0306201 20000240 returned -14
02:19:34 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:34 executing program 5:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x9b, 0xe00, 0x22d}, 0x28)

[  756.242629][   T27] audit: type=1804 audit(1591064374.339:584): pid=25426 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir654164503/syzkaller.xp69HG/731/cgroup.controllers" dev="sda1" ino=16354 res=1
[  756.308535][T25435] binder_alloc: 25434: binder_alloc_buf, no vma
02:19:34 executing program 2:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xa00}, 0x28)

[  756.349450][T25435] binder: 25434:25435 ioctl c0306201 20000240 returned -14
02:19:34 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:34 executing program 3:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0xb5, 0xe00, 0x22d}, 0x28)

02:19:34 executing program 5:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  756.642880][T25443] binder_alloc: 25442: binder_alloc_buf, no vma
[  756.673287][T25443] binder: 25442:25443 ioctl c0306201 20000240 returned -14
02:19:37 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:19:37 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x18, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0)
sendfile(r2, r1, 0x0, 0x100000a21)

02:19:37 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:37 executing program 3:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0xb5, 0xe00, 0x22d}, 0x28)

02:19:37 executing program 2:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xe}, 0x28)

02:19:37 executing program 5:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  759.078947][T25463] binder: 25459:25463 ioctl c0306201 20000240 returned -14
02:19:37 executing program 3:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xe}, 0x28)

02:19:37 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:37 executing program 5:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  759.316995][   T27] audit: type=1804 audit(1591064377.409:585): pid=25467 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir654164503/syzkaller.xp69HG/732/cgroup.controllers" dev="sda1" ino=15969 res=1
[  759.374771][T25475] binder: 25473:25475 ioctl c0306201 20000240 returned -14
02:19:37 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:37 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x18, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0)
sendfile(r2, r1, 0x0, 0x100000a1a)

02:19:37 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x18, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0)
sendfile(r2, r1, 0x0, 0x100000a18)

[  759.642066][T25484] binder: 25482:25484 ioctl c0306201 20000240 returned -14
[  759.665341][   T27] audit: type=1804 audit(1591064377.759:586): pid=25481 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir748288076/syzkaller.SkDIdO/727/cgroup.controllers" dev="sda1" ino=15889 res=1
[  759.818437][   T27] audit: type=1804 audit(1591064377.909:587): pid=25486 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir362012453/syzkaller.Xy8hzh/764/cgroup.controllers" dev="sda1" ino=16066 res=1
02:19:40 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:40 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:19:40 executing program 5:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={0xffffffffffffffff, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:19:40 executing program 1:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x87, 0xe00, 0x22d}, 0x28)

02:19:40 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x18, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0)
sendfile(r2, r1, 0x0, 0x100000a16)

02:19:40 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x18, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0)
sendfile(r2, r1, 0x0, 0x100000a11)

[  762.218522][T25504] binder: 25501:25504 ioctl c0306201 20000240 returned -14
02:19:40 executing program 5:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={0xffffffffffffffff, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:19:40 executing program 1:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x87, 0xe00, 0x22d}, 0x28)

02:19:40 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  762.423008][T25517] binder: 25515:25517 ioctl c0306201 20000240 returned -14
[  762.433635][   T27] audit: type=1804 audit(1591064380.529:588): pid=25507 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir748288076/syzkaller.SkDIdO/728/cgroup.controllers" dev="sda1" ino=16289 res=1
02:19:40 executing program 5:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={0xffffffffffffffff, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  762.495954][   T27] audit: type=1804 audit(1591064380.559:589): pid=25505 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir362012453/syzkaller.Xy8hzh/765/cgroup.controllers" dev="sda1" ino=16273 res=1
02:19:40 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:40 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x18, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0)
sendfile(r2, r1, 0x0, 0x100000a0f)

02:19:40 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  762.668334][T25524] binder: 25522:25524 ioctl c0306201 20000240 returned -14
[  762.918662][   T27] audit: type=1804 audit(1591064381.009:590): pid=25528 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir654164503/syzkaller.xp69HG/735/cgroup.controllers" dev="sda1" ino=16082 res=1
02:19:43 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:19:43 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:43 executing program 5:
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:19:43 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x18, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0)
sendfile(r2, r1, 0x0, 0x100000a0a)

02:19:43 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x18, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0)
sendfile(r2, r1, 0x0, 0x100000a09)

02:19:43 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x18, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0)
sendfile(r2, r1, 0x0, 0x100000900)

[  765.342264][T25549] binder: 25542:25549 ioctl c0306201 0 returned -14
02:19:43 executing program 5:
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  765.386607][T25549] binder: 25542:25549 ioctl c0306201 20000240 returned -14
[  765.454071][   T27] audit: type=1804 audit(1591064383.549:591): pid=25547 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir748288076/syzkaller.SkDIdO/729/cgroup.controllers" dev="sda1" ino=16355 res=1
02:19:43 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  765.532549][   T27] audit: type=1804 audit(1591064383.629:592): pid=25546 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir654164503/syzkaller.xp69HG/736/cgroup.controllers" dev="sda1" ino=16364 res=1
02:19:43 executing program 5:
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  765.626443][   T27] audit: type=1804 audit(1591064383.679:593): pid=25551 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir362012453/syzkaller.Xy8hzh/766/cgroup.controllers" dev="sda1" ino=16349 res=1
[  765.676958][T25562] binder: 25560:25562 ioctl c0306201 0 returned -14
[  765.691732][T25562] binder: 25560:25562 ioctl c0306201 20000240 returned -14
02:19:43 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x18, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0)
sendfile(r2, r1, 0x0, 0x100000a03)

02:19:43 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:43 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  765.875166][T25568] binder: 25565:25568 ioctl c0306201 0 returned -14
[  765.893730][T25568] binder: 25565:25568 ioctl c0306201 20000240 returned -14
[  766.024518][   T27] audit: type=1804 audit(1591064384.119:594): pid=25566 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir748288076/syzkaller.SkDIdO/730/cgroup.controllers" dev="sda1" ino=16373 res=1
02:19:46 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:19:46 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000680)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)={0x18, r3, 0xc8ef0a4335e6829f, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0)
sendfile(r2, r1, 0x0, 0x100000900)

02:19:46 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:46 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:19:46 executing program 1:
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x86, 0xe00, 0x22d}, 0x28)

02:19:46 executing program 2 (fault-call:7 fault-nth:0):
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:19:46 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  768.378789][T25585] binder: 25580:25585 ioctl c0306201 20000280 returned -14
[  768.395739][T25585] binder: 25580:25585 ioctl c0306201 20000240 returned -14
02:19:46 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  768.419320][T25586] FAULT_INJECTION: forcing a failure.
[  768.419320][T25586] name failslab, interval 1, probability 0, space 0, times 0
[  768.475491][T25586] CPU: 1 PID: 25586 Comm: syz-executor.2 Not tainted 5.7.0-rc1-syzkaller #0
[  768.484194][T25586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  768.494305][T25586] Call Trace:
[  768.497674][T25586]  dump_stack+0x11d/0x187
[  768.502012][T25586]  should_fail.cold+0x5/0xf
[  768.506528][T25586]  __should_failslab+0x82/0xb0
[  768.511296][T25586]  should_failslab+0x5/0xf
[  768.515717][T25586]  __kmalloc+0x54/0x640
[  768.519883][T25586]  ? tomoyo_realpath_from_path+0x85/0x3d0
[  768.525610][T25586]  tomoyo_realpath_from_path+0x85/0x3d0
[  768.531186][T25586]  tomoyo_path_number_perm+0xff/0x360
[  768.536631][T25586]  ? _parse_integer+0x12f/0x150
[  768.541529][T25586]  ? __fget_files+0xa2/0x1c0
[  768.546122][T25586]  tomoyo_file_ioctl+0x28/0x40
[  768.550917][T25586]  security_file_ioctl+0x69/0xa0
[  768.555863][T25586]  ksys_ioctl+0x5a/0x150
[  768.560124][T25586]  __x64_sys_ioctl+0x47/0x60
[  768.564708][T25586]  do_syscall_64+0xc7/0x3b0
[  768.569217][T25586]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  768.575106][T25586] RIP: 0033:0x45ca69
[  768.579011][T25586] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  768.598839][T25586] RSP: 002b:00007fe2545bfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  768.607307][T25586] RAX: ffffffffffffffda RBX: 00000000004e1380 RCX: 000000000045ca69
[  768.615281][T25586] RDX: 0000000020000540 RSI: 00000000c0306201 RDI: 0000000000000003
02:19:46 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  768.623243][T25586] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  768.631238][T25586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  768.639210][T25586] R13: 0000000000000214 R14: 00000000004c45cf R15: 00007fe2545c06d4
02:19:46 executing program 1 (fault-call:2 fault-nth:0):
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

[  768.723315][T25597] binder: 25593:25597 ioctl c0306201 20000280 returned -14
[  768.745311][T25597] binder: 25593:25597 ioctl c0306201 20000240 returned -14
02:19:46 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  768.799159][   T27] audit: type=1804 audit(1591064386.890:595): pid=25588 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir362012453/syzkaller.Xy8hzh/767/cgroup.controllers" dev="sda1" ino=15736 res=1
02:19:46 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  768.839778][T25602] FAULT_INJECTION: forcing a failure.
[  768.839778][T25602] name failslab, interval 1, probability 0, space 0, times 0
[  768.854014][T25586] ERROR: Out of memory at tomoyo_realpath_from_path.
[  768.877118][T25586] binder: 25582:25586 ioctl c0306201 20000540 returned -14
[  768.883529][T25602] CPU: 1 PID: 25602 Comm: syz-executor.1 Not tainted 5.7.0-rc1-syzkaller #0
[  768.892970][T25602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  768.903017][T25602] Call Trace:
[  768.906357][T25602]  dump_stack+0x11d/0x187
[  768.910690][T25602]  should_fail.cold+0x5/0xf
[  768.915252][T25602]  __should_failslab+0x82/0xb0
[  768.920009][T25602]  should_failslab+0x5/0xf
[  768.924419][T25602]  __kmalloc+0x54/0x640
[  768.928633][T25602]  ? tomoyo_realpath_from_path+0x85/0x3d0
[  768.934449][T25602]  tomoyo_realpath_from_path+0x85/0x3d0
[  768.940097][T25602]  tomoyo_path_number_perm+0xff/0x360
[  768.945507][T25602]  ? _parse_integer+0x12f/0x150
[  768.950377][T25606] binder: 25604:25606 ioctl c0306201 20000280 returned -14
[  768.950399][T25602]  ? __fget_files+0xa2/0x1c0
[  768.950501][T25602]  tomoyo_file_ioctl+0x28/0x40
[  768.958372][T25606] binder: 25604:25606 ioctl c0306201 20000240 returned -14
[  768.962291][T25602]  security_file_ioctl+0x69/0xa0
[  768.962316][T25602]  ksys_ioctl+0x5a/0x150
[  768.962405][T25602]  __x64_sys_ioctl+0x47/0x60
[  768.988079][T25602]  do_syscall_64+0xc7/0x3b0
[  768.992590][T25602]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  768.998528][T25602] RIP: 0033:0x45ca69
[  769.002472][T25602] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  769.022065][T25602] RSP: 002b:00007fb602074c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  769.030458][T25602] RAX: ffffffffffffffda RBX: 00000000004ea540 RCX: 000000000045ca69
[  769.038424][T25602] RDX: 0000000020000040 RSI: 00000000c0287c02 RDI: 0000000000000003
[  769.046370][T25602] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  769.054324][T25602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  769.062294][T25602] R13: 000000000000045b R14: 00000000004c72f3 R15: 00007fb6020756d4
[  769.083242][T25602] ERROR: Out of memory at tomoyo_realpath_from_path.
02:19:49 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:19:49 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:49 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:19:49 executing program 1 (fault-call:2 fault-nth:1):
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

02:19:49 executing program 2 (fault-call:7 fault-nth:1):
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:19:49 executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
pwritev(0xffffffffffffffff, &(0x7f00000006c0)=[{&(0x7f0000000180)="57fc6c7156caf75b3d2e85411efb0f33", 0x10}], 0x1, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)=0xd3, 0x4)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4008ae52, &(0x7f0000000000)=0x4007)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  771.446046][T25621] FAULT_INJECTION: forcing a failure.
[  771.446046][T25621] name failslab, interval 1, probability 0, space 0, times 0
[  771.462708][T25621] CPU: 1 PID: 25621 Comm: syz-executor.1 Not tainted 5.7.0-rc1-syzkaller #0
[  771.471391][T25621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  771.480987][T25624] binder: 25617:25624 unknown command 0
[  771.487047][T25621] Call Trace:
[  771.487150][T25621]  dump_stack+0x11d/0x187
[  771.487250][T25621]  should_fail.cold+0x5/0xf
[  771.500628][T25621]  __should_failslab+0x82/0xb0
[  771.505460][T25621]  should_failslab+0x5/0xf
[  771.509896][T25621]  __kmalloc+0x54/0x640
[  771.513781][T25624] binder: 25617:25624 ioctl c0306201 20000280 returned -22
[  771.514074][T25621]  ? tomoyo_encode2.part.0+0xd0/0x240
[  771.526650][T25621]  tomoyo_encode2.part.0+0xd0/0x240
[  771.531859][T25621]  tomoyo_encode+0x32/0x50
[  771.532352][T25630] binder: 25617:25630 ioctl c0306201 20000240 returned -14
[  771.536281][T25621]  tomoyo_realpath_from_path+0x11e/0x3d0
[  771.536314][T25621]  tomoyo_path_number_perm+0xff/0x360
[  771.554452][T25621]  ? _parse_integer+0x12f/0x150
[  771.559324][T25621]  ? __fget_files+0xa2/0x1c0
[  771.563923][T25621]  tomoyo_file_ioctl+0x28/0x40
[  771.568711][T25621]  security_file_ioctl+0x69/0xa0
[  771.573651][T25621]  ksys_ioctl+0x5a/0x150
[  771.577898][T25621]  __x64_sys_ioctl+0x47/0x60
[  771.582507][T25621]  do_syscall_64+0xc7/0x3b0
[  771.587009][T25621]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  771.592883][T25621] RIP: 0033:0x45ca69
[  771.596799][T25621] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  771.616422][T25621] RSP: 002b:00007fb602074c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  771.624815][T25621] RAX: ffffffffffffffda RBX: 00000000004ea540 RCX: 000000000045ca69
[  771.632857][T25621] RDX: 0000000020000040 RSI: 00000000c0287c02 RDI: 0000000000000003
[  771.640824][T25621] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  771.648777][T25621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  771.656738][T25621] R13: 000000000000045b R14: 00000000004c72f3 R15: 00007fb6020756d4
02:19:49 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:49 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:19:49 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:19:49 executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
pwritev(0xffffffffffffffff, &(0x7f00000006c0)=[{&(0x7f0000000180)="57fc6c7156caf75b3d2e85411efb0f33", 0x10}], 0x1, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)=0xd3, 0x4)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ce]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4008ae52, &(0x7f0000000000)=0x4007)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

02:19:49 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:19:50 executing program 3:
r0 = socket(0x11, 0x800000003, 0x0)
bind(r0, &(0x7f0000000100)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
dup(r6)
epoll_ctl$EPOLL_CTL_MOD(r5, 0x3, r6, &(0x7f0000000040)={0x3})
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd, 0x1, 'fq_codel\x00'}, {0xc, 0x2, [@TCA_FQ_CODEL_ECN={0x8}]}}]}, 0x40}}, 0x0)

[  771.851796][T25646] binder: 25639:25646 unknown command 0
[  771.881050][T25646] binder: 25639:25646 ioctl c0306201 20000280 returned -22
[  771.908731][T25649] binder: 25639:25649 ioctl c0306201 20000240 returned -14
[  771.926896][T25648] binder: 25641:25648 ioctl c0306201 20000540 returned -14
[  771.981698][T25621] ERROR: Out of memory at tomoyo_realpath_from_path.
02:19:52 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:19:52 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:52 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x2, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:19:52 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:19:52 executing program 1 (fault-call:2 fault-nth:2):
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

02:19:52 executing program 3:
r0 = gettid()
r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x28, &(0x7f0000000000)={@rand_addr=0x64010101, @empty, @multicast1}, 0xc)
prctl$PR_SET_PTRACER(0x59616d61, r0)
write$binfmt_script(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="2321202e2f66696c653020f014d336a7290a92384cf1fe1a3f9df7d54b413b7fea44a905c02903"], 0x27)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r1)
setxattr$security_capability(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)='security.capability\x00', &(0x7f0000000340)=@v2, 0x14, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x4)
pipe(0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, 0x0)
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f00000000c0)={0x1})
ioctl$SIOCPNENABLEPIPE(r1, 0x89ed, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)

02:19:52 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  774.605101][T25675] binder: 25667:25675 unknown command 0
[  774.637859][T25675] binder: 25667:25675 ioctl c0306201 20000280 returned -22
02:19:52 executing program 3:
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = memfd_create(&(0x7f00000002c0)='systemem0md5sum$\x00', 0x0)
r3 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0)
write$binfmt_elf64(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46020000000000000000c4b40003003e000039a594249c1fd83d0000000000000000000000dfeb7bba00280593bd5d74dafc203800030000962aa9992b9f37e6703d76365c99aa260e9f519c412e42e23257275e401d408c918340c95b4a9023520fa831b5bc"], 0x3c)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r4 = dup(r3)
r5 = syz_open_procfs(0x0, &(0x7f0000000500)='map_files\x00')
fchdir(r5)
write$P9_RGETATTR(r4, &(0x7f0000000400)={0xa0, 0x19, 0x0, {0x0, {}, 0xc3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}}, 0xa0)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r2, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
syz_open_procfs(0x0, &(0x7f0000000200)='autogroup\x00')

02:19:52 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

02:19:52 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x10, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  774.665137][T25683] binder: 25667:25683 ioctl c0306201 20000240 returned -14
02:19:52 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:52 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  774.772240][T25691] binder: 25688:25691 ioctl 10 20000540 returned -22
[  774.790150][T25690] ERROR: Domain '<kernel> /sbin/init /usr/sbin/sshd /usr/sbin/sshd /bin/bash /root/syz-fuzzer /root/syz-executor.3 proc:/self/fd/5' not defined.
[  774.915013][T25699] binder: 25695:25699 unknown command 0
[  774.938981][T25699] binder: 25695:25699 ioctl c0306201 20000280 returned -22
[  774.957070][T25699] binder: 25695:25699 ioctl c0306201 20000240 returned -14
02:19:55 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:19:55 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x4b31, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:19:55 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x2, &(0x7f0000000040))

02:19:55 executing program 3:
perf_event_open(&(0x7f0000000440)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r3, &(0x7f0000000040)="9e", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x1f}, 0x1c)
r4 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r5}, 0x10)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000080)={<r6=>r5, 0x94, "833f02ac7477b726a0aef28dbdd5cb6507c30fa9cefdc6903ccc8d9199b9a1649b393f3876d039cc10408857d8d4b406809ecb61f5340c071c90df7c622f0563694a414450c600576300d73dda07d290b8dd50cea9e28f6c6309aa87d25cbf4dbfd75b89ef33b28f97778becc3e3ed967f033ccbd6d3959cee22f7b4e319aeda55aef8e665006b2d7073d5d3b9b55dcd3df09bf1"}, &(0x7f0000000000)=0x9c)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r7, &(0x7f0000000040)="9e", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x1f}, 0x1c)
r8 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r9=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r7, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r9}, 0x10)
getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000200)={r6, 0x7, 0x3, 0x1, 0xf835, 0x8, 0x7f, 0x5, {r9, @in={{0x2, 0x4e20, @broadcast}}, 0x3, 0x200, 0xffffffff, 0x9, 0x1f}}, &(0x7f00000002c0)=0xb0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)=ANY=[@ANYBLOB="68000000100005070000f9bbc7e4b627ef40354a", @ANYRES32=0x0, @ANYBLOB="251002fffff000103400120009000100766c616e000000002400020006000100040000000c00020000000000000800000c000200090000000a0000000a0005000f0000000000000008000a0059bc40db1e5c170aadf2955f8b445fdac67ff0050ef40ad47eb6df9eaa79c68876c931179fa69f42fe5a81585ffc8ad42f615d"], 0x68}}, 0x0)

02:19:55 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:55 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  777.653202][T25717] binder: 25714:25717 unknown command 0
[  777.660626][T25718] binder: 25713:25718 ioctl 4b31 20000540 returned -22
[  777.667598][T25717] binder: 25714:25717 ioctl c0306201 20000280 returned -22
[  777.684295][T25717] binder: 25714:25717 ioctl c0306201 20000240 returned -14
02:19:55 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x4c01, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:19:55 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:19:55 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x10, &(0x7f0000000040))

02:19:55 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:19:55 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:55 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

[  777.868452][T25737] binder: 25729:25737 ioctl 4c01 20000540 returned -22
[  777.901580][T25741] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
02:19:56 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:19:56 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:19:56 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x4c80, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  778.009442][T25749] binder: 25738:25749 unknown command 0
[  778.015016][T25749] binder: 25738:25749 ioctl c0306201 20000280 returned -22
[  778.042231][T25749] binder: 25738:25749 ioctl c0306201 20000240 returned -14
[  778.152061][T25755] binder: 25750:25755 ioctl 4c80 20000540 returned -22
02:19:56 executing program 3:
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x200200, 0x0)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x4, 0x2}, 0x6)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$IPT_SO_GET_ENTRIES(r1, 0x0, 0x41, &(0x7f0000000080)={'raw\x00', 0xfb, "76f549da6de515b513448653b812361e52eada5cf8bb83e45125cfefc75da1ada60fda1f6c3a5ffb77121444b00a35401edc160919e9a276bfc2733e3f84d5bf08991029ce8d610932f2b75551a93523fbf81b68c3080f8a81e987037f48bc09ea18f1916d6cf4912cd7bdfaa657b324b38616daa364222f83c191101e2d13f0753c64fc82fbe81656eacaabe84308e828c9ca47fffc9f0af52f1213365d3e03ede4fe7e407568fef8746e5887bfbc82cd8b8ad7c7102846d3fdee95b0b52071263de29593249195b1e58560f4f9624c590d040dc9f9f3e43ceb2e5c87b6df6e2a7f0f341869febeaff69df359f19aa183c2ba959ef7f93fbc0518"}, &(0x7f00000001c0)=0x11f)
r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/dlm_plock\x00', 0x42, 0x0)
sendmsg$IPSET_CMD_TEST(r2, &(0x7f0000000700)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000540)={0x164, 0xb, 0x6, 0x0, 0x0, 0x0, {0x1, 0x0, 0x7}, [@IPSET_ATTR_DATA={0x4c, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR2={0x5, 0x15, 0x6}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e20}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x7}, @IPSET_ATTR_IFACE={0x14, 0x17, 'veth0_to_hsr\x00'}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x800}, @IPSET_ATTR_BYTES={0xc, 0x18, 0x1, 0x0, 0x31d}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0xffc1}]}, @IPSET_ATTR_ADT={0x4c, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAMEREF={0x9, 0x13, 'syz2\x00'}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010102}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PROTO={0x5, 0x7, 0x32}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAMEREF={0x9, 0x13, 'syz1\x00'}}]}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x8001}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_ETHER={0xa, 0x11, @broadcast}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x80000001}, @IPSET_ATTR_NAME={0x9, 0x12, 'syz0\x00'}]}, @IPSET_ATTR_ADT={0x74, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_PACKETS={0xc, 0x19, 0x1, 0x0, 0xf4d8}}, {0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x5}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x4}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_PACKETS={0xc, 0x19, 0x1, 0x0, 0x400}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x11}}]}]}, 0x164}}, 0x84)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_MCAST_LEAVE_GROUP(r3, 0x0, 0x2d, &(0x7f0000000740)={0x9d68, {{0x2, 0x4e22, @broadcast}}}, 0x88)
r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000800)='/dev/cachefiles\x00', 0xa04800, 0x0)
ioctl$VIDIOC_S_TUNER(r4, 0x4054561e, &(0x7f0000000840)={0x3, "4799441215964c86b5a27b4848697e1ce191541ead165e867df130b971e75607", 0x2, 0x20, 0xc6, 0x3, 0xbb57002d5ae123a2, 0x2, 0x7fffffff, 0xee})
r5 = syz_open_dev$evdev(&(0x7f00000008c0)='/dev/input/event#\x00', 0x40, 0x20200)
fchdir(r5)
r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000900)='/dev/full\x00', 0x10000, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r6, &(0x7f0000000940)="8d1fb3535aa9c88fe4b129", &(0x7f0000000980)="9f619d2d259ed1fddfc80168854598bc3d3be4c32182114ec4411a43ff46504aa49a6775d31a11322aeeee845cb7099f2cc80605f421ebaf4dd61315da1d01383c6d7772fa06bc78778374dd22a570d89428d88af5e7669b8798be3775b836d5079bef63d07efb8259d0a4dd59d0f069034bc1bc7962f4ae575d36629a19e6180fc19b4ad6c0cafeb7f595166338e061b89fdeaaac48f226d344278661d23dd045dba10c209a0b12f54411500d0c5680e78b29585ddf816c9a1a151f0e78bf180f0ca4c0ee39dcd38ff6654e54a4"}, 0x20)
readv(r5, &(0x7f0000000ac0), 0x0)
r7 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/autofs\x00', 0x101000, 0x0)
accept4$rose(r7, &(0x7f0000000b40)=@full={0xb, @dev, @default, 0x0, [@netrom, @default, @netrom, @netrom, @netrom, @null]}, &(0x7f0000000b80)=0x40, 0x80000)
r8 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000bc0)='/dev/vsock\x00', 0x12bb02, 0x0)
r9 = eventfd(0x0)
ioctl$KVM_IRQFD(r8, 0x4020ae76, &(0x7f0000000c00)={r9, 0x5, 0x5e57, r4})

02:19:56 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x4c00, &(0x7f0000000040))

02:19:56 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:19:56 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:19:56 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0563"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:56 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x541b, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:19:56 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

[  778.626460][T25777] binder: 25774:25777 ioctl 541b 20000540 returned -22
[  778.661637][T25781] binder: 25776:25781 unknown command 25349
02:19:56 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  778.684598][T25781] binder: 25776:25781 ioctl c0306201 20000280 returned -22
[  778.713606][T25787] binder: 25776:25787 ioctl c0306201 20000240 returned -14
02:19:56 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x4c01, &(0x7f0000000040))

02:19:56 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(0x0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:19:56 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x5421, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  778.745498][T25788] Unknown ioctl 1075883638
02:19:56 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0563"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:56 executing program 3:
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
close(r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0x80)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000356000)=0x1, 0x36d)
connect$inet6(r1, &(0x7f00000002c0)={0xa, 0x0, 0x0, @empty}, 0x1c)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
sendmmsg(r0, &(0x7f0000000e00)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="fb", 0x1}], 0x1}}], 0x1, 0x40000fd)
close(r0)

02:19:57 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:19:57 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x4c80, &(0x7f0000000040))

02:19:57 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x5450, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  778.943772][T25805] binder: 25802:25805 unknown command 25349
[  778.991852][T25805] binder: 25802:25805 ioctl c0306201 20000280 returned -22
[  778.994847][T25809] binder: 25802:25809 ioctl c0306201 20000240 returned -14
02:19:57 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:19:57 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0563"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:57 executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
dup(0xffffffffffffffff)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
fchdir(r0)
perf_event_open(&(0x7f000001d000)={0x1, 0xfffffffffffffdf2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x10, 0xffffffffffffffff, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000140)={0x1, {{0x2, 0x0, @multicast1}}}, 0x88)
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000080)={0xb3, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x81}, 0xe)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f00000000c0), 0x2}, 0x2280, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r1, 0x4, 0x3800)
r2 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0)
r3 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0)
write$9p(r2, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706235f383e31cf662c95b1e49cfd94871e22720a41535756e419b271276941692bd023dd9c9dbec4f7db1e5c00d8b3be7b8e826a6aadd001edd0dfeb00f8048442b5c48456fd642e629dcb2ff55592665ff491cd832672ce4d999da186db2c3a1f8b6b1f7d3750d7cdb3097954e6e14fb2183ad662c63d4ce8b82dc2487f0fe2ea2827b53a7c6dcced878d2fb29c1d3ff583570e7bc172d1a5c716e0447cb08ce3c468ffdf975da372f3f3eb455aaf5822bc04a51b6cad24a2331369df81c123b009a2381b42e9aeb077f621608d81c12a5f5c6c295d74afd4dd5c051296be0b54c70bf899b347c36bff62f313079983409d7f9cf1242c917985c1b5d0736fe21f8514f63d0369a374c42da40bd5140bc3e602d00c3cb4f8e621863ab47422778d67d72de34753fd72cef80649a1548e4e8dcbcffe4054cc9d8a1f922623a75904cbdaacde768131e587269a4a99d82f7009c1b8ab79aa232a2fd45ad71b603803123f6ba979fa6a87525884b08d721a21400fb1f950b96ead82f408cc4388d3b78fb456616429a520656d5e5a876fd04748498902c86f58d45f4c1b3919eb846a00edf07e7a830bf723e4774f085f15534dd3b5246c0c0970b5ad7bb39b30b156a9430378c5b0aab1261c78d72ac301cd552d5e8dd4b642ec1dc0672745d593bb26d095b5b23576e3cfd6ab580f6e09419d0f0c64250fafaa3759aa1888da48d89c3f7c9454b0b3d0ab40445f5bed4493ef43ab08f31b1345ac4ffd94ad79c9eee53904ed6f572817153190d2e6863f2e39356bb99926419fd314341a536b7e76cae60bf7750a4c29e3f4c7f005530b1d4ee0e25b93b76fcc1108222f0b00de52cf4100e97adfd7b9db1370586ba27e1e183299be00d0df8439c380edf2f79deb441eac59b814b04accdff5e17f02046139f91f0332661676ff506e575f0cb2850bcc9f8666f6d1f69f8f4271cb804a79fccd7016f049d1a494c26a527c437fa0be6d51ec7543d9bd7a2f016194ebe3c99080a6c9b5119863dfe865f8e60cae29f50b67dbfaa0a3c9794d73034485ca1613344c572783db3dfab01b28089c51cda99cefa4c1c881a29e229f04c7e0fd04dc425ae8417852e6e31520c6207e9d4e35285feef2a2cb8a3bceb08a166fa4284a516362621e2c06731a442791f1db063a32cf1f005c", 0x546)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3, &(0x7f0000000000)=0x8, 0x4)
sendfile(r2, r3, 0x0, 0x10000)

02:19:57 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x4c81, &(0x7f0000000040))

02:19:57 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x5451, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  779.263134][T25827] binder: 25820:25827 unknown command 25349
[  779.279473][   T27] audit: type=1804 audit(1591064397.370:596): pid=25824 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir362012453/syzkaller.Xy8hzh/776/file0/file0" dev="loop3" ino=42 res=1
[  779.300936][T25827] binder: 25820:25827 ioctl c0306201 20000280 returned -22
[  779.316092][T25831] binder: 25820:25831 ioctl c0306201 20000240 returned -14
02:19:59 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(0x0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:19:59 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:19:59 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="056304"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:19:59 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x541b, &(0x7f0000000040))

02:19:59 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x5452, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:19:59 executing program 3:
r0 = open(&(0x7f0000000000)='./bus\x00', 0x141842, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="100000000b1400000000000000000000aea925af7bcb47310a563a7398f5ade5e7755d7f2138033e4329edde8b7508f2c31bf86f630d2b4050af1b9f5ce81008ea63d4e713b33ba9dc4b37463006e96c4beb9a958c02b8b8cfc778e0587ead85d09293172069a4db9b366f68a8ece84272e3cda7511b82416808593c01a1c1084fad35b84905e24f3d40076cf4986adb2b6d654604414e2630ab04f632f20b9433e8ef614499f7bfde34e023d29214728bad81e74765377bc1bb8b0985a94cc54d50bd1ea22518c37e69e037ac89598e3ee5de50c9072de9ec2a2dd37e9e7ecaf6312128f025cce954"], 0x10}}, 0x0)
ioctl$INOTIFY_IOC_SETNEXTWD(r0, 0x40044900, 0x0)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1081}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r4, 0xc008551c, &(0x7f0000000040)={0xfe0, 0x8, [0x33d, 0x4]})
write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[], 0x5)
dup(0xffffffffffffffff)
ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000340)={0x800, 0xb, 0x4, 0x8, 0xffffffff, {0x0, 0x2710}, {0x2, 0xc, 0x1, 0x5, 0x0, 0xfc, "90afb174"}, 0x1f, 0x1, @planes=&(0x7f0000000300)={0x346, 0x1ff, @userptr=0x7, 0x7}, 0x7fff, 0x0, <r5=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
r7 = dup(r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000480)={&(0x7f0000000500)={0xa4, 0x0, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xb4}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x1b}, @NBD_ATTR_SOCKETS={0x14, 0x7, 0x0, 0x1, [{0x8, 0x1, r0}, {0x8, 0x1, r2}]}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x5}, @NBD_ATTR_SOCKETS={0x2c, 0x7, 0x0, 0x1, [{0x8}, {0x8, 0x1, r0}, {0x8}, {0x8, 0x1, r5}, {0x8, 0x1, r7}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x2401c854}, 0x20008005)
mmap(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

02:20:00 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x5421, &(0x7f0000000040))

[  781.893422][T25855] binder: 25850:25855 unknown command 287493
[  781.916205][T25855] binder: 25850:25855 ioctl c0306201 20000280 returned -22
02:20:00 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:00 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="056304"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  781.953757][T25859] binder: 25850:25859 ioctl c0306201 20000240 returned -14
02:20:00 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x5460, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  782.079005][T25870] binder: 25865:25870 unknown command 287493
[  782.092666][T25870] binder: 25865:25870 ioctl c0306201 20000280 returned -22
[  782.112792][T25870] binder: 25865:25870 ioctl c0306201 20000240 returned -14
02:20:00 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x5450, &(0x7f0000000040))

02:20:00 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x5501, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  782.252044][T25877] binder: 25876:25877 ioctl 5501 20000540 returned -22
02:20:02 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(0x0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:20:02 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:02 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="056304"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:20:02 executing program 3:
r0 = perf_event_open(&(0x7f0000000200)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfe1d5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r3, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)={0x1d8, 0x0, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0xb0, 0x8, 0x0, 0x1, [{0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x742bcd21}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x78}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xc0fec7}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x62ef3161}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x15f8f093}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5df76e57}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x52a5c78d}]}, {0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x18}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x344f1c06}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4bec057c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6d1fe418}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x8c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x62c061a3}]}, {0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3fbb31f4}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x58}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x4a1c80b}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe6}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x445ac0ae}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x92}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0xb8, 0xc, 0x0, 0x1, [{0x44, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6bdc756c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf332}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x68a87352}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x58995106}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5b971c71}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8b0b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xe69ac7e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5f3e}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x11aa67f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x473b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xf671a04}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4c0cf692}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x815}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc676}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x31b8f0c1}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6ad32b45}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2b20e511}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xdc71}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xdbf7}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd164}]}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0xffffffffffffffff}, @NLBL_CIPSOV4_A_TAGLST={0x44, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5}, {0x5}, {0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x6}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x2}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x1d8}, 0x1, 0x0, 0x0, 0x884}, 0x40001)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200047ff, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
writev(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(r4, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x48, 0x0, 0x0)

02:20:02 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x6364, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:02 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x5451, &(0x7f0000000040))

02:20:03 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x5452, &(0x7f0000000040))

[  784.946541][T25900] binder: 25896:25900 ioctl 6364 20000540 returned -22
[  784.956246][T25901] binder: 25897:25901 unknown command 287493
[  784.970059][T25901] binder: 25897:25901 ioctl c0306201 20000280 returned -22
02:20:03 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x8912, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  784.991798][T25901] binder: 25897:25901 ioctl c0306201 20000240 returned -14
02:20:03 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:03 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  785.204799][T25912] binder: 25906:25912 ioctl 8912 20000540 returned -22
02:20:03 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x5460, &(0x7f0000000040))

02:20:03 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:20:05 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:05 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x0)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:20:05 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
socket$nl_crypto(0x10, 0x3, 0x15)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f00000031c0)={0x0, 0x0, &(0x7f0000003180)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000021401"], 0x1}}, 0x0)
sendfile(r2, r1, 0x0, 0x80000000)

02:20:05 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x6364, &(0x7f0000000040))

02:20:05 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x8933, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:05 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  787.942246][T25936] binder: 25933:25936 ioctl 8933 20000540 returned -22
02:20:06 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:06 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x8912, &(0x7f0000000040))

02:20:06 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x89e0, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  788.010732][   T27] audit: type=1804 audit(1591064406.111:597): pid=25937 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir362012453/syzkaller.Xy8hzh/779/cgroup.controllers" dev="sda1" ino=16354 res=1
[  788.048249][T25937] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'.
02:20:06 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

[  788.135640][T25948] binder: 25946:25948 ioctl 89e0 20000540 returned -22
02:20:06 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be167"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:06 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xae01, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  788.224829][T25957] binder: 25951:25957 ioctl c0306201 0 returned -14
02:20:06 executing program 3:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x3, 0x19)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0x12)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@empty}}, {{@in6}, 0x0, @in6=@loopback}}, 0xe8)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000002c0)=ANY=[@ANYBLOB="e0000002ac1414aa0000000002"], 0x18)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f0000000300))
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000200)=""/148, 0x94}], 0x1, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00')
preadv(r1, &(0x7f0000000480), 0x10000000000002a1, 0x4000000)
sched_setattr(0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$inet6(0xa, 0x400000000001, 0x0)
close(r2)
openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x44042, 0x0)
sendmsg$nfc_llcp(0xffffffffffffffff, 0x0, 0x0)
ftruncate(r3, 0x2008002)
sendfile(r2, r3, 0x0, 0x200fff)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)

02:20:06 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x8933, &(0x7f0000000040))

[  788.374735][T25963] binder: 25960:25963 ioctl ae01 20000540 returned -22
[  788.576150][   T27] audit: type=1800 audit(1591064406.671:598): pid=25969 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16341 res=0
[  788.628830][   T27] audit: type=1800 audit(1591064406.731:599): pid=25969 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16341 res=0
02:20:09 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x0)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:20:09 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

02:20:09 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be167"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:09 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xae41, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:09 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xae01, &(0x7f0000000040))

02:20:09 executing program 3:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x3, 0x19)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0x12)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@empty}}, {{@in6}, 0x0, @in6=@loopback}}, 0xe8)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000002c0)=ANY=[@ANYBLOB="e0000002ac1414aa0000000002"], 0x18)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f0000000300))
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000200)=""/148, 0x94}], 0x1, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00')
preadv(r1, &(0x7f0000000480), 0x10000000000002a1, 0x4000000)
sched_setattr(0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$inet6(0xa, 0x400000000001, 0x0)
close(r2)
openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x44042, 0x0)
sendmsg$nfc_llcp(0xffffffffffffffff, 0x0, 0x0)
ftruncate(r3, 0x2008002)
sendfile(r2, r3, 0x0, 0x200fff)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)

[  791.034109][T25984] binder: 25981:25984 ioctl ae41 20000540 returned -22
[  791.098664][T25989] binder: 25980:25989 ioctl c0306201 0 returned -14
02:20:09 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be167"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:09 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xae80, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:09 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xae41, &(0x7f0000000040))

02:20:09 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

[  791.240958][   T27] audit: type=1800 audit(1591064409.331:600): pid=25992 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=15906 res=0
02:20:09 executing program 3:
r0 = getpid()
sched_setscheduler(r0, 0x5, 0x0)
r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
dup(r2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
write$binfmt_aout(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="a621d691d940c2e7a9c43f1f6e72f708a7d7101dd3f1e51eb1e8d4412b72e42eb006fa6a9035288d404727d7bdc220a83cdf52e88b217f7d4942797c52513280b0d74500e3e1bbcf7ebabc65411317a528a10c76a51acd3da305a31c1939615033f8fa33a24bded1980c55d9e5323dc245aa7bb1ba9b8dcf698e91b0c433e6c684337f30c29b93b99e6215152eecc575d1a5767e4d1871d738cdcafc337ff5174f64bce076158c1f021d280447889a062fc6152c17c95db6f10833c285b729fd72867aeaa885ed9c09a97c87d020", @ANYRESDEC, @ANYRESHEX=r4, @ANYRESHEX=r3, @ANYRES32=r2], 0x4)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x0, 0x0)
fanotify_mark(0xffffffffffffffff, 0x1, 0x4800003e, r5, 0x0)
sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe)
creat(&(0x7f0000000140)='./bus\x00', 0x0)
prctl$PR_SET_KEEPCAPS(0x8, 0x0)

[  791.292854][T25998] binder: 25996:25998 ioctl ae80 20000540 returned -22
02:20:09 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xae9a, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  791.388760][T26005] binder: 26001:26005 ioctl c0306201 0 returned -14
[  791.438845][T26010] binder: 26008:26010 ioctl ae9a 20000540 returned -22
[  791.495574][   T27] audit: type=1804 audit(1591064409.591:601): pid=26009 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir362012453/syzkaller.Xy8hzh/782/bus" dev="sda1" ino=15906 res=1
[  791.530549][   T27] audit: type=1804 audit(1591064409.631:602): pid=26009 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir362012453/syzkaller.Xy8hzh/782/bus" dev="sda1" ino=15906 res=1
[  791.570408][   T27] audit: type=1804 audit(1591064409.671:603): pid=26009 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir362012453/syzkaller.Xy8hzh/782/bus" dev="sda1" ino=15906 res=1
02:20:12 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x0)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:20:12 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:12 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xb701, &(0x7f0000000040))

02:20:12 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

02:20:12 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x400454ca, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:12 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000440)={@in={{0x2, 0x0, @dev}}, 0x0, 0x9, 0x8}, 0xd8)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='batadv0\x00', 0x90)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
umount2(&(0x7f0000000040)='./file0\x00', 0x9)
setsockopt$inet_tcp_int(r0, 0x6, 0x4000000000013, &(0x7f0000000400), 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000240)=0x1, 0x4)
sendto$unix(r0, &(0x7f0000000040), 0x3e6, 0x4000800, 0x0, 0xfffffffffffffd34)
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000180)=@usbdevfs_driver={0xfffffff8, 0x9, &(0x7f00000000c0)="f7409abfd3d406c639345ae9fe4306b40c22e78bfad9c1a9caa318922198aa341e80cf5e0d7ea9f0b71cbfb0735a9cf27962ac40db47ec04a85abe2db6f2c0c6116f1a811f759647e32f84ea95bab1531220a7704371a70e74ce2ce1869d4d418217d4e7a8a8666c47d03297e2bb274ad3536afa05fb4065708cfcb23782398778912d38bee6b8433ae081f0f80e7429176dc78bdcda6a31a371d8e2"})

[  794.135196][T26026] binder: 26024:26026 ioctl 400454ca 20000540 returned -22
02:20:12 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x400454ca, &(0x7f0000000040))

02:20:12 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x40046205, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:12 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:12 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

02:20:12 executing program 3:
r0 = socket$inet6(0x10, 0x2, 0x14)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
setsockopt$inet6_IPV6_ADDRFORM(r2, 0x29, 0x1, &(0x7f0000000040), 0x4)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000000)=ANY=[@ANYBLOB="400700000110"], 0x1}}, 0x0)
sendto$inet6(r0, &(0x7f0000000000)='E', 0x10a73, 0x8c0, 0x0, 0x4b6ae4f95a5de35b)

02:20:12 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x40049409, &(0x7f0000000040))

02:20:15 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:20:15 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x40046207, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:15 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

02:20:15 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:15 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000ffffffff0000000000000000400000000012011aa8b556307b0000160900000010000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001900000009000000000000000000106cf4aa4ac99e8d000000006c6f000000ffe4000000000000000001010000000000000000000000100000fa000000000000000000e8ffffa75f00cc99b4d1000000000005000000aabaaaaaaa0000020000000000007000000070000000a000000041554449540000000000000000000000000000000000000000000000000000000800000000000d000000000000000000"]}, 0x1a8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f0000000000))
connect$pppoe(r0, &(0x7f0000000140)={0x18, 0x0, {0x5, @empty, 'bridge0\x00'}}, 0x1e)
sendmmsg(r0, &(0x7f000000d180), 0x4000000000000eb, 0xa00)

02:20:15 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x40186366, &(0x7f0000000040))

02:20:15 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x40046208, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:15 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000007c0), 0x0, 0x0, 0x0})

02:20:15 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x4020940d, &(0x7f0000000040))

02:20:15 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c74"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:15 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000ffffffff0000000000000000400000000012011aa8b556307b0000160900000010000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001900000009000000000000000000106cf4aa4ac99e8d000000006c6f000000ffe4000000000000000001010000000000000000000000100000fa000000000000000000e8ffffa75f00cc99b4d1000000000005000000aabaaaaaaa0000020000000000007000000070000000a000000041554449540000000000000000000000000000000000000000000000000000000800000000000d000000000000000000"]}, 0x1a8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f0000000000))
connect$pppoe(r0, &(0x7f0000000140)={0x18, 0x0, {0x5, @empty, 'bridge0\x00'}}, 0x1e)
sendmmsg(r0, &(0x7f000000d180), 0x4000000000000eb, 0xa00)

02:20:15 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x40049409, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:18 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:20:18 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000007c0), 0x0, 0x0, 0x0})

02:20:18 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c74"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:18 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x4020ae46, &(0x7f0000000040))

02:20:18 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x40085503, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:18 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$CAPI_GET_PROFILE(r4, 0xc0404309, &(0x7f0000000040)=0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
socket$phonet(0x23, 0x2, 0x1)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00808d89000507000300"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c0002800800140000000000"], 0x3c}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff})
r6 = dup(r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400)='IPVS\x00')
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000440)={&(0x7f0000000500)={0xd0, r7, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7f}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xba2266c}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xab}, @IPVS_CMD_ATTR_DAEMON={0x58, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x9}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x4}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@loopback}]}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x1f}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x20040080}, 0x40000)
sendmsg$IPVS_CMD_SET_SERVICE(r6, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, r7, 0x2, 0x70bd28, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x64010102}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x80000000}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x10001}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x4004000}, 0x20000001)

[  800.318971][T26112] binder: 26111:26112 ioctl 40085503 20000540 returned -22
02:20:18 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000007c0), 0x0, 0x0, 0x0})

02:20:18 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x4018620d, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:18 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c74"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:18 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0x80086301, &(0x7f0000000040))

02:20:18 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_SET(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="78000000b7f9c66ba7176b3ec11fe39d332486b9d299ccca5fdc8e5f8a6aa01859dc", @ANYRES16=r2, @ANYBLOB="000828bd7000ffdbdf25050000002c000980080002000500000008000100000000000800020007000000080002000200000008000100070000000c00068008000100020000002c00068008000100600d00000800010003000000080001000500000004000200040002000800010001010000"], 0x78}, 0x1, 0x0, 0x0, 0x20000080}, 0x1)
r3 = syz_open_procfs(0x0, &(0x7f0000000240)='net/tcp\x00')
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x210000000013, &(0x7f0000000040)=0x100000001, 0x4)
getpeername$netlink(r1, &(0x7f00000000c0), &(0x7f0000000100)=0xc)
connect$inet(r4, &(0x7f0000001100)={0x2, 0x0, @local}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff})
r6 = dup(r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
mmap$snddsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2, 0x13, r6, 0x6000)
sendfile(r4, r3, 0x0, 0xedc0)
r7 = accept$ax25(r6, &(0x7f00000001c0)={{0x3, @netrom}, [@default, @netrom, @default, @netrom, @netrom, @netrom, @null, @rose]}, &(0x7f0000000280)=0x48)
ioctl$EXT4_IOC_MIGRATE(r7, 0x6609)

02:20:18 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  800.663215][T26139] binder: 26138:26139 ioctl c0306201 20000240 returned -14
02:20:21 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:20:21 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4c"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:21 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x40186366, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:21 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0045878, &(0x7f0000000040))

02:20:21 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:20:21 executing program 3:
setreuid(0xee00, 0x0)
r0 = getuid()
setreuid(0xee00, r0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000004880)=0x1f, 0x4)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc)
setreuid(0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3000003, 0x5c831, 0xffffffffffffffff, 0x0)
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0)
pipe(0x0)
ioctl$BLKBSZGET(0xffffffffffffffff, 0x80081270, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x10000000000f, 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f00001da000/0x18000)=nil, 0x0, 0xfffffe72, 0x0, 0x0, 0xa00000000000000)

[  803.446772][T26160] binder: 26155:26160 ioctl c0306201 20000240 returned -14
[  803.459733][T26162] binder: 26158:26162 ioctl 40186366 20000540 returned -22
02:20:21 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:20:21 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4c"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:21 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0045878, &(0x7f0000000040))

02:20:21 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x4020940d, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:21 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="72f5d8a8d6c7b1e6877233f14c64b48abed9da08684e8164ad7d3441c9e8957ea9e5995b0d8283c7aa982b084b0a8ad231bfdaf1a5baf71059b53af88a2fb6f51133a0cbc94822248adf597d9f1e19e1ffc1f4d8ba4906dcde0d43607e86bea55408f23763117f6b87dbbd45c09bf31d93f07d0e4ebea5ce53f4fc4e09806ba898a6641681418fe75cb2c3884922f81dab3e6b0053dc9740b97c0c82b627720a229d8f9f9ee90773566f45e34bc82cd7ca9813932a91c67a1f3f8ba1fdce063b9173a3b5b4b85979cdafc6149c8116b2ca543c07ed233969c55ef249834f63e68cfca8493437946086d7409e3b475c9f7846beb47a0d3ffe28d37ffc77fb759231c702348dc17d6b25a9040ffb49e4d10f6749804ee69d7729c0552bd79ad797882d53893d2facbcee0bfebfe86d855b2ecac7b3dc21e9a2893cebdb32db4051503641446b408fb8f80f5de8d785bbb0ce21c2935d493c9c1401a667957dea85b66dbac780f8394417d960f6a5e95078ab782005c84526de56515028a4ebe250aafee57b8c9a235aadd06766e9f5c394b504834dc712e2e68f523951b609cd815a943c8a68cc892408700c11b0c07408193e741d2ddf073b8564fa89adeca607b4b18c2db8b4921d5300c2b8a662de422b19861cf2f1823bec51d067cef0d49837878af232ee2b55af65993a168820b8037b6e87c63b418362f43c4ce58f7b48a8d45ce66ab9bd395aa1d703fe622bad66f58947140bba67b332e7da6f64f162929e42698de10249ca5eb82ac6daa592ac9564c5c7e6e64ecb1f501876b5d377520a5577b0f364c683a9dc0de6fb5312f99dcd921d75d39bbb9cc4f1c483b42da6a6c9995b0f30c40f48f3f3cc4907a85f90752315025de6c14b1a2adf3a67f95d45d42d884b0cd17781599b322fbe131084f08a3584aa7c0fe8c8f1959fead5c856d04d95e9366dc5e8d0d970d0ebcc434f6df7d36fa968314bd18b986e65c8100c75d72eac4b8e1643a9bb25a1093af831bfdaec5e83e612504fcb38120b76e98f30075d81d8deedb0da198ac60d7fd6a288dececa2fe4d1bbe8506188934256921b0d71ceaf98f2a8d88815116745e1bb6887773133dd78e643d5d1059ebd2109aa3e006d8487167a46835c8616bbb7cfa6308dc74ac8a7bca73b7929c1318e55de99fc5c466c260bbe8b60d2554cbe10bed085eff18d9a03a554095c8e85d9fcd15b549be1f944c0abc03aa854c495ef27187ff98759846473ca8da3e18fd6b219b253c2be4bf1c00a0297649696c425f9b14f71ee960d635d8c7673800f4a52c85ccbc53da28c6dd1a0765150b8f68aea2d96d2854b6f6b4f65565b55a13afe16eeef0cb3c04192417674e9e7114131113d1c558ba1e0666b4ea608f2b439deac4c750fb831b679b638c1fca6c17b6cdcf71a406767312702902358486814122cf0ab58ee3755decd9810d590ad81caaf48ed780934fcec318674bb191bf76ee9203c0a4e87dd3b9ee938af47c9d7a8269c3082a971d9e7e21574311e4e4341c1d81eb81df92e41f6bec49ae2c4adfddca5d43edfa8616258a31bdb1bfd211bf7298a42294c2e7206a3b7340af47a6343e5670f02942c2b9b1b242c0ae662d859b5f9824351b73d8e3aa432368d243a78e19939108a6b42d981b76adce8a0199da9a4b337723fea704488ca8579ac18e5e6d29f60f93f505f95232b7ff65fc023453dc6969493625e1caf5d04b531b0212cf04df3750b5bbc20b1dbe24457165f9989292603233a029e7d651c03382a68e1d01f8cc8197f6a4cd7abd16e174bb972e151ad2c50010072600f258bb78109006054c01f8227696607769ea1b9f6a1def538072078a6a857277ef6124cb748d57ebff160d82c07d7fb4326315807b0841e08619621b4016cdb81b1f4f0cb1f90a24d9ceeb51691584657dc3857c90b4d7484d6d25039ea6db48221fdb989a26e5abe1fa1327247d8a855f22bfd25a14453eb97180e73aff7a13ae8c1b50908e67c444aeb0e5f7808646664c5e203d3753edfa6379629cd39540db69bf95fea22999641d175e43f7aa1164f5f757e733a81b398a4b9eb11993d78ef14e686d8a23fc4201bf9072cecbf90edda674b6374efaf99e536165e53854872a66950c7ae0b78bf346680c67911fd746655018633a70dc21935eb20e19d2763c7f802795044679d1d98a06757cdb6b05f89ce6ff90c141401b1c49ddd4fee87e0d3cb34be3380d9e787e3f54e5f19322ff0f903bde536f0a8d98f64c8d3a204a29d35ffcac4857093be234524c523eac5061dbccbe89085f2cd83afa22dd7045d030711f8c67db9d3bf82c05f29cd9e186ba2aade79a946fdddd15c8088f01ec9d423c1d1c6fc5c71fff1882328bf892c0377e1269e9a3e792c051d3da2472a12c3bfa8a8b31e880799eecde8156f0ad7b6f0897464c2e270447c88f6afab0acac2b964da498348c5d0550635c6475f52ec3f3bd2258215d8588842d11ef61e1214e02cfcae003904270f9816be623113c006fa6c6242eaff1fd7c54f449677207e3be858d30706016a9580440c1d1dc3881c48b617dafc307ff7bc16b4d16be20fabfa6046ff8a205d6ee54fb93133def63265bee85a83fc21898172b37b1c6b5958dbd3dd72fe0a2744db3c74a5101cee57a7e01c72b2c094bf96a634eaafa2470f1e1d1fa8b0081936e9b718cc78be54a4e50730cd9e317a67d9e7dd1fdfebcfb478289e6a091e29e5a958c3ae2277d084a8dfda28937e25015d64a5dab379f8230884743b88f48fbe5d63947f7f81dbce0d1c2c89f0d941845b816b366cc361595fe432836415e28b54314ba1d708ef64fdb7c6e09c57387f4ca870ae09155bf525b8166f6d2437d190a63783bb0115e8556adb5437cf2ef449ec2375fd2b72aa289402a3145fe45e51666594f6ec9ff275690b6babc0ec7b2fbdbcfc31044960bf877a37f6f538ace37ba7a2abd32d7220ea0fdfe5c036bbc16b982cd89c2fbee07036a78ee97de803937028e1726de08c82e19f8c34f548257963d86d091e67a8eb47b98f4a61fc16635ce44a3970b7092a3134aa62ccb61439a69fac4c8a886319870ab525146fb63800104fcfe4d3715e5f8f12e3ad8ead7cfac851bfacd04f6c654bbb51a16a2523888f9fba97b5eef114fa2d56773f608b3b99dc8288edc6d39ae65caf5c01e3854f094fd8660b38d98d788042e73e0cdc226a6aab2cb136c4b422519c48c0a37568f9da0c8d3d1cc45255e89929550e33ed62967fc0be910888645bd0befbdd5e5c2d4db41bfb1e8d57e51358db6d540011705eb8a603ccbeed53317c15f3b1f5051c4f1e438432e409900f4e7e7a7e0272c6b4c0b35a6fceea49e40cd0ced180cdc93f99a32a2a42b320a7adc04237472ae74960ad55385f89e8a1f6ca758c3296819bf526661ebfc643ea0f421d13ca35c7c75ae46b174f2abc5407d0b106cd6ad97ea37eef474b730b06d7af96e16ab41d7ba928bfa64fd15e993a2789ca21220be53f1754b06bdf170c501137105a0e3731e7cab5d20d9ac402468c61f67857b35831276ef4f7a13917d71735e9c1a42ef41f8cde34d6439696aa279097d08b44e13b30d49111ed47a1779da62448501c73d32f95c19100db49785886b9a2b26de4724dcedbbe91793e9d55197d4894c9f1ae0d7bdf5110bcfbf5e4309fa0a2e9784e1da4bb939f89aa69fb629c21a40f32ab13693d495477b4471f0f21b6862ec7caa909c44b222119130119bbf5f5cbf5b143ccbe2de6c8808c0c12a89ddc20d4e85223be44cb35a88e71f933482fc885e455e5ee99f6bc3922bc2599ba6de09bf4cd0555272f0f7c8bc2921c9ef94376ae615f607df302f584c0b2295192968fe889b54188ee5d928e824d022ef98f1404a7bf3ff8256f626d4c279b6d3e5871a19ed3e004414426cefda19a9c1803ffe2b98a887c01575e2b46cd6ee9d1f4fed8f2fe3d936556794438d50d9199dc048e0b7f41f65ca99942e1c3c9acd7efd60b881d87d58b2e31c1b8b811f43c8ff06d5f13a176a4ee299a9f389ecc51e4a157ba45546cc991fee334f10cc20a0c94a5ff53696fb6f026f3299fd8041b7f1bbfe82f2e8f9e3d11dd9c2d420f181cad88883b114daf7ef2d70ede771722428011ad62591613f9215cf96013ba0d3ad87aeb1fe2ab98fcb1be8122ef39657ee6c96988caf829060bb79d3a280b8021a14f4e3cd34071131c4c599412ea6839dc19d88ca2139e9ab0b5c6f8fa5338dbf63d3ec215cb7090535c040e7f99af94843b6bc57e063c0f7ea58a5ff2d03505b3550db6230bc0964bf780046e057696a67ed201d6fc87082e0dc2273723074d9d2797994d0ef1fe91a0cd03f72f9d7e1b1ce2bceb200e69f9aa7af21dd7e408d6a0c15a2b219a8d75be22ae3068a895c018dc540b43afbbc540d088f943fb46032d36ee1c9803603c2673cbc19707ec48c579906556b75767c4994ee728208e524b55a9c02f6be8b6696355d0f57dfd8efa5664f9a3c6ed1b48f18b270ce014f08d8c8db36ad20eef058c9800b5a38688f61fa7b281354366ad201d4493489729fa33a6d21f6fde4e2bc6bff1ae3948ec4a581387f6628a261d65158908b65dea1fe697ba88db1f26bdc86f95d6740cc34960fc06e100181ec5563857af623579da21595e75c375323bcb231a5fb1d0fa805b62de521a3c210e899da36848ec4508dd327ec9ff7c8cefc0ec79cab9973627dcd9213c6c848d13eed031f1bfb282c2db22b4108f71d646d116605c3055aa7574a15f6d65c15c735fbc4b496ca8787aa364d10c9a0de70c0e3f72cb37f91ef62b738181ee7da574fb815d5a730b7a5344bb87c2005199498762fbbe18f69ada69dc7f4c5d9da96e2175490d846e6aee0ef8da9e92ef88bb808f5879f0826babd3e1fa7dfcd0f123f7995b0bc2382b884a891668725b368f4cf8225f136456122a6136715c81bbea5909ce0acae7d075856a603774556135fcdc2cac4a366e988240adcd81fc7b201ddb29a3114c87af6943a89fdeb2d6a0e84571bd2d48ffe263eb51887cce2dd075f32f9b80522048bd2ea24f6637897ba39c880ca125061d9580461c64b03253e7ba40b1a5b0d474e9f2a491ccc0e192226d6ae18543edee875a29f0200e1660a6c3e79562e3abb72b97ac1f03b1b8dc77cec2c1df13264a7b79605914c91baa3346627918d521b68f79827380801e7378f2b0fbd98f275d102fdb952bf9fc143ca53adfc7ef975b3594fe1ad9d25bcb1d52def2a245864643193b8a5a583058437ad353bff4b0a299ef79fdde38f765efb83062f80afda518afdfcec0da1fcfde342142ee65afacbbeb90a25912ea1f4029fe4c0759e126d97f0d2725909d52c124e90dc13bc4fb2535aa7fdb700208b91e90cd2a9a43a7561bc5dde2445ff7be2cd9ba5457433289360ac166cafaf38f67a169e36c9d785c452405d98c55ee902da43e6a8c45ecb44f08223b8a6dfac27d91b4be68f93570f0d3a4aaea8537ca7a1ccc17ff1e0e47e6d0ec655349e184c02398665c64061909eac75c24c0417a1b370aad241b047df9425fd6a1b8dc96ac101c104ffcfe8fb1b5eef70e940c43aae370ad5c510380c4406b070140ce2b9c026a3571640bfd940263db3645ba88699b4a9a1bbf2aab1425d69842643e98b5460b4ddeeadc161a71687b83adf2e64d12a46d735e42609f71e01f5924a731d9f33938894018883b37ee3f02810c958a3782ba7247f01eb41da016ad4b1ee2199dd98f2ce697", @ANYRES16], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff})
r6 = dup(r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
dup(r7)
r8 = openat$cgroup_ro(r6, &(0x7f0000000000)='cpuacct.usage_percpu_user\x00', 0xb00000000065808, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
r11 = fcntl$dupfd(r10, 0x0, r10)
ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200)
sendfile(r9, r8, 0x0, 0x100000001)

[  803.630928][T26172] binder: 26169:26172 ioctl c0306201 20000240 returned -14
02:20:21 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000140)}}], 0x0, 0x0, 0x0})

02:20:24 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:20:24 executing program 3:
r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r0, 0x4, 0x42000)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c)
listen(r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f0000000200), &(0x7f00000002c0)=0x4)
sendto$inet6(r1, 0x0, 0xfffffffffffffe32, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002c53fc5e00000000000000007b992672061b17759881869825bdbb29756e58004427c08a0f"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b40)={r3, 0x1800000000000060, 0xe, 0x0, &(0x7f0000000c00)="480e003f0000007e5bc5795e8064", 0x0, 0x1a9, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x40)
r4 = getpid()
sched_setscheduler(r4, 0x5, &(0x7f0000000380))
fcntl$lock(r3, 0x5, &(0x7f0000000140)={0x2, 0x4, 0x7, 0x7, r4})
r5 = syz_open_procfs(0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x4)
ioctl$KDFONTOP_SET(r5, 0x4b72, &(0x7f0000000240)={0x0, 0x0, 0x1c, 0x0, 0xba, &(0x7f00000003c0)="7ecb1aeb58723e2260c69ace61eeef53965b336aab5732b13f3563a2c5f002cd65ae8b0c7c8f249de8989f62137178a07c63c52eac03a66862f82de898a9b99f4a266510bbfe5551c00f7ad0a9c96de626d9424382c9c24eed788155235d5e9da06f53a1ea0ddcee658b85e66c5b199f2022ab00c44091f5215c6a6ed72c51c539637987a88007ff2e16e6cc982cccc36b2875b95b889be00f9a8007dd5cfdcb3e01aa63694c09c2ccf83878571588f681067454562dc734987898083943a018cd146ef17ecab5167214ebb58c5e9282c7f68a1239d5c8e2e7ac9701615d879b35f94a14d4fe85be9596fd8c1c0c2750db4bdad832ee830d0588b8ec45c40abfedb97aba1182d7ca3205f08c9f1ab74bd22f165ba4ebd7d0c51d6bbb77577994a37561aad34734d72e13fe6d60447fdd916a1dbac1e6e2999cc02238c42f3b645f7073a5da64eb8102030d48200f1fbb6348f64b207816d5f6d697d7614116221494ce4eccfccbba64d365bb5dded337eb58b3da63286829a153e4f66ee19cad57782467d70afd831c9793fd1adccaef0b3c558ecc9ca030770b8933deff504c6acb741fd77ce5c2569419cbd3023605d432b75f97fda33e8a5f8a96fda92645e2bed4f6ac4bec5078e2dcf6aeaec7dd2027f6a302c62f4ef5a889eb15f17504fc8b044fea86bdf4cc49921bc0dc0fec2ee7a54c17107da4be6b45db88e1c83ec562b805af1b75a381f72fb91deef6ad7b798ec1ceb8644d5da031583e0fc0337681c6c1a41ba476dc7c795846dcfa42bc16eff05f8b44ba982803c0cc3a3621c3c4d9acd5bb85f732e26643f733965cf03e907b396311a392c6f2b52c3d659e877d334fbd5e9a779b90a5f9c55094ad7d47ff7aa5fead0aefc7752bac60ab39e67764306a88c550c241b6f768e78218101da7d16a7e73607b497f2ba7d37c1415714c118c22ed613ff1dc33fc4be57625ac0ff7e999cbd23bd7ea3d29319fd67527d4a26d74eb09ca1046f6f2164846678dbe98373e410dace250b422ff7301419aae9f2409c55e64db742117e2b5e02d724560d88666cd8e4d506f77bda74deed84b0e9820d24a9df6e39df010d74a453ab60f33774f0e1b1aff68fcbe07c4c2e96a0d8b84cfd7624956bdb6d191882a0094ff976dfd8b22737edbb6ce772f3b072bc4eee44ad95095b41fcdf38a116d9d9d0b9a58c98b7febceab0802f383156af9a1fd102d43a9825392d0e38938ce9dd9d83a952f6095074c1c503fe53822def2d3c1dad5db1eed35d66f2b3d3da3033126174c216211e4797b26a34ce18984c382365600756389929f3bc78fdf5c0cbc6d8aa3f7e438d6c93d74136df90bf4fbdbf4b4532fa6a193471cfc698b2e290237cad59d8d5dae06b5d88ec4a0bf8cf496a335c15da43fdf6b91edee7f3d96287b3bc53a3d69ee0f5321672f1f"})
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000280)=@gcm_128={{0x303}, "4dc628bc3508d526", "e73eccb3ec90719f124c306868c9b09f", "00008b08", "11bb229bceedfa08"}, 0x28)
sendto$inet6(r1, &(0x7f0000000080)="39a110", 0xffffffffffffffc1, 0x40, 0x0, 0xfffffffffffffe5b)

02:20:24 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4c"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:24 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc008ae88, &(0x7f0000000040))

02:20:24 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x4020ae46, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:24 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000140)}}], 0x0, 0x0, 0x0})

02:20:24 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000140)}}], 0x0, 0x0, 0x0})

[  806.565453][T26203] binder: 26200:26203 ioctl 4020ae46 20000540 returned -22
02:20:24 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x4090ae82, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:24 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  806.634238][    C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
02:20:24 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0189436, &(0x7f0000000040))

02:20:24 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, 0x0}}], 0x0, 0x0, 0x0})

02:20:24 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc020660b, &(0x7f0000000040))

[  806.786779][T26218] binder: 26214:26218 ioctl 4090ae82 20000540 returned -22
[  807.252219][    C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
02:20:27 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x41015500, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:27 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:27 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:20:27 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, 0x0}}], 0x0, 0x0, 0x0})

02:20:27 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c03, &(0x7f0000000040))

02:20:27 executing program 3:
r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r0, 0x4, 0x42000)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c)
listen(r2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f0000000200), &(0x7f00000002c0)=0x4)
sendto$inet6(r1, 0x0, 0xfffffffffffffe32, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002c53fc5e00000000000000007b992672061b17759881869825bdbb29756e58004427c08a0f"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b40)={r3, 0x1800000000000060, 0xe, 0x0, &(0x7f0000000c00)="480e003f0000007e5bc5795e8064", 0x0, 0x1a9, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x40)
r4 = getpid()
sched_setscheduler(r4, 0x5, &(0x7f0000000380))
fcntl$lock(r3, 0x5, &(0x7f0000000140)={0x2, 0x4, 0x7, 0x7, r4})
r5 = syz_open_procfs(0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x4)
ioctl$KDFONTOP_SET(r5, 0x4b72, &(0x7f0000000240)={0x0, 0x0, 0x1c, 0x0, 0xba, &(0x7f00000003c0)="7ecb1aeb58723e2260c69ace61eeef53965b336aab5732b13f3563a2c5f002cd65ae8b0c7c8f249de8989f62137178a07c63c52eac03a66862f82de898a9b99f4a266510bbfe5551c00f7ad0a9c96de626d9424382c9c24eed788155235d5e9da06f53a1ea0ddcee658b85e66c5b199f2022ab00c44091f5215c6a6ed72c51c539637987a88007ff2e16e6cc982cccc36b2875b95b889be00f9a8007dd5cfdcb3e01aa63694c09c2ccf83878571588f681067454562dc734987898083943a018cd146ef17ecab5167214ebb58c5e9282c7f68a1239d5c8e2e7ac9701615d879b35f94a14d4fe85be9596fd8c1c0c2750db4bdad832ee830d0588b8ec45c40abfedb97aba1182d7ca3205f08c9f1ab74bd22f165ba4ebd7d0c51d6bbb77577994a37561aad34734d72e13fe6d60447fdd916a1dbac1e6e2999cc02238c42f3b645f7073a5da64eb8102030d48200f1fbb6348f64b207816d5f6d697d7614116221494ce4eccfccbba64d365bb5dded337eb58b3da63286829a153e4f66ee19cad57782467d70afd831c9793fd1adccaef0b3c558ecc9ca030770b8933deff504c6acb741fd77ce5c2569419cbd3023605d432b75f97fda33e8a5f8a96fda92645e2bed4f6ac4bec5078e2dcf6aeaec7dd2027f6a302c62f4ef5a889eb15f17504fc8b044fea86bdf4cc49921bc0dc0fec2ee7a54c17107da4be6b45db88e1c83ec562b805af1b75a381f72fb91deef6ad7b798ec1ceb8644d5da031583e0fc0337681c6c1a41ba476dc7c795846dcfa42bc16eff05f8b44ba982803c0cc3a3621c3c4d9acd5bb85f732e26643f733965cf03e907b396311a392c6f2b52c3d659e877d334fbd5e9a779b90a5f9c55094ad7d47ff7aa5fead0aefc7752bac60ab39e67764306a88c550c241b6f768e78218101da7d16a7e73607b497f2ba7d37c1415714c118c22ed613ff1dc33fc4be57625ac0ff7e999cbd23bd7ea3d29319fd67527d4a26d74eb09ca1046f6f2164846678dbe98373e410dace250b422ff7301419aae9f2409c55e64db742117e2b5e02d724560d88666cd8e4d506f77bda74deed84b0e9820d24a9df6e39df010d74a453ab60f33774f0e1b1aff68fcbe07c4c2e96a0d8b84cfd7624956bdb6d191882a0094ff976dfd8b22737edbb6ce772f3b072bc4eee44ad95095b41fcdf38a116d9d9d0b9a58c98b7febceab0802f383156af9a1fd102d43a9825392d0e38938ce9dd9d83a952f6095074c1c503fe53822def2d3c1dad5db1eed35d66f2b3d3da3033126174c216211e4797b26a34ce18984c382365600756389929f3bc78fdf5c0cbc6d8aa3f7e438d6c93d74136df90bf4fbdbf4b4532fa6a193471cfc698b2e290237cad59d8d5dae06b5d88ec4a0bf8cf496a335c15da43fdf6b91edee7f3d96287b3bc53a3d69ee0f5321672f1f"})
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000280)=@gcm_128={{0x303}, "4dc628bc3508d526", "e73eccb3ec90719f124c306868c9b09f", "00008b08", "11bb229bceedfa08"}, 0x28)
sendto$inet6(r1, &(0x7f0000000080)="39a110", 0xffffffffffffffc1, 0x40, 0x0, 0xfffffffffffffe5b)

[  809.676217][T26243] binder: 26238:26243 ioctl 41015500 20000540 returned -22
[  809.753104][    C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
02:20:27 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x80085502, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:27 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, 0x0}}], 0x0, 0x0, 0x0})

02:20:27 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:27 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c04, &(0x7f0000000040))

02:20:28 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:28 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  810.023188][T26262] binder: 26254:26262 ioctl 80085502 20000540 returned -22
02:20:28 executing program 4 (fault-call:11 fault-nth:0):
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:20:28 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0x80086301, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  810.199932][T26268] FAULT_INJECTION: forcing a failure.
[  810.199932][T26268] name failslab, interval 1, probability 0, space 0, times 0
[  810.214836][T26270] binder: 26269:26270 ioctl 80086301 20000540 returned -22
[  810.242349][T26268] CPU: 1 PID: 26268 Comm: syz-executor.4 Not tainted 5.7.0-rc1-syzkaller #0
[  810.251024][T26268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  810.261069][T26268] Call Trace:
[  810.264427][T26268]  dump_stack+0x11d/0x187
[  810.268765][T26268]  should_fail.cold+0x5/0xf
[  810.273276][T26268]  __should_failslab+0x82/0xb0
[  810.278092][T26268]  should_failslab+0x5/0xf
[  810.282506][T26268]  __kmalloc+0x54/0x640
[  810.286661][T26268]  ? tomoyo_realpath_from_path+0x85/0x3d0
[  810.292382][T26268]  tomoyo_realpath_from_path+0x85/0x3d0
[  810.297988][T26268]  tomoyo_path_number_perm+0xff/0x360
[  810.303359][T26268]  ? _parse_integer+0x12f/0x150
[  810.308226][T26268]  ? __fget_files+0xa2/0x1c0
[  810.312825][T26268]  tomoyo_file_ioctl+0x28/0x40
[  810.317595][T26268]  security_file_ioctl+0x69/0xa0
[  810.322538][T26268]  ksys_ioctl+0x5a/0x150
[  810.326787][T26268]  __x64_sys_ioctl+0x47/0x60
[  810.331379][T26268]  do_syscall_64+0xc7/0x3b0
[  810.335880][T26268]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  810.341765][T26268] RIP: 0033:0x45ca69
[  810.345762][T26268] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  810.365537][T26268] RSP: 002b:00007faa931b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  810.373954][T26268] RAX: ffffffffffffffda RBX: 00000000004e1380 RCX: 000000000045ca69
[  810.381922][T26268] RDX: 0000000020000240 RSI: 00000000c0306201 RDI: 0000000000000003
[  810.389892][T26268] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  810.397886][T26268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  810.405854][T26268] R13: 0000000000000214 R14: 00000000004c45cf R15: 00007faa931b16d4
[  810.426759][T26268] ERROR: Out of memory at tomoyo_realpath_from_path.
[  810.433732][T26268] binder: 26267:26268 ioctl c0306201 20000240 returned -14
02:20:30 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:30 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c05, &(0x7f0000000040))

02:20:30 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:20:30 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0045878, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:30 executing program 4 (fault-call:11 fault-nth:1):
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:20:30 executing program 3:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}})
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e24, 0x824, @local, 0x7}, 0x1c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
pidfd_send_signal(r3, 0x36, &(0x7f0000000140)={0xc, 0x81, 0x80000000}, 0x0)
write$tun(r0, &(0x7f0000000100)={@void, @val, @mpls={[], @ipv6=@generic={0x0, 0x6, "c37d97", 0x8, 0x0, 0x0, @local, @private0, {[@dstopts={0x0, 0x0, [0x0, 0x5]}]}}}}, 0x3a)

02:20:30 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0045878, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  812.828692][T26291] FAULT_INJECTION: forcing a failure.
[  812.828692][T26291] name failslab, interval 1, probability 0, space 0, times 0
02:20:31 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  812.885138][T26291] CPU: 0 PID: 26291 Comm: syz-executor.4 Not tainted 5.7.0-rc1-syzkaller #0
[  812.893910][T26291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  812.903953][T26291] Call Trace:
[  812.907259][T26291]  dump_stack+0x11d/0x187
[  812.911584][T26291]  should_fail.cold+0x5/0xf
[  812.916091][T26291]  __should_failslab+0x82/0xb0
[  812.920932][T26291]  should_failslab+0x5/0xf
[  812.925350][T26291]  __kmalloc+0x54/0x640
[  812.929548][T26291]  ? tomoyo_encode2.part.0+0xd0/0x240
02:20:31 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  812.934933][T26291]  tomoyo_encode2.part.0+0xd0/0x240
[  812.940130][T26291]  tomoyo_encode+0x32/0x50
[  812.944582][T26291]  tomoyo_realpath_from_path+0x11e/0x3d0
[  812.950217][T26291]  tomoyo_path_number_perm+0xff/0x360
[  812.955596][T26291]  ? _parse_integer+0x12f/0x150
[  812.960483][T26291]  ? __fget_files+0xa2/0x1c0
[  812.965179][T26291]  tomoyo_file_ioctl+0x28/0x40
[  812.969939][T26291]  security_file_ioctl+0x69/0xa0
[  812.974930][T26291]  ksys_ioctl+0x5a/0x150
[  812.979181][T26291]  __x64_sys_ioctl+0x47/0x60
[  812.983779][T26291]  do_syscall_64+0xc7/0x3b0
[  812.988284][T26291]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  812.994170][T26291] RIP: 0033:0x45ca69
[  812.998090][T26291] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  813.017686][T26291] RSP: 002b:00007faa931b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  813.026088][T26291] RAX: ffffffffffffffda RBX: 00000000004e1380 RCX: 000000000045ca69
02:20:31 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:31 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c06, &(0x7f0000000040))

[  813.034047][T26291] RDX: 0000000020000240 RSI: 00000000c0306201 RDI: 0000000000000003
[  813.042009][T26291] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  813.049973][T26291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  813.057952][T26291] R13: 0000000000000214 R14: 00000000004c45cf R15: 00007faa931b16d4
[  813.073870][T26291] ERROR: Out of memory at tomoyo_realpath_from_path.
[  813.081031][T26291] binder: 26288:26291 ioctl c0306201 20000240 returned -14
02:20:31 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:31 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c08, &(0x7f0000000040))

02:20:31 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0046209, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:33 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:20:33 executing program 4 (fault-call:11 fault-nth:2):
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:20:33 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:33 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c0b, &(0x7f0000000040))

02:20:33 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc008ae88, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:33 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
openat$mice(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mice\x00', 0x80)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0xffff]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000640))
r5 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000300)='/dev/cuse\x00', 0x2842, 0x0)
io_setup(0x1, &(0x7f0000000040)=<r7=>0x0)
io_submit(r7, 0x15, &(0x7f0000002600)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r6, 0x0, 0x0, 0x6}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0xffffff81}])
io_submit(r7, 0x1ffffe04, &(0x7f0000002600))

02:20:34 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c10, &(0x7f0000000040))

[  815.824237][T26343] binder: 26339:26343 ioctl c008ae88 20000540 returned -22
[  815.856034][T26344] FAULT_INJECTION: forcing a failure.
[  815.856034][T26344] name failslab, interval 1, probability 0, space 0, times 0
02:20:34 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc01064ab, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  815.917623][T26344] CPU: 1 PID: 26344 Comm: syz-executor.4 Not tainted 5.7.0-rc1-syzkaller #0
[  815.926309][T26344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  815.936456][T26344] Call Trace:
[  815.939765][T26344]  dump_stack+0x11d/0x187
[  815.944102][T26344]  should_fail.cold+0x5/0xf
[  815.948650][T26344]  __should_failslab+0x82/0xb0
[  815.953412][T26344]  should_failslab+0x5/0xf
[  815.957830][T26344]  kmem_cache_alloc_trace+0x26/0x5f0
[  815.963114][T26344]  ? _raw_spin_unlock+0x38/0x60
[  815.967971][T26344]  ? _binder_node_inner_unlock+0x77/0xb0
[  815.973629][T26344]  ? preempt_count_add+0x63/0x90
[  815.978568][T26344]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  815.984473][T26344]  binder_transaction+0x435/0x4cf0
[  815.989616][T26344]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  815.995590][T26344]  ? tomoyo_write_log2+0x64/0x580
[  816.000652][T26344]  ? vsnprintf+0x1b0/0xb60
[  816.005077][T26344]  ? debug_smp_processor_id+0x3f/0x129
[  816.010614][T26344]  binder_thread_write+0x6b1/0x1ea0
02:20:34 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0306201, &(0x7f0000000040))

[  816.015882][T26344]  binder_ioctl_write_read.isra.0+0x1e4/0x4e0
[  816.022000][T26344]  ? _binder_inner_proc_unlock+0x4f/0x90
[  816.027693][T26344]  binder_ioctl+0x2dc/0xd7e
[  816.032217][T26344]  ? tomoyo_file_ioctl+0x30/0x40
[  816.037161][T26344]  ? binder_ioctl_write_read.isra.0+0x4e0/0x4e0
[  816.043448][T26344]  ksys_ioctl+0x101/0x150
[  816.047788][T26344]  __x64_sys_ioctl+0x47/0x60
[  816.052480][T26344]  do_syscall_64+0xc7/0x3b0
[  816.056987][T26344]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  816.062891][T26344] RIP: 0033:0x45ca69
[  816.066878][T26344] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  816.086529][T26344] RSP: 002b:00007faa931b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  816.094937][T26344] RAX: ffffffffffffffda RBX: 00000000004e1380 RCX: 000000000045ca69
[  816.102906][T26344] RDX: 0000000020000240 RSI: 00000000c0306201 RDI: 0000000000000003
[  816.110896][T26344] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
02:20:34 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  816.118868][T26344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  816.126853][T26344] R13: 0000000000000214 R14: 00000000004c45cf R15: 00007faa931b16d4
02:20:34 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$VIDIOC_QUERYCTRL(r2, 0xc0445624, &(0x7f00000000c0)={0x1cea, 0x102, "03f0bef6ce2659cca3924b89aa2a5d8ce10d8e7169a18365148e19f15376ea1f", 0x3, 0x100, 0x0, 0x3, 0x84})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
read$midi(r4, &(0x7f0000000140)=""/117, 0x75)

[  816.180368][T26362] binder: 26352:26362 ioctl c01064ab 20000540 returned -22
02:20:34 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc018620b, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  816.271190][T26344] binder: 26337:26344 ioctl c0306201 20000240 returned -14
02:20:37 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:20:37 executing program 5:
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

02:20:37 executing program 4 (fault-call:11 fault-nth:3):
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:20:37 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc018620c, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:37 executing program 3:
perf_event_open(&(0x7f0000000340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x660d80, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000cab000)=0xc)
setreuid(0x0, r2)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3000003, 0x5c831, 0xffffffffffffffff, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = socket(0x0, 0x0, 0x0)
setsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, &(0x7f0000000180)=0x6f87, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff})
r6 = dup(r5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
r8 = dup(r7)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
ioctl$DRM_IOCTL_FREE_BUFS(r8, 0x4010641a, &(0x7f0000000100)={0x9, &(0x7f00000000c0)=[0x2, 0x7, 0x8a0, 0x0, 0x401, 0x8, 0x5, 0x2, 0x8]})
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r6, 0x84, 0xc, &(0x7f0000000040), &(0x7f0000000080)=0x4)
write$binfmt_elf32(r4, 0x0, 0xfffffffffffffe74)
r9 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f00001da000/0x18000)=nil, 0x0, 0xfffffe72, 0x0, 0x0, 0xa00000000000000)

02:20:37 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x10000, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f00000000c0)={0x43, 0x4, 0x8, {0x8, 0x3}, 0x5, 0x298})
r1 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r1, 0xc0287c02, &(0x7f0000000040))

[  818.916834][T26391] FAULT_INJECTION: forcing a failure.
[  818.916834][T26391] name failslab, interval 1, probability 0, space 0, times 0
[  818.951911][T26391] CPU: 1 PID: 26391 Comm: syz-executor.4 Not tainted 5.7.0-rc1-syzkaller #0
[  818.960592][T26391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  818.970635][T26391] Call Trace:
[  818.973932][T26391]  dump_stack+0x11d/0x187
[  818.978278][T26391]  should_fail.cold+0x5/0xf
[  818.982794][T26391]  __should_failslab+0x82/0xb0
[  818.983542][T26398] binder: 26394:26398 ioctl c018620c 20000540 returned -22
[  818.987555][T26391]  should_failslab+0x5/0xf
[  818.987577][T26391]  kmem_cache_alloc_trace+0x26/0x5f0
[  818.987595][T26391]  ? _raw_spin_unlock+0x38/0x60
[  818.987689][T26391]  ? _binder_node_inner_unlock+0x77/0xb0
[  818.987718][T26391]  ? preempt_count_add+0x63/0x90
[  819.019905][T26391]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  819.025791][T26391]  binder_transaction+0x4cd/0x4cf0
[  819.030957][T26391]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  819.036840][T26391]  ? tomoyo_write_log2+0x64/0x580
[  819.041879][T26391]  ? vsnprintf+0x1b0/0xb60
[  819.046287][T26391]  ? debug_smp_processor_id+0x3f/0x129
[  819.051743][T26391]  binder_thread_write+0x6b1/0x1ea0
[  819.056991][T26391]  binder_ioctl_write_read.isra.0+0x1e4/0x4e0
[  819.063140][T26391]  ? _binder_inner_proc_unlock+0x4f/0x90
[  819.068782][T26391]  binder_ioctl+0x2dc/0xd7e
[  819.073275][T26391]  ? tomoyo_file_ioctl+0x30/0x40
[  819.078211][T26391]  ? binder_ioctl_write_read.isra.0+0x4e0/0x4e0
[  819.084462][T26391]  ksys_ioctl+0x101/0x150
[  819.088792][T26391]  __x64_sys_ioctl+0x47/0x60
[  819.093372][T26391]  do_syscall_64+0xc7/0x3b0
[  819.097863][T26391]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  819.103733][T26391] RIP: 0033:0x45ca69
[  819.107620][T26391] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  819.127258][T26391] RSP: 002b:00007faa931b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  819.135665][T26391] RAX: ffffffffffffffda RBX: 00000000004e1380 RCX: 000000000045ca69
[  819.143706][T26391] RDX: 0000000020000240 RSI: 00000000c0306201 RDI: 0000000000000003
[  819.151662][T26391] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  819.159703][T26391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  819.167660][T26391] R13: 0000000000000214 R14: 00000000004c45cf R15: 00007faa931b16d4
02:20:37 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0189436, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:37 executing program 3:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket$inet6(0xa, 0x5, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video0\x00', 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000000140)=0x1, 0x44)
rt_sigpending(&(0x7f0000000000), 0x8)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x2, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}}, 0x1c)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x4000, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x140e4cdb3678d4a7, 0x5000, 0x1000, &(0x7f0000ffe000/0x1000)=nil})

02:20:37 executing program 1:
perf_event_open(&(0x7f0000000040)={0x4, 0x70, 0x0, 0x3, 0x20, 0x1, 0x0, 0x0, 0x8000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x6}, 0x0, 0x0, 0x0, 0x4, 0x6, 0xffffffff, 0x800}, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x20000, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0xffff]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000640))
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r3)
r4 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r4, 0xc0287c02, &(0x7f0000000040))

[  819.251736][T26391] binder: 26389:26391 ioctl c0306201 20000240 returned -14
02:20:37 executing program 4 (fault-call:11 fault-nth:4):
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:20:37 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc020660b, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:37 executing program 3:
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_vs\x00')
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
preadv(r0, &(0x7f0000000000), 0x0, 0x0)

[  819.481226][T26429] FAULT_INJECTION: forcing a failure.
[  819.481226][T26429] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  819.538944][T26429] CPU: 0 PID: 26429 Comm: syz-executor.4 Not tainted 5.7.0-rc1-syzkaller #0
[  819.547658][T26429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  819.557699][T26429] Call Trace:
[  819.560988][T26429]  dump_stack+0x11d/0x187
[  819.565328][T26429]  should_fail.cold+0x5/0xf
[  819.569836][T26429]  __alloc_pages_nodemask+0xcf/0x300
[  819.575173][T26429]  alloc_pages_current+0xca/0x170
[  819.580201][T26429]  binder_update_page_range+0x198/0xc40
[  819.585782][T26429]  binder_alloc_new_buf+0x9a7/0xe80
[  819.591019][T26429]  binder_transaction+0x799/0x4cf0
[  819.596195][T26429]  ? vsnprintf+0x1b0/0xb60
[  819.600645][T26429]  ? debug_smp_processor_id+0x3f/0x129
[  819.606206][T26429]  binder_thread_write+0x6b1/0x1ea0
[  819.611436][T26429]  binder_ioctl_write_read.isra.0+0x1e4/0x4e0
[  819.617511][T26429]  ? _binder_inner_proc_unlock+0x4f/0x90
[  819.623152][T26429]  binder_ioctl+0x2dc/0xd7e
[  819.627662][T26429]  ? tomoyo_file_ioctl+0x30/0x40
[  819.632688][T26429]  ? binder_ioctl_write_read.isra.0+0x4e0/0x4e0
[  819.638943][T26429]  ksys_ioctl+0x101/0x150
[  819.643349][T26429]  __x64_sys_ioctl+0x47/0x60
[  819.647981][T26429]  do_syscall_64+0xc7/0x3b0
[  819.652504][T26429]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  819.658388][T26429] RIP: 0033:0x45ca69
[  819.662286][T26429] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  819.681881][T26429] RSP: 002b:00007faa931b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  819.690294][T26429] RAX: ffffffffffffffda RBX: 00000000004e1380 RCX: 000000000045ca69
[  819.698262][T26429] RDX: 0000000020000240 RSI: 00000000c0306201 RDI: 0000000000000003
[  819.706264][T26429] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  819.714224][T26429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  819.722192][T26429] R13: 0000000000000214 R14: 00000000004c45cf R15: 00007faa931b16d4
[  819.838672][T26429] binder_alloc: 26423: binder_alloc_buf failed for page at 00000000e6873035
[  819.848144][T26429] binder: 26423:26429 ioctl c0306201 20000240 returned -14
02:20:40 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:20:40 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306202, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:40 executing program 1:
r0 = perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
r2 = fcntl$dupfd(0xffffffffffffffff, 0x406, r0)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400)='IPVS\x00')
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000440)={&(0x7f00000000c0)=ANY=[@ANYBLOB="d0809019", @ANYRES16=r3, @ANYBLOB="00012cbd7000fddbdf250e000000080006007f000000ab00000058000380060004400900000006000400040600fe8000000000000000000000000000bb14000600fe8000e094d93b935fb7daebbf223c9ed04e000000000000000000000000bb14000600000000000000000000000000000000010800010001000000080004000600000030000180060004004e21000008000b00736970000800050001000000140003007f000001000000000000000000000000140003800800030003000000080005008000001f000000000000000000f60000"], 0xd0}, 0x1, 0x0, 0x0, 0x20040080}, 0x40000)
sendmsg$IPVS_CMD_GET_CONFIG(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f0000000600)=ANY=[@ANYBLOB="03807fa1c1123a82fce921ba9fca6eb71be96cb6fdbba36b9170f9dc5cd7bc952023344c8703d9ea28cc5e7f9544f64d8e5bb4b2d3d754445f68ad9ce44974c611f0573623bb5452fa40aa86cb2adf8c3983502e2f84aa2fa37d833265ff389163d2864481010ad68604ece2572c8ad298c2", @ANYRES16=r3, @ANYBLOB="00022abd7000ffdbdf250d00000008000400f9ffffff4400028006000b00020000000800060001000000080004007effffff080008000200000008000400070000000800030003000000080005000400000005000d00010000000c000280080007000300000008000600ffffffff08000400090000004c00038008000300020000001400020064756d6d793000000000000000000000080003000200000008000300020000000800030001000000140002006e72300000000000000000000000000020000180060002006200000014000300000000000000000000000000000000010800040002000000"], 0xf0}, 0x1, 0x0, 0x0, 0x80}, 0x1)
ioctl$RTC_EPOCH_READ(r1, 0xc0287c02, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
syz_open_dev$ttys(0xc, 0x2, 0x0)
setsockopt$bt_hci_HCI_FILTER(r5, 0x0, 0x2, &(0x7f0000000280)={0x4, [0x2, 0xd3], 0x5}, 0x10)

02:20:40 executing program 5:
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

02:20:40 executing program 3:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0)
write$P9_RREADLINK(r1, &(0x7f0000000400)=ANY=[@ANYRESOCT, @ANYRES32, @ANYRESDEC=r0], 0xc9)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xe1, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe)
syz_open_procfs(0x0, &(0x7f0000000140)='cmdline\x00')
syz_genetlink_get_family_id$tipc(&(0x7f00000003c0)='TIPC\x00')
ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40087602, &(0x7f00000000c0))
sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001180)={0x5c, 0x0, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @mcast2}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}]}, 0x5c}}, 0x0)
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c00000089bb54bb8af8a4fc30ec3368a440989e0659d592065bf3dab2cc06b28c879f277a56b85c9e7df22ea6459ae00355006f579faf9df80c53251c75a2221718e91714a3488bece1a7dc68b806518f8e12fc7c2887bdf5226dbcdd338e320add01406bcd7adb2ded63f1f67e1f3448b9d9afbfca7b887090042382d85ea1c41ce51e6ba19efbc672ab2cc67249bbc1560000000000000000", @ANYRES16=0x0, @ANYBLOB="00041a000000fbdbdf25060000000500210001000000"], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x20040000)
lremovexattr(&(0x7f0000000040)='./file0\x00', 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

02:20:40 executing program 4 (fault-call:11 fault-nth:5):
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  822.267405][T26447] FAULT_INJECTION: forcing a failure.
[  822.267405][T26447] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  822.294225][T26450] binder: 26442:26450 ioctl c0306202 20000540 returned -22
[  822.302598][T26447] CPU: 0 PID: 26447 Comm: syz-executor.4 Not tainted 5.7.0-rc1-syzkaller #0
[  822.311273][T26447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  822.321321][T26447] Call Trace:
[  822.324618][T26447]  dump_stack+0x11d/0x187
[  822.328950][T26447]  should_fail.cold+0x5/0xf
[  822.333456][T26447]  __alloc_pages_nodemask+0xcf/0x300
[  822.338748][T26447]  alloc_pages_current+0xca/0x170
[  822.343779][T26447]  pte_alloc_one+0x14/0x50
[  822.348209][T26447]  __pte_alloc+0x27/0x210
[  822.352540][T26447]  __get_locked_pte+0x1df/0x220
[  822.357389][T26447]  vm_insert_page+0x21d/0x2a0
[  822.362102][T26447]  binder_update_page_range+0x203/0xc40
[  822.367664][T26447]  binder_alloc_new_buf+0x9a7/0xe80
[  822.372886][T26447]  binder_transaction+0x799/0x4cf0
[  822.378049][T26447]  ? vsnprintf+0x1b0/0xb60
[  822.382470][T26447]  ? debug_smp_processor_id+0x3f/0x129
[  822.387937][T26447]  binder_thread_write+0x6b1/0x1ea0
[  822.393196][T26447]  binder_ioctl_write_read.isra.0+0x1e4/0x4e0
[  822.399359][T26447]  ? _binder_inner_proc_unlock+0x4f/0x90
[  822.405028][T26447]  binder_ioctl+0x2dc/0xd7e
[  822.409541][T26447]  ? tomoyo_file_ioctl+0x30/0x40
[  822.414540][T26447]  ? binder_ioctl_write_read.isra.0+0x4e0/0x4e0
[  822.420785][T26447]  ksys_ioctl+0x101/0x150
[  822.425116][T26447]  __x64_sys_ioctl+0x47/0x60
[  822.429711][T26447]  do_syscall_64+0xc7/0x3b0
[  822.434259][T26447]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  822.440141][T26447] RIP: 0033:0x45ca69
[  822.444034][T26447] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
02:20:40 executing program 5:
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

02:20:40 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306203, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:40 executing program 1:
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x77, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30cb, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

[  822.463685][T26447] RSP: 002b:00007faa931b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  822.472088][T26447] RAX: ffffffffffffffda RBX: 00000000004e1380 RCX: 000000000045ca69
[  822.480050][T26447] RDX: 0000000020000240 RSI: 00000000c0306201 RDI: 0000000000000003
[  822.488013][T26447] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  822.495970][T26447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  822.503927][T26447] R13: 0000000000000214 R14: 00000000004c45cf R15: 00007faa931b16d4
02:20:40 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
eventfd2(0x1, 0x80000)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

02:20:40 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306204, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  822.590748][T26467] binder: 26459:26467 ioctl c0306203 20000540 returned -22
[  822.604206][T26448] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 17)
[  822.661817][T26448] FAT-fs (loop3): Filesystem has been set read-only
[  822.686616][T26448] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 17)
02:20:40 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306205, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  822.710338][T26472] binder: 26471:26472 ioctl c0306204 20000540 returned -22
[  822.795713][T26447] binder_alloc: 26445: binder_alloc_buf failed to map page at 205e0000 in userspace
[  822.837240][T26447] binder: 26445:26447 ioctl c0306201 20000240 returned -14
[  822.837374][T26477] binder: 26476:26477 ioctl c0306205 20000540 returned -22
02:20:43 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:20:43 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0xff, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
fdatasync(r1)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

02:20:43 executing program 5:
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={0xffffffffffffffff, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:43 executing program 3:
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
write$P9_RATTACH(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x510, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x1fd2, &(0x7f00000003c0)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07006706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be95a5db67754bb12feffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5af65727546e7c955ccefa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f0f53acbb40b401e3738270b315d362ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7eab04871bc47287cd31cc43ea0ffb567b40407d000000000000000000000000005f37d83f84e98a523d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce6994521629ab028acfc1d926a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f9"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x4}, 0x10}, 0x78)
socket$nl_route(0x10, 0x3, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x2}, 0x2)
setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fallocate(r0, 0x0, 0x0, 0x1000100)
lseek(r0, 0x0, 0x4)
setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000180)={0x9}, 0x4)
r1 = dup(0xffffffffffffffff)
socket(0x0, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000140)=0x1)
write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)

02:20:43 executing program 4 (fault-call:11 fault-nth:6):
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:20:43 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306208, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:43 executing program 1:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0xffff]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000640))
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f0000000100)={0x4, 0x7, 0x1000, <r5=>r4, 0x0, &(0x7f00000000c0)={0x990a93, 0x609243a0, [], @p_u16=&(0x7f0000000000)=0x8}})
ioctl$KVM_SET_BOOT_CPU_ID(r5, 0xae78, &(0x7f0000000140)=0x2)
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r6 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r6, 0xc0287c02, &(0x7f0000000040))

[  825.382347][T26500] binder: 26492:26500 ioctl c0306208 20000540 returned -22
[  825.404510][T26501] FAULT_INJECTION: forcing a failure.
[  825.404510][T26501] name failslab, interval 1, probability 0, space 0, times 0
[  825.451306][T26501] CPU: 0 PID: 26501 Comm: syz-executor.4 Not tainted 5.7.0-rc1-syzkaller #0
[  825.460005][T26501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  825.470045][T26501] Call Trace:
[  825.473338][T26501]  dump_stack+0x11d/0x187
[  825.477709][T26501]  should_fail.cold+0x5/0xf
[  825.482222][T26501]  __should_failslab+0x82/0xb0
[  825.486987][T26501]  should_failslab+0x5/0xf
[  825.491435][T26501]  kmem_cache_alloc_trace+0x26/0x5f0
[  825.496730][T26501]  binder_alloc_new_buf+0x58e/0xe80
[  825.501942][T26501]  binder_transaction+0x799/0x4cf0
[  825.507118][T26501]  ? vsnprintf+0x1b0/0xb60
[  825.511555][T26501]  ? debug_smp_processor_id+0x3f/0x129
[  825.517026][T26501]  binder_thread_write+0x6b1/0x1ea0
[  825.522251][T26501]  binder_ioctl_write_read.isra.0+0x1e4/0x4e0
[  825.528317][T26501]  ? _binder_inner_proc_unlock+0x4f/0x90
[  825.534031][T26501]  binder_ioctl+0x2dc/0xd7e
[  825.538550][T26501]  ? tomoyo_file_ioctl+0x30/0x40
[  825.543542][T26501]  ? binder_ioctl_write_read.isra.0+0x4e0/0x4e0
[  825.549818][T26501]  ksys_ioctl+0x101/0x150
[  825.554205][T26501]  __x64_sys_ioctl+0x47/0x60
[  825.558802][T26501]  do_syscall_64+0xc7/0x3b0
[  825.563307][T26501]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  825.569199][T26501] RIP: 0033:0x45ca69
[  825.573193][T26501] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  825.592796][T26501] RSP: 002b:00007faa931b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
02:20:43 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc030620c, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:43 executing program 5:
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={0xffffffffffffffff, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  825.601239][T26501] RAX: ffffffffffffffda RBX: 00000000004e1380 RCX: 000000000045ca69
[  825.609208][T26501] RDX: 0000000020000240 RSI: 00000000c0306201 RDI: 0000000000000003
[  825.617183][T26501] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  825.625152][T26501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  825.633122][T26501] R13: 0000000000000214 R14: 00000000004c45cf R15: 00007faa931b16d4
02:20:43 executing program 3:
r0 = socket$kcm(0x10, 0x2, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r3, &(0x7f0000000040)="9e", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x1f}, 0x1c)
r4 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r5}, 0x10)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000140)={r5, 0x10001, 0x10}, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
r7 = dup(r6)
accept4$llc(r7, 0x0, &(0x7f0000000040), 0x800)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2300000022000511d25a80648c63940d0124fc6010e802400a0002000200000037153e370a0001800400000091bd", 0x2e}, {&(0x7f00000001c0)="9ff385fc4f1e20da1760e86615330ce8d1d3b5df8ba6c6ccd0c1cdeb3da038401f0ca2fb80e1a5358c06e81671ac70a57045c3be6a3d56b543e4a44e93d370f719866a1bf03f0cbee2690ad312ffababddb8aeea24bc0533ac8001edb87f9521d11b42a474265bb6e587a1d71de1c32a59383a61a1e94a86d7eb9600819e876423fd61294ebdfd3c8d7fef01225d296b1f41425b771a6afdaf1c52517e0f932785dbb32365dc3c20e04f7fe65b040fa9e42de2b1fedded62601ffceab212a3bc3bcc965edbfc9edc2eeb331a99a65355fad574f634a6", 0xd6}, {&(0x7f00000000c0)="d7504e68aab471202352b00ec3626d5fdf01381ac4ad928d37338b557942fd5033ada46c90b6572335c33ffa9806d81658ab5f8f9b5bff04c62ae90605eb3bf859a89cd3be4be1bece004d558fbf6977", 0x50}, {&(0x7f0000000040)}], 0x4}, 0x8803)

[  825.711463][T26516] binder: 26513:26516 ioctl c030620c 20000540 returned -22
02:20:43 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306210, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  825.755259][T26501] binder_alloc: binder_alloc_new_buf_locked: 26495 failed to alloc new buffer struct
[  825.766961][T26501] binder: 26495:26501 ioctl c0306201 20000240 returned -14
02:20:43 executing program 4 (fault-call:11 fault-nth:7):
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  825.871879][T26529] binder: 26526:26529 ioctl c0306210 20000540 returned -22
[  825.931220][T26530] binder: 26528:26530 ioctl c0306201 20000240 returned -14
02:20:46 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:20:46 executing program 5:
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={0xffffffffffffffff, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:20:46 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
write$FUSE_LSEEK(r1, &(0x7f0000000000)={0x18, 0x0, 0x4, {0x3}}, 0x18)
r2 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r2, 0xc0287c02, &(0x7f0000000040))

02:20:46 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306225, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:46 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:20:46 executing program 3:
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000001740)=""/102400}, 0x20)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5ce}, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x322a}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0x200})
socketpair(0x1, 0x1, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f2, &(0x7f0000000080)='ip6tnl0\x00')
ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000000)={0x11, 0xb0, &(0x7f00000000c0)="61f39addce49cea2ff01f7acaf2809dc273ad6fa7d470b25a2b180218dbd9294e1b468f3a84dd940cfd1bf0db1f953fd5fb96466c75743dba568647fe6fd0720b2af0cb90ad7d66d0d56f95e47977f63c7203fcfc6541da780a3bdbc3fc954901a8f764c5940af91295188fdb8159b842a0539effa48bf2324d574c93843e12bb088cbb8ad9547fc2f61d9cf758d6fdf4b3a377393c1ecc7670b9eaabcc0ed7d24f4fc27a32eadb148b4b1a7022ef1cf"})
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x8)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_REFRESH(0xffffffffffffffff, 0x2402, 0x10000)
perf_event_open(0x0, 0x0, 0xd, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xffff, 0x0, @perf_config_ext, 0x0, 0x0, 0x2, 0x5, 0x4000000000000000, 0x7}, 0x0, 0xa, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$VIDIOC_G_TUNER(r4, 0xc054561d, &(0x7f0000000280)={0x3, "035960261cb966adec467b1250f637c123baae49fefee7a5fb8856e5408411ce", 0x4, 0x400, 0x6, 0x200, 0x2, 0x2, 0x233, 0x5})
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f1, &(0x7f0000000080)='ip6tnl0\x00')

[  828.389587][T26551] binder: 26548:26551 ioctl c0306201 20000240 returned -14
02:20:46 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306250, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  828.437149][T26555] binder: 26549:26555 ioctl c0306225 20000540 returned -22
02:20:46 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x0, 0x0, 0x0, 0x0, 0x403, 0xe00}, 0x40)

02:20:46 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x40004, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$setperm(0x5, r0, 0x0)
r1 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f00000000c0)={'syz', 0x2}, &(0x7f0000000540)="0a80d88733259daf1e6df1bfc571c57aa06cea11f68e505604638496244158671c25cf38542b83686863654af663d9621e65fd78d68671f138dee5cffcda4444cb8b860f9fbc9d557bf73893c42a0e25d7a8663c041c86f4df576fed27ef39d97357495b043981c1a48214f33eb1732fc416d0307743ab739a5c6ea08096ba593487c8047ac77ac84dbc05d969919efc02f1c6f12fa5a0720c2a30d65ef012a11737204ed724882652d0308bc2e6b91d8cfb284f10e1561d59eb4a40dedaf62f", 0xc0, r0)
r2 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0xc0, 0xfffffffffffffffe)
r3 = add_key$user(&(0x7f00000001c0)='user\x00', &(0x7f0000000200)={'syz'}, &(0x7f0000000180)="99b5", 0x2, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r3, r2, r3}, &(0x7f0000000440)=""/243, 0x3a9, &(0x7f0000000240)={&(0x7f0000000040)={'streebog256\x00\x00\x00\x00\x00\x03\x00'}})
r4 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0xc0, 0xfffffffffffffffe)
r5 = add_key$user(&(0x7f00000001c0)='user\x00', &(0x7f0000000200)={'syz'}, &(0x7f0000000180)="99b5", 0x2, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r5, r4, r5}, &(0x7f0000000440)=""/243, 0x3a9, &(0x7f0000000240)={&(0x7f0000000040)={'streebog256\x00\x00\x00\x00\x00\x03\x00'}})
keyctl$dh_compute(0x17, &(0x7f0000000100)={r1, r2, r5}, &(0x7f0000000140)=""/33, 0x21, &(0x7f00000003c0)={&(0x7f0000000180)={'vmac(camellia-generic)\x00'}, &(0x7f0000000300)="14b99425201acefa4b45fad2732bdd8711f4e2a085eab17a575f55f3f4a60fb52136957f94d072d683feee6d6583d68ebf3899008fea3f266b6f52824e21da65783fc913b9759c4b996f6b78aa037fff51f9d9222b8ae63a4faab7a1dab3ad96a81baf32ba38f6c6b0d94878df03464960e97f3218137052832024c945e958e06f53954155ef35a46dcfc6ec241ce61f53570f0a7db57d97a30f5ba2fbc694d39bfbda9adf1f837b", 0xa8})
r6 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r6, 0xc0287c02, &(0x7f0000000040))

02:20:46 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x2, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:20:46 executing program 3:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000000)={0x1})

[  828.614805][T26570] binder: 26567:26570 ioctl c0306250 20000540 returned -22
02:20:46 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x9, 0x0, 0x1, 0x2040, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x40, 0x401}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x9)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x8, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
setsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000000), 0x4)

02:20:49 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:20:49 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x0, 0x0, 0x0, 0x0, 0x403, 0xe00}, 0x40)

02:20:49 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x50, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:49 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x10, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:20:49 executing program 3:
r0 = getpid()
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
signalfd4(r1, &(0x7f0000000680)={[0xfffffffffffffffc]}, 0x8, 0x80800)
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
syslog(0x3, &(0x7f00000000c0)=""/147, 0x6558a7e3409167e0)
open(&(0x7f0000000e00)='./file0\x00', 0x0, 0x0)
mount(&(0x7f0000000200)=ANY=[], &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='proc\x00', 0x0, 0x0)
prlimit64(r0, 0x0, &(0x7f0000000180)={0x5, 0x7}, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00')
setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000000240)={'filter\x00', 0x7, 0x4, 0x3f0, 0x1d8, 0x1d8, 0x1d8, 0x308, 0x308, 0x308, 0x4, &(0x7f0000000200), {[{{@arp={@dev={0xac, 0x14, 0x14, 0x2a}, @private=0xa010102, 0xff, 0xff000000, 0x6, 0xe, {@empty, {[0xff, 0xff, 0xff, 0xff, 0xff]}}, {@empty, {[0xff, 0x0, 0x7c2a12bb4e647de, 0xff, 0x0, 0xff]}}, 0x1f, 0x2, 0x7fff, 0xfff, 0x80, 0x0, 'veth0\x00', 'gre0\x00', {0xff}}, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x6, 0x7fff, 0x4, 0x2}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x81, 0x7fff}}}, {{@uncond, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0xfffffffe, 0x3ff, 0x2, 0x1, 0x0, "61161354892a0429e69778d1336e72da387d072487a7820a5a6362582aa5aff0501a34c672bef1b8d33894ea5bacc43873ced97e4ac84e35fab7b6bad82648d4"}}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0x440)
r3 = memfd_create(&(0x7f0000000000), 0x0)
sendfile(r3, r2, 0x0, 0xfffffffe)

02:20:49 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x400000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$DRM_IOCTL_SET_UNIQUE(r0, 0x40106410, &(0x7f0000000180)={0x6, &(0x7f0000000140)="2b96f938c6ba"})
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r1, &(0x7f0000000040)="9e", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x1f}, 0x1c)
r2 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r3}, 0x10)
setsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000000)=@assoc_id=r3, 0x4)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r4, &(0x7f0000000040)="9e", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x1f}, 0x1c)
r5 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r6}, 0x10)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000200)={r6, @in6={{0xa, 0x4e20, 0x5, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x8}}, 0xa55a, 0xffff, 0x3, 0xffffff7f, 0x60, 0x10001, 0x1}, &(0x7f00000000c0)=0x9c)

[  831.494593][T26601] binder: 26597:26601 ioctl c0306201 20000540 returned -14
[  831.509209][T26602] binder: 26599:26602 ioctl 10 20000240 returned -22
02:20:49 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x2405, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:20:49 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x0, 0x0, 0x0, 0x0, 0x403, 0xe00}, 0x40)

02:20:49 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x2, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:49 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x4c01, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  831.620683][T26615] binder: 26614:26615 ioctl 2405 20000240 returned -22
[  831.693380][T26621] binder: 26617:26621 unknown command 1660944384
[  831.703363][T26621] binder: 26617:26621 ioctl c0306201 20000540 returned -22
02:20:49 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x0, 0x0, &(0x7f0000000380), 0x0, 0x403, 0xe00}, 0x40)

02:20:49 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x3, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  831.736356][T26626] binder: 26625:26626 ioctl 4c01 20000240 returned -22
[  831.839394][T26630] binder: 26628:26630 unknown command 1080229888
[  831.853680][T26630] binder: 26628:26630 ioctl c0306201 20000540 returned -22
[  832.141277][T26604] debugfs: Directory '26604-4' with parent 'kvm' already present!
02:20:52 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, 0x0)
ptrace$cont(0x20, r0, 0x0, 0x0)

02:20:52 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x541b, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:20:52 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x0, 0x0, &(0x7f0000000380), 0x0, 0x403, 0xe00}, 0x40)

02:20:52 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x4, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:52 executing program 1:
mlockall(0x2)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x0, 0x0, 0xff, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x2}}, r0, 0x0, 0xffffffffffffffff, 0x9)
r1 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r1, 0xc0287c02, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$RTC_PLL_GET(r3, 0x80207011, &(0x7f0000000180))
rt_sigprocmask(0x2, &(0x7f0000000080)={[0x100000000]}, &(0x7f0000000140), 0x8)

02:20:52 executing program 3:
r0 = getpid()
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
signalfd4(r1, &(0x7f0000000680)={[0xfffffffffffffffc]}, 0x8, 0x80800)
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
syslog(0x3, &(0x7f00000000c0)=""/147, 0x6558a7e3409167e0)
open(&(0x7f0000000e00)='./file0\x00', 0x0, 0x0)
mount(&(0x7f0000000200)=ANY=[], &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='proc\x00', 0x0, 0x0)
prlimit64(r0, 0x0, &(0x7f0000000180)={0x5, 0x7}, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00')
setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000000240)={'filter\x00', 0x7, 0x4, 0x3f0, 0x1d8, 0x1d8, 0x1d8, 0x308, 0x308, 0x308, 0x4, &(0x7f0000000200), {[{{@arp={@dev={0xac, 0x14, 0x14, 0x2a}, @private=0xa010102, 0xff, 0xff000000, 0x6, 0xe, {@empty, {[0xff, 0xff, 0xff, 0xff, 0xff]}}, {@empty, {[0xff, 0x0, 0x7c2a12bb4e647de, 0xff, 0x0, 0xff]}}, 0x1f, 0x2, 0x7fff, 0xfff, 0x80, 0x0, 'veth0\x00', 'gre0\x00', {0xff}}, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x6, 0x7fff, 0x4, 0x2}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x81, 0x7fff}}}, {{@uncond, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0xfffffffe, 0x3ff, 0x2, 0x1, 0x0, "61161354892a0429e69778d1336e72da387d072487a7820a5a6362582aa5aff0501a34c672bef1b8d33894ea5bacc43873ced97e4ac84e35fab7b6bad82648d4"}}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0x440)
r3 = memfd_create(&(0x7f0000000000), 0x0)
sendfile(r3, r2, 0x0, 0xfffffffe)

[  834.591875][T26658] binder: 26653:26658 ioctl 541b 20000240 returned -22
02:20:52 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x5, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:52 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x0, 0x0, &(0x7f0000000380), 0x0, 0x403, 0xe00}, 0x40)

02:20:52 executing program 1:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3000009)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r4, &(0x7f0000000040)="9e", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x1f}, 0x1c)
r5 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r6}, 0x10)
setsockopt$inet_sctp_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f00000000c0)={r6, 0x3, 0x7, 0x1}, 0x10)
ioctl$KVM_X86_SET_MCE(r3, 0x4040ae9e, &(0x7f0000000140)={0x5500000000000000, 0x1, 0x6, 0x7, 0x1c})
ioctl$sock_inet_SIOCGIFADDR(r1, 0x8915, &(0x7f0000000000)={'netpci0\x00', {0x2, 0x4e24, @private=0xa010102}})
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r7 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r7, 0xc0287c02, &(0x7f0000000040))

02:20:52 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  834.778499][T26674] binder: 26671:26674 unknown command 4210787
[  834.789245][T26674] binder: 26671:26674 ioctl c0306201 20000540 returned -22
02:20:52 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0xe, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8", 0x0, 0x403, 0xe00}, 0x40)

02:20:52 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x6, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  834.956809][T26685] binder: 26683:26685 unknown command 16448
[  834.976662][T26685] binder: 26683:26685 ioctl c0306201 20000540 returned -22
02:20:55 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, 0x0)
ptrace$cont(0x20, r0, 0x0, 0x0)

02:20:55 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x5450, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:20:55 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x8, 0x193000)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
getpeername$netlink(r0, &(0x7f00000029c0), &(0x7f0000002a00)=0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
r3 = accept4$nfc_llcp(0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000000)=0x60, 0x800)
clock_gettime(0x0, &(0x7f0000002940)={<r4=>0x0, <r5=>0x0})
recvmmsg(r3, &(0x7f00000028c0)=[{{&(0x7f0000000140)=@isdn, 0x80, &(0x7f00000015c0)=[{&(0x7f0000000200)=""/232, 0xe8}, {&(0x7f0000000300)=""/130, 0x82}, {&(0x7f00000003c0)=""/42, 0x2a}, {&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000001400)=""/32, 0x20}, {&(0x7f0000001440)=""/236, 0xec}, {&(0x7f0000001540)=""/12, 0xc}, {&(0x7f0000001580)=""/34, 0x22}], 0x8, &(0x7f0000001640)=""/68, 0x44}, 0x8}, {{&(0x7f00000016c0)=@ax25={{0x3, @default}, [@default, @rose, @null, @null, @remote, @remote, @default, @null]}, 0x80, &(0x7f0000002880)=[{&(0x7f0000001740)=""/197, 0xc5}, {&(0x7f0000001840)=""/4096, 0x1000}, {&(0x7f0000002840)=""/36, 0x24}], 0x3}, 0xffff}], 0x2, 0x12023, &(0x7f0000002980)={r4, r5+60000000})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$UI_SET_FFBIT(r2, 0x4004556b, 0x26)

02:20:55 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0xe, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8", 0x0, 0x403, 0xe00}, 0x40)

02:20:55 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x7, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:55 executing program 3:
r0 = socket(0x200000000000011, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=@newlink={0x38, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x3}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r3}]}}}]}, 0x38}}, 0x0)
bind$packet(r0, &(0x7f00000001c0)={0x11, 0x800, r4, 0x1, 0x0, 0x6, @dev}, 0x14)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r5, &(0x7f0000000040)="9e", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x1f}, 0x1c)
r6 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r7=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r7}, 0x10)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000000)={r7, 0x1}, &(0x7f0000000040)=0x8)
write$binfmt_aout(r0, 0x0, 0x0)

02:20:55 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0xe, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8", 0x0, 0x403, 0xe00}, 0x40)

02:20:55 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x5451, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:20:55 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x15, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x800}}, 0x0, 0xc, 0xffffffffffffffff, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
io_uring_register$IORING_UNREGISTER_FILES(r1, 0x3, 0x0, 0x0)
r2 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
uselib(&(0x7f0000000000)='./file0\x00')
ioctl$RTC_EPOCH_READ(r2, 0xc0287c02, &(0x7f0000000040))

[  837.786630][T26715] binder: 26701:26715 unknown command 64
[  837.799129][T26715] binder: 26701:26715 ioctl c0306201 20000540 returned -22
02:20:56 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x15, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe000000", 0x0, 0x403, 0xe00}, 0x40)

02:20:56 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x8, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:56 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x5452, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  838.015865][T26731] binder: 26727:26731 unknown command 50331648
[  838.030369][T26731] binder: 26727:26731 ioctl c0306201 20000540 returned -22
02:20:58 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, 0x0)
ptrace$cont(0x20, r0, 0x0, 0x0)

02:20:58 executing program 1:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
dup(r2)
ioctl$VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f0000000200)={0x7, 0x2, 0x4, 0x2, 0x2, {}, {0x4, 0xc, 0xc8, 0x4, 0x3, 0x2, "60b6761f"}, 0x7, 0x3, @offset=0x5, 0x5, 0x0, <r3=>r2})
getsockopt$inet6_opts(r3, 0x29, 0x36, &(0x7f0000000280)=""/245, &(0x7f0000000180)=0xf5)
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff})
r6 = dup(r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
ioctl$PPPIOCSFLAGS1(r6, 0x40047459, &(0x7f0000000000)=0x20)
ioctl$RTC_EPOCH_READ(r4, 0xc0287c02, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
r8 = dup(r7)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
ioctl$VIDIOC_G_JPEGCOMP(r8, 0x808c563d, &(0x7f00000000c0))

02:20:58 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x15, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe000000", 0x0, 0x403, 0xe00}, 0x40)

02:20:58 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x5460, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:20:58 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x12, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:58 executing program 3:
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
dup(r0)
mount$overlay(0x400000, &(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYRES64=r0])
mkdir(&(0x7f0000000140)='./file0/file0\x00', 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$TUNSETLINK(r2, 0x400454cd, 0x303)
chdir(&(0x7f00000002c0)='./bus\x00')
mkdir(&(0x7f0000000700)='./file1\x00', 0x0)
r3 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1/file0\x00', 0x0)
renameat2(r3, &(0x7f0000000000)='./file1/file0\x00', r3, &(0x7f00000000c0)='./file0/file0\x00', 0x0)

02:20:58 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x15, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe000000", 0x0, 0x403, 0xe00}, 0x40)

02:20:58 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$GIO_FONTX(r0, 0x4b6b, &(0x7f0000000100)={0x130, 0x20, &(0x7f0000000200)})
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000), &(0x7f00000000c0)=0x4)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r1, 0x8982, &(0x7f0000000140)={0x3, 'veth1_to_bond\x00', {0x1}, 0x6})

02:20:58 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x6364, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  840.792598][T26752] binder: 26747:26752 unknown command 0
[  840.828941][T26752] binder: 26747:26752 ioctl c0306201 20000540 returned -22
02:20:59 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x21, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:20:59 executing program 3:
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)}, 0x0)
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305839, &(0x7f0000000040))
write$cgroup_int(r2, &(0x7f0000000200), 0x400c00)
ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40305829, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r5, 0x40485404, &(0x7f0000000180)={{0x0, 0x2, 0x8, 0x2, 0x5}, 0x7, 0xf699})
write$cgroup_int(r2, &(0x7f0000000100), 0x12)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40305839, &(0x7f0000000040))
setsockopt$TIPC_MCAST_BROADCAST(0xffffffffffffffff, 0x10f, 0x85)

[  840.939477][T26763] binder: 26760:26763 ioctl 6364 20000240 returned -22
02:20:59 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x19, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25", 0x0, 0x403, 0xe00}, 0x40)

[  841.044769][T26769] binder: 26767:26769 unknown command 1207959552
[  841.084859][T26769] binder: 26767:26769 ioctl c0306201 20000540 returned -22
02:21:01 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
write$P9_RSTAT(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="750000007d020000006e000104040000000004000000080000000000000000000000a98b0000ff0f0000ee0500000000000002002a000c002f6465762f6d6564696123002c005c776c616e312973797374656d6b657972690010000000000000656d302e75736572766d6e65743127656d3001002da7b4ac2244c72fee97f196edb7584324ea8e3685e39e1d7c31faa465b843ca64b57962975e1d00a5fa3368dfa4814b35f7c53d2a4329a1490be2b6d2f9479a"], 0x75)
r3 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r3, 0xc08c5335, &(0x7f00000000c0)={0x8, 0x416ceb8f, 0x1, 'queue1\x00', 0x4})
r4 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r4, 0xc0287c02, &(0x7f0000000040))
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r2, 0x84, 0x7, &(0x7f0000000180)={0x2}, 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = dup(r5)
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f0000000300)={0x0, 0xfffffffc, 0xa, &(0x7f00000002c0)=0x80000001})
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
r8 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
sendmsg$nl_route(r3, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000800)=ANY=[@ANYBLOB="540000001200000829bd7000ffdbdf2507000000de07470cc492cdf388ffa0826bc7da89ac44a01a2ae5e79d0f173b42205dc4485d44c83784bf9b2459d8be228cfd036c9b5eb3fc6d7b00c6d060085313d888ad9c84f0882e47ba85db27a3a08fe74388b884b6cb2b23763f8219331de5fcd14cde355a663184c21764c45e8b6e037b68dca602f9afa0430b1843e7d5488a3b4654a1ff92c717c098919c056b26d1fcc1b8401502fc7abe284990ecec1cea37c91a5d99798374c79438dfa5845cc5f771baeec20949b3e732be36eb5960faa17ab041f95a3419b7c192d2cf8f7786db5fe621a78b13c4722a3f07ef635fd656086cca041a178fdcaca9cd93b9508a27decfeea1d7aaa4fb135fd2b7ab89484bc7034046f81a83b1281fe6dc2ecc423934de9023eb64b4387d86eaaf4866fb8486ecf3ff20b2", @ANYRESOCT, @ANYRESOCT=r6, @ANYRES32, @ANYBLOB="080003000400000008000100", @ANYRES32=r8, @ANYBLOB="ab92d01d6b7c68db0b9e83b8dfcf47d3a379eb7c82f6997bc8fc18", @ANYRES32, @ANYBLOB="05003d00018de921407eb1f4eb0b6bd7a91ea0edd3b346004979fde7ed244d3e23280a1de954dcf69649fc302ceef2387b6f4e2369c2db8f2f680794c8eb148fa8167c3e963b7bed4ea679d0d64c24922f15de368515597c584c68c608e7aaa98c8c80cf4e783a9b64153b52d06fbff109522c08eeee6b5f57a3c7d8"], 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x80c0)
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x2})

02:21:01 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0)

02:21:01 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x19, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25", 0x0, 0x403, 0xe00}, 0x40)

02:21:01 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x8912, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:01 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x48, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:21:01 executing program 3:
socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket(0x10, 0x3, 0x0)
sendmsg(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="24000000190023041dfffd946f6105000a00000a1f0000030067080008001e0009000000280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
recvfrom$rxrpc(r5, &(0x7f0000000200)=""/103, 0x67, 0x1, &(0x7f0000000040)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e23, @private=0xa010100}}, 0x24)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
r7 = dup(r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff})
r9 = dup(r8)
ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200)
ioctl$VIDIOC_PREPARE_BUF(r5, 0xc058565d, &(0x7f00000000c0)={0x3af, 0xc, 0x4, 0x100000, 0x9, {}, {0x4, 0x4, 0xfa, 0x5, 0x0, 0x1d, "ac4eb812"}, 0x1, 0x2, @fd=r7, 0x1, 0x0, r9})

02:21:02 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x800000004, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

02:21:02 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x19, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25", 0x0, 0x403, 0xe00}, 0x40)

[  843.857020][T26792] binder: 26787:26792 ioctl 8912 20000240 returned -22
[  843.887811][T26796] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
02:21:02 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x8933, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  843.955357][T26800] binder: 26789:26800 unknown command 0
[  843.973554][T26800] binder: 26789:26800 ioctl c0306201 20000540 returned -22
02:21:02 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x4c, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:21:02 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d308", 0x0, 0x403, 0xe00}, 0x40)

[  844.063194][T26810] binder: 26807:26810 ioctl 8933 20000240 returned -22
02:21:02 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = semget(0x0, 0x6, 0x620)
semctl$IPC_INFO(r2, 0x4, 0x3, &(0x7f0000000000)=""/73)
semctl$SEM_INFO(r2, 0x3, 0x13, &(0x7f00000001c0)=""/253)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
mlock(&(0x7f0000015000/0x4000)=nil, 0x4000)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000140)="66673666660ff804770f00d88fc820a2141d00600000dc66ba2100b80c000000ef440f20c03503000000440f22c0c4c1f573fef4660f38801a2e6640080866b827010f00d0c7442400d2000000ff2c24", 0x50}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

02:21:02 executing program 1:
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x20400)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00')
sendmsg$NL80211_CMD_GET_REG(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x1c, r4, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY={0x8}]}, 0x1c}}, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
r6 = socket(0x10, 0x80002, 0x0)
connect$netlink(r6, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x2}, 0xc)
getpeername$packet(r6, &(0x7f00000000c0)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f0000000000)={r7, 0x1, 0x6}, 0x10)
sendmsg$NL80211_CMD_SET_MESH_CONFIG(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x40, r4, 0x100, 0x70bd26, 0x25dfdbfd, {}, [@NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x5, 0x3}}, @NL80211_ATTR_WIPHY={0x8}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r7}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
semctl$IPC_INFO(0x0, 0x4, 0x3, &(0x7f0000000000)=""/73)
semctl$SEM_INFO(0x0, 0x2, 0x13, &(0x7f0000000000)=""/6)
r8 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000180)={0x3, [0x0, 0x0, 0x0]}, &(0x7f0000000240)=0x10)

02:21:04 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0)

02:21:04 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xae01, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:04 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d308", 0x0, 0x403, 0xe00}, 0x40)

02:21:04 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x12, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100), 0xf}, 0x2000, 0x0, 0x0, 0x1, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x1f3e41, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0)
write$apparmor_current(r1, &(0x7f0000000140)=@profile={'stack ', ')?.ppp0md5sum\x00'}, 0x14)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x2a8201, 0x0)

02:21:04 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, &(0x7f0000000140)={{0x4, 0x69}, 'port1\x00', 0xc, 0x30010, 0x7, 0x9, 0x3ff, 0x80, 0xbba1960})
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x9, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c000000f1cc58e8c90eab0f", @ANYRES16=0x0, @ANYBLOB="00000000000000000000010000000500060000000000"], 0x1c}}, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00', 0x6})
ioctl(r0, 0x8b32, &(0x7f0000000040))

02:21:04 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x60, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:21:05 executing program 3:
r0 = gettid()
ptrace$setopts(0x4206, r0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$EVIOCRMFF(r2, 0x40044581, &(0x7f0000000100)=0x83f)
r3 = perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x2}, 0x0, 0x1, 0x0, 0x6}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r3, 0x4, 0x42000)
r4 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000340)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce003d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0x2b2, 0xfffffffffffffffe)
r5 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000000)="03", 0x1, 0xfffffffffffffffd)
r6 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)='X', 0x1, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r5, r4, r6}, &(0x7f0000000440)=""/243, 0xf3, &(0x7f0000000240)={&(0x7f0000000080)={'md4\x00'}})
set_thread_area(&(0x7f00000001c0)={0xad2, 0x0, 0x1000, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1})

02:21:05 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d308", 0x0, 0x403, 0xe00}, 0x40)

[  846.973335][T26853] binder: 26844:26853 ioctl ae01 20000240 returned -22
02:21:05 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x10000)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

02:21:05 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xae41, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:05 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1c, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x0, 0xe00}, 0x40)

02:21:05 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = dup(r0)
r2 = socket$alg(0x26, 0x5, 0x0)
ioctl$SNDRV_PCM_IOCTL_DELAY(0xffffffffffffffff, 0x80084121, &(0x7f00000003c0))
bind$alg(r2, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d0400", 0xc)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r4, 0x4, 0x42800)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'batadv0\x00', <r5=>0x0})
bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local}, 0x14)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000200)={<r6=>0x0, 0x6}, &(0x7f0000000240)=0x8)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000280)=ANY=[@ANYRES32=r6, @ANYBLOB="58000000f44ffa36c3f9d5933b882744bd5084ddee8f87a9496489e758a1cdfcfecf9a7c71909a7e5f654424414a6abfaa00606247cdc9e64c4116f6d6fddef2b799923108021f6407000000ae170355b2d86d3e95b309dd365e41f9"], &(0x7f0000000380)=0x60)
sendto$inet6(r0, &(0x7f0000000300)="0503c80006023e0018a041a0c52cf7c25975e697b02f08066b2b2ff0dac8897c6b11876d886b143a301817ccd51cc5471d130a6632a8816107d08f24286a57c3fe257c3314a3974bb654", 0x4a, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
mount$overlay(0x400000, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="44640040000000000000000000000000008a6b2a830d4b7ac1a69b99fd05fbe3f50fcfdc6a5ab4d2e261fc25874ac0218495c60782858a4108336684e4d20963eeb7e09c874958c95113fa25a583c4dd25dfb5ec175e43e8ca6edc75216edb86393208925611d68ddc00373f3d0492fc07fc84e1cdb0e9579ca3a4e5de8a6801241dd09161218f4b5e71f4eceb9c6c7d017cce8251f67d"])

[  847.132408][T26869] binder: 26868:26869 ioctl ae41 20000240 returned -22
[  847.438016][T26878] overlayfs: unrecognized mount option "Dd" or missing value
02:21:08 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0)

02:21:08 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
r1 = gettid()
ptrace$setopts(0x4200, r1, 0x0, 0x100064)
prctl$PR_SET_PTRACER(0x59616d61, r1)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

02:21:08 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x400454ca, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:08 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1c, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x0, 0xe00}, 0x40)

02:21:08 executing program 3:
perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000013c0)={{{@in6=@remote, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@broadcast, 0x0, 0x32}, 0x0, @in6, 0x0, 0x0, 0x0, 0x2}}, 0xe8)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c)
sendmmsg(r0, &(0x7f0000000240), 0x5c3, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000902000000a8a989000000007ba79554354cdddb4e667263a72ff58ab16f88b9663da5668b145e631349af155c3681599156da38c17b22b9e79c448cd2ea9258687a25340b61976cae3a9a9e90785afd318850362411ef16cd8fef4aa6920cfaa9dac6acb5ded04e543506a3bfcb79eda41d0d8d5e649caab8d914916ee79d501a3aa4f0972e376bb9f94c5268f7ff158864d444d4bf66e8d85cc74a000000000000e800874c57da99f00000000000781f1a3ea4c057bfc8af28e2b90e1d3dd7fe6e38d2"], 0x10}}, 0x0)
r2 = dup(0xffffffffffffffff)
openat$nvram(0xffffffffffffff9c, &(0x7f0000000340)='/dev/nvram\x00', 0xa52c46821800399d, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000001c0)=0x5)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xfffffee5}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmmsg(r3, &(0x7f0000000180), 0xfa, 0x0)

02:21:08 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x68, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:21:08 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat(r1, &(0x7f00000000c0)='./file0\x00', 0x20000, 0x130)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000100)=[@in={0x2, 0x4e21, @multicast2}, @in={0x2, 0x4e23, @private=0xa010101}, @in={0x2, 0x4e24, @rand_addr=0x64010101}], 0x30)
r3 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r3, 0xc0287c02, &(0x7f0000000000))
r4 = syz_open_dev$audion(&(0x7f0000000140)='/dev/audio#\x00', 0x4, 0x8b01)
r5 = socket$packet(0x11, 0x3, 0x300)
r6 = socket(0x10, 0x80002, 0x0)
connect$netlink(r6, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x2}, 0xc)
getpeername$packet(r6, &(0x7f00000000c0)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f0000000000)={r7, 0x1, 0x6}, 0x10)
ioctl$TUNSETIFINDEX(r4, 0x400454da, &(0x7f0000000180)=r7)

[  850.073032][T26900] binder: 26894:26900 ioctl 400454ca 20000240 returned -22
02:21:08 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1c, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x0, 0xe00}, 0x40)

02:21:08 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x40046205, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:08 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)={0x0, 0x280, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a})
r1 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r1, 0xc0287c02, &(0x7f0000000040))
ioctl$SIOCPNADDRESOURCE(r1, 0x89e0, &(0x7f00000000c0)=0x80000001)

02:21:08 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x40046207, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:08 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1c, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x0, 0x0, 0x0}, 0x40)

[  850.448562][T26933] binder: BINDER_SET_CONTEXT_MGR already set
[  850.448579][T26933] binder: 26929:26933 ioctl 40046207 20000240 returned -16
02:21:11 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, 0x0, 0x0, 0x0)

02:21:11 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:11 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1c, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x0, 0x0, 0x0}, 0x40)

02:21:11 executing program 1:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsu\x00', 0x2100, 0x0)
ioctl$IMGETDEVINFO(r0, 0x80044944, &(0x7f00000000c0)={0x8})
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r1, 0xc0287c02, &(0x7f0000000040))

02:21:11 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x6c, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:21:11 executing program 3:
perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000013c0)={{{@in6=@remote, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@broadcast, 0x0, 0x32}, 0x0, @in6, 0x0, 0x0, 0x0, 0x2}}, 0xe8)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c)
sendmmsg(r0, &(0x7f0000000240), 0x5c3, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000902000000a8a989000000007ba79554354cdddb4e667263a72ff58ab16f88b9663da5668b145e631349af155c3681599156da38c17b22b9e79c448cd2ea9258687a25340b61976cae3a9a9e90785afd318850362411ef16cd8fef4aa6920cfaa9dac6acb5ded04e543506a3bfcb79eda41d0d8d5e649caab8d914916ee79d501a3aa4f0972e376bb9f94c5268f7ff158864d444d4bf66e8d85cc74a000000000000e800874c57da99f00000000000781f1a3ea4c057bfc8af28e2b90e1d3dd7fe6e38d2"], 0x10}}, 0x0)
r2 = dup(0xffffffffffffffff)
openat$nvram(0xffffffffffffff9c, &(0x7f0000000340)='/dev/nvram\x00', 0xa52c46821800399d, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000001c0)=0x5)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xfffffee5}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmmsg(r3, &(0x7f0000000180), 0xfa, 0x0)

02:21:11 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1c, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x0, 0x0, 0x0}, 0x40)

02:21:11 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
r1 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x66)
ioctl$FIONCLEX(r1, 0x5450)
ioctl$NBD_SET_SIZE_BLOCKS(r1, 0xab07, 0x101)

02:21:11 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x40049409, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:11 executing program 1:
r0 = gettid()
ptrace$setopts(0x4206, r0, 0x0, 0x0)
syz_open_procfs$namespace(r0, &(0x7f0000000000)='ns/user\x00')
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r1, 0xc0287c02, &(0x7f0000000040))

02:21:11 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x4018620d, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:11 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1c, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x40)

[  853.488583][T26995] binder: BINDER_SET_CONTEXT_MGR already set
[  853.495458][T26995] binder: 26994:26995 ioctl 4018620d 20000240 returned -16
02:21:14 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, 0x0, 0x0, 0x0)

02:21:14 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x40186366, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:14 executing program 3:
perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000013c0)={{{@in6=@remote, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@broadcast, 0x0, 0x32}, 0x0, @in6, 0x0, 0x0, 0x0, 0x2}}, 0xe8)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c)
sendmmsg(r0, &(0x7f0000000240), 0x5c3, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="0207000902000000a8a989000000007ba79554354cdddb4e667263a72ff58ab16f88b9663da5668b145e631349af155c3681599156da38c17b22b9e79c448cd2ea9258687a25340b61976cae3a9a9e90785afd318850362411ef16cd8fef4aa6920cfaa9dac6acb5ded04e543506a3bfcb79eda41d0d8d5e649caab8d914916ee79d501a3aa4f0972e376bb9f94c5268f7ff158864d444d4bf66e8d85cc74a000000000000e800874c57da99f00000000000781f1a3ea4c057bfc8af28e2b90e1d3dd7fe6e38d2"], 0x10}}, 0x0)
r2 = dup(0xffffffffffffffff)
openat$nvram(0xffffffffffffff9c, &(0x7f0000000340)='/dev/nvram\x00', 0xa52c46821800399d, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000001c0)=0x5)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xfffffee5}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmmsg(r3, &(0x7f0000000180), 0xfa, 0x0)

02:21:14 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)={&(0x7f0000000000)='./file0\x00'}, 0x10)

02:21:14 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1c, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x40)

02:21:14 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x74, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  856.260327][T27023] binder: 27014:27023 ioctl 40186366 20000240 returned -22
02:21:14 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1c, 0x0, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x40)

02:21:14 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x4020940d, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:14 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0x80086301, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:14 executing program 5:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)={0x0, 0x280, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a})
r1 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r1, 0xc0287c02, &(0x7f0000000040))
ioctl$SIOCPNADDRESOURCE(r1, 0x89e0, &(0x7f00000000c0)=0x80000001)

02:21:14 executing program 3 (fault-call:1 fault-nth:0):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:14 executing program 1:
perf_event_open(&(0x7f0000000100)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x9}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r0=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r0, 0xee00)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000440)={0x0, 0x0, <r2=>0x0}, &(0x7f00000000c0)=0xc)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2}}}, 0x78)
r3 = gettid()
ptrace$setopts(0x4206, r3, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
r6 = gettid()
ptrace$setopts(0x4206, r6, 0x0, 0x0)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r8=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r8, 0xee00)
ioctl$DRM_IOCTL_GET_CLIENT(r5, 0xc0286405, &(0x7f0000000200)={0xf2, 0x1ff, {<r9=>r6}, {r8}, 0xf6})
shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000240)={{0x2, 0x0, 0x0, r0, r2, 0x80, 0xffff}, 0x5, 0x7, 0x10001, 0xc4bc, r3, r9, 0x3})
r10 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r10, 0xc0287c02, &(0x7f0000000040))

[  856.723297][T27046] binder: 27044:27046 ioctl 80086301 20000240 returned -22
[  856.838792][T27050] FAULT_INJECTION: forcing a failure.
[  856.838792][T27050] name failslab, interval 1, probability 0, space 0, times 0
[  856.880814][T27050] CPU: 1 PID: 27050 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  856.889509][T27050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  856.899547][T27050] Call Trace:
[  856.902882][T27050]  dump_stack+0x11d/0x187
[  856.907302][T27050]  should_fail.cold+0x5/0xf
[  856.911912][T27050]  __should_failslab+0x82/0xb0
[  856.916674][T27050]  should_failslab+0x5/0xf
[  856.921090][T27050]  __kmalloc+0x54/0x640
[  856.925246][T27050]  ? bpf_test_init.isra.0+0x9f/0x110
[  856.930534][T27050]  ? __rcu_read_unlock+0x77/0x390
[  856.935630][T27050]  bpf_test_init.isra.0+0x9f/0x110
[  856.940749][T27050]  bpf_prog_test_run_skb+0x79/0xad0
[  856.945953][T27050]  ? __fget_light+0xc0/0x1a0
[  856.950546][T27050]  ? fput_many+0xe2/0x130
[  856.954880][T27050]  ? bpf_prog_test_run_tracing+0x380/0x380
[  856.960770][T27050]  __do_sys_bpf+0x1c4d/0x3100
[  856.965469][T27050]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  856.971366][T27050]  ? __this_cpu_preempt_check+0x3c/0x130
[  856.977020][T27050]  ? __sb_end_write+0xc2/0x120
[  856.981937][T27050]  __x64_sys_bpf+0x47/0x60
[  856.986378][T27050]  do_syscall_64+0xc7/0x3b0
[  856.990877][T27050]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  856.996760][T27050] RIP: 0033:0x45ca69
[  857.000656][T27050] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  857.020252][T27050] RSP: 002b:00007f78368d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  857.028658][T27050] RAX: ffffffffffffffda RBX: 00000000004da540 RCX: 000000000045ca69
[  857.036631][T27050] RDX: 0000000000000028 RSI: 0000000020000740 RDI: 000000000000000a
[  857.044634][T27050] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  857.052613][T27050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  857.060630][T27050] R13: 000000000000005b R14: 00000000004c31cb R15: 00007f78368d16d4
02:21:17 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, 0x0, 0x0, 0x0)

02:21:17 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0045878, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:17 executing program 5:
r0 = socket(0x200000000000011, 0x4000000000080002, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$rds(0xffffffffffffffff, &(0x7f00000044c0)={&(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10, &(0x7f0000001d00)=[{&(0x7f00000001c0)=""/164, 0xa4}, {&(0x7f0000000b80)=""/4096, 0x1000}, {&(0x7f0000001b80)=""/143, 0x8f}, {&(0x7f0000000100)=""/77, 0x4d}, {&(0x7f0000001c40)=""/40, 0x28}, {&(0x7f0000001c80)=""/97, 0x61}], 0x6, &(0x7f0000004380)=[@rdma_args={0x48, 0x114, 0x1, {{0x8, 0xffffffff}, {&(0x7f0000001d80)=""/4096, 0x1000}, &(0x7f0000004200)=[{&(0x7f0000002d80)=""/242, 0xf2}, {&(0x7f0000002e80)=""/4096, 0x1000}, {&(0x7f0000003e80)=""/201, 0xc9}, {&(0x7f0000003f80)=""/143, 0x8f}, {&(0x7f0000004040)=""/240, 0xf0}, {&(0x7f0000004140)=""/1, 0x1}, {&(0x7f0000004180)=""/119, 0x77}], 0x7, 0x18, 0x20}}, @cswp={0x58, 0x114, 0x7, {{0x7, 0x7}, &(0x7f0000004280)=0xfff, &(0x7f00000042c0)=0xffffffff, 0x200, 0x96, 0xb5, 0x1, 0x1, 0xff}}, @fadd={0x58, 0x114, 0x6, {{0x1, 0x9}, &(0x7f0000004300)=0x1, &(0x7f0000004340)=0x800, 0xfffffffffffffff8, 0x9, 0x8, 0x7, 0x40, 0x7}}, @zcopy_cookie={0x18, 0x114, 0xc, 0xfffffff8}], 0x110, 0x4000011}, 0x20000014)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
bind$packet(r0, &(0x7f00000000c0)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @local}, 0x14)
getsockname$packet(r0, &(0x7f0000000180)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x3a)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="d00800002400fffff7009eefb978b7dbb04d3000", @ANYRES32=r3, @ANYBLOB="0000000bf1ffffff000000000800010063627100a408020004040600030000000500000000700300fdffffffffff00001f0000000500000000020000010000000000100083000000fdffffff07000000084900000100000002000000cf000000feffffff080000000180000003000000090000000200000000274a49ef6949a7bb000000050000000100000004000000ff7f000000000000000400000002000004000000ff0f0000f44f350001000000010400005eb768350100000008000000ffffffffc38d00001f000000040008830600000000000100f7ffffff030000000080ffff050104000600000006000000a900000000000000c0000000c0ffffff08000000018000000101000006000000b300000000000020050000000104000004000000070000010800000001010000c22e0000c0ffffff0500000004000000060000000900000008000000f7ffffff0800000003000000080000000400000001000080040000000400000000100000040000000700000009000000fcffffff01000000010000000900000000020000060e0000080000000200000002000000090000000800000007000000ab000000fb00000007000000ff0100000800000001040000070000000300000009000000ff07000008000000ffff0000a90100000900000005000000200000000500000001000000070000008eb7000000000080010000000000000007000000fffffffffcffffff01f0ffff000000003f00000003000000000100000080000000800000030000000500000005000000ffffffff0700000015ba000004000000070000000300000003000000ffffffff04000000554f00006ff800000700000003000000000200000600000008000000b300000006000000000000000007000001010000030000000080000000040000730a000001000080010000009e0c0000000800000100008000000000000000004000000000fefffff67d000004000400ff01000002000000000000004000000040000000ed000000010001000e0a05000000000000020000040000000600000002000000ff7f00000100000001000000060000007f000000020000000004000004000000090000009000000008000000b6000000040000000400000005000000f50a0000ffff0000060000008ff9ffff070000001eaaffff3f0000008000000000000000ff0c0000ff7f0000030000007f0000002d0000000800000000010000ff070000ffffffff2bab000002000000ace800000500000000000000e1bf934d070000001f000d000300000004000000070000000900000005000000030000000200000087d400000200000008000000000100007f0000000e000000080000000200000007000000ffffff7f06000000000000000500000001000000820000001f0000000004000001000000faffffff0500000006000000070000000300000010000500810306009fff04000800000004040600d90b0000ff00000005000000040000001ba2cc3b00000080010000003f000000ff0f0000bd52c97303000000be060000fffffffffffeffff7f000000ff0000008100000000c8954b8db160fea10000000300000000000000060000008f5e0040010000000002000006000000010100000200000007000000000000e0318900000104000000efff000600000004000000080000000400000002000000c00000000810000008000000f7ffffff05000000810000004d00000001000080eb0700001f000000090000000800000001000000000000000000000002000000ffff00000100000002000000000000e0a000000040000000ff000000f7ffffff0500000009000000070000000600000028080000030000000600000004000000be00000003000000070000000500000038080000faffffffffffffff47b5554d001000008100000007000000ffffffff040000000100000002000000566b00002000000004000000020000008b01000001000000ffff000004000000ff0f0000050000002000000003000000e40d000007000000f8ffffff200000003f000000387f00000700000007000000c10a000009000000040000000400000000000000008000000100008009000000370b000000000000ff07000006000000bb7900000400000002000000ffffff7f0300000000000000090000000700000005000000000000807f0000000900000008000000fad4ffffff01000001010000010000003f0000000400000020f2ffff01000100ffff0000010000000200000008000000fbfffffff9ffffff040000004d000000060000000200000002000000070000004e0d0000000200000800000035000000300e00000700000000040000020000000180000020000000f2ffffff070000000500000000010000fffffeff0900000000080000070000000800000009000000ff7f00000900000004000000040000000000000006000000050000000100000009000000080000007e0700000300000000800000bf16000002000006000000ffee00000001000000000000000010f7006305000000000000000000007f00000010080000000000000100008002000000080000000101000003000000ffffff7ffffffffff7ffffff0600000003000000a6060000ff030000070000000180000009000000020000000000000004000000e37fffff00020000070000000500000001000100000000800000af06060000002b0a000005000000010000000500000009000000040000000500000002000000ffffff7ff30000000800000002000000ffff0000ff070000810000004000000075fc000009000000fbffffff0500000000000000810000000100000080000000d05e0000020000001f00000000000000ff010000451e00002d00000000000000ff00000010006a1f31001000ff070000010000001800010039"], 0x8d0}}, 0x0)
r4 = socket(0x1000000010, 0x80002, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
r7 = dup(r6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x4000000000000040)
getsockopt$ax25_int(r7, 0x101, 0xc, &(0x7f0000004540), &(0x7f0000004580)=0x4)
dup(r5)
ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000004500))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff})
dup(r8)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r8, 0x8983, &(0x7f00000045c0)={0x6, 'batadv_slave_1\x00', {0x80000000}, 0x244e})
sendmmsg$alg(r4, &(0x7f0000000200), 0x10efe10675dec16, 0x0)

02:21:17 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x7a, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:21:17 executing program 3 (fault-call:1 fault-nth:1):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:17 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00')
sendmsg$NL80211_CMD_GET_REG(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x1c, r2, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY={0x8}]}, 0x1c}}, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket(0x10, 0x80002, 0x0)
connect$netlink(r4, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x2}, 0xc)
getpeername$packet(r4, &(0x7f00000000c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000000)={r5, 0x1, 0x6}, 0x10)
r6 = gettid()
ptrace$setopts(0x4206, r6, 0x0, 0x0)
r7 = socket$packet(0x11, 0x3, 0x300)
r8 = socket(0x10, 0x80002, 0x0)
connect$netlink(r8, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x2}, 0xc)
getpeername$packet(r8, &(0x7f00000000c0)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
setsockopt$packet_add_memb(r7, 0x107, 0x1, &(0x7f0000000000)={r9, 0x1, 0x6}, 0x10)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="b4437815", @ANYRES16=r2, @ANYBLOB="020500000000000000e4e700000000000000", @ANYRES32=r5, @ANYBLOB='\b\x00R\x00', @ANYRES32=r6, @ANYBLOB="08000300", @ANYRES32=r9, @ANYBLOB="0800010003000000"], 0x34}, 0x1, 0x0, 0x0, 0x40000810}, 0x0)

[  859.335365][T27069] FAULT_INJECTION: forcing a failure.
[  859.335365][T27069] name failslab, interval 1, probability 0, space 0, times 0
[  859.353552][T27072] netlink: 96 bytes leftover after parsing attributes in process `syz-executor.5'.
[  859.374275][T27069] CPU: 1 PID: 27069 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  859.383065][T27069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  859.393175][T27069] Call Trace:
[  859.396507][T27069]  dump_stack+0x11d/0x187
[  859.400819][T27069]  should_fail.cold+0x5/0xf
[  859.405321][T27069]  __should_failslab+0x82/0xb0
[  859.410084][T27069]  should_failslab+0x5/0xf
[  859.414505][T27069]  kmem_cache_alloc_trace+0x26/0x5f0
[  859.419785][T27069]  ? _copy_from_user+0xb3/0xf0
[  859.424553][T27069]  ? bpf_test_init.isra.0+0x77/0x110
[  859.429853][T27069]  ? bpf_ctx_init+0x9a/0x150
[  859.434460][T27069]  bpf_prog_test_run_skb+0x12e/0xad0
[  859.439811][T27069]  ? __fget_light+0xc0/0x1a0
[  859.444473][T27069]  ? fput_many+0xe2/0x130
[  859.448807][T27069]  ? bpf_prog_test_run_tracing+0x380/0x380
[  859.454611][T27069]  __do_sys_bpf+0x1c4d/0x3100
[  859.459320][T27069]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  859.465216][T27069]  ? __this_cpu_preempt_check+0x3c/0x130
[  859.470851][T27069]  ? __sb_end_write+0xc2/0x120
[  859.475629][T27069]  __x64_sys_bpf+0x47/0x60
[  859.480122][T27069]  do_syscall_64+0xc7/0x3b0
[  859.484665][T27069]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  859.490549][T27069] RIP: 0033:0x45ca69
[  859.494446][T27069] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  859.514048][T27069] RSP: 002b:00007f78368d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  859.522512][T27069] RAX: ffffffffffffffda RBX: 00000000004da540 RCX: 000000000045ca69
02:21:17 executing program 3 (fault-call:1 fault-nth:2):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:17 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0045878, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  859.530466][T27069] RDX: 0000000000000028 RSI: 0000000020000740 RDI: 000000000000000a
[  859.538415][T27069] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  859.546364][T27069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  859.554336][T27069] R13: 000000000000005b R14: 00000000004c31cb R15: 00007f78368d16d4
[  859.623705][T27072] netlink: 96 bytes leftover after parsing attributes in process `syz-executor.5'.
[  859.668718][T27088] FAULT_INJECTION: forcing a failure.
[  859.668718][T27088] name failslab, interval 1, probability 0, space 0, times 0
[  859.685666][T27088] CPU: 1 PID: 27088 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  859.694336][T27088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  859.704376][T27088] Call Trace:
[  859.707705][T27088]  dump_stack+0x11d/0x187
[  859.712038][T27088]  should_fail.cold+0x5/0xf
[  859.716544][T27088]  __should_failslab+0x82/0xb0
[  859.721366][T27088]  should_failslab+0x5/0xf
[  859.725798][T27088]  kmem_cache_alloc+0x23/0x5e0
[  859.730570][T27088]  ? map_id_range_down+0x131/0x210
[  859.735754][T27088]  ? __should_failslab+0x8a/0xb0
[  859.740691][T27088]  ? debug_smp_processor_id+0x3f/0x129
[  859.746164][T27088]  __build_skb+0x37/0x80
[  859.750479][T27088]  build_skb+0x3a/0x190
[  859.754639][T27088]  bpf_prog_test_run_skb+0x19f/0xad0
[  859.759943][T27088]  ? bpf_prog_test_run_tracing+0x380/0x380
[  859.765756][T27088]  __do_sys_bpf+0x1c4d/0x3100
[  859.770508][T27088]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  859.776463][T27088]  ? __this_cpu_preempt_check+0x3c/0x130
[  859.782121][T27088]  ? __sb_end_write+0xc2/0x120
[  859.786968][T27088]  __x64_sys_bpf+0x47/0x60
[  859.791393][T27088]  do_syscall_64+0xc7/0x3b0
[  859.795904][T27088]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  859.801801][T27088] RIP: 0033:0x45ca69
[  859.805697][T27088] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  859.825466][T27088] RSP: 002b:00007f78368d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  859.833883][T27088] RAX: ffffffffffffffda RBX: 00000000004da540 RCX: 000000000045ca69
[  859.841850][T27088] RDX: 0000000000000028 RSI: 0000000020000740 RDI: 000000000000000a
[  859.849830][T27088] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  859.857806][T27088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
02:21:18 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  859.865834][T27088] R13: 000000000000005b R14: 00000000004c31cb R15: 00007f78368d16d4
02:21:18 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r1, &(0x7f0000000200), 0x43400)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000c00)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36bb3019c13bd2321afb56fa54f26fb0b71d0e6adfefcf1d8f7faf75e0f226bd917487960717142fa9ea4318123741c0a0e168c1886d0d4d94f2f4e345c652fbc16ee988e6e0dc8cedf3ceb9fbfbf9b0a4def23d410f6296b32a83438810720a159cda9036b4e369a9e152ddcc7b1b85f3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4b3449abe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ececb0cd2b6d357b8580218ce740068725837074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa000000000000000000000000000000000000000000000000020000000000000000000000000000b27cf3d1848a54d7132be1ffb0adf9deab29ea3323aa9fdfb52faf449c3bfd09000000b91ab219efdebb7b3de8f67581cf796a1d4223b9ff7ffcad3f6c962b9f292324b7ab7f7da31cf41ab11f12fb1e0a494034127de7c6592df1a6c64d8f20a67745409e011f1264d43e153b3d34899f40159e800ea2474b544035a30b23bcee46762c2093bcc9eae5ee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec309baed0495f06d058a73650d6fe048ba6866adebab53168770a71ad901ace383e41d277b10392a912ffaf6f658f3f9cd16286744f83a83f128f8f92ef992239eafce5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad380a447483cac394c7bbdcd0e3b1c39b6e00916de48a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73755539280b064bda144910fe050038ec9e47de89298b7bf4d769ccc18eede00e8ca5457870eb30d211e23ccc8e06dddeb61799257ab55ff413c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d462357b22515567230ad1e1f4933545fe2c741374211663f6b63b1dd044dd0a2768e825972ea3b77641467c89fa0f82e8440105051e5510a33dcda5e143fbfff161c12ca389cbe4c51b3fa00675cc1b66c5fd9c26a54d43fa050645bd9109b7e7131421c0f39113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a84a4e378a9b15bc20f49e298727340e87cdefb40e56e9cfad973347d0de7ba4754ff231a1b933d8f931ba3552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf46306f2af79b8d4c2bf0f7a2cb032dad13007b82e6044f643fc8cd47ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3a3ee6c08384865b66d2b4dcb5dd9cba16b64ebbbf8702ae12c77e6e34991a225c120a3c950942e367f603e3856a346cf7f9fe0bc9f2a1a7506d35e5eb7088aeda890cf8a4a6f31ba6d9b8cb098f935bdcbb29fd0f1a342c9eed00000000ab6648a9dea0b6c91996d65da6c24a702a86c814459f3cdaaf99"], &(0x7f0000000140)='GPL\x00'}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000180)={r2, 0xc0, &(0x7f0000000b00)={0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000180)={r3}, 0xc)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffed9, &(0x7f0000000440)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xee\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A', r3}, 0x30)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f00000004c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040))

02:21:18 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
ioctl$VT_GETMODE(r0, 0x5601, &(0x7f0000000000))

02:21:18 executing program 3 (fault-call:1 fault-nth:3):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  860.075978][T27102] FAULT_INJECTION: forcing a failure.
[  860.075978][T27102] name failslab, interval 1, probability 0, space 0, times 0
[  860.088656][T27102] CPU: 1 PID: 27102 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  860.097383][T27102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  860.107432][T27102] Call Trace:
[  860.110726][T27102]  dump_stack+0x11d/0x187
[  860.115063][T27102]  should_fail.cold+0x5/0xf
[  860.119637][T27102]  __should_failslab+0x82/0xb0
[  860.124400][T27102]  should_failslab+0x5/0xf
[  860.128819][T27102]  kmem_cache_alloc+0x23/0x5e0
[  860.133575][T27102]  ? ima_get_action+0x6a/0x80
[  860.138316][T27102]  skb_clone+0xf4/0x280
[  860.142498][T27102]  bpf_clone_redirect+0x8d/0x1f0
[  860.147452][T27102]  bpf_prog_bb15b996d00816f9+0x5c/0x12c
[  860.153000][T27102]  ? unpack_profile+0x14b0/0x1b10
[  860.158063][T27102]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  860.163952][T27102]  ? __rcu_read_unlock+0x77/0x390
[  860.168988][T27102]  ? mntput_no_expire+0xae/0x540
[  860.173951][T27102]  ? mntput+0x5a/0x80
[  860.178120][T27102]  ? terminate_walk+0x1b8/0x240
[  860.182978][T27102]  ? path_openat+0x462/0x23d0
[  860.187655][T27102]  ? should_fail+0x7c/0x2fd
[  860.192163][T27102]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  860.198168][T27102]  ? __read_once_size+0x45/0xd0
[  860.203027][T27102]  ? ktime_get+0x1c9/0x210
[  860.207447][T27102]  bpf_test_run+0x250/0x560
[  860.212042][T27102]  bpf_prog_test_run_skb+0x668/0xad0
[  860.217334][T27102]  ? bpf_prog_test_run_tracing+0x380/0x380
[  860.223150][T27102]  __do_sys_bpf+0x1c4d/0x3100
[  860.228114][T27102]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  860.234016][T27102]  ? __this_cpu_preempt_check+0x3c/0x130
[  860.239688][T27102]  ? __sb_end_write+0xc2/0x120
[  860.244464][T27102]  __x64_sys_bpf+0x47/0x60
[  860.248911][T27102]  do_syscall_64+0xc7/0x3b0
[  860.253503][T27102]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  860.259405][T27102] RIP: 0033:0x45ca69
[  860.263387][T27102] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  860.282998][T27102] RSP: 002b:00007f78368d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  860.291416][T27102] RAX: ffffffffffffffda RBX: 00000000004da540 RCX: 000000000045ca69
[  860.299387][T27102] RDX: 0000000000000028 RSI: 0000000020000740 RDI: 000000000000000a
[  860.307357][T27102] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  860.315322][T27102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  860.323336][T27102] R13: 000000000000005b R14: 00000000004c31cb R15: 00007f78368d16d4
02:21:20 executing program 3 (fault-call:1 fault-nth:4):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:20 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0045878, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:20 executing program 0 (fault-call:9 fault-nth:0):
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:21:20 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000740)=[{&(0x7f0000000200)=""/196, 0xc4}, {&(0x7f0000000100)=""/178, 0xb2}, {&(0x7f0000000300)=""/108, 0x6c}, {&(0x7f0000000380)=""/2, 0x2}, {&(0x7f00000003c0)=""/90, 0x5a}, {&(0x7f0000000440)=""/210, 0xd2}, {&(0x7f0000000540)=""/201, 0xc9}, {&(0x7f0000000640)=""/71, 0x47}, {&(0x7f00000006c0)=""/17, 0x11}, {&(0x7f0000000700)=""/14, 0xe}], 0xa)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'vlan1\x00', {0x2, 0x4e23, @private=0xa010102}})
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)

02:21:20 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc008ae88, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:20 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x300, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  862.471609][T27120] FAULT_INJECTION: forcing a failure.
[  862.471609][T27120] name failslab, interval 1, probability 0, space 0, times 0
[  862.484276][T27120] CPU: 0 PID: 27120 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  862.492947][T27120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  862.503001][T27120] Call Trace:
[  862.506399][T27120]  dump_stack+0x11d/0x187
[  862.510739][T27120]  should_fail.cold+0x5/0xf
[  862.515285][T27120]  __should_failslab+0x82/0xb0
[  862.520152][T27120]  should_failslab+0x5/0xf
[  862.524589][T27120]  kmem_cache_alloc_node_trace+0x37/0x610
[  862.530376][T27120]  ? __rcu_read_unlock+0x77/0x390
[  862.535457][T27120]  __kmalloc_reserve.isra.0+0x43/0xd0
[  862.540833][T27120]  pskb_expand_head+0x107/0x860
[  862.545749][T27120]  ? __skb_clone+0x30b/0x360
[  862.550371][T27120]  skb_ensure_writable+0x1b4/0x270
[  862.555512][T27120]  bpf_clone_redirect+0xd2/0x1f0
[  862.560493][T27120]  bpf_prog_bb15b996d00816f9+0x5c/0xfc
[  862.565968][T27120]  ? unpack_profile+0x14b0/0x1b10
[  862.571005][T27120]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  862.576938][T27120]  ? __rcu_read_unlock+0x77/0x390
[  862.581979][T27120]  ? mntput_no_expire+0xae/0x540
[  862.586927][T27120]  ? mntput+0x5a/0x80
[  862.590910][T27120]  ? terminate_walk+0x1b8/0x240
[  862.595766][T27120]  ? path_openat+0x462/0x23d0
[  862.600461][T27120]  ? should_fail+0x7c/0x2fd
[  862.604985][T27120]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  862.610940][T27120]  ? __read_once_size+0x45/0xd0
[  862.615793][T27120]  ? ktime_get+0x1c9/0x210
[  862.620211][T27120]  bpf_test_run+0x250/0x560
[  862.624742][T27120]  bpf_prog_test_run_skb+0x668/0xad0
[  862.630037][T27120]  ? bpf_prog_test_run_tracing+0x380/0x380
[  862.635887][T27120]  __do_sys_bpf+0x1c4d/0x3100
[  862.640631][T27120]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  862.646529][T27120]  ? __this_cpu_preempt_check+0x3c/0x130
[  862.652161][T27120]  ? __sb_end_write+0xc2/0x120
[  862.656953][T27120]  __x64_sys_bpf+0x47/0x60
[  862.661378][T27120]  do_syscall_64+0xc7/0x3b0
[  862.665898][T27120]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  862.671861][T27120] RIP: 0033:0x45ca69
[  862.675761][T27120] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  862.695556][T27120] RSP: 002b:00007f78368d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  862.703999][T27120] RAX: ffffffffffffffda RBX: 00000000004da540 RCX: 000000000045ca69
[  862.711997][T27120] RDX: 0000000000000028 RSI: 0000000020000740 RDI: 000000000000000a
02:21:20 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc018620b, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:20 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x500, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  862.719970][T27120] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  862.727978][T27120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  862.735951][T27120] R13: 000000000000005b R14: 00000000004c31cb R15: 00007f78368d16d4
02:21:20 executing program 5:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}})
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040), 0x4)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/igmp\x00')
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS3\x00', 0x802, 0x0)
sendfile(r3, r2, 0x0, 0x7ffff000)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000002c0)={'lo\x00', 0x1000})
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
ptrace(0xffffffffffffffff, 0x0)
write$tun(r0, &(0x7f0000000680)={@void, @val={0x0, 0x4}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "a5c268", 0x1118, 0x3a, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc]}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xd, "14a142ef59c04e8e7b4db5309006bd98ec79847a52ed68124e8a24d3079fc53b81c039a7d59f992dcb481043f510a0ce1ebb98c07a624ff8c8cc0b4fd3b8e700196d1f5696e184393de669ffaebfbd494a9d6a5fedac0738ffc3dcb3c1b96e48fd063786ae5701f6aa5022621e"}, {0x0, 0x1e, "8cf0833ae2772f05d302c778833be4f2b9c43c83284b82e71ca1ee382af46513079a2f52da08c93afdfc1a18e4b677b307a1c7df90787cbd143b129bc8dbc39104eb21674d26fd4ced8626df256869e168d42f4d160ad1442cae2bd8fda0fc44a08759d245bfe8eba42ec7967c1e953256a057369159333bca73b498a882fb5e840d429804169a6446c1d1b013144ae0ee276a463ef69ea4c4636751083041811c9b549256c6a3a71e451f8fd4de25629b3de61cba78315412fa14e350bb03feaf63909bd7320561df80bc77f36d4561a5efcc324450355ed398d9e46e798e23e2a4a2c787728b9c549a1894c53dcdfe834c7785"}, {0x2}, {0x0, 0x1f4, "631c74c9d1ae5f26763e689d7358d52b9d78e1af1392b0a090488b19cbc96370f62d48c23e1427c05acd9c3b3f073a763d782618ff1eec26b515a9b327cbc17f30d83b25eb0642880dfa19be7390bfd822af60a6c50ca6e86b5a7a713194fb7fd8d6fbabab53a0be384d6197ec95d58387c3c60474093fafe7b973081f27ecda4197fda48a1f93aef6f2fe0790ee4c44b9311e6a55f85e9a53c1b9d12d9b586d5e9c0f98d3d6f5e215a0392bc0f0747ce75347ce29eea158c0f1ff30ecf208af154508b0c1f57d03d6e884937b7d84b3170624b4ebb76df8681493b4ff2f5cb6ab9fc4745569c2105f1eef9e9e3b7f10aa79b3746d194b78719295ce4ca9a520a08a67241d6770b93eb3a0b12e0ae16886e6a6312f858009dfc6736efec7498718a3c84b37267e49860fcf486442c2f06179672b3a6d1afac32246207723f9f43a7afc4e63820609c8a44dd4a88cdec819602a152eb4403f842712fd75ea44c779e98ff01f41caba247ef6434df425ff6bf93d49d1a8a08e455f2d86ff55773d57b611dd0e464d6b5e139271a91c6c8c629b694364730a38ddbe897a252620a2e41167afc48833290e0859615328f9dd7ba13514af6e3b3ca4e6514d400ad062a3519a85c4c79265bc284308602e73254a6ad85e76649c9b48f6785971a0e01ff0fe22de2c1c0b7ff27cf7e46f022d0b1a3c3a9ba65bcba1901c95e20ce39c24ff76acf7c4a3771e114a760448dbcd88c54351ee97a903c554564866eefb0964b5fe6ba26e73b64273c3f5d8079620cd509a3d88c19d09b5cc4256f38d263e105a94cfd44305e8c2755f90fd580628f0550268c95a1193362c265e0025ebdb42e58e2afcc38edbb77eedc486564a16e2405a99a382cfe15b03b097c10cb1651c2cb4bc7c5df969fb5ce19a6c8d3accb5b67dcf11fcfb6c028107c6b93c6a9b9c659dc05549a6fb1732f67cfc0ae5fe425245b72dbb6a719f83887a8af64ea8d1b3764ce0684f2d748a057d3ee3158d58266a560f8e04777a1f303163304d08b5bd470f627e0a13928e46fd0847bde599510e6978d68bb75f40ac4e247fc8708ca82ad40e729c3de042c94756d3816083784644d5e666fb3810117a62f7508ae3cdcdf312e314acd9add8e9c3e473ae206bd9b25659db6c1f570777f408644dcc6d150e92f284ad68d4bbe1f52e0c36e88a0d083dee8f7d59540b2ddda7fd27c97abc268630cbcad1e9cdd88c0a075462288bbf59824497ba7df15bc34d9fd22f8508a6d1c90118676ad3f9fc03cea1c69594dff6e978f42d1da2011290872e062fb2cc3293030534a6cedb6f461b33b5fd90b2ee0a8ae6803f45f4f2e74fac772ce235d66e8625951d7acbc87f1c4e13cbf0c01e8909de72d3b78b7d945b53e50f38486556dc6fd58db1a1da7f9cda6b50278a73d58842f15117c0232e6860caaab9be2d010ab4c5689a0ea14d78a5ec2dde3e837cadd8e1c794168860a4e303d513cc099d79cbb7605419db906a76d44ea62c6a767fb0f5cf25325a63c4939e1e8eb8df73645b5e9c4eebe6f736706708a8b0b5eebe263d846a9dedd9cb30365f3605cde065ae8fa4cb1075b87485ec0ccbabbe3033901e273234c688136c0960932e2ecd38870b7e72ca635a6e6d23cac391686fd2b7e5aac1c6862242dffc5a656922fbd23a6a8cae9f5a19b8778409987b26442739325b05ce005b215d1843278d767de541646d03cb4a3cfe32ecd2c686b8a550e12945b53bd87ae4387bc7876d1d17f3043a536e2319b760100963de494461c3dff0dc546ade451a393f08107cd419d1a075e7ce14cb082dabb30f61e67a9772aa384ee22505f0f54a58637abea7d3aa2263e744d2f99deefc0a6e2c225b0e14f3eae792b74a289920331b5d08aa748a123e3ccd2e7918495de5ad88068f6a2bc49c0bea736aaf68c21991ddb622522c9e6907ccc0716f394fa97da40beb33db9dbea01e2d07c6425853baffdd8ed2dc0d3ef710f518393634d7e312ea87093957de12f667d2c7a73ada38d95583ec1c3b8ba18bb6f592592a690a63a257b2792c8e75b98b46584082f240301facf10ef823003392d908af8386a403810fbb14a0bf56c9c718ea0e2eb8f478974fb9beb74bfc3fb13fa71babce0fa67e57950c2022dc5580b4a0e66740bc2f11dd4866f786bfb8c4b0fa78cf36d0baff865e0051dfbadcc0fc1bb4a4d89544375500bd08c8b219aba4213e081549239847b1b11cf51a72c26654f0d40b42b69178377ee9819b896c36e70304705aa6d1de33b77b6456fdf05de27813089e6bb5089a1ff02c361a8cc0e35454eff7d06033d02b0e66fd1d542115523c25bc49aea964ff93fe12bafabe723c16a6f9e669540e83d2dd64296b59dccdd553659bf15eec6598f32dfddd5f08380f4382e88e4441135abff53f7990c0c38f8a9f103082bd6009d059852f44bbdd2d8fbeebee4fe0822d205534fa1bec74b8e41ad2314f4742201f32202c21875731f87b86e1062270a3620dc3c5d4818618063379c97a29cf76acd17caf996d186a70d8385655048299538c8eb91fd25891125e5d317d6ca064bee38526fdfb4da1769e1bfddda5e1e64e7eeef125895ab9cf9db641b03ab5ec70633e8b79c665fa37e98cfbf23b176fc6d60668b25020420c81d77bebb0d32c63326bc9f88a8d2c226a85e54d7a44583e0f5b1f7cb52dacb769b57834ddf38ef5abd017f20f115daa51dea5bcbd58ea7a90ca042357927032040291dedf20c20eab92a384a23ab282db6c2a5c89b001a4dea0688cc7ca51a120390be070e07c618cb6b0e8c9106c0d2eabfb645e5b1fa9ef878df5861431e78e9c7ac12ceec025304a4d3351204c9bf7045a3b889f20321599f3f4c9c23169d1d10ace235dfb44edc3b9582dacef2269d5d07bf4555eec665dc307daef0aaaa0f7e44764fda59a861e67c1ce55de3515df6cec910c5fbb87aa9e100c290696ef366bb69b5d2de38d2f2d99413428c9761b0dd6bc5bd8c9c5e4f22c5f2ea5b666fa694359339d2e7e9ab6622b205713c7815edaeb01b2e63ff267e4ad2f66c267a2dae50a830d0b58bb0041bbbe43f6da01fd29e6fae8a8676d366ce2e31d9f61e257dd3ba7da8504fd00eb265c02cbd9d5e1c4955b85190c9bf085fdb54350ee9074c57c7add37bf6a614be01bba4871816ddc0c7e47797ee0d7c53b06352957dd546063f1593263e945ff319dba2bcef8f18844fecb244e9ca42a012774b137e86346a021934d30f2f8fb2cd906b45260154ce17d1cf1836654791bbd378f329a588ddcfd26b87296a17fe5077ec9968f47c4ca921dface81395435873af808472eb42eb12b92dbb4cc26683e21811cd13d8d273fbf3aa75204af1f593a5b423f9537a63308a945757d5f44c99e7eeebc506ec5f28729bd38b988babc33b570f8feca7a50c0966c66f063324fa504de647f7fc7f1d18bf94ae0899b758ee0ad1bb238dfd26a4ce6f3e7fdd1dd1b062b5cd493f4aa6eb08c6cb0510c696983a254c09197c1bfb784d5947a1329d7add6d3ddef0ad4b9ec93dee717788dd223feeab64acf9a73f24996d2e7d698b18607fc9a12b94d6ceafc680d9d91a1cfbf2d5fd6d0a9070d77b7f2204665b3a94f1e6245ecf7a1c671ee987fc0c67e7a26ed5e41862c5ddfa9a8344e1d8a88ca653a2efeb6e8fba6153fff8b279317ef0d65115073b38ab74d451cb58b75812231fd6282b7544fe4412ccea896e899a8f352269f60eb2383acfe60ab315c0f7ca43112bb898c051f6f07097d584e4f743f75d304b46b6b8c0e4825f987de99f24995dde490d7da0b47400a77fc8c39e5953b491a1bddf5d55fbb27e322bdc33e04fcbaf26f93b79c3030d920472b7694810195a02dc792d9ed4b43cedb72647c3005002eab924aa8ffaaecba42aa79eb3f4fb0b9e87317df11a79320a2d5bc83ad25fb139d45b843db5f8002b5cbf33812685fd9d5b994d370e8fd5333fa936ca9940f236b2c2e201912a7781dfca80497df9327c167d4d985db50e45fdb81c6eca85a3a4d0574d75e897ff98a23bfb122438f8f62a8422e0aff85febdc54e42bd05569a95717faf06eaea46b6b3e9335a1a60a922d8e79c153324cad570ee4efa53687280de0814071352d9c6ee939eaf3e89a09887b3bd9105a888635fcd190bcebc98ce4688665b8f827a2f0f1992fa90c4921342026de6fb0d31df3aaeba026678d7425a9c2f7cb2bfd7037cf81f814492f299a29b61e2a6ae386510caf4823e520365204ebc962504cb8997a51aed2903cba9fb52e015659a4fed914f7ecaa3cf3080da45a3d95c881dbb17639c31c9d833f270af042acf467dd492e6fa636e3df3ce7f28455fdd984e609c63170ffd55a0bb2debe6a4efa7228b47d455da6bbd83319620c16c63c2675dedaea4c4d65fa50ae7786621f45b67d022d546b91edda149af142d2a720c238f5e940d701cdb27439c7ff666f80b31ab695d3852bc5f4da0c39e588badb3e49153ea153b5894ee9fdebdb1bc3b6270644fb9f9d9dd3c4089932ec8fd9090d01c7a4eda7e1c1f304b59fed6ab77440eefb0324a8f5d127be662264399b5a4a41979e2a10d2905d9c265dd492edc5df03312f89c5094ff1b7f9ec10b68eb230687b5850a6a5643066fd1ad5c05bc1e8caa2289efafca0e93a284069a2120dd96dc2677e5b913beea0e75afa45e0140aadb7e566799ecbb47c6aa0ce03503ef8da94b2668fcf90e6bba60581590a2ac73c1c419941d0f2c013306d6ea9091a9eacc053213a58b24a6f7497632690083653c19715bcabfeafcebc22b54c6a1f71132c45ae7af19f8b25bdd83851527c63f1d23cb3ea18040475372bc99090e70282d536df518e6e421b4749d2334db9212c01219d6be9693e2f313b61b3a3c34ec932300db3c696d9ee8cbc138c8828f4d956abd0ce0d4b7b4a1ca0904c096befac1d9e48c64f0063554cdff3b77bd80791408c7ddf5759c86b7ca79e55d81b624dfc7b1a7dad93497a3325c53101174876654ce91d827ee124df73708eb88364d9cc3b4847f735d21d5a4f1ed962f51bdd18ae17a4b31eb0044aaa52b561ed84326d39ed7ab2bde55ea620cee86e43b549e7440a9a64efd748b081def3a956e350b66de06bd20dbd5fc86e6eb502be1977c1c83fcb774bba5803cec4f8ef11d3f7d9fb5a225a2f3dd6c9ac755230d1fcba418bebe56ec0cc7318422e362ae7626dc803bda3bf720fb753e586188b030fc6f02a94860d66915b7d4360a87f742ef006eb7dead1d3c9dca6c7ad71096a3040e6869bafa190bb64efdf8ecabd4a61eac2a772e29bcfbfa5021c070fccbc769631e123748c43da6f9f3268ae92aa211ccff1e03368a643b65757b3620bff11a7399c08a851719bd2bd1fb5ae4a0e19002b52f4caef8573a6b4ccee2802f9726fece0e44e192ef4384fce88aa23ad46a36b32ceea3510aae6522f4d407b30f0c551f70ee6bab475df4ac6d75d9aaeac309247eab00e9556c45386522ab5922195895568ed0ccb47d5a0320080b2ec1bdbdf3013c10755eca1b30e04b50cf9cf9bed3074e8ee1eaba87787afc58129ac917ca80bbb86557c6288a99b3850f2137ebf51558ea68f854014b29e9f2329bfd01a2154f"}]}}}}}, 0x114a)
sendmsg$NFT_MSG_GETCHAIN(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20404000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0x38, 0x4, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFTA_CHAIN_TYPE={0xa, 0x7, 'route\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_COUNTERS={0x10, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r4 = semget(0x0, 0x0, 0x1a)
semctl$SETVAL(r4, 0x4, 0x10, &(0x7f0000000000)=0x40)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, &(0x7f00000001c0)={0xf0, 0x1ff, 0x9, 0x505})
semtimedop(r4, 0x0, 0x0, &(0x7f0000000280)={0x77359400})

02:21:20 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x1d, 0x8, 0x0, 0x50, 0x0, 0xd30d, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, @perf_bp={&(0x7f0000000000), 0x2}, 0x4450, 0x1, 0x5, 0x3, 0xaeb, 0x1, 0x1}, 0x0, 0xd, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x2000)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

02:21:20 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:21 executing program 3 (fault-call:1 fault-nth:5):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  862.960599][T27144] binder: 27138:27144 ioctl c018620c 20000240 returned -22
[  862.988870][T27148] FAULT_INJECTION: forcing a failure.
[  862.988870][T27148] name failslab, interval 1, probability 0, space 0, times 0
[  863.001533][T27148] CPU: 0 PID: 27148 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  863.010198][T27148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  863.020249][T27148] Call Trace:
[  863.023554][T27148]  dump_stack+0x11d/0x187
[  863.027895][T27148]  should_fail.cold+0x5/0xf
[  863.032404][T27148]  __should_failslab+0x82/0xb0
[  863.037180][T27148]  should_failslab+0x5/0xf
[  863.041611][T27148]  kmem_cache_alloc+0x23/0x5e0
[  863.046386][T27148]  ? __this_cpu_preempt_check+0x3c/0x130
[  863.052054][T27148]  skb_clone+0xf4/0x280
[  863.056238][T27148]  bpf_clone_redirect+0x8d/0x1f0
[  863.061271][T27148]  bpf_prog_bb15b996d00816f9+0x5c/0xe84
[  863.066826][T27148]  ? __rcu_read_unlock+0xc3/0x390
[  863.071856][T27148]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  863.077753][T27148]  ? __rcu_read_unlock+0x77/0x390
[  863.082926][T27148]  ? mntput_no_expire+0xae/0x540
[  863.087885][T27148]  ? mntput+0x5a/0x80
[  863.091907][T27148]  ? terminate_walk+0x1b8/0x240
[  863.096808][T27148]  ? path_openat+0x462/0x23d0
[  863.101516][T27148]  ? should_fail+0x7c/0x2fd
[  863.106028][T27148]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  863.111921][T27148]  ? __read_once_size+0x45/0xd0
[  863.116849][T27148]  ? ktime_get+0x1c9/0x210
[  863.121273][T27148]  bpf_test_run+0x250/0x560
[  863.125834][T27148]  bpf_prog_test_run_skb+0x668/0xad0
[  863.131134][T27148]  ? bpf_prog_test_run_tracing+0x380/0x380
[  863.136944][T27148]  __do_sys_bpf+0x1c4d/0x3100
[  863.141629][T27148]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  863.147604][T27148]  ? __this_cpu_preempt_check+0x3c/0x130
[  863.153298][T27148]  ? __sb_end_write+0xc2/0x120
[  863.158075][T27148]  __x64_sys_bpf+0x47/0x60
[  863.162497][T27148]  do_syscall_64+0xc7/0x3b0
[  863.167006][T27148]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  863.172908][T27148] RIP: 0033:0x45ca69
[  863.176846][T27148] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  863.196666][T27148] RSP: 002b:00007f78368d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
02:21:21 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0189436, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:21 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r1, &(0x7f0000000040)="9e", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x1f}, 0x1c)
r2 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r3}, 0x10)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000000)={r3, 0x400, 0x40, 0x2, 0x8001, 0x3}, 0x14)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

[  863.205138][T27148] RAX: ffffffffffffffda RBX: 00000000004da540 RCX: 000000000045ca69
[  863.213105][T27148] RDX: 0000000000000028 RSI: 0000000020000740 RDI: 000000000000000a
[  863.221083][T27148] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  863.229120][T27148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  863.237087][T27148] R13: 000000000000005b R14: 00000000004c31cb R15: 00007f78368d16d4
02:21:23 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x0, 0x0)

02:21:23 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc020660b, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:23 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x600, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:21:23 executing program 3 (fault-call:1 fault-nth:6):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:23 executing program 5:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}})
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040), 0x4)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/igmp\x00')
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS3\x00', 0x802, 0x0)
sendfile(r3, r2, 0x0, 0x7ffff000)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000002c0)={'lo\x00', 0x1000})
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
ptrace(0xffffffffffffffff, 0x0)
write$tun(r0, &(0x7f0000000680)={@void, @val={0x0, 0x4}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "a5c268", 0x1118, 0x3a, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc]}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xd, "14a142ef59c04e8e7b4db5309006bd98ec79847a52ed68124e8a24d3079fc53b81c039a7d59f992dcb481043f510a0ce1ebb98c07a624ff8c8cc0b4fd3b8e700196d1f5696e184393de669ffaebfbd494a9d6a5fedac0738ffc3dcb3c1b96e48fd063786ae5701f6aa5022621e"}, {0x0, 0x1e, "8cf0833ae2772f05d302c778833be4f2b9c43c83284b82e71ca1ee382af46513079a2f52da08c93afdfc1a18e4b677b307a1c7df90787cbd143b129bc8dbc39104eb21674d26fd4ced8626df256869e168d42f4d160ad1442cae2bd8fda0fc44a08759d245bfe8eba42ec7967c1e953256a057369159333bca73b498a882fb5e840d429804169a6446c1d1b013144ae0ee276a463ef69ea4c4636751083041811c9b549256c6a3a71e451f8fd4de25629b3de61cba78315412fa14e350bb03feaf63909bd7320561df80bc77f36d4561a5efcc324450355ed398d9e46e798e23e2a4a2c787728b9c549a1894c53dcdfe834c7785"}, {0x2}, {0x0, 0x1f4, "631c74c9d1ae5f26763e689d7358d52b9d78e1af1392b0a090488b19cbc96370f62d48c23e1427c05acd9c3b3f073a763d782618ff1eec26b515a9b327cbc17f30d83b25eb0642880dfa19be7390bfd822af60a6c50ca6e86b5a7a713194fb7fd8d6fbabab53a0be384d6197ec95d58387c3c60474093fafe7b973081f27ecda4197fda48a1f93aef6f2fe0790ee4c44b9311e6a55f85e9a53c1b9d12d9b586d5e9c0f98d3d6f5e215a0392bc0f0747ce75347ce29eea158c0f1ff30ecf208af154508b0c1f57d03d6e884937b7d84b3170624b4ebb76df8681493b4ff2f5cb6ab9fc4745569c2105f1eef9e9e3b7f10aa79b3746d194b78719295ce4ca9a520a08a67241d6770b93eb3a0b12e0ae16886e6a6312f858009dfc6736efec7498718a3c84b37267e49860fcf486442c2f06179672b3a6d1afac32246207723f9f43a7afc4e63820609c8a44dd4a88cdec819602a152eb4403f842712fd75ea44c779e98ff01f41caba247ef6434df425ff6bf93d49d1a8a08e455f2d86ff55773d57b611dd0e464d6b5e139271a91c6c8c629b694364730a38ddbe897a252620a2e41167afc48833290e0859615328f9dd7ba13514af6e3b3ca4e6514d400ad062a3519a85c4c79265bc284308602e73254a6ad85e76649c9b48f6785971a0e01ff0fe22de2c1c0b7ff27cf7e46f022d0b1a3c3a9ba65bcba1901c95e20ce39c24ff76acf7c4a3771e114a760448dbcd88c54351ee97a903c554564866eefb0964b5fe6ba26e73b64273c3f5d8079620cd509a3d88c19d09b5cc4256f38d263e105a94cfd44305e8c2755f90fd580628f0550268c95a1193362c265e0025ebdb42e58e2afcc38edbb77eedc486564a16e2405a99a382cfe15b03b097c10cb1651c2cb4bc7c5df969fb5ce19a6c8d3accb5b67dcf11fcfb6c028107c6b93c6a9b9c659dc05549a6fb1732f67cfc0ae5fe425245b72dbb6a719f83887a8af64ea8d1b3764ce0684f2d748a057d3ee3158d58266a560f8e04777a1f303163304d08b5bd470f627e0a13928e46fd0847bde599510e6978d68bb75f40ac4e247fc8708ca82ad40e729c3de042c94756d3816083784644d5e666fb3810117a62f7508ae3cdcdf312e314acd9add8e9c3e473ae206bd9b25659db6c1f570777f408644dcc6d150e92f284ad68d4bbe1f52e0c36e88a0d083dee8f7d59540b2ddda7fd27c97abc268630cbcad1e9cdd88c0a075462288bbf59824497ba7df15bc34d9fd22f8508a6d1c90118676ad3f9fc03cea1c69594dff6e978f42d1da2011290872e062fb2cc3293030534a6cedb6f461b33b5fd90b2ee0a8ae6803f45f4f2e74fac772ce235d66e8625951d7acbc87f1c4e13cbf0c01e8909de72d3b78b7d945b53e50f38486556dc6fd58db1a1da7f9cda6b50278a73d58842f15117c0232e6860caaab9be2d010ab4c5689a0ea14d78a5ec2dde3e837cadd8e1c794168860a4e303d513cc099d79cbb7605419db906a76d44ea62c6a767fb0f5cf25325a63c4939e1e8eb8df73645b5e9c4eebe6f736706708a8b0b5eebe263d846a9dedd9cb30365f3605cde065ae8fa4cb1075b87485ec0ccbabbe3033901e273234c688136c0960932e2ecd38870b7e72ca635a6e6d23cac391686fd2b7e5aac1c6862242dffc5a656922fbd23a6a8cae9f5a19b8778409987b26442739325b05ce005b215d1843278d767de541646d03cb4a3cfe32ecd2c686b8a550e12945b53bd87ae4387bc7876d1d17f3043a536e2319b760100963de494461c3dff0dc546ade451a393f08107cd419d1a075e7ce14cb082dabb30f61e67a9772aa384ee22505f0f54a58637abea7d3aa2263e744d2f99deefc0a6e2c225b0e14f3eae792b74a289920331b5d08aa748a123e3ccd2e7918495de5ad88068f6a2bc49c0bea736aaf68c21991ddb622522c9e6907ccc0716f394fa97da40beb33db9dbea01e2d07c6425853baffdd8ed2dc0d3ef710f518393634d7e312ea87093957de12f667d2c7a73ada38d95583ec1c3b8ba18bb6f592592a690a63a257b2792c8e75b98b46584082f240301facf10ef823003392d908af8386a403810fbb14a0bf56c9c718ea0e2eb8f478974fb9beb74bfc3fb13fa71babce0fa67e57950c2022dc5580b4a0e66740bc2f11dd4866f786bfb8c4b0fa78cf36d0baff865e0051dfbadcc0fc1bb4a4d89544375500bd08c8b219aba4213e081549239847b1b11cf51a72c26654f0d40b42b69178377ee9819b896c36e70304705aa6d1de33b77b6456fdf05de27813089e6bb5089a1ff02c361a8cc0e35454eff7d06033d02b0e66fd1d542115523c25bc49aea964ff93fe12bafabe723c16a6f9e669540e83d2dd64296b59dccdd553659bf15eec6598f32dfddd5f08380f4382e88e4441135abff53f7990c0c38f8a9f103082bd6009d059852f44bbdd2d8fbeebee4fe0822d205534fa1bec74b8e41ad2314f4742201f32202c21875731f87b86e1062270a3620dc3c5d4818618063379c97a29cf76acd17caf996d186a70d8385655048299538c8eb91fd25891125e5d317d6ca064bee38526fdfb4da1769e1bfddda5e1e64e7eeef125895ab9cf9db641b03ab5ec70633e8b79c665fa37e98cfbf23b176fc6d60668b25020420c81d77bebb0d32c63326bc9f88a8d2c226a85e54d7a44583e0f5b1f7cb52dacb769b57834ddf38ef5abd017f20f115daa51dea5bcbd58ea7a90ca042357927032040291dedf20c20eab92a384a23ab282db6c2a5c89b001a4dea0688cc7ca51a120390be070e07c618cb6b0e8c9106c0d2eabfb645e5b1fa9ef878df5861431e78e9c7ac12ceec025304a4d3351204c9bf7045a3b889f20321599f3f4c9c23169d1d10ace235dfb44edc3b9582dacef2269d5d07bf4555eec665dc307daef0aaaa0f7e44764fda59a861e67c1ce55de3515df6cec910c5fbb87aa9e100c290696ef366bb69b5d2de38d2f2d99413428c9761b0dd6bc5bd8c9c5e4f22c5f2ea5b666fa694359339d2e7e9ab6622b205713c7815edaeb01b2e63ff267e4ad2f66c267a2dae50a830d0b58bb0041bbbe43f6da01fd29e6fae8a8676d366ce2e31d9f61e257dd3ba7da8504fd00eb265c02cbd9d5e1c4955b85190c9bf085fdb54350ee9074c57c7add37bf6a614be01bba4871816ddc0c7e47797ee0d7c53b06352957dd546063f1593263e945ff319dba2bcef8f18844fecb244e9ca42a012774b137e86346a021934d30f2f8fb2cd906b45260154ce17d1cf1836654791bbd378f329a588ddcfd26b87296a17fe5077ec9968f47c4ca921dface81395435873af808472eb42eb12b92dbb4cc26683e21811cd13d8d273fbf3aa75204af1f593a5b423f9537a63308a945757d5f44c99e7eeebc506ec5f28729bd38b988babc33b570f8feca7a50c0966c66f063324fa504de647f7fc7f1d18bf94ae0899b758ee0ad1bb238dfd26a4ce6f3e7fdd1dd1b062b5cd493f4aa6eb08c6cb0510c696983a254c09197c1bfb784d5947a1329d7add6d3ddef0ad4b9ec93dee717788dd223feeab64acf9a73f24996d2e7d698b18607fc9a12b94d6ceafc680d9d91a1cfbf2d5fd6d0a9070d77b7f2204665b3a94f1e6245ecf7a1c671ee987fc0c67e7a26ed5e41862c5ddfa9a8344e1d8a88ca653a2efeb6e8fba6153fff8b279317ef0d65115073b38ab74d451cb58b75812231fd6282b7544fe4412ccea896e899a8f352269f60eb2383acfe60ab315c0f7ca43112bb898c051f6f07097d584e4f743f75d304b46b6b8c0e4825f987de99f24995dde490d7da0b47400a77fc8c39e5953b491a1bddf5d55fbb27e322bdc33e04fcbaf26f93b79c3030d920472b7694810195a02dc792d9ed4b43cedb72647c3005002eab924aa8ffaaecba42aa79eb3f4fb0b9e87317df11a79320a2d5bc83ad25fb139d45b843db5f8002b5cbf33812685fd9d5b994d370e8fd5333fa936ca9940f236b2c2e201912a7781dfca80497df9327c167d4d985db50e45fdb81c6eca85a3a4d0574d75e897ff98a23bfb122438f8f62a8422e0aff85febdc54e42bd05569a95717faf06eaea46b6b3e9335a1a60a922d8e79c153324cad570ee4efa53687280de0814071352d9c6ee939eaf3e89a09887b3bd9105a888635fcd190bcebc98ce4688665b8f827a2f0f1992fa90c4921342026de6fb0d31df3aaeba026678d7425a9c2f7cb2bfd7037cf81f814492f299a29b61e2a6ae386510caf4823e520365204ebc962504cb8997a51aed2903cba9fb52e015659a4fed914f7ecaa3cf3080da45a3d95c881dbb17639c31c9d833f270af042acf467dd492e6fa636e3df3ce7f28455fdd984e609c63170ffd55a0bb2debe6a4efa7228b47d455da6bbd83319620c16c63c2675dedaea4c4d65fa50ae7786621f45b67d022d546b91edda149af142d2a720c238f5e940d701cdb27439c7ff666f80b31ab695d3852bc5f4da0c39e588badb3e49153ea153b5894ee9fdebdb1bc3b6270644fb9f9d9dd3c4089932ec8fd9090d01c7a4eda7e1c1f304b59fed6ab77440eefb0324a8f5d127be662264399b5a4a41979e2a10d2905d9c265dd492edc5df03312f89c5094ff1b7f9ec10b68eb230687b5850a6a5643066fd1ad5c05bc1e8caa2289efafca0e93a284069a2120dd96dc2677e5b913beea0e75afa45e0140aadb7e566799ecbb47c6aa0ce03503ef8da94b2668fcf90e6bba60581590a2ac73c1c419941d0f2c013306d6ea9091a9eacc053213a58b24a6f7497632690083653c19715bcabfeafcebc22b54c6a1f71132c45ae7af19f8b25bdd83851527c63f1d23cb3ea18040475372bc99090e70282d536df518e6e421b4749d2334db9212c01219d6be9693e2f313b61b3a3c34ec932300db3c696d9ee8cbc138c8828f4d956abd0ce0d4b7b4a1ca0904c096befac1d9e48c64f0063554cdff3b77bd80791408c7ddf5759c86b7ca79e55d81b624dfc7b1a7dad93497a3325c53101174876654ce91d827ee124df73708eb88364d9cc3b4847f735d21d5a4f1ed962f51bdd18ae17a4b31eb0044aaa52b561ed84326d39ed7ab2bde55ea620cee86e43b549e7440a9a64efd748b081def3a956e350b66de06bd20dbd5fc86e6eb502be1977c1c83fcb774bba5803cec4f8ef11d3f7d9fb5a225a2f3dd6c9ac755230d1fcba418bebe56ec0cc7318422e362ae7626dc803bda3bf720fb753e586188b030fc6f02a94860d66915b7d4360a87f742ef006eb7dead1d3c9dca6c7ad71096a3040e6869bafa190bb64efdf8ecabd4a61eac2a772e29bcfbfa5021c070fccbc769631e123748c43da6f9f3268ae92aa211ccff1e03368a643b65757b3620bff11a7399c08a851719bd2bd1fb5ae4a0e19002b52f4caef8573a6b4ccee2802f9726fece0e44e192ef4384fce88aa23ad46a36b32ceea3510aae6522f4d407b30f0c551f70ee6bab475df4ac6d75d9aaeac309247eab00e9556c45386522ab5922195895568ed0ccb47d5a0320080b2ec1bdbdf3013c10755eca1b30e04b50cf9cf9bed3074e8ee1eaba87787afc58129ac917ca80bbb86557c6288a99b3850f2137ebf51558ea68f854014b29e9f2329bfd01a2154f"}]}}}}}, 0x114a)
sendmsg$NFT_MSG_GETCHAIN(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20404000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0x38, 0x4, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFTA_CHAIN_TYPE={0xa, 0x7, 'route\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_COUNTERS={0x10, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r4 = semget(0x0, 0x0, 0x1a)
semctl$SETVAL(r4, 0x4, 0x10, &(0x7f0000000000)=0x40)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, &(0x7f00000001c0)={0xf0, 0x1ff, 0x9, 0x505})
semtimedop(r4, 0x0, 0x0, &(0x7f0000000280)={0x77359400})

02:21:23 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
dup(r1)
getsockopt$IP_VS_SO_GET_DAEMON(r1, 0x0, 0x487, &(0x7f0000000000), &(0x7f00000000c0)=0x30)
syz_open_dev$vcsa(&(0x7f0000000100)='/dev/vcsa#\x00', 0xffffffffffffffff, 0x80000)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0xffff]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000640))
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_GET_REGS(r4, 0x8090ae81, &(0x7f00000002c0))

[  865.530927][T27188] FAULT_INJECTION: forcing a failure.
[  865.530927][T27188] name failslab, interval 1, probability 0, space 0, times 0
[  865.543587][T27188] CPU: 1 PID: 27188 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  865.552306][T27188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  865.562353][T27188] Call Trace:
[  865.565655][T27188]  dump_stack+0x11d/0x187
[  865.569988][T27188]  should_fail.cold+0x5/0xf
[  865.574500][T27188]  __should_failslab+0x82/0xb0
[  865.579286][T27188]  should_failslab+0x5/0xf
[  865.583713][T27188]  kmem_cache_alloc_node_trace+0x37/0x610
[  865.589440][T27188]  ? __this_cpu_preempt_check+0x3c/0x130
[  865.595072][T27188]  ? __local_bh_enable_ip+0x2e/0x80
[  865.600267][T27188]  ? __dev_queue_xmit+0x574/0x1810
[  865.605384][T27188]  __kmalloc_reserve.isra.0+0x43/0xd0
[  865.610866][T27188]  pskb_expand_head+0x107/0x860
[  865.615913][T27188]  ? __skb_clone+0x30b/0x360
[  865.620523][T27188]  skb_ensure_writable+0x1b4/0x270
[  865.625654][T27188]  bpf_clone_redirect+0xd2/0x1f0
[  865.630598][T27188]  bpf_prog_bb15b996d00816f9+0x5c/0xbe0
[  865.636154][T27188]  ? unpack_profile+0x14b0/0x1b10
[  865.641185][T27188]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  865.647111][T27188]  ? __rcu_read_unlock+0x77/0x390
[  865.652209][T27188]  ? mntput_no_expire+0xae/0x540
[  865.657148][T27188]  ? mntput+0x5a/0x80
[  865.661150][T27188]  ? terminate_walk+0x1b8/0x240
[  865.666006][T27188]  ? path_openat+0x462/0x23d0
[  865.670690][T27188]  ? should_fail+0x7c/0x2fd
[  865.675210][T27188]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  865.681285][T27188]  ? __read_once_size+0x45/0xd0
[  865.686180][T27188]  ? ktime_get+0x1c9/0x210
[  865.690671][T27188]  bpf_test_run+0x250/0x560
[  865.695255][T27188]  bpf_prog_test_run_skb+0x668/0xad0
[  865.700555][T27188]  ? bpf_prog_test_run_tracing+0x380/0x380
[  865.706384][T27188]  __do_sys_bpf+0x1c4d/0x3100
[  865.711062][T27188]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  865.716956][T27188]  ? __this_cpu_preempt_check+0x3c/0x130
[  865.722589][T27188]  ? __sb_end_write+0xc2/0x120
[  865.727405][T27188]  __x64_sys_bpf+0x47/0x60
02:21:23 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x700, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:21:23 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc028660f, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  865.731831][T27188]  do_syscall_64+0xc7/0x3b0
[  865.736353][T27188]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  865.742253][T27188] RIP: 0033:0x45ca69
[  865.746261][T27188] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  865.765857][T27188] RSP: 002b:00007f78368d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  865.774269][T27188] RAX: ffffffffffffffda RBX: 00000000004da540 RCX: 000000000045ca69
02:21:23 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0xc}, 0x0, 0x0, 0x0, 0x0, 0x1688}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
write$P9_RSETATTR(r1, &(0x7f0000000100)={0x7, 0x1b, 0x2}, 0x7)
r2 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x3, 0x2000)
ioctl$RTC_EPOCH_READ(r2, 0xc0287c02, &(0x7f0000000040))

[  865.782249][T27188] RDX: 0000000000000028 RSI: 0000000020000740 RDI: 000000000000000a
[  865.790209][T27188] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  865.798171][T27188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  865.806155][T27188] R13: 000000000000005b R14: 00000000004c31cb R15: 00007f78368d16d4
[  865.843224][T27209] binder: 27206:27209 ioctl c028660f 20000240 returned -22
02:21:24 executing program 3 (fault-call:1 fault-nth:7):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  866.028022][T27221] FAULT_INJECTION: forcing a failure.
[  866.028022][T27221] name failslab, interval 1, probability 0, space 0, times 0
[  866.040970][T27221] CPU: 0 PID: 27221 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  866.049637][T27221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  866.059740][T27221] Call Trace:
[  866.063042][T27221]  dump_stack+0x11d/0x187
[  866.067386][T27221]  should_fail.cold+0x5/0xf
[  866.071955][T27221]  __should_failslab+0x82/0xb0
[  866.076712][T27221]  should_failslab+0x5/0xf
[  866.081126][T27221]  kmem_cache_alloc+0x23/0x5e0
[  866.085894][T27221]  ? __this_cpu_preempt_check+0x3c/0x130
[  866.091536][T27221]  skb_clone+0xf4/0x280
[  866.095699][T27221]  bpf_clone_redirect+0x8d/0x1f0
[  866.100644][T27221]  bpf_prog_bb15b996d00816f9+0x5c/0x5f0
[  866.106200][T27221]  ? unpack_profile+0x14b0/0x1b10
[  866.111238][T27221]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  866.117177][T27221]  ? __rcu_read_unlock+0x77/0x390
[  866.122239][T27221]  ? mntput_no_expire+0xae/0x540
[  866.127233][T27221]  ? debug_smp_processor_id+0x3f/0x129
[  866.132683][T27221]  ? delay_tsc+0x8a/0xb0
[  866.137037][T27221]  ? should_fail+0x7c/0x2fd
[  866.141536][T27221]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  866.147424][T27221]  ? __read_once_size+0x45/0xd0
[  866.152333][T27221]  ? ktime_get+0x1c9/0x210
[  866.156764][T27221]  bpf_test_run+0x250/0x560
[  866.161380][T27221]  bpf_prog_test_run_skb+0x668/0xad0
[  866.166674][T27221]  ? bpf_prog_test_run_tracing+0x380/0x380
[  866.172478][T27221]  __do_sys_bpf+0x1c4d/0x3100
[  866.177177][T27221]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  866.183057][T27221]  ? __this_cpu_preempt_check+0x3c/0x130
[  866.188676][T27221]  ? __sb_end_write+0xc2/0x120
[  866.193477][T27221]  __x64_sys_bpf+0x47/0x60
[  866.197961][T27221]  do_syscall_64+0xc7/0x3b0
[  866.202454][T27221]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  866.208331][T27221] RIP: 0033:0x45ca69
[  866.212215][T27221] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  866.231804][T27221] RSP: 002b:00007f78368d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  866.240201][T27221] RAX: ffffffffffffffda RBX: 00000000004da540 RCX: 000000000045ca69
[  866.248154][T27221] RDX: 0000000000000028 RSI: 0000000020000740 RDI: 000000000000000a
[  866.256149][T27221] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  866.264103][T27221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
02:21:24 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306202, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:24 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x1200, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  866.272104][T27221] R13: 000000000000005b R14: 00000000004c31cb R15: 00007f78368d16d4
[  866.391085][T27225] binder: 27223:27225 ioctl c0306202 20000240 returned -22
02:21:26 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x21, 0x0)

02:21:26 executing program 1:
r0 = perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x29300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x3}, 0x0, 0x2fec21af, 0x1, 0x0, 0x0, 0x8000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r0, 0x4, 0x4000)
r1 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000280)='/dev/hwrng\x00', 0x101000, 0x0)
openat$cgroup_ro(r2, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x0, 0x0)
ioctl$RTC_EPOCH_READ(r1, 0xc0287c02, &(0x7f0000000040))
sendmsg$nl_netfilter(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="dc000000120201042abd7000fcdbdf250300000931423eb8cf639d5835ab9e07bdf0802e238b7e5f1054699a3eb9171e2700fd358369df143e292911955badbd64275f9f5720d0aa9ec07a530c6ecc6387fce261e187666bdbee3149ab5c8754cf2ea2f3f1c1ac60f710f532c7067b9c7b5a4c8761ebe9c9792e2b6bb0acdefeaf8d74c55850fd5cf02d89fc782c4ffe37dd1a554c2f333bcf35c3b3bd63b2e8e21a11ffc87897dfb5c00fbd9980ca4d08782630fa02ead71aa2b0eeb6482df1d81581c76c949ace1c494a7fda27bd4c47ba1b08004300", @ANYRES32=0x0, @ANYBLOB="a1"], 0xdc}, 0x1, 0x0, 0x0, 0x840}, 0x2000004c)

02:21:26 executing program 3 (fault-call:1 fault-nth:8):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:26 executing program 5:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}})
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040), 0x4)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/igmp\x00')
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS3\x00', 0x802, 0x0)
sendfile(r3, r2, 0x0, 0x7ffff000)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000002c0)={'lo\x00', 0x1000})
ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0)
ptrace(0xffffffffffffffff, 0x0)
write$tun(r0, &(0x7f0000000680)={@void, @val={0x0, 0x4}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "a5c268", 0x1118, 0x3a, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc]}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xd, "14a142ef59c04e8e7b4db5309006bd98ec79847a52ed68124e8a24d3079fc53b81c039a7d59f992dcb481043f510a0ce1ebb98c07a624ff8c8cc0b4fd3b8e700196d1f5696e184393de669ffaebfbd494a9d6a5fedac0738ffc3dcb3c1b96e48fd063786ae5701f6aa5022621e"}, {0x0, 0x1e, "8cf0833ae2772f05d302c778833be4f2b9c43c83284b82e71ca1ee382af46513079a2f52da08c93afdfc1a18e4b677b307a1c7df90787cbd143b129bc8dbc39104eb21674d26fd4ced8626df256869e168d42f4d160ad1442cae2bd8fda0fc44a08759d245bfe8eba42ec7967c1e953256a057369159333bca73b498a882fb5e840d429804169a6446c1d1b013144ae0ee276a463ef69ea4c4636751083041811c9b549256c6a3a71e451f8fd4de25629b3de61cba78315412fa14e350bb03feaf63909bd7320561df80bc77f36d4561a5efcc324450355ed398d9e46e798e23e2a4a2c787728b9c549a1894c53dcdfe834c7785"}, {0x2}, {0x0, 0x1f4, "631c74c9d1ae5f26763e689d7358d52b9d78e1af1392b0a090488b19cbc96370f62d48c23e1427c05acd9c3b3f073a763d782618ff1eec26b515a9b327cbc17f30d83b25eb0642880dfa19be7390bfd822af60a6c50ca6e86b5a7a713194fb7fd8d6fbabab53a0be384d6197ec95d58387c3c60474093fafe7b973081f27ecda4197fda48a1f93aef6f2fe0790ee4c44b9311e6a55f85e9a53c1b9d12d9b586d5e9c0f98d3d6f5e215a0392bc0f0747ce75347ce29eea158c0f1ff30ecf208af154508b0c1f57d03d6e884937b7d84b3170624b4ebb76df8681493b4ff2f5cb6ab9fc4745569c2105f1eef9e9e3b7f10aa79b3746d194b78719295ce4ca9a520a08a67241d6770b93eb3a0b12e0ae16886e6a6312f858009dfc6736efec7498718a3c84b37267e49860fcf486442c2f06179672b3a6d1afac32246207723f9f43a7afc4e63820609c8a44dd4a88cdec819602a152eb4403f842712fd75ea44c779e98ff01f41caba247ef6434df425ff6bf93d49d1a8a08e455f2d86ff55773d57b611dd0e464d6b5e139271a91c6c8c629b694364730a38ddbe897a252620a2e41167afc48833290e0859615328f9dd7ba13514af6e3b3ca4e6514d400ad062a3519a85c4c79265bc284308602e73254a6ad85e76649c9b48f6785971a0e01ff0fe22de2c1c0b7ff27cf7e46f022d0b1a3c3a9ba65bcba1901c95e20ce39c24ff76acf7c4a3771e114a760448dbcd88c54351ee97a903c554564866eefb0964b5fe6ba26e73b64273c3f5d8079620cd509a3d88c19d09b5cc4256f38d263e105a94cfd44305e8c2755f90fd580628f0550268c95a1193362c265e0025ebdb42e58e2afcc38edbb77eedc486564a16e2405a99a382cfe15b03b097c10cb1651c2cb4bc7c5df969fb5ce19a6c8d3accb5b67dcf11fcfb6c028107c6b93c6a9b9c659dc05549a6fb1732f67cfc0ae5fe425245b72dbb6a719f83887a8af64ea8d1b3764ce0684f2d748a057d3ee3158d58266a560f8e04777a1f303163304d08b5bd470f627e0a13928e46fd0847bde599510e6978d68bb75f40ac4e247fc8708ca82ad40e729c3de042c94756d3816083784644d5e666fb3810117a62f7508ae3cdcdf312e314acd9add8e9c3e473ae206bd9b25659db6c1f570777f408644dcc6d150e92f284ad68d4bbe1f52e0c36e88a0d083dee8f7d59540b2ddda7fd27c97abc268630cbcad1e9cdd88c0a075462288bbf59824497ba7df15bc34d9fd22f8508a6d1c90118676ad3f9fc03cea1c69594dff6e978f42d1da2011290872e062fb2cc3293030534a6cedb6f461b33b5fd90b2ee0a8ae6803f45f4f2e74fac772ce235d66e8625951d7acbc87f1c4e13cbf0c01e8909de72d3b78b7d945b53e50f38486556dc6fd58db1a1da7f9cda6b50278a73d58842f15117c0232e6860caaab9be2d010ab4c5689a0ea14d78a5ec2dde3e837cadd8e1c794168860a4e303d513cc099d79cbb7605419db906a76d44ea62c6a767fb0f5cf25325a63c4939e1e8eb8df73645b5e9c4eebe6f736706708a8b0b5eebe263d846a9dedd9cb30365f3605cde065ae8fa4cb1075b87485ec0ccbabbe3033901e273234c688136c0960932e2ecd38870b7e72ca635a6e6d23cac391686fd2b7e5aac1c6862242dffc5a656922fbd23a6a8cae9f5a19b8778409987b26442739325b05ce005b215d1843278d767de541646d03cb4a3cfe32ecd2c686b8a550e12945b53bd87ae4387bc7876d1d17f3043a536e2319b760100963de494461c3dff0dc546ade451a393f08107cd419d1a075e7ce14cb082dabb30f61e67a9772aa384ee22505f0f54a58637abea7d3aa2263e744d2f99deefc0a6e2c225b0e14f3eae792b74a289920331b5d08aa748a123e3ccd2e7918495de5ad88068f6a2bc49c0bea736aaf68c21991ddb622522c9e6907ccc0716f394fa97da40beb33db9dbea01e2d07c6425853baffdd8ed2dc0d3ef710f518393634d7e312ea87093957de12f667d2c7a73ada38d95583ec1c3b8ba18bb6f592592a690a63a257b2792c8e75b98b46584082f240301facf10ef823003392d908af8386a403810fbb14a0bf56c9c718ea0e2eb8f478974fb9beb74bfc3fb13fa71babce0fa67e57950c2022dc5580b4a0e66740bc2f11dd4866f786bfb8c4b0fa78cf36d0baff865e0051dfbadcc0fc1bb4a4d89544375500bd08c8b219aba4213e081549239847b1b11cf51a72c26654f0d40b42b69178377ee9819b896c36e70304705aa6d1de33b77b6456fdf05de27813089e6bb5089a1ff02c361a8cc0e35454eff7d06033d02b0e66fd1d542115523c25bc49aea964ff93fe12bafabe723c16a6f9e669540e83d2dd64296b59dccdd553659bf15eec6598f32dfddd5f08380f4382e88e4441135abff53f7990c0c38f8a9f103082bd6009d059852f44bbdd2d8fbeebee4fe0822d205534fa1bec74b8e41ad2314f4742201f32202c21875731f87b86e1062270a3620dc3c5d4818618063379c97a29cf76acd17caf996d186a70d8385655048299538c8eb91fd25891125e5d317d6ca064bee38526fdfb4da1769e1bfddda5e1e64e7eeef125895ab9cf9db641b03ab5ec70633e8b79c665fa37e98cfbf23b176fc6d60668b25020420c81d77bebb0d32c63326bc9f88a8d2c226a85e54d7a44583e0f5b1f7cb52dacb769b57834ddf38ef5abd017f20f115daa51dea5bcbd58ea7a90ca042357927032040291dedf20c20eab92a384a23ab282db6c2a5c89b001a4dea0688cc7ca51a120390be070e07c618cb6b0e8c9106c0d2eabfb645e5b1fa9ef878df5861431e78e9c7ac12ceec025304a4d3351204c9bf7045a3b889f20321599f3f4c9c23169d1d10ace235dfb44edc3b9582dacef2269d5d07bf4555eec665dc307daef0aaaa0f7e44764fda59a861e67c1ce55de3515df6cec910c5fbb87aa9e100c290696ef366bb69b5d2de38d2f2d99413428c9761b0dd6bc5bd8c9c5e4f22c5f2ea5b666fa694359339d2e7e9ab6622b205713c7815edaeb01b2e63ff267e4ad2f66c267a2dae50a830d0b58bb0041bbbe43f6da01fd29e6fae8a8676d366ce2e31d9f61e257dd3ba7da8504fd00eb265c02cbd9d5e1c4955b85190c9bf085fdb54350ee9074c57c7add37bf6a614be01bba4871816ddc0c7e47797ee0d7c53b06352957dd546063f1593263e945ff319dba2bcef8f18844fecb244e9ca42a012774b137e86346a021934d30f2f8fb2cd906b45260154ce17d1cf1836654791bbd378f329a588ddcfd26b87296a17fe5077ec9968f47c4ca921dface81395435873af808472eb42eb12b92dbb4cc26683e21811cd13d8d273fbf3aa75204af1f593a5b423f9537a63308a945757d5f44c99e7eeebc506ec5f28729bd38b988babc33b570f8feca7a50c0966c66f063324fa504de647f7fc7f1d18bf94ae0899b758ee0ad1bb238dfd26a4ce6f3e7fdd1dd1b062b5cd493f4aa6eb08c6cb0510c696983a254c09197c1bfb784d5947a1329d7add6d3ddef0ad4b9ec93dee717788dd223feeab64acf9a73f24996d2e7d698b18607fc9a12b94d6ceafc680d9d91a1cfbf2d5fd6d0a9070d77b7f2204665b3a94f1e6245ecf7a1c671ee987fc0c67e7a26ed5e41862c5ddfa9a8344e1d8a88ca653a2efeb6e8fba6153fff8b279317ef0d65115073b38ab74d451cb58b75812231fd6282b7544fe4412ccea896e899a8f352269f60eb2383acfe60ab315c0f7ca43112bb898c051f6f07097d584e4f743f75d304b46b6b8c0e4825f987de99f24995dde490d7da0b47400a77fc8c39e5953b491a1bddf5d55fbb27e322bdc33e04fcbaf26f93b79c3030d920472b7694810195a02dc792d9ed4b43cedb72647c3005002eab924aa8ffaaecba42aa79eb3f4fb0b9e87317df11a79320a2d5bc83ad25fb139d45b843db5f8002b5cbf33812685fd9d5b994d370e8fd5333fa936ca9940f236b2c2e201912a7781dfca80497df9327c167d4d985db50e45fdb81c6eca85a3a4d0574d75e897ff98a23bfb122438f8f62a8422e0aff85febdc54e42bd05569a95717faf06eaea46b6b3e9335a1a60a922d8e79c153324cad570ee4efa53687280de0814071352d9c6ee939eaf3e89a09887b3bd9105a888635fcd190bcebc98ce4688665b8f827a2f0f1992fa90c4921342026de6fb0d31df3aaeba026678d7425a9c2f7cb2bfd7037cf81f814492f299a29b61e2a6ae386510caf4823e520365204ebc962504cb8997a51aed2903cba9fb52e015659a4fed914f7ecaa3cf3080da45a3d95c881dbb17639c31c9d833f270af042acf467dd492e6fa636e3df3ce7f28455fdd984e609c63170ffd55a0bb2debe6a4efa7228b47d455da6bbd83319620c16c63c2675dedaea4c4d65fa50ae7786621f45b67d022d546b91edda149af142d2a720c238f5e940d701cdb27439c7ff666f80b31ab695d3852bc5f4da0c39e588badb3e49153ea153b5894ee9fdebdb1bc3b6270644fb9f9d9dd3c4089932ec8fd9090d01c7a4eda7e1c1f304b59fed6ab77440eefb0324a8f5d127be662264399b5a4a41979e2a10d2905d9c265dd492edc5df03312f89c5094ff1b7f9ec10b68eb230687b5850a6a5643066fd1ad5c05bc1e8caa2289efafca0e93a284069a2120dd96dc2677e5b913beea0e75afa45e0140aadb7e566799ecbb47c6aa0ce03503ef8da94b2668fcf90e6bba60581590a2ac73c1c419941d0f2c013306d6ea9091a9eacc053213a58b24a6f7497632690083653c19715bcabfeafcebc22b54c6a1f71132c45ae7af19f8b25bdd83851527c63f1d23cb3ea18040475372bc99090e70282d536df518e6e421b4749d2334db9212c01219d6be9693e2f313b61b3a3c34ec932300db3c696d9ee8cbc138c8828f4d956abd0ce0d4b7b4a1ca0904c096befac1d9e48c64f0063554cdff3b77bd80791408c7ddf5759c86b7ca79e55d81b624dfc7b1a7dad93497a3325c53101174876654ce91d827ee124df73708eb88364d9cc3b4847f735d21d5a4f1ed962f51bdd18ae17a4b31eb0044aaa52b561ed84326d39ed7ab2bde55ea620cee86e43b549e7440a9a64efd748b081def3a956e350b66de06bd20dbd5fc86e6eb502be1977c1c83fcb774bba5803cec4f8ef11d3f7d9fb5a225a2f3dd6c9ac755230d1fcba418bebe56ec0cc7318422e362ae7626dc803bda3bf720fb753e586188b030fc6f02a94860d66915b7d4360a87f742ef006eb7dead1d3c9dca6c7ad71096a3040e6869bafa190bb64efdf8ecabd4a61eac2a772e29bcfbfa5021c070fccbc769631e123748c43da6f9f3268ae92aa211ccff1e03368a643b65757b3620bff11a7399c08a851719bd2bd1fb5ae4a0e19002b52f4caef8573a6b4ccee2802f9726fece0e44e192ef4384fce88aa23ad46a36b32ceea3510aae6522f4d407b30f0c551f70ee6bab475df4ac6d75d9aaeac309247eab00e9556c45386522ab5922195895568ed0ccb47d5a0320080b2ec1bdbdf3013c10755eca1b30e04b50cf9cf9bed3074e8ee1eaba87787afc58129ac917ca80bbb86557c6288a99b3850f2137ebf51558ea68f854014b29e9f2329bfd01a2154f"}]}}}}}, 0x114a)
sendmsg$NFT_MSG_GETCHAIN(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20404000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0x38, 0x4, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFTA_CHAIN_TYPE={0xa, 0x7, 'route\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_COUNTERS={0x10, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r4 = semget(0x0, 0x0, 0x1a)
semctl$SETVAL(r4, 0x4, 0x10, &(0x7f0000000000)=0x40)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, &(0x7f00000001c0)={0xf0, 0x1ff, 0x9, 0x505})
semtimedop(r4, 0x0, 0x0, &(0x7f0000000280)={0x77359400})

02:21:26 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306203, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:26 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x2000, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  868.629337][T27247] FAULT_INJECTION: forcing a failure.
[  868.629337][T27247] name failslab, interval 1, probability 0, space 0, times 0
[  868.642049][T27247] CPU: 1 PID: 27247 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  868.650735][T27247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  868.660896][T27247] Call Trace:
[  868.664273][T27247]  dump_stack+0x11d/0x187
[  868.668658][T27247]  should_fail.cold+0x5/0xf
[  868.673183][T27247]  __should_failslab+0x82/0xb0
[  868.677949][T27247]  should_failslab+0x5/0xf
[  868.682476][T27247]  kmem_cache_alloc_node_trace+0x37/0x610
[  868.687522][T27257] binder: 27242:27257 ioctl c0306203 20000240 returned -22
[  868.688338][T27247]  ? __this_cpu_preempt_check+0x3c/0x130
[  868.688367][T27247]  ? __local_bh_enable_ip+0x2e/0x80
[  868.706339][T27247]  ? __dev_queue_xmit+0x574/0x1810
[  868.711466][T27247]  __kmalloc_reserve.isra.0+0x43/0xd0
[  868.716875][T27247]  pskb_expand_head+0x107/0x860
[  868.721820][T27247]  ? __skb_clone+0x30b/0x360
[  868.726533][T27247]  skb_ensure_writable+0x1b4/0x270
[  868.731650][T27247]  bpf_clone_redirect+0xd2/0x1f0
[  868.736596][T27247]  bpf_prog_bb15b996d00816f9+0x5c/0x340
[  868.742143][T27247]  ? unpack_profile+0x14b0/0x1b10
[  868.747170][T27247]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  868.753077][T27247]  ? __rcu_read_unlock+0x77/0x390
[  868.758104][T27247]  ? mntput_no_expire+0xae/0x540
[  868.763048][T27247]  ? mntput+0x5a/0x80
[  868.767034][T27247]  ? terminate_walk+0x1b8/0x240
[  868.771895][T27247]  ? path_openat+0x462/0x23d0
[  868.776613][T27247]  ? should_fail+0x7c/0x2fd
[  868.781122][T27247]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  868.787025][T27247]  ? __read_once_size+0x45/0xd0
[  868.791926][T27247]  ? ktime_get+0x1c9/0x210
[  868.796354][T27247]  bpf_test_run+0x250/0x560
[  868.800871][T27247]  bpf_prog_test_run_skb+0x668/0xad0
[  868.806226][T27247]  ? bpf_prog_test_run_tracing+0x380/0x380
[  868.812036][T27247]  __do_sys_bpf+0x1c4d/0x3100
[  868.816722][T27247]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  868.822711][T27247]  ? __this_cpu_preempt_check+0x3c/0x130
02:21:26 executing program 1:
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000100), &(0x7f0000000140)=0x4)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=<r3=>0x0)
timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
timer_settime(r3, 0x1, &(0x7f0000000000), &(0x7f00000000c0))
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r4, &(0x7f0000000040)="9e", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x1f}, 0x1c)
r5 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r6}, 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={r6, 0x20, &(0x7f0000000240)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, &(0x7f00000002c0)=0x10)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

02:21:26 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306204, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  868.828346][T27247]  ? __sb_end_write+0xc2/0x120
[  868.833181][T27247]  __x64_sys_bpf+0x47/0x60
[  868.837608][T27247]  do_syscall_64+0xc7/0x3b0
[  868.842118][T27247]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  868.848009][T27247] RIP: 0033:0x45ca69
[  868.851949][T27247] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  868.871561][T27247] RSP: 002b:00007f78368d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  868.879979][T27247] RAX: ffffffffffffffda RBX: 00000000004da540 RCX: 000000000045ca69
[  868.887972][T27247] RDX: 0000000000000028 RSI: 0000000020000740 RDI: 000000000000000a
[  868.895942][T27247] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  868.904163][T27247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  868.912136][T27247] R13: 000000000000005b R14: 00000000004c31cb R15: 00007f78368d16d4
02:21:27 executing program 3 (fault-call:1 fault-nth:9):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  868.973173][T27264] binder: 27263:27264 ioctl c0306204 20000240 returned -22
02:21:27 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306205, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  869.131256][T27274] FAULT_INJECTION: forcing a failure.
[  869.131256][T27274] name failslab, interval 1, probability 0, space 0, times 0
[  869.144069][T27274] CPU: 1 PID: 27274 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  869.152735][T27274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  869.162784][T27274] Call Trace:
[  869.166078][T27274]  dump_stack+0x11d/0x187
[  869.170433][T27274]  should_fail.cold+0x5/0xf
[  869.174952][T27274]  __should_failslab+0x82/0xb0
[  869.179714][T27274]  should_failslab+0x5/0xf
[  869.184183][T27274]  kmem_cache_alloc+0x23/0x5e0
[  869.188956][T27274]  ? __this_cpu_preempt_check+0x3c/0x130
[  869.194613][T27274]  skb_clone+0xf4/0x280
[  869.198781][T27274]  bpf_clone_redirect+0x8d/0x1f0
[  869.203726][T27274]  bpf_prog_bb15b996d00816f9+0x5c/0xfb4
[  869.209376][T27274]  ? unpack_profile+0x14b0/0x1b10
[  869.210310][T27277] binder: 27272:27277 ioctl c0306205 20000240 returned -22
[  869.214402][T27274]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  869.214503][T27274]  ? __rcu_read_unlock+0x77/0x390
[  869.232558][T27274]  ? mntput_no_expire+0xae/0x540
[  869.237507][T27274]  ? mntput+0x5a/0x80
[  869.241498][T27274]  ? terminate_walk+0x1b8/0x240
[  869.246347][T27274]  ? path_openat+0x462/0x23d0
[  869.251026][T27274]  ? should_fail+0x7c/0x2fd
[  869.255549][T27274]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  869.261450][T27274]  ? __read_once_size+0x45/0xd0
[  869.266299][T27274]  ? ktime_get+0x1c9/0x210
[  869.270745][T27274]  bpf_test_run+0x250/0x560
[  869.275260][T27274]  bpf_prog_test_run_skb+0x668/0xad0
[  869.280557][T27274]  ? bpf_prog_test_run_tracing+0x380/0x380
[  869.286363][T27274]  __do_sys_bpf+0x1c4d/0x3100
[  869.291132][T27274]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  869.297026][T27274]  ? __this_cpu_preempt_check+0x3c/0x130
[  869.302656][T27274]  ? __sb_end_write+0xc2/0x120
[  869.307431][T27274]  __x64_sys_bpf+0x47/0x60
[  869.311850][T27274]  do_syscall_64+0xc7/0x3b0
[  869.316351][T27274]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  869.322233][T27274] RIP: 0033:0x45ca69
[  869.326157][T27274] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  869.345833][T27274] RSP: 002b:00007f78368d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  869.354255][T27274] RAX: ffffffffffffffda RBX: 00000000004da540 RCX: 000000000045ca69
[  869.362267][T27274] RDX: 0000000000000028 RSI: 0000000020000740 RDI: 000000000000000a
[  869.370230][T27274] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  869.378265][T27274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  869.386250][T27274] R13: 000000000000005b R14: 00000000004c31cb R15: 00007f78368d16d4
02:21:27 executing program 3 (fault-call:1 fault-nth:10):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:27 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x4000, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  869.506252][T27283] FAULT_INJECTION: forcing a failure.
[  869.506252][T27283] name failslab, interval 1, probability 0, space 0, times 0
[  869.518947][T27283] CPU: 0 PID: 27283 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  869.527669][T27283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  869.537834][T27283] Call Trace:
[  869.541165][T27283]  dump_stack+0x11d/0x187
[  869.545609][T27283]  should_fail.cold+0x5/0xf
[  869.550177][T27283]  __should_failslab+0x82/0xb0
[  869.554942][T27283]  should_failslab+0x5/0xf
[  869.559363][T27283]  kmem_cache_alloc_node_trace+0x37/0x610
[  869.565084][T27283]  ? __this_cpu_preempt_check+0x3c/0x130
[  869.570723][T27283]  ? __local_bh_enable_ip+0x2e/0x80
[  869.575932][T27283]  ? __dev_queue_xmit+0x574/0x1810
[  869.581067][T27283]  __kmalloc_reserve.isra.0+0x43/0xd0
[  869.586449][T27283]  pskb_expand_head+0x107/0x860
[  869.591370][T27283]  ? __skb_clone+0x30b/0x360
[  869.595970][T27283]  skb_ensure_writable+0x1b4/0x270
[  869.601089][T27283]  bpf_clone_redirect+0xd2/0x1f0
[  869.606029][T27283]  bpf_prog_bb15b996d00816f9+0x5c/0x54c
[  869.611586][T27283]  ? unpack_profile+0x14b0/0x1b10
[  869.616626][T27283]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  869.622520][T27283]  ? __rcu_read_unlock+0x77/0x390
[  869.627615][T27283]  ? mntput_no_expire+0xae/0x540
[  869.632563][T27283]  ? mntput+0x5a/0x80
[  869.636605][T27283]  ? terminate_walk+0x1b8/0x240
[  869.641464][T27283]  ? path_openat+0x462/0x23d0
[  869.646203][T27283]  ? should_fail+0x7c/0x2fd
[  869.650710][T27283]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  869.656600][T27283]  ? __read_once_size+0x45/0xd0
[  869.661519][T27283]  ? ktime_get+0x1c9/0x210
[  869.665941][T27283]  bpf_test_run+0x250/0x560
[  869.670538][T27283]  bpf_prog_test_run_skb+0x668/0xad0
[  869.675837][T27283]  ? bpf_prog_test_run_tracing+0x380/0x380
[  869.681654][T27283]  __do_sys_bpf+0x1c4d/0x3100
[  869.686342][T27283]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  869.692238][T27283]  ? __this_cpu_preempt_check+0x3c/0x130
[  869.697873][T27283]  ? __sb_end_write+0xc2/0x120
[  869.702675][T27283]  __x64_sys_bpf+0x47/0x60
[  869.707096][T27283]  do_syscall_64+0xc7/0x3b0
[  869.711603][T27283]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  869.717490][T27283] RIP: 0033:0x45ca69
[  869.721386][T27283] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  869.741056][T27283] RSP: 002b:00007f78368d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  869.749539][T27283] RAX: ffffffffffffffda RBX: 00000000004da540 RCX: 000000000045ca69
[  869.757604][T27283] RDX: 0000000000000028 RSI: 0000000020000740 RDI: 000000000000000a
[  869.765588][T27283] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  869.773553][T27283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  869.781551][T27283] R13: 000000000000005b R14: 00000000004c31cb R15: 00007f78368d16d4
02:21:29 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x7e, 0x0)

02:21:29 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306208, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:29 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendto$netrom(r1, &(0x7f0000000000)="08a6a9905cda106791c73ae0842a103f9dd21575559b975aee109bc4d53113387ac8c26c521ac7005945e48de8edb1bfd421700e1e599ca970f7c809654e", 0x3e, 0x48044, 0x0, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = dup(r2)
write$UHID_INPUT(r3, &(0x7f0000001440)={0x2400, {"a2e3ad21ed6b52f99cfbf4c087f763b4d0269bff7fc6e553f836500e8b546a1b284b94370890e0878fdb1ac6e704e366b4956c409b3c2a5b67f3988f7ef31952a981ffe8d178708c523c921b1b5a4b0a169b5b9b36cd3b78130daa61d8e809ea88095802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179cef309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c30900000000000000a85e89c46329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710acf2e31caa04b2e286bea37ce0d0d4aa202fef5952a5391fd5615d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e67d1d7232f17696294378ce716dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f7927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb7dc7ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd9432971215d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a39973132f02768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081f758cefcce3fbf4625a7e7de40e42e07b34449e15eb0305626afb1dd179b8a065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea40686e730861e83d89d0fe662a46b7f71cd47744db86c50b704c971d90195c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b010a3ad0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7d528ed15b97c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90", 0x1000}}, 0x1006)
ioctl$TUNSETSNDBUF(r1, 0x400454d4, &(0x7f0000000040)=0x1)

02:21:29 executing program 3 (fault-call:1 fault-nth:11):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:29 executing program 1:
r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvme-fabrics\x00', 0x6001, 0x0)
ioctl$EVIOCGABS2F(r0, 0x8018456f, &(0x7f00000000c0)=""/113)
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r1, 0xc0287c02, &(0x7f0000000040))
syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000180)='./file0\x00', 0xffffffffffffffff, 0x7, &(0x7f0000000680)=[{&(0x7f0000000200)="2a07a4d2334525d3d3fdb4c0d93106683a1aacfa2c75f9830ef2d9bb3629957028eed5edfbd912cd008b07303a9c4dc1b884204329e2725bf5be1713e8d2e0480396b135e26e80ce292ff3e57e33717ab60e2e78f86ce2a30be1494c2b42a1a504dc36d7f86f238d1b368541fa19e7d84da764cee48d79c9d9cf1a40dc258b37801eee81164f29d96ac81adb648567c83fc3c38e5a6450bcade60b880f0e94b712b583251e150525259a8058c7ebe159e135c616447630282e0d71529e54ab3a3e130420580538c72f1dcc1f697ca0dde140acea41bf03b4479cada944f089a29ad6fa986d3a5d181cc6aa00512fca4ab03178f6d4e766ec3ccd8c", 0xfb, 0x3}, {&(0x7f0000000300)="14f135e85ca06983ba2224ea566e1a5c9401ecbf4092631de25e1d5b2de82c843ac6a953a0bba481041868c50ead42b7f8436e402a14c68d8f5d89e0de9a3ae55f34356f14309cd8f6f4c209d83f54b270bb9c3269e9e1a01f57dd9d5fc6f0d632e1f46b4cf14b5ff65cf4820758017e09391d42cfbfc60abd3e5121e21932f441002c2aabfe7bd094554fc231491b8b982109d1d537c59ae623eb8f996e7fec56", 0xa1, 0x2}, {&(0x7f00000003c0)="12c19c382623a3c64c32a98e83bdf34c6b33566af190210c86874337bc360e3e8dbb4aa8d837db3630b49ed2ac9612a65c9514a43f62305f783dd0b30edc5124f9d25fb0dbd3aec2d22e3b40b3574cdb8feda30729be28fb1aff4c7017e628261d681ab79bbf31a28b3dcd48c285e3aeda5e090202c901e37da2741c6de7ac4d8d74255be062920c7795447e60e603e3b224c340289267", 0x97, 0x9}, {&(0x7f0000000480)="853051298455af2728165ab30d44a221ba37d591ae9c040246f985a300c2063de79660f888e30599e09cd15f57edee5ae4241b2d858af32f47d76b04133010cf4bcd3bf7db9ee29b9d52376be39e86a0bd92e37d272f0a34dfccc07b8f89a0fe67b97f65565d0a4f7cad654ef7c4f5a02ed0e43d033edd2bffda9e45a1cd1b9ef4788e654d3e433f3885da6b14bc019605297e6ae1d6df5955cab74704c7ac165e2d81c01b7b6c7f26f4eed3a2206fbcc25dac08e0f3", 0xb6, 0x33}, {&(0x7f0000000540)="d9f2cc3457d984600bf4ef125e757c9945f39a79bbbdc6f1d9d236c2e443060ff1a3b0cd44dbaadfe409aecdbf6177d0b4835af7d264affd7a398ca5e5cfa2977dadade404548d8ad8c3df8bbdb9e07a8d84127c99f51369b9c83c088f9c69e40ba5745afa", 0x65, 0x100000001}, {&(0x7f00000005c0)="4055695bc9f57d53b5cc311d1b627bb2f7a992dbe83d84f3943735e7401ada453d44d65dda2bc4d8b9381d80fd866ddaf8ce2378b386a586ff6f5fe750875daef973819e86105d02b623fa26ae8f59b943b64100252cd9bf0b97dfaa0814bc87718ce2", 0x63, 0x20}, {&(0x7f0000000640)="7a850796bfbb7c679a7ecd2c1320fae4eeecc019d9ff72b045506d4fb4eaec6c7c7ed025366df553d51f494007160bb4d564917e", 0x34, 0x3c48}], 0x204000, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00')
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
r6 = socket$packet(0x11, 0x3, 0x300)
r7 = socket(0x10, 0x80002, 0x0)
connect$netlink(r7, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x2}, 0xc)
getpeername$packet(r7, &(0x7f00000000c0)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000000)={r8, 0x1, 0x6}, 0x10)
setsockopt$inet_mreqn(r5, 0x0, 0x24, &(0x7f0000000880)={@loopback, @empty, r8}, 0xc)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001180)={0x5c, r3, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @mcast2}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}]}, 0x5c}}, 0x0)
r9 = openat$mice(0xffffffffffffff9c, &(0x7f0000000780)='/dev/input/mice\x00', 0x410000)
sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x3c, r3, 0x4, 0x70bd29, 0x25dfdbfc, {}, [@L2TP_ATTR_OFFSET={0x6, 0x3, 0x8}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x80}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0xb}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp6=r9}, @L2TP_ATTR_SESSION_ID={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80000c4}, 0x4000000)

02:21:29 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x4800, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  871.698184][T27303] FAULT_INJECTION: forcing a failure.
[  871.698184][T27303] name failslab, interval 1, probability 0, space 0, times 0
[  871.711085][T27303] CPU: 0 PID: 27303 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  871.719749][T27303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  871.729798][T27303] Call Trace:
[  871.733099][T27303]  dump_stack+0x11d/0x187
[  871.737440][T27303]  should_fail.cold+0x5/0xf
[  871.741976][T27303]  __should_failslab+0x82/0xb0
[  871.746736][T27303]  should_failslab+0x5/0xf
[  871.751190][T27303]  kmem_cache_alloc+0x23/0x5e0
[  871.755958][T27303]  ? __this_cpu_preempt_check+0x3c/0x130
[  871.761600][T27303]  skb_clone+0xf4/0x280
[  871.765769][T27303]  bpf_clone_redirect+0x8d/0x1f0
02:21:29 executing program 3 (fault-call:1 fault-nth:12):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:29 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc030620c, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  871.770711][T27303]  bpf_prog_bb15b996d00816f9+0x5c/0xce8
[  871.770733][T27303]  ? unpack_profile+0x14b0/0x1b10
[  871.770812][T27303]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  871.770832][T27303]  ? __rcu_read_unlock+0x77/0x390
[  871.770855][T27303]  ? mntput_no_expire+0xae/0x540
[  871.770877][T27303]  ? mntput+0x5a/0x80
[  871.770896][T27303]  ? terminate_walk+0x1b8/0x240
[  871.770930][T27303]  ? path_openat+0x462/0x23d0
[  871.770957][T27303]  ? should_fail+0x7c/0x2fd
[  871.770982][T27303]  ? __sanitizer_cov_trace_switch+0x45/0x70
02:21:30 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$VT_DISALLOCATE(r0, 0x5608)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = open(&(0x7f0000000100)='./file0\x00', 0x2000, 0x4)
renameat(r2, &(0x7f00000000c0)='./file0\x00', r3, &(0x7f0000000140)='./file0\x00')
bind$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)

[  871.770999][T27303]  ? __read_once_size+0x45/0xd0
[  871.771016][T27303]  ? ktime_get+0x1c9/0x210
[  871.771037][T27303]  bpf_test_run+0x250/0x560
[  871.771082][T27303]  bpf_prog_test_run_skb+0x668/0xad0
02:21:30 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306225, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:30 executing program 3 (fault-call:1 fault-nth:13):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  871.771121][T27303]  ? bpf_prog_test_run_tracing+0x380/0x380
[  871.771141][T27303]  __do_sys_bpf+0x1c4d/0x3100
[  871.771170][T27303]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  871.771189][T27303]  ? __this_cpu_preempt_check+0x3c/0x130
[  871.771207][T27303]  ? __sb_end_write+0xc2/0x120
02:21:30 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
ioctl$LOOP_SET_BLOCK_SIZE(0xffffffffffffffff, 0x4c09, 0x6)

[  871.771254][T27303]  __x64_sys_bpf+0x47/0x60
[  871.771278][T27303]  do_syscall_64+0xc7/0x3b0
[  871.771299][T27303]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  871.771371][T27303] RIP: 0033:0x45ca69
[  871.771419][T27303] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  871.771429][T27303] RSP: 002b:00007f78368d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  871.771448][T27303] RAX: ffffffffffffffda RBX: 00000000004da540 RCX: 000000000045ca69
[  871.771458][T27303] RDX: 0000000000000028 RSI: 0000000020000740 RDI: 000000000000000a
[  871.771468][T27303] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  871.771477][T27303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  871.771488][T27303] R13: 000000000000005b R14: 00000000004c31cb R15: 00007f78368d16d4
[  871.781834][T27307] binder: 27298:27307 ioctl c0306208 20000240 returned -22
[  871.803379][T27313] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1.
[  871.919627][T27325] FAULT_INJECTION: forcing a failure.
[  871.919627][T27325] name failslab, interval 1, probability 0, space 0, times 0
[  871.919650][T27325] CPU: 1 PID: 27325 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  871.919659][T27325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  871.919701][T27325] Call Trace:
[  871.919728][T27325]  dump_stack+0x11d/0x187
[  871.919766][T27325]  should_fail.cold+0x5/0xf
[  871.919794][T27325]  __should_failslab+0x82/0xb0
[  871.919839][T27325]  should_failslab+0x5/0xf
[  871.919920][T27325]  kmem_cache_alloc_node_trace+0x37/0x610
[  871.919939][T27325]  ? __this_cpu_preempt_check+0x3c/0x130
[  871.919958][T27325]  ? __local_bh_enable_ip+0x2e/0x80
[  871.919999][T27325]  ? __dev_queue_xmit+0x574/0x1810
[  871.920026][T27325]  __kmalloc_reserve.isra.0+0x43/0xd0
[  871.920048][T27325]  pskb_expand_head+0x107/0x860
[  871.920115][T27325]  ? __skb_clone+0x30b/0x360
[  871.920149][T27325]  skb_ensure_writable+0x1b4/0x270
[  871.920179][T27325]  bpf_clone_redirect+0xd2/0x1f0
[  871.920205][T27325]  bpf_prog_bb15b996d00816f9+0x5c/0xc58
[  871.920228][T27325]  ? unpack_profile+0x14b0/0x1b10
[  871.920255][T27325]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  871.920327][T27325]  ? __rcu_read_unlock+0x77/0x390
[  871.920347][T27325]  ? mntput_no_expire+0xae/0x540
[  871.920369][T27325]  ? mntput+0x5a/0x80
[  871.920394][T27325]  ? terminate_walk+0x1b8/0x240
[  871.920413][T27325]  ? path_openat+0x462/0x23d0
[  871.920505][T27325]  ? should_fail+0x7c/0x2fd
[  871.920548][T27325]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  871.920564][T27325]  ? __read_once_size+0x45/0xd0
[  871.920584][T27325]  ? ktime_get+0x1c9/0x210
[  871.920606][T27325]  bpf_test_run+0x250/0x560
[  871.920630][T27325]  bpf_prog_test_run_skb+0x668/0xad0
[  871.920651][T27325]  ? bpf_prog_test_run_tracing+0x380/0x380
[  871.920668][T27325]  __do_sys_bpf+0x1c4d/0x3100
[  871.920761][T27325]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  871.920776][T27325]  ? __this_cpu_preempt_check+0x3c/0x130
[  871.920791][T27325]  ? __sb_end_write+0xc2/0x120
[  871.920843][T27325]  __x64_sys_bpf+0x47/0x60
[  871.920868][T27325]  do_syscall_64+0xc7/0x3b0
[  871.920891][T27325]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  871.920904][T27325] RIP: 0033:0x45ca69
[  871.920928][T27325] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  871.920938][T27325] RSP: 002b:00007f78368d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  871.920955][T27325] RAX: ffffffffffffffda RBX: 00000000004da540 RCX: 000000000045ca69
[  871.920966][T27325] RDX: 0000000000000028 RSI: 0000000020000740 RDI: 000000000000000a
[  871.920976][T27325] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  871.920985][T27325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  871.920994][T27325] R13: 000000000000005b R14: 00000000004c31cb R15: 00007f78368d16d4
[  871.943584][T27326] binder: 27322:27326 ioctl c030620c 20000240 returned -22
[  872.103078][T27331] binder: 27328:27331 ioctl c0306225 20000240 returned -22
[  872.156886][T27334] FAULT_INJECTION: forcing a failure.
[  872.156886][T27334] name failslab, interval 1, probability 0, space 0, times 0
[  872.156904][T27334] CPU: 1 PID: 27334 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  872.156912][T27334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  872.156989][T27334] Call Trace:
[  872.157017][T27334]  dump_stack+0x11d/0x187
[  872.157038][T27334]  should_fail.cold+0x5/0xf
[  872.157090][T27334]  __should_failslab+0x82/0xb0
[  872.157109][T27334]  should_failslab+0x5/0xf
[  872.157127][T27334]  kmem_cache_alloc+0x23/0x5e0
[  872.157144][T27334]  ? __this_cpu_preempt_check+0x3c/0x130
[  872.157310][T27334]  skb_clone+0xf4/0x280
[  872.157339][T27334]  bpf_clone_redirect+0x8d/0x1f0
[  872.157362][T27334]  bpf_prog_bb15b996d00816f9+0x5c/0x59c
[  872.157386][T27334]  ? unpack_profile+0x14b0/0x1b10
[  872.157413][T27334]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  872.157432][T27334]  ? __rcu_read_unlock+0x77/0x390
[  872.157451][T27334]  ? mntput_no_expire+0xae/0x540
[  872.157469][T27334]  ? mntput+0x5a/0x80
[  872.157523][T27334]  ? terminate_walk+0x1b8/0x240
[  872.157546][T27334]  ? path_openat+0x462/0x23d0
[  872.157565][T27334]  ? should_fail+0x7c/0x2fd
[  872.157586][T27334]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  872.157601][T27334]  ? __read_once_size+0x45/0xd0
[  872.157619][T27334]  ? ktime_get+0x1c9/0x210
[  872.157640][T27334]  bpf_test_run+0x250/0x560
[  872.157667][T27334]  bpf_prog_test_run_skb+0x668/0xad0
[  872.157749][T27334]  ? bpf_prog_test_run_tracing+0x380/0x380
[  872.157766][T27334]  __do_sys_bpf+0x1c4d/0x3100
[  872.157788][T27334]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  872.157803][T27334]  ? __this_cpu_preempt_check+0x3c/0x130
[  872.157889][T27334]  ? __sb_end_write+0xc2/0x120
[  872.157930][T27334]  __x64_sys_bpf+0x47/0x60
[  872.157952][T27334]  do_syscall_64+0xc7/0x3b0
[  872.157974][T27334]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  872.157987][T27334] RIP: 0033:0x45ca69
[  872.158010][T27334] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  872.158019][T27334] RSP: 002b:00007f78368d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  872.158035][T27334] RAX: ffffffffffffffda RBX: 00000000004da540 RCX: 000000000045ca69
[  872.158045][T27334] RDX: 0000000000000028 RSI: 0000000020000740 RDI: 000000000000000a
[  872.158055][T27334] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  872.158105][T27334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  872.158116][T27334] R13: 000000000000005b R14: 00000000004c31cb R15: 00007f78368d16d4
02:21:32 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x4000, 0x0)

02:21:32 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306250, &(0x7f0000000240)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:32 executing program 3 (fault-call:1 fault-nth:14):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:32 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$LOOP_SET_FD(r0, 0x4c00, r2)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

02:21:32 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x4c00, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:21:32 executing program 5:
r0 = socket$inet6(0xa, 0x401000000001, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x11, r2, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
setresuid(0x0, 0x0, 0xee00)
fsetxattr$security_capability(0xffffffffffffffff, &(0x7f00000001c0)='security.capability\x00', &(0x7f0000000280)=@v3={0x3000000, [{0x7, 0x5}, {0x6, 0x8}]}, 0x18, 0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$smc(&(0x7f0000000040)='SMC_PNETID\x00')
sendmsg$SMC_PNETID_GET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x14, r6, 0x1}, 0x14}}, 0x0)
sendmsg$SMC_PNETID_ADD(r4, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x6c, r6, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}]}, 0x6c}}, 0x44)
close(r0)
syz_open_procfs(0x0, &(0x7f00000002c0)='comm\x00')
r7 = open(&(0x7f0000000400)='./bus\x00', 0x1141042, 0x0)
r8 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r8, 0x208200)
sendfile(r0, r7, 0x0, 0x800000000052)

[  874.796548][T27356] binder: 27350:27356 ioctl c0306250 20000240 returned -22
[  874.800965][T27358] FAULT_INJECTION: forcing a failure.
[  874.800965][T27358] name failslab, interval 1, probability 0, space 0, times 0
[  874.816647][T27358] CPU: 1 PID: 27358 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  874.825315][T27358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  874.835361][T27358] Call Trace:
[  874.838717][T27358]  dump_stack+0x11d/0x187
[  874.843147][T27358]  should_fail.cold+0x5/0xf
[  874.847659][T27358]  __should_failslab+0x82/0xb0
[  874.852429][T27358]  should_failslab+0x5/0xf
[  874.856933][T27358]  kmem_cache_alloc_node_trace+0x37/0x610
[  874.862660][T27358]  ? __this_cpu_preempt_check+0x3c/0x130
[  874.868433][T27358]  ? __local_bh_enable_ip+0x2e/0x80
[  874.873668][T27358]  ? __dev_queue_xmit+0x574/0x1810
[  874.878790][T27358]  __kmalloc_reserve.isra.0+0x43/0xd0
[  874.884178][T27358]  pskb_expand_head+0x107/0x860
[  874.889040][T27358]  ? __skb_clone+0x30b/0x360
02:21:33 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x50, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  874.893643][T27358]  skb_ensure_writable+0x1b4/0x270
[  874.898785][T27358]  bpf_clone_redirect+0xd2/0x1f0
[  874.903729][T27358]  bpf_prog_bb15b996d00816f9+0x5c/0xab4
[  874.909273][T27358]  ? unpack_profile+0x14b0/0x1b10
[  874.914300][T27358]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  874.920258][T27358]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  874.926357][T27358]  ? __this_cpu_preempt_check+0x3c/0x130
[  874.932140][T27358]  ? __perf_event_task_sched_in+0x150/0x3a0
[  874.938042][T27358]  ? __perf_event_task_sched_out+0x158/0xaa0
[  874.944167][T27358]  ? _raw_spin_unlock_irq+0x55/0x80
[  874.949371][T27358]  ? finish_task_switch+0x7b/0x260
[  874.954525][T27358]  ? __switch_to+0x13a/0x470
[  874.959132][T27358]  ? preempt_count_add+0x63/0x90
[  874.964075][T27358]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[  874.969889][T27358]  ? rcu_preempt_deferred_qs_irqrestore+0x358/0x540
[  874.976492][T27358]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  874.982390][T27358]  ? __read_once_size+0x45/0xd0
[  874.987252][T27358]  ? ktime_get+0x1c9/0x210
[  874.991673][T27358]  bpf_test_run+0x250/0x560
[  874.996349][T27358]  bpf_prog_test_run_skb+0x668/0xad0
[  875.001787][T27358]  ? bpf_prog_test_run_tracing+0x380/0x380
[  875.007713][T27358]  __do_sys_bpf+0x1c4d/0x3100
[  875.012402][T27358]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  875.018294][T27358]  ? __this_cpu_preempt_check+0x3c/0x130
[  875.023944][T27358]  ? __sb_end_write+0xc2/0x120
[  875.028789][T27358]  __x64_sys_bpf+0x47/0x60
[  875.033218][T27358]  do_syscall_64+0xc7/0x3b0
[  875.033239][T27358]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  875.033251][T27358] RIP: 0033:0x45ca69
[  875.033274][T27358] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  875.033283][T27358] RSP: 002b:00007f78368d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  875.033364][T27358] RAX: ffffffffffffffda RBX: 00000000004da540 RCX: 000000000045ca69
[  875.033373][T27358] RDX: 0000000000000028 RSI: 0000000020000740 RDI: 000000000000000a
[  875.033396][T27358] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  875.099673][T27358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  875.107643][T27358] R13: 000000000000005b R14: 00000000004c31cb R15: 00007f78368d16d4
[  875.154731][   T27] audit: type=1800 audit(1591064493.256:604): pid=27367 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="" name="bus" dev="sda1" ino=16017 res=0
[  875.189405][T27371] binder: 27361:27371 ioctl c0306201 20000240 returned -14
02:21:33 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x2, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:33 executing program 5:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000ddc1517600"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000200)=0x2)
read(r1, 0x0, 0x6c05)
dup3(r1, r0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000ddc1517600"})
syz_open_pts(r2, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000200)=0x2)
read(0xffffffffffffffff, 0x0, 0x6c05)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000640))
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000100)={0x8, 0xf7, 0x1f, 0x0, 0x46, 0x2, 0x1, 0x6, 0x0, 0x2, 0x0, 0xfa, 0x0, 0x3, 0x6, 0xff, 0x0, 0x20, 0x80, [], 0x1f})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$SIOCSIFHWADDR(r4, 0x8924, &(0x7f0000000000)={'veth1_virt_wifi\x00', @random="5f06bf054180"})

[  875.281097][T27373] binder: 27372:27373 unknown command 81992
[  875.288182][T27373] binder: 27372:27373 ioctl c0306201 20000240 returned -22
02:21:33 executing program 3 (fault-call:1 fault-nth:15):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:33 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x3, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  875.421149][T27379] FAULT_INJECTION: forcing a failure.
[  875.421149][T27379] name failslab, interval 1, probability 0, space 0, times 0
[  875.433943][T27379] CPU: 0 PID: 27379 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  875.442611][T27379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  875.446335][T27375] serio: Serial port pts0
[  875.452659][T27379] Call Trace:
[  875.452688][T27379]  dump_stack+0x11d/0x187
[  875.452712][T27379]  should_fail.cold+0x5/0xf
[  875.452742][T27379]  __should_failslab+0x82/0xb0
[  875.473994][T27379]  should_failslab+0x5/0xf
[  875.478495][T27379]  kmem_cache_alloc+0x23/0x5e0
[  875.483265][T27379]  ? __this_cpu_preempt_check+0x3c/0x130
[  875.488903][T27379]  skb_clone+0xf4/0x280
[  875.493140][T27379]  bpf_clone_redirect+0x8d/0x1f0
[  875.498143][T27379]  bpf_prog_bb15b996d00816f9+0x5c/0x89c
[  875.503769][T27379]  ? unpack_profile+0x14b0/0x1b10
[  875.508908][T27379]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  875.514821][T27379]  ? __rcu_read_unlock+0x77/0x390
[  875.519850][T27379]  ? mntput_no_expire+0xae/0x540
[  875.524794][T27379]  ? mntput+0x5a/0x80
[  875.528915][T27379]  ? terminate_walk+0x1b8/0x240
[  875.533955][T27379]  ? path_openat+0x462/0x23d0
[  875.538639][T27379]  ? should_fail+0x7c/0x2fd
[  875.543178][T27379]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  875.549077][T27379]  ? __read_once_size+0x45/0xd0
[  875.553933][T27379]  ? ktime_get+0x1c9/0x210
[  875.558367][T27379]  bpf_test_run+0x250/0x560
[  875.562884][T27379]  bpf_prog_test_run_skb+0x668/0xad0
[  875.568208][T27379]  ? bpf_prog_test_run_tracing+0x380/0x380
[  875.574023][T27379]  __do_sys_bpf+0x1c4d/0x3100
[  875.578778][T27379]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  875.584674][T27379]  ? __this_cpu_preempt_check+0x3c/0x130
[  875.590312][T27379]  ? __sb_end_write+0xc2/0x120
[  875.595132][T27379]  __x64_sys_bpf+0x47/0x60
[  875.599560][T27379]  do_syscall_64+0xc7/0x3b0
[  875.604117][T27379]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  875.610008][T27379] RIP: 0033:0x45ca69
[  875.613911][T27379] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  875.633514][T27379] RSP: 002b:00007f78368d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  875.641930][T27379] RAX: ffffffffffffffda RBX: 00000000004da540 RCX: 000000000045ca69
[  875.649903][T27379] RDX: 0000000000000028 RSI: 0000000020000740 RDI: 000000000000000a
[  875.657871][T27379] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
02:21:33 executing program 5:
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x2000, 0x0)
ioctl$TUNDETACHFILTER(r0, 0x401054d6, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r2, r1, 0x2}, 0x10)
socket$kcm(0x2, 0x200000000000001, 0x0)

[  875.665841][T27379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  875.673812][T27379] R13: 000000000000005b R14: 00000000004c31cb R15: 00007f78368d16d4
[  875.696180][T27385] binder: 27353:27385 ioctl 8912 400200 returned -22
[  875.753764][T27388] binder: 27381:27388 unknown command 320
[  875.775070][T27388] binder: 27381:27388 ioctl c0306201 20000240 returned -22
02:21:36 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x60ff, 0x0)

02:21:36 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x6000, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:21:36 executing program 5:
syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ppp\x00', 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x120000, 0x1000}, 0x20)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f00000004c0)=0x80, 0x4)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4)
r1 = socket(0x100000000011, 0x2, 0x0)
bind(r1, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e2526f0c0900000036005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000001000101013c5811039e17775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c0001000000f3ffff2f43740000000000000006ad8e5ecc326d3a0000c2c65400"}, 0x80)
getsockname$packet(r1, &(0x7f0000000240)={0x11, 0x0, <r2=>0x0}, &(0x7f00000002c0)=0x14)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f00000001c0)=0x400, 0x4)
bind$xdp(r0, &(0x7f0000000900)={0x2c, 0xa, r2}, 0x10)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000002200)={0x1ff}, &(0x7f0000000200), 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
sendmsg$AUDIT_USER_TTY(r4, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000100)={0x20, 0x464, 0x400, 0x70bd2a, 0x7, "778474323e00a16ef2476ac882b2", [""]}, 0x20}}, 0x20000800)

02:21:36 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x4, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:36 executing program 3 (fault-call:1 fault-nth:16):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:36 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
r1 = gettid()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
r2 = gettid()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = gettid()
ptrace$setopts(0x4206, r3, 0x0, 0x0)
clone3(&(0x7f0000000300)={0x80801000, &(0x7f0000000000), &(0x7f00000000c0), &(0x7f0000000100), {0x3b}, &(0x7f0000000200)=""/163, 0xa3, &(0x7f0000000140)=""/97, &(0x7f00000002c0)=[r1, r2, r3], 0x3, {r0}}, 0x58)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f0000000400)={&(0x7f0000000380)="2bcf9e0d014c391dad2c8587db5e0b5d50e222956ec252c308ae2d4350ff08953c3856ef76059b3514bd0b9163942f753a355f4ab728b30a0fd64e4aaa61bb928a3338e5e892dceffc5d3c2a0229eaf3b9", 0x51, <r4=>0x1})
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r0, 0xc01064ac, &(0x7f0000000540)={r4, 0xdb, &(0x7f0000000440)=""/219})

[  878.076867][T27406] FAULT_INJECTION: forcing a failure.
[  878.076867][T27406] name failslab, interval 1, probability 0, space 0, times 0
[  878.089536][T27406] CPU: 1 PID: 27406 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  878.098207][T27406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  878.108306][T27406] Call Trace:
[  878.111620][T27406]  dump_stack+0x11d/0x187
[  878.115960][T27406]  should_fail.cold+0x5/0xf
[  878.120502][T27406]  __should_failslab+0x82/0xb0
[  878.125262][T27406]  should_failslab+0x5/0xf
[  878.129684][T27406]  kmem_cache_alloc_node_trace+0x37/0x610
[  878.135409][T27406]  ? __this_cpu_preempt_check+0x3c/0x130
[  878.141037][T27406]  ? __local_bh_enable_ip+0x2e/0x80
[  878.146237][T27406]  ? __dev_queue_xmit+0x574/0x1810
[  878.151355][T27406]  __kmalloc_reserve.isra.0+0x43/0xd0
[  878.156861][T27406]  pskb_expand_head+0x107/0x860
[  878.161826][T27406]  ? __skb_clone+0x30b/0x360
[  878.166416][T27406]  skb_ensure_writable+0x1b4/0x270
[  878.171531][T27406]  bpf_clone_redirect+0xd2/0x1f0
02:21:36 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x7900, 0x0)

[  878.176480][T27406]  bpf_prog_bb15b996d00816f9+0x5c/0xf64
[  878.182119][T27406]  ? unpack_profile+0x14b0/0x1b10
[  878.187153][T27406]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  878.193048][T27406]  ? __rcu_read_unlock+0x77/0x390
[  878.198126][T27406]  ? mntput_no_expire+0xae/0x540
[  878.203145][T27406]  ? mntput+0x5a/0x80
[  878.207144][T27406]  ? terminate_walk+0x1b8/0x240
[  878.212003][T27406]  ? path_openat+0x462/0x23d0
[  878.216724][T27406]  ? should_fail+0x7c/0x2fd
[  878.221239][T27406]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  878.227139][T27406]  ? __read_once_size+0x45/0xd0
[  878.231994][T27406]  ? ktime_get+0x1c9/0x210
[  878.236468][T27406]  bpf_test_run+0x250/0x560
[  878.241061][T27406]  bpf_prog_test_run_skb+0x668/0xad0
[  878.246354][T27406]  ? bpf_prog_test_run_tracing+0x380/0x380
[  878.252159][T27406]  __do_sys_bpf+0x1c4d/0x3100
[  878.256846][T27406]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  878.262745][T27406]  ? __this_cpu_preempt_check+0x3c/0x130
[  878.268378][T27406]  ? __sb_end_write+0xc2/0x120
[  878.273187][T27406]  __x64_sys_bpf+0x47/0x60
[  878.277622][T27406]  do_syscall_64+0xc7/0x3b0
[  878.282135][T27406]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  878.288073][T27406] RIP: 0033:0x45ca69
[  878.292020][T27406] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  878.311627][T27406] RSP: 002b:00007f78368d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  878.320034][T27406] RAX: ffffffffffffffda RBX: 00000000004da540 RCX: 000000000045ca69
[  878.328050][T27406] RDX: 0000000000000028 RSI: 0000000020000740 RDI: 000000000000000a
[  878.336126][T27406] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  878.344098][T27406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  878.352109][T27406] R13: 000000000000005b R14: 00000000004c31cb R15: 00007f78368d16d4
[  878.365761][T27400] binder: 27398:27400 unknown command 1
[  878.371549][T27400] binder: 27398:27400 ioctl c0306201 20000240 returned -22
02:21:36 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x5, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:36 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/ignore_tunneled\x00', 0x2, 0x0)
openat$pidfd(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self\x00', 0x4100, 0x0)

02:21:36 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0xffff]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000640))
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_emit_ethernet(0x7e, &(0x7f0000000000)=ANY=[], 0x0)

02:21:36 executing program 3 (fault-call:1 fault-nth:17):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:36 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x8, 0xdb, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_config_ext={0x0, 0x4}, 0x0, 0x0, 0xfffffffe, 0x0, 0x3, 0x3}, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
fcntl$setpipe(r1, 0x407, 0x2)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

[  878.496729][T27425] binder: 27423:27425 unknown command 0
[  878.517511][T27425] binder: 27423:27425 ioctl c0306201 20000240 returned -22
[  878.606772][T27434] FAULT_INJECTION: forcing a failure.
[  878.606772][T27434] name failslab, interval 1, probability 0, space 0, times 0
[  878.619596][T27434] CPU: 0 PID: 27434 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
[  878.628282][T27434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  878.638336][T27434] Call Trace:
[  878.641639][T27434]  dump_stack+0x11d/0x187
[  878.645961][T27434]  should_fail.cold+0x5/0xf
[  878.650462][T27434]  __should_failslab+0x82/0xb0
[  878.655220][T27434]  should_failslab+0x5/0xf
[  878.659858][T27434]  kmem_cache_alloc+0x23/0x5e0
[  878.664731][T27434]  ? __this_cpu_preempt_check+0x3c/0x130
[  878.670358][T27434]  skb_clone+0xf4/0x280
[  878.674513][T27434]  bpf_clone_redirect+0x8d/0x1f0
[  878.679445][T27434]  bpf_prog_bb15b996d00816f9+0x5c/0xf50
[  878.685043][T27434]  ? unpack_profile+0x14b0/0x1b10
[  878.690140][T27434]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  878.696025][T27434]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  878.701915][T27434]  ? __this_cpu_preempt_check+0x3c/0x130
[  878.707693][T27434]  ? __perf_event_task_sched_in+0x150/0x3a0
[  878.713580][T27434]  ? __perf_event_task_sched_out+0x158/0xaa0
[  878.719597][T27434]  ? _raw_spin_unlock_irq+0x55/0x80
[  878.724784][T27434]  ? finish_task_switch+0x7b/0x260
[  878.729880][T27434]  ? __switch_to+0x13a/0x470
[  878.734460][T27434]  ? preempt_count_add+0x63/0x90
[  878.739471][T27434]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[  878.745359][T27434]  ? rcu_preempt_deferred_qs_irqrestore+0x358/0x540
[  878.751959][T27434]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  878.757902][T27434]  ? __read_once_size+0x45/0xd0
[  878.762814][T27434]  ? ktime_get+0x1c9/0x210
[  878.767227][T27434]  bpf_test_run+0x250/0x560
[  878.771733][T27434]  bpf_prog_test_run_skb+0x668/0xad0
[  878.777095][T27434]  ? bpf_prog_test_run_tracing+0x380/0x380
[  878.782899][T27434]  __do_sys_bpf+0x1c4d/0x3100
[  878.787641][T27434]  ? __sanitizer_cov_trace_switch+0x45/0x70
[  878.793537][T27434]  ? __this_cpu_preempt_check+0x3c/0x130
[  878.799219][T27434]  ? __sb_end_write+0xc2/0x120
[  878.804046][T27434]  __x64_sys_bpf+0x47/0x60
[  878.808458][T27434]  do_syscall_64+0xc7/0x3b0
[  878.812958][T27434]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  878.818833][T27434] RIP: 0033:0x45ca69
[  878.822783][T27434] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  878.842392][T27434] RSP: 002b:00007f78368d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
02:21:37 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x6, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  878.850906][T27434] RAX: ffffffffffffffda RBX: 00000000004da540 RCX: 000000000045ca69
[  878.858863][T27434] RDX: 0000000000000028 RSI: 0000000020000740 RDI: 000000000000000a
[  878.866820][T27434] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  878.874781][T27434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  878.882850][T27434] R13: 000000000000005b R14: 00000000004c31cb R15: 00007f78368d16d4
02:21:37 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x60ff, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:21:37 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0xffff]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000640))
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_emit_ethernet(0x7e, &(0x7f0000000000)=ANY=[], 0x0)

02:21:37 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x97, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$DRM_IOCTL_GET_MAP(r2, 0xc0286404, &(0x7f00000000c0)={&(0x7f0000ff2000/0xe000)=nil, 0x1a000000, 0x1, 0x2, &(0x7f0000ff6000/0x4000)=nil, 0xffffde2e})

[  879.027020][T27445] binder: 27444:27445 unknown command 0
[  879.039289][T27445] binder: 27444:27445 ioctl c0306201 20000240 returned -22
02:21:37 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x7, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:37 executing program 5:
unshare(0x40000000)
r0 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$USBDEVFS_RELEASE_PORT(r0, 0x80045519, &(0x7f0000000140)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f00000002c0)=""/200)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$SNDCTL_DSP_SPEED(r5, 0xc0045002, &(0x7f0000000100)=0x800)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xe)
r6 = msgget$private(0x0, 0xa)
msgctl$MSG_INFO(r6, 0xc, &(0x7f0000000080)=""/13)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78)
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0)
ioctl$EVIOCGPROP(r7, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$PPPIOCSFLAGS1(r7, 0x80047458, &(0x7f0000000000))

[  879.177456][T27458] binder: 27456:27458 unknown command 0
[  879.189729][T27458] binder: 27456:27458 ioctl c0306201 20000240 returned -22
[  879.261423][T27460] IPVS: ftp: loaded support on port[0] = 21
[  879.570455][T27460] IPVS: ftp: loaded support on port[0] = 21
[  879.872866][    T7] tipc: TX() has been purged, node left!
02:21:39 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x7e00, 0x0)

02:21:39 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1ff, 0x20601)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

02:21:39 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x18, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:39 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:39 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2}, 0x1c)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x2, 0x30, 0x0, "000000400000040000000000000000000000000000020000000000000000000089506108ec5d366a0000002300000000000000000000000000000000eaffff00"}, 0xd8)
sendto$inet6(r0, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x4fe80}, 0x1c)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100), &(0x7f00000002c0)=0x14)
pipe(&(0x7f00000001c0)={<r1=>0xffffffffffffffff})
pidfd_send_signal(r1, 0x10, &(0x7f0000000200)={0x1b, 0x7f, 0xa6}, 0x0)
bind(0xffffffffffffffff, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000280)={&(0x7f0000000000)=""/5, 0x20000, 0x1000, 0x6}, 0x20)
bind(0xffffffffffffffff, 0x0, 0x0)

02:21:39 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x6800, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  881.212787][    T7] tipc: TX() has been purged, node left!
02:21:39 executing program 1:
r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x200802, 0x0)
ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, &(0x7f0000000140)={0x4, 0x7b, &(0x7f00000000c0)="d8c4ea12c2cdf7849c9bed2177c2e52ebe511b545d6b2126190497ee36baf5d7cc7e3095753cff0ffc82fade2206686173ce5a8d5a4d7b474dd4c82f4eff364cf2e2f3914712b4dad5c312a6ca2aac65548237f7dc98a6f95a76e63cbdca5454ab6d2cc411bf24537aa2e50e3db54c436de0676b2bd4edde3b1830"})
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r0, 0xc2604111, &(0x7f0000000200)={0x2, [[0x2, 0xa04443, 0x9, 0x2, 0x99, 0x9, 0xe4bd, 0x8], [0x200, 0x8, 0x6, 0x6, 0x7f, 0xc2, 0xe918, 0x7fff], [0x1, 0x3, 0x10001, 0x3, 0x17b8, 0x0, 0x80, 0xd222]], [], [{0x7ff, 0x9, 0x0, 0x1, 0x0, 0x1}, {0x200, 0x1, 0x1, 0x1, 0x1, 0x1}, {0x1000, 0x3ff, 0x0, 0x0, 0x1, 0x1}, {0x4, 0xffff8001, 0x1, 0x1, 0x1}, {0xffffff58, 0x1f, 0x0, 0x1, 0x1, 0x1}, {0x6, 0x101, 0x1, 0x0, 0x0, 0x1}, {0x8001, 0x2, 0x0, 0x0, 0x1, 0x1}, {0x1ff, 0x80000001, 0x0, 0x1, 0x1}, {0x80000001, 0xff, 0x1, 0x0, 0x1, 0x1}, {0x3, 0x77, 0x1, 0x0, 0x1}, {0x1000, 0xe000000, 0x0, 0x0, 0x1, 0x1}, {0x9, 0x6, 0x0, 0x0, 0x1, 0x1}], [], 0x7})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$ASHMEM_SET_NAME(r2, 0x41007701, &(0x7f0000000180)='&lo$)\x00')
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$NBD_SET_FLAGS(r5, 0xab0a, 0x80)
ioctl$RTC_EPOCH_READ(r3, 0xc0287c02, &(0x7f0000000040))

[  881.358771][T27526] binder: 27516:27526 unknown command 0
[  881.376613][T27526] binder: 27516:27526 ioctl c0306201 20000240 returned -22
02:21:39 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x38, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:39 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2}, 0x1c)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x2, 0x30, 0x0, "000000400000040000000000000000000000000000020000000000000000000089506108ec5d366a0000002300000000000000000000000000000000eaffff00"}, 0xd8)
sendto$inet6(r0, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x4fe80}, 0x1c)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100), &(0x7f00000002c0)=0x14)
pipe(&(0x7f00000001c0)={<r1=>0xffffffffffffffff})
pidfd_send_signal(r1, 0x10, &(0x7f0000000200)={0x1b, 0x7f, 0xa6}, 0x0)
bind(0xffffffffffffffff, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000280)={&(0x7f0000000000)=""/5, 0x20000, 0x1000, 0x6}, 0x20)
bind(0xffffffffffffffff, 0x0, 0x0)

02:21:39 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
socket$nl_netfilter(0x10, 0x3, 0xc)

02:21:39 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x2, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:39 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x1e, 0x0, 0x0, 0x0)
socket$inet6(0xa, 0x5, 0x3)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11b000})
perf_event_open(&(0x7f0000000440)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, 0x0, 0x2404c084)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f0000000240)="450f29f566b89d000f00d0c481a1ec41d466ba4200b84d000000ef430f792e2e420f01c1b988090000b800300000ba000000000f30650fc75e19c744240003000000c7442402c9a322a2c7442406000000000f011c24b9f8020000b8d1000000ba000000000f30", 0x67}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  881.522340][T27539] binder: 27538:27539 unknown command 0
[  881.541663][T27539] binder: 27538:27539 ioctl c0306201 20000240 returned -22
02:21:42 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0xb900, 0x0)

02:21:42 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x48, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:42 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)=@un=@abs, 0x80, &(0x7f0000000140)=[{&(0x7f0000000000)=""/52, 0x34}], 0x1, &(0x7f0000000180)=""/47, 0x2f}, 0x10061)
syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
unshare(0x8000400)
r0 = syz_open_dev$dri(&(0x7f00000001c0)='/dev/dri/card#\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@ipv6_getnetconf={0x44, 0x52, 0x0, 0x70bd29, 0x25dfdbfd, {}, [@NETCONFA_IFINDEX={0x8}, @NETCONFA_FORWARDING={0x8, 0x2, 0xd0c5}, @NETCONFA_FORWARDING={0x8, 0x2, 0x7f}, @NETCONFA_RP_FILTER={0x8}, @NETCONFA_FORWARDING={0x8, 0x2, 0x7}, @NETCONFA_PROXY_NEIGH={0x8, 0x5, 0x1ff}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r1, 0x8982, &(0x7f0000000000)={0x0, 'virt_wifi0\x00', {}, 0x8})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gre={{0x8, 0x1, 'gre\x00'}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x3c}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440)='ethtool\x00')
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01000000000000000000030000001800018004ec0002006970766c616e30000000000000000000c715767cb54f68d342466a30c0ca4bd259675d1acc5a6ea6b31e4a0dc429e74d2054495858ef07581f53f5d89e4108023ce45eadcbeebc9afc366c858e7c9dfe1e6d9e5bea5425b71fc00e795d804d"], 0x2c}}, 0x0)
getsockname$packet(r1, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
r5 = socket(0x200000000000011, 0x3, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r7=>0x0})
bind$packet(r5, &(0x7f0000000240)={0x11, 0x0, r7}, 0x14)
getsockname$packet(r5, &(0x7f0000000500), &(0x7f0000000040)=0x10eef0f1)

02:21:42 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x3, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:42 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x6c00, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:21:42 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000380))
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x1e, 0x0, 0x0, 0x0)
socket$inet6(0xa, 0x5, 0x3)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x11b000})
perf_event_open(&(0x7f0000000440)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, 0x0, 0x2404c084)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f0000000240)="450f29f566b89d000f00d0c481a1ec41d466ba4200b84d000000ef430f792e2e420f01c1b988090000b800300000ba000000000f30650fc75e19c744240003000000c7442402c9a322a2c7442406000000000f011c24b9f8020000b8d1000000ba000000000f30", 0x67}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  884.379555][T27581] binder: 27579:27581 unknown command 0
[  884.393938][T27581] binder: 27579:27581 ioctl c0306201 20000240 returned -22
02:21:42 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x4c, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  884.460402][T27588] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
02:21:42 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x4, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  884.501335][T27594] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[  884.566594][T27604] binder: 27596:27604 ioctl c0306201 20000240 returned -14
02:21:42 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_config_ext={0x0, 0x5}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x60800, 0x20)
setsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f00000000c0)=0x80, 0x4)
r1 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
fcntl$setstatus(r0, 0x4, 0x800)
ioctl$RTC_EPOCH_READ(r1, 0xc0287c02, &(0x7f0000000040))

02:21:42 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x50, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:42 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x5, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:42 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x60, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  884.706309][T27612] binder: 27610:27612 ioctl c0306201 20000240 returned -14
[  884.835605][T27620] binder: 27617:27620 ioctl c0306201 20000240 returned -14
02:21:45 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x400000, 0x0)

02:21:45 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000000))
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r1, &(0x7f0000000040)="9e", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x1f}, 0x1c)
r2 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r3}, 0x10)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r3, 0xc0}, &(0x7f0000000100)=0x8)

02:21:45 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x6, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:45 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x68, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:45 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x7400, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:21:45 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
truncate(&(0x7f00000000c0)='./bus\x00', 0x1000)
r1 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0xa1)
lseek(0xffffffffffffffff, 0x0, 0x2)
r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r2, 0x4, 0x42000)
r3 = socket$packet(0x11, 0x0, 0x300)
setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000300)={0x0, @loopback, @remote}, 0xc)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)={0x0, @remote, @empty}, &(0x7f0000000100)=0xc)
setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0)
ioctl$FICLONE(r3, 0x40049409, 0xffffffffffffffff)
syz_genetlink_get_family_id$team(&(0x7f0000000840)='team\x00')
bind$alg(0xffffffffffffffff, 0x0, 0x0)
open(&(0x7f0000000000)='./bus\x00', 0x400100, 0x8)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000074000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c]}, @empty, @loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40840100})
perf_event_open(&(0x7f0000000040)={0x1, 0xa8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x52}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, r1, 0x0, 0x0)

02:21:45 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x7, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  887.566119][T27647] binder: 27639:27647 ioctl c0306201 20000240 returned -14
[  887.591310][   T27] audit: type=1804 audit(1591064505.686:605): pid=27648 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir160301940/syzkaller.iJNs2Z/814/bus" dev="sda1" ino=16378 res=1
02:21:45 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x8, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:45 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x6c, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  887.730885][   T27] audit: type=1804 audit(1591064505.826:606): pid=27656 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir160301940/syzkaller.iJNs2Z/814/bus" dev="sda1" ino=16378 res=1
02:21:45 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x9, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  887.835338][T27664] binder: 27658:27664 ioctl c0306201 20000240 returned -14
02:21:46 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xb, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:46 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x74, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  888.003366][T27677] binder: 27675:27677 ioctl c0306201 20000240 returned -14
02:21:48 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x407400, 0x0)

02:21:48 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
truncate(&(0x7f00000000c0)='./bus\x00', 0x1000)
r1 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0xa1)
lseek(0xffffffffffffffff, 0x0, 0x2)
r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r2, 0x4, 0x42000)
r3 = socket$packet(0x11, 0x0, 0x300)
setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000300)={0x0, @loopback, @remote}, 0xc)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)={0x0, @remote, @empty}, &(0x7f0000000100)=0xc)
setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0)
ioctl$FICLONE(r3, 0x40049409, 0xffffffffffffffff)
syz_genetlink_get_family_id$team(&(0x7f0000000840)='team\x00')
bind$alg(0xffffffffffffffff, 0x0, 0x0)
open(&(0x7f0000000000)='./bus\x00', 0x400100, 0x8)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000074000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}})
ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c]}, @empty, @loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40840100})
perf_event_open(&(0x7f0000000040)={0x1, 0xa8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x52}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r0, r1, 0x0, 0x0)

02:21:48 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xc, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:48 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x7a, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:48 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x7900, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:21:48 executing program 1:
r0 = perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
write$FUSE_NOTIFY_POLL(r2, &(0x7f0000000200)={0x18, 0x1, 0x0, {0x6f}}, 0x18)
r3 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r3, 0xc0287c02, &(0x7f0000000040))
r4 = gettid()
ptrace$setopts(0x4206, r4, 0x0, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x3, 0xe1, 0x3, 0x81, 0x0, 0xbcd, 0xd2fa4dbc7d28922e, 0x3, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, @perf_bp={&(0x7f0000000240)}, 0x400, 0x10001, 0x3, 0x7, 0x10001, 0x7ff, 0xf351}, r4, 0x2, r0, 0x2)
ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(r3, 0x40184150, &(0x7f0000000000)={0x0, &(0x7f00000000c0)="23db8b8fb1eee18fa4d8b086f7316c79a355ca9f1693317db8e1d11c580176a2b674cdc90c2bfd0264680ca6ae0f423a72a2c0611f5ffb1cc7a208f514bbcef3977fbd0d0f1106710ea3df84f156b0d405aec4829c1168d317e2e131404fef8b2be9a93fc44ff705f4851d095f0de5633a452a3bb749bf50a2e0838c33bd2c952afc97be972119a82fd4e612cb5e10bee2aeae5f152cac7f2ccecf55b6d888fcac6818c8e93f3d3841f765eee2d179ce6b6ea493c686aafa76d24342a617f0346bfffba8de934762ba570a502d7c4efdeb95ad1618f993a642cfa155e1b1344dbeed35b6b5e68fda480be0673e", 0xed})

[  890.572313][T27695] binder: 27693:27695 ioctl c0306201 20000240 returned -14
02:21:48 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xd, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  890.637378][   T27] audit: type=1804 audit(1591064508.736:607): pid=27699 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir160301940/syzkaller.iJNs2Z/815/bus" dev="sda1" ino=16348 res=1
02:21:48 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x5, 0x0, 0x0, 0x5, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x1, 0xffffffffffffff01}, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1, 0xfffd}, 0x0, 0x4, 0xffffffffffffffff, 0xa)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

02:21:48 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x300, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:48 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xe, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:48 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x40000000}}, 0x0, 0x5, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
getsockopt$inet_mtu(r2, 0x0, 0xa, &(0x7f0000000000), &(0x7f00000000c0)=0x4)

[  890.818862][T27711] binder: 27708:27711 ioctl c0306201 20000240 returned -14
02:21:48 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x500, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  890.995354][T27726] binder: 27724:27726 ioctl c0306201 20000240 returned -14
02:21:51 executing program 5:
socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10)
syz_open_dev$audion(0x0, 0x4, 0x40042)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000180), 0x52136a5252f3b2, 0x0)
pipe2(&(0x7f0000000300), 0x80000)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000640)='/dev/ttyS3\x00', 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)
write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0)
r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x20000, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7fffffff, 0x2}, 0x0, 0x492, 0x0, 0x7, 0xfffffffffffff000, 0x0, 0x3}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x2)
openat(0xffffffffffffffff, 0x0, 0x800, 0xcc)
fcntl$setstatus(r2, 0x4, 0x42000)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$PIO_SCRNMAP(r4, 0x4b41, &(0x7f00000000c0)="bd7c0a3156fef0dbca95042260ed7d7913a880eb81f6a78a4b092c49e4c77321693b1898b13c821b3e682b6564ef261b9d56febafd9d35cc273e8e2062753b7f0284de4f791923f895fe6d0b67c8cb5caf3e00dbab1a1a1bedbe893c9c429bcc0e429b67737e4b9f87570327c4ecd8bd3da52615915d4515c2d5c02a3b0c2b36b4527a5134a6e525b4d46e6af13c725bb68d43f8c1ada5f328")

02:21:51 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x53b000, 0x0)

02:21:51 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xf, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:51 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x600, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:51 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="180000000000000000000000e11b6483bcef43a10000080048c0ea7d40cba759a623f943e571fe6d200958cf0cfe1dfe36b072a3c71a4abc9d8e7ff99d1b0648238ef45cb5e85212d05d36d99dd823a8f99b10e63409ad7a75f7169b2ad5965032c5147aa6db5b6acd6cda140f7c587f811da602640ad3648b746cb311ee62b1c9c15dcfd3d820190b42d7dfa324403cfd16a9379ba9c8de9c715b68d93ff9f5b2168b0736d9b0bde7b3ec0c1e19211b71946c332c94a8e34ea38379020c2f285910dbdd67634fcf2b6f0ce683242430b057ce3720dfc5f1bf11b63e37e5a8957764c69162e98e02abf02c276bad03fa21fb3dcd36d0db45795eb952a8f827503c19c17020424e52808e4f7fa48f1b84f3dfb2773a00"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, [], 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000280)={r2, 0x8c, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=r3, 0x4)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000200)={r0, 0x10, &(0x7f0000000000)={&(0x7f00000000c0)=""/208, 0xd0, r3}}, 0x10)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = socket(0x10, 0x80002, 0x0)
connect$netlink(r5, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x2}, 0xc)
getpeername$packet(r5, &(0x7f00000000c0)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f0000000000)={r6, 0x1, 0x6}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r0, 0xc0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=0xfff, 0x0, <r7=>0x0, 0x0, &(0x7f0000000600)={0x6, 0x4}, 0x0, 0x0, &(0x7f0000000640)={0x0, 0xf, 0x8001, 0x7fff}, &(0x7f0000000680)=0x6, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=0x81}}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff})
timer_settime(0x0, 0x1, &(0x7f00000008c0), &(0x7f0000000900))
r9 = dup(r8)
ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xd, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000000380)='GPL\x00', 0x1, 0x74, &(0x7f00000004c0)=""/116, 0x40f00, 0x0, [], r6, 0x11, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000580)={0x1, 0x9, 0x40, 0x3}, 0x10, r7, r9}, 0x78)

02:21:51 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x7a00, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  893.701935][T27748] binder: 27743:27748 ioctl c0306201 20000240 returned -14
02:21:51 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x10, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:51 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$isdn_base(r2, &(0x7f0000000000)={0x22, 0x1, 0x80, 0x20}, 0x6)

02:21:51 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x700, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:51 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x11, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:52 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

[  893.967531][T27767] binder: 27763:27767 ioctl c0306201 20000240 returned -14
02:21:52 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x1800, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  894.172982][T27772] binder: 27771:27772 ioctl c0306201 20000240 returned -14
02:21:52 executing program 5:
socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10)
syz_open_dev$audion(0x0, 0x4, 0x40042)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000180), 0x52136a5252f3b2, 0x0)
pipe2(&(0x7f0000000300), 0x80000)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000640)='/dev/ttyS3\x00', 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)
write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0)
r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x20000, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7fffffff, 0x2}, 0x0, 0x492, 0x0, 0x7, 0xfffffffffffff000, 0x0, 0x3}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x2)
openat(0xffffffffffffffff, 0x0, 0x800, 0xcc)
fcntl$setstatus(r2, 0x4, 0x42000)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$PIO_SCRNMAP(r4, 0x4b41, &(0x7f00000000c0)="bd7c0a3156fef0dbca95042260ed7d7913a880eb81f6a78a4b092c49e4c77321693b1898b13c821b3e682b6564ef261b9d56febafd9d35cc273e8e2062753b7f0284de4f791923f895fe6d0b67c8cb5caf3e00dbab1a1a1bedbe893c9c429bcc0e429b67737e4b9f87570327c4ecd8bd3da52615915d4515c2d5c02a3b0c2b36b4527a5134a6e525b4d46e6af13c725bb68d43f8c1ada5f328")

02:21:54 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x73b000, 0x0)

02:21:54 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x12100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

02:21:54 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x12, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:54 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x2000, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:54 executing program 5:
perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
perf_event_open$cgroup(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x7, 0x0, 0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2b24}, 0x260, 0x0, 0x400, 0x0, 0x0, 0x0, 0x200}, 0xffffffffffffffff, 0x0, r0, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10)
mremap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = dup(r2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
setsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x1, &(0x7f0000000440)=0x9, 0x4)
r5 = dup(r4)
sendto$inet(r3, &(0x7f0000000340)="8ddef0f3bf3ab315dddb3060850e864d3e1ccf246a4798ec21c0096595aa0fac593ae8a9f1e16f1eb2375afc52806d6d431553e1cb727e480ee189792645ebb61505a1fb9652dd81edd46d92007c82a751cf1be4d277c80627fead4fccfdd695ba2b0e82e2929b0e6dd279a2310d8dc97c6260f84b7a72c332e3f96dc474f170a666b5ab50bcc0d4ddb74cf70b6195e812f186113bc6602e0a8fc9fca6ce7d45de47bec2505dc367a0340ad64be5a8ac158245b790967167c1c5737acc2c", 0xbe, 0x4000044, &(0x7f0000000400)={0x2, 0x4e21, @empty}, 0x10)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
setsockopt$inet_int(r5, 0x0, 0x1, &(0x7f0000000300)=0x81, 0x4)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
newfstatat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x400)
ioctl$TUNSETGROUP(r3, 0x400454ce, r6)
sendto$inet(r1, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
sendto$inet(r1, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x14280000003075)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000000)=0xff)

02:21:54 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x8100, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  896.742899][T27792] binder: 27789:27792 ioctl c0306201 20000240 returned -14
02:21:54 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x13, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:54 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x3800, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:54 executing program 1:
r0 = gettid()
ptrace$setopts(0x4206, r0, 0x0, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000180)='/dev/vcs#\x00', 0x3, 0x402800)
ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000200)={'syzkaller0\x00', 0x600})
r2 = getpgrp(r0)
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x8}}, r2, 0x11, 0xffffffffffffffff, 0x1)
r3 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
dup(r4)
getpeername(r4, &(0x7f00000000c0)=@sco={0x1f, @fixed}, &(0x7f0000000000)=0x80)
ioctl$RTC_EPOCH_READ(r3, 0xc0287c02, &(0x7f0000000040))

02:21:54 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x14, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:55 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x15, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:55 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x2475)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x80180, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket(0x10, 0x80002, 0x0)
connect$netlink(r3, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x2}, 0xc)
accept$packet(r0, &(0x7f0000000180), &(0x7f0000000200)=0x14)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
r7 = dup(r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
getpeername$packet(r7, &(0x7f0000000140)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000240)=0x14)
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000000)={r8, 0x1, 0x6}, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'lo\x00', r8})
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
ioctl$KIOCSOUND(r0, 0x4b2f, 0x200)

[  896.944780][T27812] binder: 27807:27812 ioctl c0306201 20000240 returned -14
02:21:57 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x744000, 0x0)

02:21:57 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x4000, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:57 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x16, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:57 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0xffff]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000640))
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
dup(r3)
r4 = fcntl$dupfd(r2, 0x0, r3)
ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f00000000c0)={[{0x7, 0x3ff, 0x80, 0x1, 0x81, 0x3f, 0x3, 0x0, 0x7, 0xfb, 0x7, 0x4, 0x2}, {0x6, 0xfff, 0x1, 0x7f, 0x9, 0x3f, 0xff, 0x5, 0xfe, 0x95, 0x81, 0x0, 0x5}, {0x4, 0x3, 0x0, 0x0, 0x5, 0x0, 0x9, 0x7f, 0xf5, 0x1, 0x69, 0x1f, 0x1410}], 0x401})
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r5 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r5, 0xc0287c02, &(0x7f0000000040))

02:21:57 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0xb900, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:21:57 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_STATS_ENABLED={0x5}]}}}]}, 0x3c}}, 0x0)
r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$setperm(0x5, r3, 0x0)
add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, r3)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000200)={0x4, &(0x7f00000001c0)=[{0x2, 0x1, 0x80, 0x401}, {0x5a9, 0xfe, 0x6, 0xf0}, {0x401, 0x8, 0x74}, {0x9, 0xd0, 0x20, 0xc2}]})

[  899.844268][T27841] binder: 27833:27841 ioctl c0306201 20000240 returned -14
02:21:58 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x17, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:21:58 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x4800, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:58 executing program 5:
perf_event_open(&(0x7f000001d000)={0x3, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
mprotect(&(0x7f0000005000/0x3000)=nil, 0x3000, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000040))
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in6, @in6=@initdev}}, {{@in=@private}, 0x0, @in=@local}}, &(0x7f0000000080)=0xe8)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100e0ef69aa779932392f74bd52c40001a69fa57cc1b1f73b78b721ba22a3c775221eb4cd1571c72167bd23befe43f69575ae00000000000000000000000000000000000017000000000000", @ANYRES16, @ANYBLOB="90002cbd7000fbdbdf250400000005000100010000001400020000000000000000000000000040000001080005000000000008000601800000000000000005000100000000467c555700000000000000000000000000000000f3ff00"/102], 0x3}, 0x1, 0x0, 0x0, 0x4004080}, 0x20000054)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(0xffffffffffffffff, &(0x7f0000002200)={&(0x7f00000020c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000021c0)={&(0x7f0000002100)=ANY=[@ANYBLOB="9d0000e9", @ANYRES16, @ANYBLOB="00012cbd7000fcdbdf250800000014000300fc01000000000000000000000000000114000200fc0200000000000000000000000000012c00070073797374656d5f753a6f626a6563745f723a7373685f6b65797369676e5f657865635f743a733000140006006272696467653000000000000000000005000100010000001400030000000000000000000000ffff640101000500010000000000"], 0xa0}, 0x1, 0x0, 0x0, 0x81}, 0x8000800)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB="70049ea2", @ANYRES16=0x0, @ANYBLOB="000127bd7000fbdbdf2508000000140006007465616d3000000000000000000000002600070073797374656d5f753a6f626a6563745f723a6b736d5f6465766963655f743a733000000014000200fe8800000000000000000000000000011400060076657468305f746f5f68737200000000"], 0x78}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='cdg\x00', 0x4)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27)
shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000006000/0x2000)=nil)
io_setup(0xc470, &(0x7f0000000240)=<r3=>0x0)
io_destroy(r3)

02:21:58 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x18, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  900.045777][T27866] binder: 27864:27866 ioctl c0306201 20000240 returned -14
02:21:58 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x4c00, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:21:58 executing program 1:
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100)='NLBL_MGMT\x00')
sendmsg$NLBL_MGMT_C_VERSION(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x38, r0, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @local}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @broadcast}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$NLBL_MGMT_C_PROTOCOLS(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000440)={0x60, r0, 0x4, 0x70bd2b, 0x25dfdbfe, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x11}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x2}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x1f}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x16}}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_DOMAIN={0x10, 0x1, '/dev/media#\x00'}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @remote}]}, 0x60}, 0x1, 0x0, 0x0, 0x20040014}, 0x800)
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r1, 0xc0287c02, &(0x7f0000000040))
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000)='nl80211\x00')
sendmsg$NL80211_CMD_REQ_SET_REG(r1, &(0x7f0000000140)={0xfffffffffffffffd, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, r2, 0x8, 0x70bd2a, 0x25dfdbfb, {}, [@NL80211_ATTR_WIPHY={0x8}, @NL80211_ATTR_REG_RULES={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x24000000}, 0x8a7bfa64e74687f7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket$packet(0x11, 0x3, 0x300)
r6 = socket(0x10, 0x80002, 0x0)
connect$netlink(0xffffffffffffffff, &(0x7f00000014c0)=@unspec, 0xc)
getpeername$packet(r6, &(0x7f00000000c0)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f0000000000)={r7, 0x1, 0x6}, 0x10)
connect(r4, &(0x7f0000000200)=@can={0x1d, r7}, 0x80)
ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4008ae52, &(0x7f0000000180)=0xde)

[  900.199149][T27874] binder: 27872:27874 ioctl c0306201 20000240 returned -14
02:22:00 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x790000, 0x0)

02:22:00 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x19, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:22:00 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x5000, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:22:00 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb07, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
close(r0)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, 0x0, 0x0)
ftruncate(0xffffffffffffffff, 0x200004)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x80001d00c0d0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f00000000c0)=[{&(0x7f0000000100)='w', 0x1}], 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x4e22, 0xffffffff, @mcast2, 0x1}}, 0x0, 0x0, 0x44, 0x0, "2de15327e0f567fb972a455af10ee0aaac58d52cb6b59564fefc0022c219c1c90ef3597634e001a37550126b1301d535fbabdca4a1cb8152401b2466dc6d1452ac0848a287df612b3fd856d67999e502"}, 0xd8)

02:22:00 executing program 1:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0x0, 0x3}, 0x422a4, 0x40000000000, 0x0, 0x5}, 0x0, 0x0, r1, 0x0)
r2 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r2, 0xc0287c02, &(0x7f0000000040))

02:22:00 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0xff00, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:22:01 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x1a, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:22:01 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x5e20, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  902.962307][T27901] binder: 27892:27901 ioctl c0306201 20000240 returned -14
02:22:01 executing program 1:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
write$FUSE_DIRENT(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="f0000000240000000100000000000000050000000000000030000000000000000c000000030000002f6465762f6d6564696123000000000004000000000000001f0000000000000005000000ff7f00005d2bc8242d00000002000000000000000100000001000000070000000010000047afaa6574683000020000000000000005000000000000000c000000020000002f6465762f6d656469612300000000000300000000000000000000000000000032000000330c000021706f7369785f61636c5f616363657373292670707030657468317d76626f786e6574312976626f786e6574302821656d31000000000000"], 0xf0)
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r2, 0xc0287c02, &(0x7f0000000040))

02:22:01 executing program 5:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
dup3(0xffffffffffffffff, r0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r1 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x10}, 0xc)
ftruncate(r0, 0x600004)
sendfile(r0, r1, 0x0, 0x80001d00c0d0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)

02:22:01 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x1b, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  903.074978][T27914] binder: 27911:27914 ioctl c0306201 20000240 returned -14
02:22:01 executing program 1:
r0 = perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f0000000000))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
dup(r1)
ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f0000000100)={0x990000, 0x4, 0xfffffffb, r1, 0x0, &(0x7f00000000c0)={0x50cf4b7f41ffd57d, 0x7f, [], @ptr=0xfffffffffffffffd}})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$RTC_EPOCH_READ(r5, 0xc0287c02, &(0x7f0000000140))

02:22:04 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0xb05300, 0x0)

02:22:04 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x6000, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:22:04 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$KVM_ASSIGN_SET_INTX_MASK(r2, 0x4040aea4, &(0x7f0000000000)={0x7, 0x4, 0x8, 0x7, 0x4})
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

02:22:04 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="c7da5f1a", 0x4)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$TIPC_CMD_SET_LINK_PRI(r2, 0x0, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000)
r3 = socket(0x10, 0x2, 0x0)
r4 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
sendmsg$AUDIT_TRIM(r4, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x3f6, 0x400, 0x70bd2b, 0x25dfdbfc, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x400c050}, 0x8084)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
ioctl$SIOCX25SDTEFACILITIES(r3, 0x89eb, &(0x7f0000000000)={0x8001, 0x0, 0x200, 0x5, 0x6, 0x1a, 0xb, "712e66cb6fc06a0af02d7f68c62c8cff3be0a7cf", "9bd2da8cc20a745f46823cc846a483c63926e903"})
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00')
sendfile(r1, r5, 0x0, 0x10000000000443)
sendmsg$xdp(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
syz_genetlink_get_family_id$tipc(0x0)

02:22:04 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:22:04 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x200000, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  905.995058][T27939] binder: 27938:27939 ioctl c0306201 20000240 returned -14
02:22:04 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x1d, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:22:04 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f00000000c0)={0xfffffffe, 0xa, 0x4, 0x0, 0xffff7fff, {0x77359400}, {0x1, 0x1, 0x5, 0x68, 0x3f, 0xfd, "5c38840d"}, 0x0, 0x2, @offset=0xfffeffff, 0x5, 0x0, <r5=>r4})
timerfd_gettime(r5, &(0x7f0000000000))
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

02:22:04 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x60ff, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:22:04 executing program 5:
mkdir(&(0x7f0000000340)='./file0\x00', 0x0)
r0 = open(&(0x7f000054eff8)='./file0\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$KDFONTOP_COPY(r2, 0x4b72, &(0x7f0000000040)={0x3, 0x0, 0x3, 0xd, 0x2e, &(0x7f0000000380)})
getdents64(r0, &(0x7f00000028c0)=""/1722, 0x6ba)
fcntl$lock(r0, 0x5, &(0x7f0000000000)={0x0, 0x1, 0x3})

[  906.221029][T27963] binder: 27960:27963 ioctl c0306201 20000240 returned -14
02:22:04 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x403, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:22:04 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x6800, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  906.428153][T27978] binder: 27977:27978 ioctl c0306201 20000240 returned -14
02:22:07 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0xd, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:22:07 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0xb07300, 0x0)

02:22:07 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)

02:22:07 executing program 5:
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffff9c, 0x84, 0x6d, &(0x7f00000000c0)=ANY=[@ANYBLOB="3f00fd00e0bbb557f3b0b93742c379983fe48e8739ad5d62f27115be3b6c4a12a38da49a987fbd3c236bfa1c251b4a45bfe30f444dc5e314658f7c945fa4adbb2c92493f971dd75e67d7e72624fe1584a53a"], 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
setsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f00000001c0)=0x40, 0x4)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
setsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0xd, &(0x7f0000000180)=0x3, 0x2)
r2 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r3}, 0x10)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000340)={0x0, 0x80000000, 0x4, 0x7, 0x7fff, 0x100, 0xff7f, 0x80000000, {r3, @in={{0x2, 0x4e22, @multicast2}}, 0x100, 0x4, 0x1ff, 0x4, 0x10000}}, &(0x7f0000000400)=0xb0)
r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x200, 0x0)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r4, 0x8982, &(0x7f0000000140))
setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, &(0x7f0000000300)=0x50, 0x4)
perf_event_open(&(0x7f000000a000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x7}, 0x0, 0x5, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000001fc8)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000000a000)=@canfd={{0x4}, 0x0, 0x0, 0x0, 0x0, "0327e1b22b020000009c699f5ff986ca08990039576a7d5cb2bdac3fa80acf584ecb5fee496e6866856b76630518fa1efd9b0b00"}, 0x48}}, 0x0)
mount(&(0x7f0000000440)=ANY=[@ANYBLOB="35ed9cae544b7bc706ee1affd04694d7f94fad4de810db2c096f2695533848173c24cc822fc1ee64e4ed3da245793cf264bd971d4189488e4a4e64ecd0f953af43534d064142cb096f232d2cb20e4354a16c0770fc8aaa2a5a51f56f61372a9d72413884423e65e586d2ba8696ebcc964bb6eafee02dd7864f512b0f5c3c6992d5261feecf07830097b2a745dc5d0b22f88f14f2c8448f83a4f6980e09d4744ab49997fddec6e0405e4fa01bf006270a4bb02f166c7426b6451332ecd217eb629a24e447962edf54783ab9a9955de79f87361bc5b734818715e9b976b0269780febedf9ba3b2eedab67e8cdfa23cc48682ac754eba51"], &(0x7f0000343ff8)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000))
getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(0xffffffffffffffff, 0x84, 0x74, &(0x7f0000000200)=""/174, &(0x7f00000002c0)=0xae)

02:22:07 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x6c00, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:22:07 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x400000, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:22:07 executing program 5:
r0 = socket$inet(0x10, 0x6, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f0000000000)={'nat\x00'}, &(0x7f0000000140)=0x78)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = dup3(r1, r4, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="24000000190003041dfffd946f6105000200030a1f0000080c10080008001e0012000000140000001a00ffffba16a0aa1c09000000000000", 0x38}], 0x1}, 0x0)

[  909.050561][T27995] NFS: mount program didn't pass remote address
[  909.066627][T27998] binder: 27992:27998 ioctl c0306201 20000240 returned -14
[  909.067780][T27999] NFS: mount program didn't pass remote address
02:22:07 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x7400, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:22:07 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nvram\x00', 0x11f202, 0x0)
ioctl$TIOCGETD(r0, 0x5424, &(0x7f00000000c0))
r1 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r1, 0xc0287c02, &(0x7f0000000040))

02:22:07 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x403, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:22:07 executing program 5:
openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x81, 0x8000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffa, 0x8000000009}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
dup(r0)
write$binfmt_aout(r0, &(0x7f00000002c0)={{0xcc, 0x3f, 0x5, 0x61, 0x1a9, 0x3, 0x7e, 0x101}, "713f99efdb073587261731cf28", [[], [], [], [], []]}, 0x52d)
getpid()
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x2c4002, 0x0)
setsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000180)=@assoc_value={0x0, 0x212}, 0x8)
r2 = syz_open_dev$vbi(&(0x7f0000000280)='/dev/vbi#\x00', 0x3, 0x2)
r3 = memfd_create(&(0x7f0000000100)='\\vmnet0?\'`@{,vmnet1em0user\x00', 0x0)
prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, &(0x7f0000000000))
ftruncate(r3, 0x1000000)
sendfile(r2, r3, &(0x7f00000000c0)=0xf18001, 0xeefffdef)
socket$inet6(0xa, 0x0, 0x2)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000001300)=@raw={'raw\x00', 0x2, 0x3, 0x240, 0x0, 0xd0, 0xd0, 0x1d0, 0xd0, 0x1d0, 0x1d0, 0x1d0, 0x1d0, 0x1d0, 0x3, 0x0, {[{{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_team\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev}}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2a0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)

02:22:07 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0)
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000200)='/dev/qat_adf_ctl\x00', 0x100, 0x0)
setsockopt$netrom_NETROM_T2(r2, 0x103, 0x2, &(0x7f0000000240)=0xcd, 0x4)
sendmsg$can_raw(r1, &(0x7f0000000180)={&(0x7f00000000c0), 0x10, &(0x7f0000000140)={&(0x7f0000000100)=@can={{0x3, 0x0, 0x1, 0x1}, 0x7, 0x0, 0x0, 0x0, "251959c8f21a9b27"}, 0x10}, 0x1, 0x0, 0x0, 0x10}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0xe906, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0)
r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
r7 = fcntl$dupfd(r6, 0x0, r5)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
fchdir(r4)
r8 = creat(&(0x7f00000000c0)='./file1\x00', 0x0)
syz_kvm_setup_cpu$x86(r8, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r9 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))

[  909.255460][T28016] binder: 28013:28016 ioctl c0306201 20000240 returned -14
02:22:07 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x7900, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  909.416647][T28032] binder: 28027:28032 ioctl c0306201 20000240 returned -14
02:22:10 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0xb90000, 0x0)

02:22:10 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x7a00, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:22:10 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0xe80, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:22:10 executing program 1:
r0 = perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000140)=<r1=>0x0)
perf_event_open(&(0x7f00000000c0)={0x3, 0x70, 0x8, 0x0, 0xfa, 0x1, 0x0, 0x0, 0x800, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x83, 0x0, @perf_bp={&(0x7f0000000000), 0x8}, 0x408, 0x1, 0xfffffffa, 0x5, 0x8, 0x7, 0x80}, r1, 0x1, r0, 0x1)
r2 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r2, 0xc0287c02, &(0x7f0000000040))

02:22:10 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x407400, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:22:10 executing program 5:
syz_mount_image$tmpfs(&(0x7f0000000000)='tmpfs\x00', &(0x7f0000000400)='./bus\x00', 0x800, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[])
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x400180, 0x0)
setsockopt$llc_int(r0, 0x10c, 0x4, &(0x7f00000000c0)=0x1, 0x4)
chdir(&(0x7f0000000380)='./bus\x00')
r1 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000540)=ANY=[], 0x133)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r1, &(0x7f00000001c0), 0xa198)

[  912.160785][T28055] tmpfs: Unknown parameter 'tmpfs'
[  912.186238][T28060] binder: 28052:28060 ioctl c0306201 20000240 returned -14
02:22:10 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0xfffffe10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
setsockopt$inet_mreq(r2, 0x0, 0x20, &(0x7f0000000000)={@multicast2, @broadcast}, 0x8)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

02:22:10 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0xb900, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:22:10 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x2000039b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:22:10 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x400000, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  912.374647][T28070] binder: 28069:28070 ioctl c0306201 20000240 returned -14
02:22:10 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$DRM_IOCTL_FREE_BUFS(r3, 0x4010641a, &(0x7f00000000c0)={0x5, &(0x7f0000000000)=[0x6, 0x7, 0x6, 0xf8, 0x52000]})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$TIOCGSID(r5, 0x5429, &(0x7f0000000100)=<r6=>0x0)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r8=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r8, 0xee00)
stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0})
setsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000180)={r6, r8, r9}, 0xc)

[  912.460307][T28078] binder: 28077:28078 ioctl c0306201 20000240 returned -14
02:22:10 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x407400, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  912.613817][T28083] binder: 28080:28083 ioctl c0306201 20000240 returned -14
[  912.622898][T28055] tmpfs: Unknown parameter 'tmpfs'
02:22:13 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x1000000, 0x0)

02:22:13 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874565580000fffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:22:13 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x53b000, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:22:13 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
getsockopt$inet_int(r2, 0x0, 0xb, &(0x7f0000000000), &(0x7f00000000c0)=0x4)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

02:22:13 executing program 5:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = dup(r1)
r3 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r4=>0x0}, &(0x7f0000cab000)=0xc)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r4}}], [], 0x6b}})
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)

02:22:13 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x53b000, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:22:13 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
setsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000000)=0x5, 0x4)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

[  915.311588][T28113] binder: 28103:28113 ioctl c0306201 20000240 returned -14
02:22:13 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874505a8fffffffe00000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:22:13 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x73b000, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:22:13 executing program 1:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff})
ioctl$KVM_SET_IDENTITY_MAP_ADDR(r0, 0x4008ae48, &(0x7f0000000180)=0x3000)
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = gettid()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0x6c, 0x6, 0x6, 0x0, 0x0, 0x28de, 0x20901, 0x7, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x4, 0x1, @perf_bp={&(0x7f0000000000), 0x3}, 0x46b08, 0x4, 0x74, 0x5, 0x6, 0x20, 0x32ae}, r1, 0xe, 0xffffffffffffffff, 0x9)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$DRM_IOCTL_SET_UNIQUE(r3, 0x40106410, &(0x7f0000000240)={0xa, &(0x7f0000000200)="58c92706a8fa5e98a545"})
r4 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r4, 0xc0287c02, &(0x7f0000000040))

02:22:13 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, 0x3, 0x8, 0x801, 0x0, 0x0, {0x3, 0x0, 0x7}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0xf7}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x17}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
syz_mount_image$nfs4(&(0x7f0000000940)='nfs4\x00', &(0x7f0000000980)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a00)='udp\x00')
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
fsetxattr$trusted_overlay_upper(r3, &(0x7f00000001c0)='trusted.overlay.upper\x00', &(0x7f0000000200)={0x0, 0xfb, 0x85, 0x0, 0x85, "97d986ef2e08194d4612ee8b0ea5d57e", "89f4c9c7b47f3e4167262c38bc803b46af3a2a3975c089646d710c48798924eba530500e783a27fe9860ef829862615d034aeabcad12b8b97335270edd28a0d4436172eac3a26407d6215bb64a92843f2e8915d1f3c63cb599f17d907244fe9c68b488434bfb3755d82703e7732c8ed0"}, 0x85, 0x3)
setxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.capability\x00', &(0x7f0000000080)=@v2={0x2000000, [{0x4, 0x5}, {0x4}]}, 0x14, 0x2)

[  915.524059][T28131] binder: 28129:28131 ioctl c0306201 20000240 returned -14
02:22:13 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe02000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  915.600816][T28135] NFS: mount program didn't pass remote address
[  915.744441][T28141] NFS: mount program didn't pass remote address
02:22:16 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x20000000, 0x0)

02:22:16 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x744000, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:22:16 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x18040, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f00000000c0)={0x8, 0x5, 0x0, 0x1ff, 'syz0\x00', 0x3d})
r1 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r1, 0xc0287c02, &(0x7f0000000040))

02:22:16 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe04000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:22:16 executing program 5:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
getsockopt$sock_int(r3, 0x1, 0x21, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r4 = creat(&(0x7f0000000700)='./bus\x00', 0x0)
ftruncate(r4, 0x1000)
lseek(r4, 0xebb9, 0x0)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
r6 = dup(r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c0000001000010800000000eaff000000000000bbe7f872c9d7c35f102d9050349e05bece96752b8a2efc609a33bc8014f46a412fb02f8b0a0b1ee0c7428706c8bb30566a56c0523712605549e4edebc7ba77f7f12057004ec808cecf996bf39b74bb77cc5b73809ced49f591ded8", @ANYRES32=0x0, @ANYBLOB="000000000000000008000400", @ANYRES32=r9, @ANYBLOB="1400030076657468315f6d616376746170000000"], 0x3c}}, 0x0)
r10 = open(&(0x7f0000000240)='./bus\x00', 0x105010, 0x0)
sendfile(r4, r10, 0x0, 0x8000fffffffe)

02:22:16 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x73b000, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  918.321381][T28165] binder: 28163:28165 ioctl c0306201 20000240 returned -14
02:22:16 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x790000, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  918.375714][T28169] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'.
02:22:16 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
ioctl$sock_SIOCSIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f00000000c0))
r1 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r1, 0xc0287c02, &(0x7f0000000040))
ioctl$HIDIOCGPHYS(0xffffffffffffffff, 0x80404812, &(0x7f0000000100))

02:22:16 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe0a000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  918.430624][   T27] audit: type=1804 audit(1591064536.528:608): pid=28175 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir160301940/syzkaller.iJNs2Z/831/bus" dev="sda1" ino=16354 res=1
[  918.489570][   T27] audit: type=1800 audit(1591064536.528:609): pid=28175 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=16354 res=0
[  918.523725][T28178] binder: 28177:28178 ioctl c0306201 20000240 returned -14
02:22:16 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x406, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$sock_inet_udp_SIOCOUTQ(r3, 0x5411, &(0x7f0000000080))
ioctl$SNDRV_TIMER_IOCTL_STATUS64(r1, 0x80605414, &(0x7f0000000100))
syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000380)=[{&(0x7f0000000040)="eb3d90", 0x3}, {0x0, 0x0, 0xfff}], 0x8a23, &(0x7f00000000c0)={[{@fat=@dos1xfloppy='dos1xfloppy'}]})

[  918.555584][   T27] audit: type=1804 audit(1591064536.618:610): pid=28175 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir160301940/syzkaller.iJNs2Z/831/bus" dev="sda1" ino=16354 res=1
02:22:16 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0xb05300, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:22:16 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0)='batadv\x00')
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000180)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0x3}]}, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0xfffffffffffffffe, 0x0, &(0x7f0000001f00)=[{&(0x7f0000000bc0)=""/4085, 0xff5}], 0x1}}], 0x1, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x80003, 0x8)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
r5 = dup2(r4, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
setsockopt$inet6_int(r3, 0x29, 0x18, &(0x7f0000000080)=0x914, 0x4)
sendmmsg(r3, &(0x7f0000001300)=[{{0x0, 0x0, &(0x7f0000001180), 0x133, &(0x7f00000011c0), 0x7}}], 0x4000000000000ce, 0x0)
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r1, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x1000}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x8000)

[  918.646438][   T27] audit: type=1800 audit(1591064536.618:611): pid=28175 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=16354 res=0
[  918.698502][T28195] binder: 28192:28195 ioctl c0306201 20000240 returned -14
02:22:19 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x21000000, 0x0)

02:22:19 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe0d000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:22:19 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0xb07300, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:22:19 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
vmsplice(r0, &(0x7f0000000500)=[{&(0x7f0000000000)="1f52125d", 0x4}, {&(0x7f00000000c0)="2491c131197ea85d9221add29c72faef5f3bde5b49b15db4381aca3f26889ecea5bbc2b6a0f20446c398695db537871eb2c1480d6b6467e7583d5d87a6786bf4d4b3f903ba817d659d75b61429433f7fb18a3e62d18f261858f2b54ff0d8e54516430be825b58d85e3347fd6a6cb649f4b4db8a78e3bda20ee522d13fcb5f5dc02110741baefe93e63f86d9952b0fab3d24ce4199114b2cb13cc9def103a4fc68fc8d68bab31b667", 0xa8}, {&(0x7f0000000200)="1f9234e60a02c3c0ce144d1051362cb89bafa88fb4cc1cf9a9ae72374f85d9df06a29624ca2d44a54c605513ef7b7d4b09167d66ae1097ee7c6bd07f2ebc590b091569dd254bc6213705836f2f56eca6dfa1095a9243ff18db97f83287ed00abd01a9956fa3e2f5551f8cd4318bccc090d0397a4ac501537168da8673045d63822a56290f557a66fbb8ae6bf07398f52e0cf24d438e5c947b21c865793f912d5938d11b077e197ed5fa30eefbe0084f9fb8cc42ee0fc24131c76d7da90477d46a5004e7bb6842ee2d072da5b5607b6985ce0fc25483a07f93e4491ed5f71ea2964bb060dbf0409", 0xe7}, {&(0x7f0000000300)="53942ec33aabd75602c44db2709ade10bdd62f35aba8cf4578db344c72a5e2c3ae2d112bcfceb1fcabc29c784938bd2900d1024480f49edeb010d48eda9832682f985d1bf305a854a1e254e16efd1b71518c00e228c53020e05e2957feeebb4d7e5c655e3067c3da88f6678f065fc6be72904a137c12d4f4d880cbd410b3ead07d335375b2bc61d37cc771a55aa270e65ec780513a6d7c2c5aa587b1c4240e", 0x9f}, {&(0x7f0000000180)="0b42f1d4bb90b7c88ad74bc92c25f1560e0c7642655116bff3232071fd60aacf5cb24c25", 0x24}, {&(0x7f00000003c0)="b9d508a3c807de4c6c81dfad57956d87b48d1cda7f5cced48b12aa12bc6d2d9e1d217246e582c277211fef70144d93681ad809831464a3ac78459cce72d0dc27fbe172fd0c73841db931a3794fd51a958275d7f0d36b6e36d62e22ebfa99a82bbef178575aca9750341146aba6747d614b0de930f0c6f90420c0547294f153d38d13e5951b5321516efc56898d58584e54b4a1c6878e2f231d9fcc7f18d66b6fa6eef12e8a9aec04e5b2c34650faf8c193f82b50d47313cfc3c677cb18c27d838c4ce8ceba615c07ccb92c54b85ff7f847f4b54aa602c6fa4d42fd9d4383f992", 0xe0}, {&(0x7f00000004c0)="a0418fdfda8ce1654dfaea256ddd1451f882ceb09521acfab256e36faba803", 0x1f}], 0x7, 0x5)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x4c}}, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

02:22:19 executing program 5:
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x10)
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={&(0x7f0000000080), 0xc, &(0x7f0000000200)={&(0x7f00000000c0)=@newqdisc={0x124, 0x24, 0x300, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x6, 0x6}, {0x9, 0xfff3}, {0x1, 0xffe0}}, [@qdisc_kind_options=@q_pie={{0x8, 0x1, 'pie\x00'}, {0x34, 0x2, [@TCA_PIE_TUPDATE={0x8, 0x3, 0x460cf0af}, @TCA_PIE_ECN={0x8, 0x6, 0x1}, @TCA_PIE_TUPDATE={0x8, 0x3, 0x1000}, @TCA_PIE_TUPDATE={0x8, 0x3, 0x1fc}, @TCA_PIE_ALPHA={0x8}, @TCA_PIE_TARGET={0x8, 0x1, 0x3}]}}, @TCA_STAB={0xc4, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x46, 0xff, 0x5f, 0xff, 0x1, 0x3f, 0x10000, 0x2}}, {0x8, 0x2, [0x1000, 0x3]}}, {{0x1c, 0x1, {0xfa, 0x2, 0x9, 0x3, 0x0, 0x4, 0x3, 0x6}}, {0x10, 0x2, [0x7, 0x6, 0x4, 0x6, 0x1, 0x7]}}, {{0x1c, 0x1, {0x14, 0x96, 0x0, 0x7fffffff, 0x2, 0xfffffff8, 0x2, 0x2}}, {0x8, 0x2, [0x9cc4, 0x0]}}, {{0x1c, 0x1, {0x2, 0x5, 0x2, 0xa5a3, 0x1, 0x100, 0x4}}, {0x4}}, {{0x1c, 0x1, {0x0, 0x1f, 0xfff8, 0x1, 0x1, 0x0, 0x8, 0x6}}, {0x10, 0x2, [0x4f, 0x3, 0xf96, 0xba3, 0x800, 0x7]}}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x8004}, 0x1)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000280)='trusted.overlay.redirect\x00', &(0x7f00000002c0)='./file0\x00', 0x8, 0x3)
ioctl$HIDIOCGNAME(r1, 0x80404806, &(0x7f0000000300))
pselect6(0x40, &(0x7f0000000340)={0xd2, 0xffffffffffffffff, 0x0, 0x1, 0xff, 0x5, 0x800, 0xffffffff}, &(0x7f0000000380)={0x9, 0x800, 0x1, 0x4, 0x7, 0x7, 0x0, 0x8}, &(0x7f00000003c0)={0x4, 0x9, 0xfffffffffffff528, 0x0, 0x9, 0xfff, 0x5, 0x89c9}, &(0x7f0000000400)={0x0, 0x989680}, &(0x7f0000000480)={&(0x7f0000000440), 0x8})
r2 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$USBDEVFS_DISCARDURB(0xffffffffffffffff, 0x550b, &(0x7f00000004c0))
setsockopt$sock_void(r2, 0x1, 0x24, 0x0, 0x0)
r3 = syz_open_dev$audion(&(0x7f0000000500)='/dev/audio#\x00', 0x20, 0x48040)
inotify_add_watch(r3, &(0x7f0000000540)='./file0\x00', 0x2000000)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000580)='/dev/hwrng\x00', 0x0, 0x0)
ioctl$HIDIOCSUSAGES(r4, 0x501c4814, &(0x7f00000005c0)={{0x1, 0x103, 0x1ff, 0x8, 0x81, 0x1}, 0x3dd, [0x80, 0x4, 0x0, 0x10001, 0x0, 0x4, 0x80000001, 0x9, 0x3d, 0x7, 0xff, 0x78d, 0x40, 0x2, 0x2, 0x547261f5, 0x7f, 0x4, 0x1, 0x0, 0x401, 0x5, 0x7, 0xcd9d, 0x141b, 0x3, 0x1, 0x6, 0x1400, 0x101, 0x4, 0xc66d, 0x8a7e, 0x9, 0xfffffff9, 0x9, 0x3ff, 0x1, 0x2, 0x9, 0x8000, 0xffff, 0x7f, 0x5ac, 0x1, 0x0, 0xffff, 0x5, 0x4441, 0x0, 0xc1, 0x5, 0x8da2, 0x3f, 0x7, 0x1, 0x2, 0x5, 0x3, 0x84, 0xfffffffa, 0x81, 0x7fffffff, 0x5, 0x5, 0x9, 0x8, 0xfffffffa, 0x1, 0xffff8001, 0x2, 0x9, 0x3, 0x6d28, 0x8a, 0x7, 0x1, 0x7, 0x0, 0x6, 0x3, 0x4, 0x6, 0x1, 0x6e, 0x20, 0x1ff, 0xffffffff, 0x10000, 0x800, 0x8, 0x0, 0x679d, 0x9, 0x1f, 0xfffffff9, 0x818, 0x9, 0x2, 0x8, 0x3ff, 0x0, 0xe5f, 0x20, 0x8, 0xffff8001, 0x8b2, 0x9, 0x0, 0x9, 0xffffffff, 0x3f, 0x8, 0x7fff, 0x0, 0x1, 0x8a, 0x72, 0x80000000, 0x9, 0x4, 0x9000000, 0xfffffff9, 0x8, 0x4, 0x8, 0x7, 0x800, 0x3, 0x4, 0xffff8000, 0x82, 0x8da, 0x20, 0xffffffa5, 0x40, 0x522, 0x97e, 0x9, 0x8d, 0x7, 0x1, 0x1f, 0x2, 0x2a, 0x100, 0x6, 0x185, 0x9, 0x1, 0xde, 0xffffffe1, 0x7, 0x6d3, 0x3, 0xe9, 0x1, 0x8, 0x3, 0x8, 0xfff, 0x6, 0x8, 0x20, 0x7fffffff, 0x3, 0x1, 0x6, 0x9, 0x1ef5, 0xa6bb, 0x7, 0x40, 0x0, 0x4, 0x80, 0x5, 0x6, 0x8, 0x6, 0xffff, 0x81, 0x0, 0xffffff81, 0xd54a, 0x7ff, 0x2, 0x40, 0x5, 0x9, 0x10001, 0x7ff, 0x80, 0x4, 0x8, 0x9, 0x3, 0xffffffff, 0x98f, 0x4, 0xe82e, 0x17e2, 0x0, 0x0, 0x8, 0x7f, 0x5, 0x4a19, 0x8001, 0xffffffff, 0x1f, 0xfffff7f0, 0x3, 0x4, 0x10001, 0x7f, 0x20b, 0x16a5, 0x7, 0xa, 0xfffffffe, 0xfffffff5, 0x7, 0x7, 0x8, 0x800, 0x2, 0x5c, 0x3, 0x1c790, 0x20, 0x8c40, 0x7, 0xfa, 0x5, 0x5, 0x50, 0xc70, 0x1, 0x1, 0x6, 0x7ff, 0x0, 0x8001, 0xffff4bda, 0x8, 0x1, 0x53f3, 0x1f8, 0x1, 0x1f, 0x1, 0x3, 0x2, 0x6, 0x9, 0x1, 0x7, 0x1, 0x4, 0x4, 0xb0b4, 0x100, 0x40, 0x9, 0x9, 0xbc6, 0x8, 0x77ea, 0x9, 0x58b, 0x3, 0x40, 0x3, 0x1, 0xfffff000, 0xf, 0x0, 0x4, 0xfff, 0x2, 0x80000001, 0x200, 0x81, 0x20, 0xfffffff8, 0x1ff, 0xfffffc00, 0xfffffe66, 0x0, 0x73a9, 0x6, 0x2, 0x5, 0x8, 0x5, 0x80000000, 0x20, 0x1, 0x0, 0x9, 0x7b7d, 0x200, 0x5, 0x5, 0x4, 0x4128, 0x7, 0x1, 0x92f, 0x800, 0x3f, 0x9, 0x8, 0x101, 0x80000001, 0x7fff, 0x7ff, 0x1, 0xffffff7b, 0x200, 0x78537e8a, 0x3d, 0x4, 0x3, 0x0, 0x0, 0x9, 0x400, 0x5, 0x3, 0x7, 0x7cca, 0x78f, 0x1ff, 0x5, 0xc1f2, 0x4, 0x9, 0x5f0, 0x1, 0x0, 0x6, 0xff, 0x0, 0xfffffcbd, 0x8, 0x1, 0x6, 0x1000, 0x7f, 0xe7b6, 0x6, 0x400, 0x14, 0xfffffffe, 0x2, 0x1, 0x0, 0x1, 0x4, 0x82f, 0x9, 0xffffffc1, 0x0, 0xffffffff, 0x6, 0x1, 0x800, 0x6, 0x2, 0xa22c, 0x3, 0x0, 0xffff, 0x7, 0x5, 0x100, 0x0, 0xf44, 0x5, 0x6, 0x200, 0x6, 0x7, 0x9, 0x401, 0x100, 0x8, 0x1f, 0x9ef4, 0x8, 0x307, 0x1, 0xff, 0x5, 0xfffffc01, 0xd4000000, 0x0, 0xfffffff9, 0x5, 0x40, 0x9, 0x8000, 0x7, 0xffffffc0, 0x8001, 0x5, 0xe, 0x3f, 0x4304, 0x80000001, 0xfffffff8, 0x0, 0x4, 0x9, 0x0, 0x1691, 0x100, 0x58, 0x1f, 0x5, 0x3, 0x663, 0xd0, 0x6, 0x20, 0x7ff, 0x2, 0x2, 0xfffeffff, 0xfffffffd, 0xffff, 0xd7c9, 0x6, 0xd4000000, 0x1, 0x9, 0x3, 0x61, 0x401, 0x1, 0xffff, 0x1, 0x8, 0x6, 0x81, 0x6, 0xfffff63f, 0x8, 0xffffa7b3, 0x80, 0x3, 0x1, 0xfff, 0x8, 0x55, 0x8, 0x6a6f, 0x0, 0x8, 0xffffffff, 0x400, 0x5, 0x1, 0x6, 0x5, 0x0, 0x8, 0x2, 0x1, 0x4, 0x5, 0xfff, 0x737ede7b, 0x9e6, 0x6, 0x8, 0x100, 0x7a230d0b, 0x7, 0x1, 0x1000, 0x42, 0x0, 0x5, 0x80, 0x6, 0xfffffffa, 0x40, 0x6268a12b, 0x0, 0x200, 0x0, 0x10001, 0xd8, 0xffff, 0x200, 0x1, 0x8, 0x0, 0x9, 0x6, 0x6, 0x184, 0x5, 0x7, 0x6a, 0x8, 0x32, 0x2, 0x1, 0x1, 0x9, 0x1, 0xe98, 0x4, 0x2, 0x9, 0x7, 0xff, 0x4, 0x81, 0x8, 0x9, 0x20, 0x583d0579, 0x2, 0xff, 0xe066, 0x9, 0x2, 0x1, 0x9, 0xc4cd, 0x4, 0x40, 0x6, 0xb0, 0x10000, 0x52f, 0xffff, 0x0, 0xa2, 0x2, 0x0, 0x7ff, 0x20, 0x7f, 0x8, 0xffffcd39, 0x0, 0x0, 0x9, 0x0, 0x5, 0x3ff, 0x80000000, 0x5, 0x10001, 0x9c, 0x5, 0x3, 0x3, 0x4, 0x0, 0x9, 0x2, 0x1, 0x1, 0x28a7, 0x8001, 0x401, 0x5, 0x707, 0x8, 0x0, 0x1, 0x0, 0x10000, 0xffff0, 0x10001, 0x7fff, 0x30, 0x3f, 0x0, 0x4, 0xff, 0x6, 0x5, 0x0, 0xfffffe01, 0x200, 0xfffff14d, 0xa01, 0x8, 0x5, 0x1, 0x81, 0xffff, 0x7fffffff, 0xed, 0x95, 0xd81, 0x4, 0x1, 0x0, 0xa33c, 0x9, 0x9, 0x200, 0x1f, 0x7, 0x401, 0x9b, 0x0, 0x6, 0x509, 0x0, 0x7fff, 0x1, 0x7, 0x4, 0x9, 0x0, 0x7, 0x1, 0xb4, 0x2, 0x2, 0x4, 0xfffffff8, 0x40, 0x3, 0x7, 0x28, 0xfffffffa, 0x80000000, 0x8, 0x80000000, 0x2, 0x20, 0x7fff, 0xb3, 0x9, 0x1, 0x0, 0x80000000, 0x6, 0x1f, 0x3, 0x4, 0x8, 0xaa8, 0x5, 0xf3f, 0x1, 0xf4, 0x2, 0x1ff, 0x6, 0x3, 0x6, 0xffff5ae2, 0xc976, 0x8001, 0x0, 0x2, 0x7, 0x5, 0x2, 0xfff, 0x7ee9, 0x7, 0xffffffff, 0xf5, 0x1e, 0x5, 0x9, 0x0, 0x20, 0xfff, 0xaedc, 0x8, 0x7f, 0x7, 0x2, 0x1, 0x5, 0x7ff, 0x3, 0x3b7a, 0x80000000, 0x1f, 0x3, 0x401, 0x7, 0x7fff, 0x400, 0xffff, 0x6, 0x80, 0x101, 0x1000, 0x4, 0x2, 0xf9a, 0x0, 0x9, 0x9, 0xfff, 0x401, 0x9, 0x4, 0x10000, 0x1, 0x5, 0xe1, 0x0, 0x21b99d9f, 0x2, 0x1000, 0x9, 0x0, 0x5, 0x101, 0xfffff001, 0x3f, 0x4, 0xcc75, 0x8, 0x2, 0x2, 0x138a2b23, 0x101, 0x1, 0x9, 0x6, 0x6, 0x7fff, 0xc8a, 0x2, 0xffffffff, 0x80000001, 0x9, 0x3, 0x3, 0x3ff, 0x7, 0x400, 0x0, 0x3, 0x5, 0xffff8001, 0x969, 0x6, 0x3, 0x8, 0xfffffffe, 0x6, 0x2, 0x1f, 0x80, 0xff, 0xb547, 0x2, 0x3d, 0x80, 0x7f, 0x0, 0x80000000, 0x7, 0x9, 0x200, 0x8, 0x40, 0x0, 0x74d1, 0x3013, 0x0, 0x9, 0x6, 0x247, 0x7, 0x81, 0xd842, 0x6, 0x1, 0x8, 0x80000000, 0xe96c, 0xd89, 0xd3, 0x72a, 0x3, 0x6, 0x3, 0xfffffffc, 0x400, 0x9, 0x80, 0x2, 0x7, 0x5, 0x8, 0x4, 0x206, 0x4, 0x1ff, 0x4, 0x1ff, 0x7f, 0x80000001, 0x7ff, 0xffff, 0x7fffffff, 0x8001, 0x4f94, 0x1, 0x200, 0x0, 0x3ff, 0x7fffffff, 0x7f, 0x0, 0x80000000, 0xfff, 0x5, 0xe8, 0x3, 0x900, 0x7, 0x3f, 0x4, 0x8, 0x80000000, 0x9, 0xfffffd6f, 0x34, 0xfffffffc, 0x0, 0x7, 0xfffffe01, 0x80000001, 0x20, 0xd8, 0x3ff, 0x3, 0x401, 0x563, 0x3ff, 0x4, 0x6, 0x1, 0x7aa4, 0x4, 0x6, 0x7f, 0x5, 0x5, 0x1000, 0x4, 0x4, 0x6, 0xa6, 0x4a9, 0x40, 0x1ff, 0x6, 0x8, 0x7, 0x1, 0x2, 0x1000, 0xf7, 0xd4b5, 0x10000, 0xfffffff8, 0x3da19b87, 0x1fb5e535, 0x5, 0x8, 0xa9, 0xffffffff, 0x9, 0x14, 0xfffffffa, 0x5, 0x6, 0x7, 0x2, 0xffff, 0x55, 0x94af, 0x7fffffff, 0x15e1, 0x1f, 0x6, 0x7, 0xfff, 0x9920, 0x1, 0x3, 0x3ff, 0x600, 0x5, 0x9, 0x3f, 0x10001, 0x3ff, 0x7eb7, 0x2, 0x8, 0x4b, 0x7, 0x7ff, 0xfffffff7, 0x7, 0x80000000, 0x200, 0x8, 0x9, 0xfffe0000, 0x7, 0xffff, 0x3f, 0xfffffffc, 0x1d9df2ad, 0x8, 0x6, 0x4, 0xa6, 0x5, 0x100, 0xeaed, 0x7fff, 0x7, 0x9, 0x1ff, 0x80, 0x7, 0x2, 0x5, 0x80000000, 0x2, 0x1ff, 0x8, 0x8, 0xffff, 0x800, 0xd0, 0x4, 0x4, 0x9, 0x4, 0xffff0001, 0x50, 0x3, 0x0, 0x6, 0x5, 0x61dd, 0x8, 0x800, 0x2, 0x1, 0x8, 0x6, 0x8001, 0x6, 0x6, 0x7, 0x101, 0x1, 0x5, 0xc0, 0x8, 0x3, 0x400, 0x6, 0x40, 0x5, 0x10001, 0x0, 0x8001, 0xb460, 0x3, 0xffff, 0xff, 0x401, 0x85, 0x2, 0x7f, 0x8, 0x101, 0x3, 0xc1, 0x6, 0x4, 0x2, 0x0, 0x5, 0xff, 0x5, 0x2, 0xe62, 0xfffffff8, 0x10001, 0x4, 0x9, 0x8, 0x7fffffff, 0x20, 0xd63, 0x3, 0x4, 0x3, 0x8, 0x1, 0x3ff, 0xaf1, 0x1, 0x8]})
write$cgroup_type(r4, &(0x7f0000001600)='threaded\x00', 0x9)
getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000001640), &(0x7f0000001680)=0x4)
ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000001880)={0x9b0000, 0x2, 0xff, <r5=>0xffffffffffffffff, 0x0, &(0x7f0000001840)={0x990a2d, 0x0, [], @value=0x79}})
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f00000018c0)={<r6=>0x0, 0x3, 0x9}, &(0x7f0000001900)=0x8)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x75, &(0x7f0000001940)={r6, 0x8000}, &(0x7f0000001980)=0x8)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001a80)={&(0x7f00000019c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000001a40)={&(0x7f0000001a00)={0x20, 0x2, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x40001)

02:22:19 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x744000, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  921.490822][T28235] binder: 28229:28235 ioctl c0306201 20000240 returned -14
02:22:19 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x7}, 0x0, 0x1}, 0x0, 0x7, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
getsockopt$nfc_llcp(r4, 0x118, 0x2, &(0x7f0000000540)=""/116, 0x74)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff})
r6 = dup(r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
preadv(r6, &(0x7f00000004c0)=[{&(0x7f0000000280)=""/246, 0xf6}, {&(0x7f0000000380)=""/249, 0xf9}, {&(0x7f0000000480)=""/12, 0xc}], 0x3, 0x10000)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
pipe2(&(0x7f0000000500), 0x2800)
getrlimit(0xf, &(0x7f0000000240))
socket$isdn_base(0x22, 0x3, 0x0)
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r2, 0xc04064aa, &(0x7f0000000200)={&(0x7f0000000000)=[0x0, 0x0, 0x0], &(0x7f00000000c0)=[{}, {}, {}, {}, {}], 0x2, 0x0, [], 0x3, 0x5})
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))

02:22:19 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe0e000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:22:19 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0xb90000, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:22:19 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0)
write$P9_RWALK(r1, &(0x7f00000002c0)=ANY=[@ANYRES64, @ANYRES16, @ANYRES16], 0x8)
r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = dup2(r1, r2)
clock_gettime(0x0, 0x0)
seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000000100)=0x3)
getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000400)={0x0, 0x80000000, 0x9, 0x583f, 0x7, 0x1000, 0x0, 0x0, {0x0, @in6={{0xa, 0x4e23, 0x1f, @private0, 0x9}}, 0x4, 0x3, 0x5, 0x0, 0x1ff}}, &(0x7f0000000200)=0xb0)
r4 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$EVIOCSKEYCODE(r4, 0x40084504, &(0x7f0000000140)=[0x3, 0xff])
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20)
ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000040))
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x2000, 0x3, 0x12, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00')
getdents(r3, &(0x7f0000000200), 0x0)
sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, 0x0, 0x0)

[  921.762194][T28255] binder: 28250:28255 ioctl c0306201 20000240 returned -14
02:22:19 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x1000000, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:22:20 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe60000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  921.985823][T28265] binder: 28262:28265 ioctl c0306201 20000240 returned -14
02:22:22 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x2000000, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:22:22 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0x7e000000, 0x0)

02:22:22 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffef0000000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:22:22 executing program 5:
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000280)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/asound/seq/clients\x00', 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0)
creat(&(0x7f0000000200)='./bus\x00', 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$TUNSETFILTEREBPF(r2, 0x800454e1, &(0x7f0000000040)=r0)
creat(&(0x7f0000000200)='./bus\x00', 0x0)
pipe(&(0x7f00000004c0))
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000101308006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0)

02:22:22 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0x790000, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:22:22 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet_icmp(0x2, 0x2, 0x1)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x102)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$VIDIOC_ENUMAUDOUT(r2, 0xc0345642, &(0x7f00000000c0)={0x200, "0532acb604ae376bef5b502a78b67d61f617b13e2e47b44127890ed9463b89e2", 0x3, 0x1})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
setsockopt$pppl2tp_PPPOL2TP_SO_REORDERTO(r0, 0x111, 0x5, 0x2, 0x4)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000080)={<r5=>0x0})
ioctl$DRM_IOCTL_NEW_CTX(0xffffffffffffffff, 0x40086425, &(0x7f0000000040)={r5})
ioctl$DRM_IOCTL_NEW_CTX(r4, 0x40086425, &(0x7f0000000000)={r5, 0x1})

[  924.583559][T28280] binder: 28274:28280 ioctl c0306201 20000240 returned -14
02:22:22 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe000a0000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:22:22 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x3000000, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:22:22 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x20c06, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400000000000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$TIOCCONS(r3, 0x541d)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f0000000200)={'nat\x00'}, &(0x7f0000000180)=0x78)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x3)
getsockopt$inet_int(r1, 0x0, 0x7, &(0x7f0000000100), &(0x7f0000000140)=0x4)
getsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f0000000000), &(0x7f00000000c0)=0x8)
r4 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
socket$phonet(0x23, 0x2, 0x1)
ioctl$RTC_EPOCH_READ(r4, 0xc0287c02, &(0x7f0000000040))

[  924.713905][T28283] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  924.750060][T28283] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
02:22:22 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe000d0000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  924.801641][T28303] binder: 28299:28303 ioctl c0306201 20000240 returned -14
02:22:22 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
prctl$PR_CAPBSET_DROP(0x18, 0x15)

02:22:23 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4040}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x29, 0x1000000000002, 0x0)
sendmmsg$inet(r0, &(0x7f0000001bc0)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000040)="b7", 0x100000}], 0x1, 0x0, 0x0, 0x3}}, {{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000540)='Z', 0x100000}], 0x1}}], 0x729, 0xcbff)

02:22:23 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x4000000, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

[  925.055012][T28316] binder: 28315:28316 ioctl c0306201 20000240 returned -14
02:22:25 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0xfeffffff, 0x0)

02:22:25 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
ioctl$RTC_EPOCH_READ(r0, 0xc0287c02, &(0x7f0000000040))
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r1, &(0x7f0000000040)="9e", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x1f}, 0x1c)
r2 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r3}, 0x10)
setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000000)={r3, 0x8000}, 0x8)

02:22:25 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe000e0000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:22:25 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x5000000, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:22:25 executing program 5:
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
setitimer(0x1, 0x0, 0x0)
r0 = gettid()
ptrace$setopts(0x4206, r0, 0x0, 0x0)
perf_event_open(&(0x7f00000005c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x4c020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x4, 0xffffffffffffffff, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
openat$nvram(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram\x00', 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xfffffefc, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYRES16=r5, @ANYRESDEC=r3, @ANYBLOB="00e8c8605c068aee8a0012000900e5ff757fca71030f2358bbc9deced3d2d86500180002", @ANYRES32, @ANYBLOB="0f0002000010cc4808000a009974981cc1b9ff07000086c384057568243604", @ANYRES32, @ANYRES32=r5], 0x50}}, 0x4)
keyctl$set_timeout(0xf, 0x0, 0x0)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='trusted.overlay.redirect\x00', &(0x7f0000000140)='./file0\x00', 0x8, 0x1)
sendmmsg$alg(r1, &(0x7f00000000c0), 0x492492492492627, 0x0)

02:22:25 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0xb05300, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

[  927.659038][T28337] syz-executor.5 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  927.665941][T28338] binder: 28333:28338 ioctl c0306201 20000240 returned -14
02:22:25 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x6000000, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:22:25 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00600000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:22:25 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x2080, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = openat$cgroup_ro(r2, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r6 = dup(r1)
getsockname$packet(r6, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r4, 0x84, 0x70, &(0x7f0000000240)={<r8=>0x0, @in={{0x2, 0x4e22, @empty}}, [0x6, 0x100, 0x7ff, 0x1, 0x8, 0x9, 0x9, 0x20, 0x2, 0x80000000, 0x8, 0x7, 0x1f, 0x74f0, 0x4]}, &(0x7f0000000180)=0x100)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000340)={r8, @in6={{0xa, 0x4e23, 0x101, @ipv4={[], [], @multicast2}, 0x3}}, 0x47, 0x1, 0x80000000, 0x0, 0x81, 0x2, 0x1f}, 0x9c)
r9 = dup(r7)
ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200)
ioctl$NBD_SET_SOCK(r9, 0xab00, r5)
socket$packet(0x11, 0x3, 0x300)
r10 = socket(0x10, 0x80002, 0x0)
connect$netlink(r10, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x2}, 0xc)
getpeername$packet(r10, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=@ipv6_newrule={0x24, 0x20, 0x1, 0x70bd2b, 0x25dfdbfd, {0xa, 0x80, 0x14, 0x5, 0x1, 0x0, 0x0, 0x2, 0x1a}, [@FIB_RULE_POLICY=@FRA_FWMARK={0x8, 0xa, 0x38c}]}, 0x24}}, 0x0)

[  927.803624][T28354] binder: 28350:28354 ioctl c0306201 20000240 returned -14
02:22:25 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00f00000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:22:26 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x7000000, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:22:26 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffefffff000122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

[  927.964203][T28364] binder: 28362:28364 ioctl c0306201 20000240 returned -14
02:22:28 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffffffffffffff62}, {&(0x7f0000000400)="6653070000053c27bc3376003639405cb4aed12f0000001500ae47a825d86800278dcff47d010000805acf4f8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa53367f05f4ad61421349f2f11e931e7d62ead037cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb7", 0xa7}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x20, r0, 0xff600000, 0x0)

02:22:28 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mmap$binder(&(0x7f00005e0000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x18000000, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@binder={0x73622a85, 0x0, 0x0, 0x2}, @flat=@weak_binder, @fda={0x73682a85}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x2, 0x0, 0x0})

02:22:28 executing program 5:
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
truncate(&(0x7f00000000c0)='./bus\x00', 0x1000)
r1 = open(&(0x7f0000000100)='./bus\x00', 0x1, 0x0)
lseek(r0, 0x0, 0x2)
r2 = perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x40, 0x4}, 0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0x10, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r2, 0x4, 0x42000)
r3 = socket$packet(0x11, 0x3, 0x300)
mmap(&(0x7f0000ff0000/0x10000)=nil, 0x7fffdf00f000, 0xa, 0x10, r3, 0x0)
r4 = socket(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000300)={0x100000011, @multicast2, 0x0, 0x0, 'lblc\x00'}, 0x2c)
r5 = socket(0xa, 0x4000000001, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000000)={0x11, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x2, 'wrr\x00'}, 0x2c)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001580)={<r6=>0x0, @dev, @broadcast}, &(0x7f00000001c0)=0xc)
setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000300)={r6, @loopback, @remote}, 0xc)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)={<r7=>0x0, @remote, @empty}, &(0x7f0000000100)=0xc)
ioctl$sock_inet_SIOCGIFPFLAGS(r5, 0x8935, &(0x7f00000003c0)={'veth1_to_team\x00', 0x9})
setsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000140)={r7, @remote, @loopback}, 0xc)
ioctl$FICLONE(r3, 0x40049409, r4)
syz_genetlink_get_family_id$team(&(0x7f0000000840)='team\x00')
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000480)={'team0\x00', r7})
bind$alg(0xffffffffffffffff, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCADDRT(r8, 0x89a0, &(0x7f0000000340)={@local={0xfe, 0x80, [0x0, 0xfeff0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c]}, @empty, @loopback, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40840100})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x89a1, &(0x7f0000000180)={@loopback, 0xd})
r9 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x52}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r9, 0x4, 0x42000)
bind$packet(r0, &(0x7f0000000000)={0x11, 0xc, r6, 0x1, 0x6}, 0x14)
sendfile(0xffffffffffffffff, r1, 0x0, 0x4008)

02:22:28 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd43307c50d0600000014c2c794f72ebf5fe3178947170201000000000000008258f8dbe82e16cf8db95f5b068a9e00080000000000000000000000000000000000000000000000000000f2000018287ba7d8807c0ee93ea1bb7f00a15deb269d0a91985602763e4d70d404da006a3d6eef8fb7fcdd822d7b51aaeb1e4841a6e5f6c736ca55eca29effe5084e2a8c3a32798a47420748e3607275f93c5fc0eea40f013e18ab940ae4724d98f521cbe75bb22444e03a4f3fd39da854ec5ee5d610884b75c8ac79338717293d65dd15fb587a000000000000000000101a6e6183c71d60d3bb3a1edcc2ed40992fe7bfaad16c0be2251c37ea079dc13eb4866f9a989a807e221063ea49343eda947f163830d5f70a747ead56c9163fd819e5949a0de721b55f96de19e76613c05cf62b769e2f4ce108d7739ce1ffd26c3271b85d9ff61cd2203d7a702258e197b7a041400e2a1379e02776c9a8c9c928930ef6cb421b9b2bdb93d5ea5d864c7f4b97a3830f8d4e7e9ba13b49c9e8039bd32915424d6ded7781b38f65cfa2cd2fc9306458f2f70ef47c800cd1062946b2f03b4757e954a32f0c2099e3a923508dfca25be1679c789ec7127600c6cf41c5acb48c745c4ca12d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x8001a0, 0x1b, 0x5ac484bb51fa106a, &(0x7f0000000380)="4d50b441e692763513ef874588a8fffffffe00000001122e25d30806", 0x0, 0x403, 0xe00, 0x22d, 0xf0}, 0x28)

02:22:28 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup2(r1, r0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000080)=0x81)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000540)={0x4c, 0xb07300, &(0x7f0000000180)=[@reply_sg={0x630b, {0x40406300, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0}}], 0x3, 0x73b000, 0x0})

02:22:28 executing program 1:
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r1, 0xee00)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r3=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r3, 0xee00)
syz_mount_image$xfs(&(0x7f0000000000)='xfs\x00', &(0x7f00000000c0)='./file0\x00', 0x56d, 0x4, &(0x7f0000000340)=[{&(0x7f0000000100)="376df3622526915c264b271c810f523347974a10fd5342a049dc2c3e44b8d61bfec962594a9bc2eb593bc2424e90415181580c07408f5f5f3b2412b83350fdccfdd5f7d6e298f262b7c79e7deb19a9f22d5e27d103b0015efb28278cc925aab780adb361911e3bb6dce83e", 0x6b, 0xd610}, {&(0x7f0000000180), 0x0, 0x5}, {&(0x7f0000000200)="2c6bba1d36db3a94a4260b9e29a653f319343069195394fa5739b4d4d710ebcfeae538c3e8a946602ac0dddfb4d0c316adbd0621d85b19335753d45484579b159dba9f3b1d22ddd3f14c694d9a7ef5a6bff9971c3bd37a5f7e5420cdc787c21bbeba8b78d75f1065e4a2a544db68bd492ad3757175f4f6b067f61c6c479a8e157df40179a5", 0x85, 0x2}, {&(0x7f00000002c0)="c19ef4cd94e36256f7751d6ec5730514503e14330c53a7a7910b35f6f2fc2f346e140be56c0c8e7da71ca3aefa60ad810f75e542331ebe9a5c25e7fda33f07b3dfe125c87b032e20b4846db71745bb631fcab373fa084e96b8347d325015a2916c80030f10f87d8ee5f83c46847a67d56cf7", 0x72, 0x1}], 0x80000, &(0x7f00000003c0)={[{@nogrpid='nogrpid'}, {@nouuid='nouuid'}, {@noattr2='noattr2'}, {@dax='dax'}, {@bsdgroups='bsdgroups'}, {@pqnoenforce='pqnoenforce'}, {@uquota='uquota'}, {@nouuid='nouuid'}, {@rtdev={'rtdev', 0x3d, './file0'}}, {@prjquota='prjquota'}], [{@fowner_gt={'fowner>', r1}}, {@fsuuid={'fsuuid', 0x3d, {[0x32, 0x65, 0x63, 0x65, 0x64, 0x62, 0x34, 0x31], 0x2d, [0x62, 0x32, 0x61], 0x2d, [0x37, 0x36, 0x65, 0x36], 0x2d, [0x64, 0x71fe220cc337278f, 0x66, 0x38], 0x2d, [0x65, 0x30, 0x61, 0x34, 0x61, 0x64, 0x32]}}}, {@uid_gt={'uid>', r3}}, {@subj_type={'subj_type'}}, {@context={'context', 0x3d, 'staff_u'}}, {@hash='hash'}, {@pcr={'pcr', 0x3d, 0x19}}, {@smackfshat={'smackfshat', 0x3d, '}self$&mime_type'}}, {@dont_hash='dont_hash'}]})
r4 = syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x4, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff})
r6 = dup(r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r7, &(0x7f0000000040)="9e", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x1f}, 0x1c)
r8 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r9=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r7, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r9}, 0x10)
getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r6, 0x84, 0x6d, &(0x7f0000000500)={r9, 0xbb, "f4c16368aadcfdc22e7655ce00247d69f3f13eb7d8663e2b792c17e3d0504ff8334d19d4d37842d91576e88fd3692a50e7e417d8102018e7832b9d706cd2a1bc88cc1a903e2b2527c118020d3a1f5e7a6138bb1e47f94f968c1dd318e3ef5e111a382b27526c70ace6439b5f5db5833c7ba7d5eea526e030ea97f2eb326a10b23b53e645ec4819a7adba0291c01f777cbca3118e19d1ed7dc5c30eb5622f8aac1a727c61c8670fd35bf9d845b3acc7570d92b169025b87ee68ec59"}, &(0x7f0000000180)=0xc3)
ioctl$RTC_EPOCH_READ(r4, 0xc0287c02, &(0x7f0000000040))

[  930.710171][    C1] ==================================================================
[  930.718575][    C1] BUG: KCSAN: data-race in yama_ptracer_del / yama_ptracer_del
[  930.726100][    C1] 
[  930.728424][    C1] write to 0xffff88809d574a50 of 1 bytes by interrupt on cpu 0:
[  930.736062][    C1]  yama_ptracer_del+0x117/0x1a0
[  930.740922][    C1]  yama_task_free+0x1e/0x30
[  930.745412][    C1]  security_task_free+0x3f/0xa0
[  930.750245][    C1]  __put_task_struct+0xc3/0x350
[  930.755092][    C1]  delayed_put_task_struct+0x19b/0x1c0
[  930.760564][    C1]  rcu_core+0x533/0x9f0
[  930.764712][    C1]  rcu_core_si+0x12/0x20
[  930.768938][    C1]  __do_softirq+0x118/0x34a
[  930.773425][    C1]  irq_exit+0xb5/0xd0
[  930.777542][    C1]  smp_apic_timer_interrupt+0xe2/0x270
[  930.782996][    C1]  apic_timer_interrupt+0xf/0x20
[  930.787920][    C1]  mem_cgroup_throttle_swaprate+0x0/0x2c6
[  930.793623][    C1]  mem_cgroup_try_charge_delay+0x5f/0x70
[  930.799238][    C1]  do_huge_pmd_anonymous_page+0x351/0x11a0
[  930.805034][    C1]  __handle_mm_fault+0x1f5b/0x2da0
[  930.810123][    C1]  handle_mm_fault+0x21c/0x540
[  930.814868][    C1]  do_page_fault+0x48a/0xa96
[  930.819439][    C1]  page_fault+0x34/0x40
[  930.823568][    C1] 
[  930.825883][    C1] read to 0xffff88809d574a50 of 1 bytes by interrupt on cpu 1:
[  930.833423][    C1]  yama_ptracer_del+0xd4/0x1a0
[  930.838261][    C1]  yama_task_free+0x1e/0x30
[  930.842756][    C1]  security_task_free+0x3f/0xa0
[  930.847594][    C1]  __put_task_struct+0xc3/0x350
[  930.852429][    C1]  delayed_put_task_struct+0x19b/0x1c0
[  930.857876][    C1]  rcu_core+0x533/0x9f0
[  930.862027][    C1]  rcu_core_si+0x12/0x20
[  930.866255][    C1]  __do_softirq+0x118/0x34a
[  930.870747][    C1]  irq_exit+0xb5/0xd0
[  930.874716][    C1]  smp_apic_timer_interrupt+0xe2/0x270
[  930.880161][    C1]  apic_timer_interrupt+0xf/0x20
[  930.885085][    C1]  __tsan_read1+0xa8/0x110
[  930.889487][    C1]  tomoyo_check_acl+0xbe/0x280
[  930.894238][    C1]  tomoyo_path_permission+0xda/0x150
[  930.899511][    C1]  tomoyo_path_perm+0x215/0x350
[  930.904348][    C1]  tomoyo_inode_getattr+0x23/0x40
[  930.909449][    C1]  security_inode_getattr+0x97/0xc0
[  930.914637][    C1]  vfs_getattr+0x2c/0x70
[  930.918970][    C1]  vfs_statx+0x104/0x190
[  930.923213][    C1]  __do_sys_newlstat+0x50/0xb0
[  930.927964][    C1]  __x64_sys_newlstat+0x37/0x50
[  930.932802][    C1]  do_syscall_64+0xc7/0x3b0
[  930.937299][    C1]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  930.943168][    C1] 
[  930.945476][    C1] Reported by Kernel Concurrency Sanitizer on:
[  930.951617][    C1] CPU: 1 PID: 5278 Comm: systemd-udevd Not tainted 5.7.0-rc1-syzkaller #0
[  930.960199][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  930.970234][    C1] ==================================================================
[  930.978274][    C1] Kernel panic - not syncing: panic_on_warn set ...
[  930.984863][    C1] CPU: 1 PID: 5278 Comm: systemd-udevd Not tainted 5.7.0-rc1-syzkaller #0
[  930.993342][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  931.003395][    C1] Call Trace:
[  931.006662][    C1]  <IRQ>
[  931.009508][    C1]  dump_stack+0x11d/0x187
[  931.013829][    C1]  panic+0x210/0x640
[  931.017715][    C1]  ? vprintk_func+0x89/0x13a
[  931.022292][    C1]  kcsan_report.cold+0xc/0x1a
[  931.026964][    C1]  kcsan_setup_watchpoint+0x3fb/0x440
[  931.032332][    C1]  yama_ptracer_del+0xd4/0x1a0
[  931.037087][    C1]  yama_task_free+0x1e/0x30
[  931.041590][    C1]  security_task_free+0x3f/0xa0
[  931.046427][    C1]  __put_task_struct+0xc3/0x350
[  931.051266][    C1]  delayed_put_task_struct+0x19b/0x1c0
[  931.056726][    C1]  ? rcu_cblist_dequeue+0x68/0x90
[  931.061736][    C1]  rcu_core+0x533/0x9f0
[  931.065878][    C1]  ? __write_once_size.constprop.0+0x20/0x20
[  931.071848][    C1]  rcu_core_si+0x12/0x20
[  931.076077][    C1]  __do_softirq+0x118/0x34a
[  931.080574][    C1]  irq_exit+0xb5/0xd0
[  931.084545][    C1]  smp_apic_timer_interrupt+0xe2/0x270
[  931.089992][    C1]  apic_timer_interrupt+0xf/0x20
[  931.094928][    C1]  </IRQ>
[  931.097870][    C1] RIP: 0010:__tsan_read1+0xa8/0x110
[  931.103059][    C1] Code: 05 f5 60 ac 7e 8b 50 04 85 d2 7f 28 8b 50 08 85 d2 7e 39 48 83 78 20 00 75 66 c3 65 48 8b 04 25 40 8c 01 00 8b 90 1c 0a 00 00 <48> 05 18 0a 00 00 85 d2 7e d8 65 8b 0d 5f c9 ac 7e 48 c1 e9 10 83
[  931.122644][    C1] RSP: 0018:ffffc90000d7bb88 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[  931.131040][    C1] RAX: ffff888129cfc040 RBX: ffff88812553fa80 RCX: ffffffff88af0550
[  931.138999][    C1] RDX: 0000000000000000 RSI: ffffffff82655675 RDI: ffff88812553fa99
[  931.146956][    C1] RBP: ffff88812553fa80 R08: 0000000000000000 R09: 0000c90000d7bbb0
[  931.154915][    C1] R10: 000088812553fa99 R11: 0000c90000d7bbb7 R12: ffffc90000d7bc60
[  931.162871][    C1] R13: ffff88812551fa10 R14: 0000000000000000 R15: 0000000000000000
[  931.170837][    C1]  ? tomoyo_check_acl+0xb5/0x280
[  931.175762][    C1]  tomoyo_check_acl+0xbe/0x280
[  931.180513][    C1]  ? tomoyo_compare_name_union+0x90/0x90
[  931.186132][    C1]  tomoyo_path_permission+0xda/0x150
[  931.191407][    C1]  tomoyo_path_perm+0x215/0x350
[  931.196262][    C1]  tomoyo_inode_getattr+0x23/0x40
[  931.201278][    C1]  security_inode_getattr+0x97/0xc0
[  931.206462][    C1]  vfs_getattr+0x2c/0x70
[  931.210815][    C1]  vfs_statx+0x104/0x190
[  931.215053][    C1]  __do_sys_newlstat+0x50/0xb0
[  931.219805][    C1]  ? constant_test_bit+0xd/0x30
[  931.224645][    C1]  ? syscall_trace_enter+0x30b/0x720
[  931.229923][    C1]  __x64_sys_newlstat+0x37/0x50
[  931.234758][    C1]  do_syscall_64+0xc7/0x3b0
[  931.239268][    C1]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  931.245138][    C1] RIP: 0033:0x7f639c0fa335
[  931.249555][    C1] Code: 69 db 2b 00 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 83 ff 01 48 89 f0 77 30 48 89 c7 48 89 d6 b8 06 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 03 f3 c3 90 48 8b 15 31 db 2b 00 f7 d8 64 89
[  931.269139][    C1] RSP: 002b:00007ffcbc0d96d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
[  931.277530][    C1] RAX: ffffffffffffffda RBX: 00005577fbb889b0 RCX: 00007f639c0fa335
[  931.285487][    C1] RDX: 00007ffcbc0d9710 RSI: 00007ffcbc0d9710 RDI: 00005577fbb879b0
[  931.293464][    C1] RBP: 00007ffcbc0d97d0 R08: 00007f639c3b91d8 R09: 0000000000001010
[  931.301420][    C1] R10: 00007f639c3b8b58 R11: 0000000000000246 R12: 00005577fbb879b0
[  931.310331][    C1] R13: 00005577fbb879be R14: 00005577fbb70b19 R15: 00005577fbb70b1e
[  931.319373][    C1] Kernel Offset: disabled
[  931.323686][    C1] Rebooting in 86400 seconds..