der: BINDER_SET_CONTEXT_MGR already set
[  509.658105] binder: 3113:3120 ioctl 40046207 0 returned -16
[  509.673437] binder_alloc: binder_alloc_mmap_handler: 3115 20001000-20004000 already mapped failed -16
21:13:58 executing program 2:
ptrace$setsig(0x4203, 0x0, 0x0, &(0x7f0000000040))
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat$pfkey(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/net/pfkey\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)="9b7d00"}, 0x10)
ioctl$sock_inet_SIOCGARP(0xffffffffffffffff, 0x8954, &(0x7f0000000700)={{0x2, 0x0, @dev}, {0x0, @local}, 0x0, {0x2, 0x0, @broadcast}, 'team_slave_1\x00'})
setsockopt$inet_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x0, 0x2d, &(0x7f0000000640)={0x0, {{0x2, 0x0, @dev}}}, 0x88)
socketpair$inet6_tcp(0xa, 0x1, 0x0, &(0x7f0000000780))
ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502)
ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609)
seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]})
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000240)={0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000400)=""/150}, 0x18)
ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000c40)={0x0, {0x2, 0x0, @loopback}, {0x2, 0x0, @multicast1}, {0x2, 0x0, @rand_addr}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)='team0\x00'})
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000300), 0xc, &(0x7f0000000340)={&(0x7f0000000cc0)=ANY=[]}}, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000600), 0x10)
openat$ipvs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/sys/net/ipv4/vs/expire_quiescent_template\x00', 0x2, 0x0)
dup(0xffffffffffffffff)
getpeername$unix(0xffffffffffffffff, &(0x7f0000000140)=@abs, &(0x7f00000000c0)=0x6e)
syz_execute_func(&(0x7f0000000580)="42805da0c7a3a3ef69dc0f01eece73fe19fa380f38211af3f081768cc8000000c481b5e5bc2b0000002167f00fbab204000000ca6b2179dae5e54175450f2e1ac4010d64ac1e5d31a3b744dbe271fb26f00fbb9500000000")
socketpair$inet(0x2, 0x0, 0x0, &(0x7f0000000080))

21:13:58 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:13:58 executing program 1:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = dup(r0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000140)={r1, &(0x7f0000000000)="05e2dc7c"}, 0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000806f000000"]], 0x0, 0x0, &(0x7f0000000300)})

21:13:58 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:13:58 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x74000000, 0x0, &(0x7f0000000300)})

21:13:58 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  510.230319] binder_alloc_new_buf_locked: 46 callbacks suppressed
[  510.230327] binder_alloc: 3136: binder_alloc_buf, no vma
[  510.266297] binder_alloc: 3136: binder_alloc_buf, no vma
21:13:58 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:13:58 executing program 1:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040)={0x0, <r0=>0x0})
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
sched_getscheduler(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f0000000280)=ANY=[@ANYBLOB="0000000000000000d8159bea7ed61e7a31ad10698d8e34b2c4cd4be5aabd57f139b32d38fc662fa9853f6b4408487c1c38a29879728a7e664f20434d203c7eccfc17ea41bb21283ad9f2da28f290bd556f364dd889fefb16c60599686714831186ff0f507b9707d4b1f2540ee8d76f7ff6f4809085bd2fb732bc582ec74ff9fe4bf9684e3b6ee502f8035ab24790611dcb824bcdcd3af727eaa47a744f6905f3efb6f9fd0abd2171e282a896581a9ef83bbff7b1a8b2750b00000000000000"]], 0x0, 0x0, &(0x7f0000000300)})

[  510.276144] binder_alloc: 3136: binder_alloc_buf, no vma
[  510.283072] binder: BINDER_SET_CONTEXT_MGR already set
[  510.288460] binder: 3136:3143 ioctl 40046207 0 returned -16
[  510.296347] binder_alloc: 3136: binder_alloc_buf, no vma
[  510.310996] binder_alloc: 3136: binder_alloc_buf, no vma
[  510.322045] binder_alloc: 3136: binder_alloc_buf, no vma
21:13:58 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x5000000, 0x0, &(0x7f0000000300)})

21:13:58 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:13:58 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:13:58 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  510.524255] binder_alloc: 3160: binder_alloc_buf, no vma
[  510.569716] binder_alloc: 3160: binder_alloc_buf, no vma
[  510.583063] binder: BINDER_SET_CONTEXT_MGR already set
[  510.584053] binder_alloc: 3160: binder_alloc_buf, no vma
[  510.593670] binder: 3160:3172 ioctl 40046207 0 returned -16
21:13:59 executing program 2:
add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080), 0x0, 0x0, 0xfffffffffffffffe)
seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]})
syz_execute_func(&(0x7f0000000140)="428055a0610fef69dce9d92a5c41ff0f1837370f38211ac4c482fd2520410feefa4e2179fbe5f54175455de0932ebc2ebc0d64ac1e5d9f7f")
socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f00000000c0))
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000280)={0x0, &(0x7f0000000240)}, 0x10)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000001c0))
sched_setscheduler(0x0, 0x0, &(0x7f0000000200))

21:13:59 executing program 1:
socketpair$inet(0x2, 0x80003, 0x5, &(0x7f0000000200))
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})
socketpair(0x5, 0x2, 0x1000, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$KDDISABIO(r1, 0x4b37)

21:13:59 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x6000, 0x0, &(0x7f0000000300)})

21:13:59 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:13:59 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:13:59 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x12000000, &(0x7f0000000300)})

[  511.174154] binder_transaction: 109 callbacks suppressed
[  511.174170] binder: 3185:3186 transaction failed 29189/-22, size 0-12288 line 2855
[  511.207690] binder_alloc: 3187: binder_alloc_buf, no vma
[  511.213942] binder: 3187:3189 transaction failed 29189/-3, size 0-0 line 2970
[  511.220625] binder: 3184:3188 transaction failed 29189/-3, size 0-12288 line 2970
[  511.231260] binder: 3190:3191 transaction failed 29189/-3, size 1275068416-12288 line 2970
[  511.232616] binder: 3187:3189 ioctl c0306201 20000040 returned -14
[  511.240407] binder: 3192:3193 transaction failed 29189/-3, size 0-12288 line 2970
[  511.245748] binder: 3190:3191 transaction failed 29189/-3, size 1275068416-12288 line 2970
21:13:59 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:13:59 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  511.296061] binder: 3185:3186 transaction failed 29189/-3, size 0-12288 line 2970
[  511.305837] binder: BINDER_SET_CONTEXT_MGR already set
[  511.326725] binder: 3187:3203 ioctl 40046207 0 returned -16
[  511.370946] binder: 3187:3189 transaction failed 29189/-3, size 0-0 line 2970
[  511.392132] binder: 3187:3189 ioctl c0306201 20000040 returned -14
21:13:59 executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='\x00'}, 0x10)
accept4$packet(0xffffffffffffff9c, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000280)=0x14, 0x80800)
socketpair$inet(0x2, 0x5, 0x7, &(0x7f00000002c0))
fanotify_init(0x30, 0x8403)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffff9c, 0xae01, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000380))
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0)
ioctl$BLKFLSBUF(r1, 0x1261, &(0x7f0000000140)=0x5)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:13:59 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x6800, 0x0, &(0x7f0000000300)})

[  511.449659] binder: 3208:3209 transaction failed 29189/-22, size 0-12288 line 2855
[  511.470524] binder: 3210:3211 transaction failed 29189/-22, size 8192-12288 line 2855
21:13:59 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0xfffffdfd, &(0x7f0000000300)})

21:13:59 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  511.695938] binder: BINDER_SET_CONTEXT_MGR already set
[  511.745907] binder: 3232:3237 ioctl 40046207 0 returned -16
21:14:00 executing program 2:
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000180), 0xffffffffffffffff)
r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380), 0xc, &(0x7f00000004c0)={&(0x7f0000000400)={0x24, 0x0, 0x0, 0x0, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}]}, 0x24}}, 0xd0)
r1 = getpid()
sched_setscheduler(r1, 0x5, &(0x7f0000000200))
ioctl$EXT4_IOC_SHUTDOWN(r0, 0x8004587d, &(0x7f00000002c0)=0x3)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0)

21:14:00 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:00 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x7a00, 0x0, &(0x7f0000000300)})

21:14:00 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:00 executing program 1:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:00 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x100000000000000, &(0x7f0000000300)})

[  512.192133] binder: 3254:3256 ioctl c0306201 20000040 returned -14
[  512.206325] binder_release_work: 48 callbacks suppressed
[  512.206332] binder: undelivered TRANSACTION_ERROR: 29189
[  512.232116] binder: undelivered TRANSACTION_ERROR: 29189
21:14:00 executing program 1:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x40000, 0x0)
ioctl$KDSETLED(r0, 0x4b32, 0x7fffffff)
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000001e00"]], 0x0, 0x0, &(0x7f0000000300)})
socket$pppoe(0x18, 0x1, 0x0)

21:14:00 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:00 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x4c00, 0x0, &(0x7f0000000300)})

21:14:00 executing program 2:
getpeername(0xffffffffffffffff, &(0x7f0000000400)=@pppol2tpin6, &(0x7f0000000500)=0x80)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000540)={0x0, @broadcast, @multicast2}, &(0x7f0000000580)=0xc)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000005c0)={@ipv4={[], [], @multicast2}})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140))
socketpair$inet_udplite(0x2, 0x2, 0x88, &(0x7f0000000180))
socket$inet6_udplite(0xa, 0x2, 0x88)
syz_extract_tcp_res(&(0x7f0000000200), 0x0, 0x0)
socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f00000001c0))
getpeername$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, &(0x7f0000000240)=0x6e)
dup(0xffffffffffffffff)
preadv(0xffffffffffffffff, &(0x7f0000000400), 0x0, 0x0)
prctl$void(0x0)
accept4(0xffffffffffffffff, &(0x7f0000000040)=@generic, &(0x7f00000000c0)=0x80, 0x0)
seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]})
syz_execute_func(&(0x7f0000000280)="428055a0376969ef69dc3641ffaa32233333c4c2958e09d26d44c19086d962788f35c935c97d197a0779fbc463fd7998b400ba000079aaff43d0e1460f0da11b000000010d64ac1e5d31a314b706e205f3420f1beb7b7f")

[  512.249293] binder: BINDER_SET_CONTEXT_MGR already set
[  512.255500] binder: 3254:3262 ioctl 40046207 0 returned -16
[  512.264161] binder: undelivered TRANSACTION_ERROR: 29189
21:14:00 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:00 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0xfdfdffff00000000, &(0x7f0000000300)})

[  512.378349] binder: undelivered TRANSACTION_ERROR: 29189
[  512.401111] binder: undelivered TRANSACTION_ERROR: 29189
[  512.406904] binder: undelivered TRANSACTION_ERROR: 29189
[  512.412451] binder: undelivered TRANSACTION_ERROR: 29189
21:14:00 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:00 executing program 1:
openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x40000, 0x0)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x40, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000140))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:00 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:00 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x6, 0x0, &(0x7f0000000300)})

[  512.479968] binder: 3283:3284 ioctl c0306201 20000040 returned -14
[  512.537662] binder: BINDER_SET_CONTEXT_MGR already set
[  512.575525] binder: undelivered TRANSACTION_ERROR: 29189
[  512.587781] binder: undelivered TRANSACTION_ERROR: 29189
[  512.599872] binder: 3283:3290 ioctl 40046207 0 returned -16
[  512.616040] binder: undelivered TRANSACTION_ERROR: 29189
21:14:00 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:00 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:00 executing program 1:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0xb8, 0x0, &(0x7f0000000200)="e7a554fa99c9c9b5af621dce49fdf761098ce4573d911236c197d2aa0817bbae108f76943780f785a285ad7457881ebc194df53e517d4efb52e07a083f2d619b105240007410208b3a4ff66307d946736a0d13136df4f5f8200f8bb530dd8fce2245b8ec9ef1acbd3f9b6c3259395147ba10882f342321d7a2fafd529947e684ad21a23d019b7fcacd38bae3d16c2bf74d927ecf7120213e95d70b0a58687606af002744fe47a37bce29b511277128a866e52f1ab647bf19"})

21:14:00 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0xfdfdffff, &(0x7f0000000300)})

21:14:00 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x48, 0x0, &(0x7f0000000300)})

[  512.777605] binder: 3311:3312 ioctl c0306201 20000040 returned -14
[  512.806967] binder_alloc_mmap_handler: 15 callbacks suppressed
[  512.806983] binder_alloc: binder_alloc_mmap_handler: 3314 20001000-20004000 already mapped failed -16
[  512.850702] binder: BINDER_SET_CONTEXT_MGR already set
[  512.858908] binder_alloc: binder_alloc_mmap_handler: 3319 20001000-20004000 already mapped failed -16
[  512.866002] binder: 3311:3321 ioctl 40046207 0 returned -16
21:14:01 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6(0xa, 0x80003, 0x800000000000006)
ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'gre0\x00'})

21:14:01 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:01 executing program 1:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
r0 = syz_open_dev$binder(&(0x7f0000000280)='/dev/binder#\x00', 0x0, 0x800)
openat$full(0xffffffffffffff9c, &(0x7f0000000440)='/dev/full\x00', 0x40, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0xfffffffeffffffff, 0x8000)
getsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000100)=0x6, &(0x7f0000000140)=0x2)
r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f0000000200)={0x73, 0x79, 0x7a, 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
r3 = socket$alg(0x26, 0x5, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp6\x00')
bind$alg(r3, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58)
r5 = accept4$alg(r3, 0x0, 0x0, 0x0)
sendfile(r5, r4, &(0x7f0000000000), 0xf)
add_key(&(0x7f0000000300)='rxrpc\x00', &(0x7f0000000340)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000380)="a9505226db926ae16acc90d4a2094961e47f763b9ae69592a8e84be35b1330b9bcc65901b5e5ae499614bd1f1aa4e6ce0a9d1433b455d0ea5ca06acdb49b37158589720aea038aa9fef11ccc0bc1dca57edd217683b08cbbb76866f8cf0c9ecd0d0b66df2cedb0e4de71a4eedb74a719c60355d10868c986514152059dabfce3373887824ef3e52a42d30acb6ee12d49367e160a14768eee24f6057ee389d53c20bcebe70404b3b0a88f5334e236a39e0ba0ce81392025f5a9ed2298", 0xbc, 0xfffffffffffffffe)
keyctl$setperm(0x5, r2, 0x1010)
keyctl$search(0xa, r2, &(0x7f0000000240)='asymmetric\x00', &(0x7f00000002c0)={0x73, 0x79, 0x7a, 0x2}, r2)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000ffffffff000000000000000030000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000000300)})

21:14:01 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:01 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x1200, &(0x7f0000000300)})

21:14:01 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0xffffff7f00000000, 0x0, &(0x7f0000000300)})

21:14:01 executing program 1:
socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='^\x00'}, 0x10)
ioctl$KVM_S390_UCAS_MAP(r1, 0x4018ae50, &(0x7f0000000200)={0x3f, 0x8, 0xffffffffffffffff})
fcntl$getownex(r0, 0x10, &(0x7f0000000240))
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:01 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  513.250736] binder_alloc: binder_alloc_mmap_handler: 3332 20001000-20004000 already mapped failed -16
[  513.262035] binder: BINDER_SET_CONTEXT_MGR already set
[  513.265899] binder_alloc: binder_alloc_mmap_handler: 3335 20001000-20004000 already mapped failed -16
[  513.286969] binder: 3339:3347 ioctl 40046207 0 returned -16
21:14:01 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:01 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x12, &(0x7f0000000300)})

21:14:01 executing program 1:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
socketpair$inet6_udplite(0xa, 0x2, 0x88, &(0x7f0000000400)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$inet_tcp_buf(r0, 0x6, 0x16, &(0x7f0000000380)="30c52e33fe3d2428ad94ec4e2983a9092e94771d70e7dd23fa28679a67fbaa62d60a150f8815c0838922ea83335172557b2b1e0a042e06a4e138527c24e5859817ab88e7acaf1afc6503183065a7b7b14ec8ef7c7f00888f3f2f1655f0c0b506ab1542bd3a3808cfbc1d5777a824a50506f3e360", 0x74)
pipe2(&(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x800)
getsockname$packet(r4, &(0x7f0000000200)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000240)=0x14)
r6 = syz_genetlink_get_family_id$team(&(0x7f00000002c0)='team\x00')
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000008640)={{{@in6=@mcast2, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0, <r8=>0x0}}, {{@in6=@mcast1}, 0x0, @in=@broadcast}}, &(0x7f0000008740)=0xe8)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000300)=0x9, 0x4)
sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000008e40)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8010400}, 0xc, &(0x7f0000008e00)={&(0x7f00000009c0)=ANY=[@ANYBLOB="1b010000", @ANYRES16=r6, @ANYBLOB="00022dbd7000ffdbdf250100000008000100", @ANYRES32=r5, @ANYBLOB="3c01020040000100240001006c625f686173685f737461747300000000000000000000000000000000000000080003000b0000000800040003890000080007000000000038000100240001006e6f746966795f70656572735f636f756e740000000000000000000000000000080003000300000008000400ffd1000040000100240001006d6f64650000000000000000000000000000000000000000000000000000000008000300050000001000040062726f61646361737400000044000100240001006d6f6465000000000000000000000000000000000000000000000000000000000800030005000000140004006163746976656261636b7570000000003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=r5, @ANYBLOB="7c0002003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r7, @ANYBLOB="3c000100240001006d6f64650000000000000000000000000000000000000000000000000000000008000300050000000c00040072616e646f6d000008000100", @ANYRES32=r5, @ANYBLOB="400002003c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000008000300070000000c000400686173680000006e79870200", @ANYRES32=r5, @ANYBLOB="280102003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600dc5c414127c201f94151eb1960d9a0684d4005c7ad62f907", @ANYRES32=r5, @ANYBLOB="3800010024000100616374697665706f727400000000000000000000000000000000000000000000080003000300000008000400", @ANYRES32=r5, @ANYBLOB="3c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000008000300050000000c000400686173680000000038000100240001006e6f746966795f70656572735f636f756e740000000000000000000000000000080003000300000008000400720000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=r5, @ANYBLOB="300202003c0900005f656e61626c656400000000e6ff0000000000000008000300060000000400040008000600", @ANYRES32=r5, @ANYBLOB="44000100240001006d6f6465000000000000000000000000000000000000000000000000000000000800030005000000140004006163746976656261636b75700000000040000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e000000080004000080000008000600", @ANYRES32=r5, @ANYBLOB="44000100240001006270665f686173685f66756e6300000000000000000000000000000000000000080003000b000000140004000500ff817b00000009004d0102000000400001002400010071756575655f69640000000000000000000000000000000000000000000000000800030003000000080004000500000008000600", @ANYRES32=r5, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f696e74657276616c0000000000000000000000080003000300000008000400000000003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r5, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r5, @ANYBLOB="38000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000800030003000000080004008a00000008000100", @ANYRES32=0x0, @ANYBLOB="bc00020040000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e000000080004000000000008000600", @ANYRES32=r5, @ANYBLOB="3c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r5, @ANYBLOB="3c00000024000100757365725f6c696e6b75705f656e61626c6564000000000000000000000000000800664c0300060000000400040008000600", @ANYRES32=r5], 0x650}}, 0x40000)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f00000004c0)={0x40, 0x2, 0x7fff, 0x1, <r9=>0x0}, &(0x7f0000000500)=0x10)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000540)={r9, 0x9, 0x20}, &(0x7f0000000580)=0xc)
ioctl$FICLONE(r0, 0x40049409, r2)
r10 = add_key$keyring(&(0x7f0000000440)='keyring\x00', &(0x7f0000000480)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$get_persistent(0x16, r8, r10)
r11 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000980))
utime(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)={0x2000, 0x7})
getsockopt$inet_sctp_SCTP_INITMSG(r3, 0x84, 0x2, &(0x7f0000000140), &(0x7f0000000340)=0x7)
ioctl$BINDER_WRITE_READ(r11, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000000300)})
ioctl$TIOCCONS(r4, 0x541d)

21:14:01 executing program 2:
request_key(&(0x7f0000000080)='user\x00', &(0x7f00000000c0), &(0x7f00000001c0)='\x00', 0xfffffffffffffffa)
add_key$keyring(&(0x7f0000000300)='keyring\x00', &(0x7f0000000140), 0x0, 0x0, 0x0)
keyctl$invalidate(0x15, 0x0)
seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]})
syz_execute_func(&(0x7f0000000240)="42805da0124fefeddc0f01eea873fe19fa380f38211af3f081768cc8000000c481b5e5bc2b0000002167f00fbab204000000ca6b2179dae5e54175450f2e1a8f0818ef0d0e0000000044dbe271fb0703")
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffff9c)
getpid()
getresuid(&(0x7f0000000200), &(0x7f00000003c0), &(0x7f0000000400))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), &(0x7f0000000480)=0xc)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000004c0))
getresuid(&(0x7f0000000500), &(0x7f0000000540), &(0x7f0000000580))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000005c0), &(0x7f0000000600)=0xc)
gettid()
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000f00), &(0x7f0000000f40)=0xc)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000001e40))
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000fc0)={{{@in6=@loopback, @in=@local}}, {{@in=@local}, 0x0, @in=@rand_addr}}, &(0x7f00000010c0)=0xe8)
stat(&(0x7f0000001100)='./file0\x00', &(0x7f0000001140))
fcntl$getown(0xffffffffffffffff, 0x9)
stat(&(0x7f00000011c0)='./file0\x00', &(0x7f0000001200))
fstat(0xffffffffffffffff, &(0x7f0000001280))
getpid()
getresuid(&(0x7f0000001740), &(0x7f0000001780), &(0x7f00000017c0))
stat(&(0x7f00000006c0)='./file0\x00', &(0x7f0000000640))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000340), &(0x7f0000000040)=0xffffff73)
getgroups(0x34e, &(0x7f0000001980))
gettid()

21:14:01 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x6c00000000000000, 0x0, &(0x7f0000000300)})

[  513.411452] binder_alloc: binder_alloc_mmap_handler: 3360 20001000-20004000 already mapped failed -16
21:14:01 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  513.553444] binder: BINDER_SET_CONTEXT_MGR already set
[  513.570513] binder_alloc: binder_alloc_mmap_handler: 3369 20001000-20004000 already mapped failed -16
[  513.596229] binder: 3366:3377 ioctl 40046207 0 returned -16
21:14:01 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:01 executing program 1:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='fdinfo\x00')
ioctl$KDSKBMODE(r0, 0x4b45, &(0x7f0000000180)=0x77)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f0000000000)=ANY=[@ANYBLOB="000000000000000013b9080000008f4f091817fd777be94348e1532f0d94e7942a8e13b803829c4612eb59cf017c38405513b6365da1"]], 0x0, 0x0, &(0x7f0000000300)})
ioctl$KDSKBMETA(r0, 0x4b63, &(0x7f00000001c0)=0x80000000)

21:14:01 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:01 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0xfdfdffff, 0x0, &(0x7f0000000300)})

21:14:01 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x1200000000000000, &(0x7f0000000300)})

[  513.751048] binder_alloc: binder_alloc_mmap_handler: 3390 20001000-20004000 already mapped failed -16
21:14:01 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  513.809208] binder: 3396:3397 ioctl c0306201 20000040 returned -14
[  513.843191] binder_alloc: binder_alloc_mmap_handler: 3394 20001000-20004000 already mapped failed -16
21:14:01 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  513.858112] binder: BINDER_SET_CONTEXT_MGR already set
[  513.873960] binder: 3396:3405 ioctl 40046207 0 returned -16
21:14:01 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040))
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='auxv\x00')
preadv(r0, &(0x7f0000000480), 0x10000000000001ea, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00634040000000000000000000000000000100000000000000000000000000000000000000000000000030000000002000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000000300)})

[  513.901827] binder: 3396:3397 ioctl c0306201 20000040 returned -14
21:14:02 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  513.987718] binder_alloc: binder_alloc_mmap_handler: 3410 20001000-20004000 already mapped failed -16
21:14:02 executing program 2:
clock_gettime(0x0, &(0x7f0000000080))
clock_settime(0x0, &(0x7f00000000c0))
seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]})
syz_execute_func(&(0x7f0000000540)="428055a0376969ef69dc3641ffaa32233333c4c2958e0941a30f7f7f3766460f3828523044c19086d962788f35c935c97d197a0779fbc463fd7998b400ba000079aaff43d0e1460f0da11b000000010d64ac1e5d31a314b706e205987b7f")

21:14:02 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0xa, 0x0, &(0x7f0000000300)})

21:14:02 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x1000000, &(0x7f0000000300)})

21:14:02 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:02 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:02 executing program 1:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="006340406aa7a2f3f6d02f3a0000000000000000000000000000000000000000000000001f0000000000000000000000000000000030000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000000300)})
socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
setsockopt$inet_mreqsrc(r1, 0x0, 0x0, &(0x7f0000000240)={@loopback, @multicast2, @loopback}, 0xc)

[  514.395477] binder: 3435:3436 got transaction to invalid handle
[  514.413563] binder_alloc: binder_alloc_mmap_handler: 3429 20001000-20004000 already mapped failed -16
[  514.417209] binder: 3432:3437 ioctl c0306201 20000040 returned -14
[  514.436303] binder: 3435:3442 got transaction to invalid handle
[  514.463643] binder: BINDER_SET_CONTEXT_MGR already set
21:14:02 executing program 1:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x2)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f0000000100)=ANY=[@ANYBLOB="00000000000000001f88ed26e2ae14932d260f7e00b0e997a6eaa8ba5dfc27466c73bfb3b4c9571a4e0c5260305b06cd3af9a1a3252114923d8d4a70dd1731d1609264da190ada2d09d0b465d019c3e8c66394efb3bf3fa94a28d75748acec4299c2db5283fa929478437f971d7d"]], 0x0, 0x0, &(0x7f0000000300)})

21:14:02 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:02 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x700000000000000, 0x0, &(0x7f0000000300)})

21:14:02 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  514.489745] binder: 3432:3446 ioctl 40046207 0 returned -16
[  514.513830] binder: 3432:3437 ioctl c0306201 20000040 returned -14
21:14:02 executing program 4:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000000)={<r3=>0x0}, &(0x7f0000000140)=0xc)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000180)=<r4=>0x0)
kcmp(r3, r4, 0x0, r1, r0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000b4000000000000000000824d000000000000000100", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:02 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  514.730016] binder: BINDER_SET_CONTEXT_MGR already set
[  514.735468] binder: 3466:3470 ioctl 40046207 0 returned -16
21:14:03 executing program 2:
madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0xb)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0)
socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000200))
ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d)
stat(&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0))
seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]})
syz_execute_func(&(0x7f00000000c0)="428055a0690fef69dc00d9ce41ff0f1837370f38211ac4c19086d9f28fc9410feefa4e2179fbe5e54175450f2e1ac4010d64ac1e5d31a3b706e2989f7f")

21:14:03 executing program 1:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:03 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x1000000, 0x0, &(0x7f0000000300)})

21:14:03 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:03 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:03 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x80000, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:03 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:03 executing program 1:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})
r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x5, 0x400)
write$P9_RVERSION(r1, &(0x7f0000000140)={0x15, 0x65, 0xffff, 0x3, 0x8, '9P2000.u'}, 0x15)

21:14:03 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  515.360888] binder_alloc_new_buf_locked: 44 callbacks suppressed
[  515.360952] binder_alloc: 3486: binder_alloc_buf, no vma
[  515.401141] binder_alloc: 3486: binder_alloc_buf, no vma
[  515.442436] binder: BINDER_SET_CONTEXT_MGR already set
21:14:03 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x4c000000, 0x0, &(0x7f0000000300)})

[  515.467977] binder_alloc: 3486: binder_alloc_buf, no vma
[  515.494392] binder: 3486:3487 ioctl 40046207 0 returned -16
[  515.505066] binder_alloc: 3486: binder_alloc_buf, no vma
21:14:03 executing program 4:
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x88000, 0x0)
ioctl$sock_netdev_private(r0, 0x89f5, &(0x7f0000000140)="d23ff184fa2d1f5147a8ea6653e6bf7cdb35832a896e8df660ee18ca12ca44ce458619b827a6d9fb935c3bdcce43df5ca8baa7")
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_CPUID(r0, 0x4008ae8a, &(0x7f00000001c0)={0x1, 0x0, [{0xd, 0x2, 0x0, 0x0, 0x81}]})
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000180)={0x0, 0x1f})

[  515.520686] binder_alloc: 3486: binder_alloc_buf, no vma
[  515.533861] binder_alloc: 3486: binder_alloc_buf, no vma
21:14:03 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  515.666282] binder_alloc: 3521: binder_alloc_buf, no vma
[  515.701694] binder_alloc: 3521: binder_alloc_buf, no vma
[  515.725670] binder: BINDER_SET_CONTEXT_MGR already set
[  515.741862] binder: 3521:3526 ioctl 40046207 0 returned -16
21:14:04 executing program 2:
request_key(&(0x7f0000000080)='user\x00', &(0x7f00000000c0), &(0x7f00000001c0)='\x00', 0xfffffffffffffffa)
add_key$keyring(&(0x7f0000000300)='keyring\x00', &(0x7f0000000140), 0x0, 0x0, 0x0)
keyctl$invalidate(0x15, 0x0)
seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]})
syz_execute_func(&(0x7f0000000240)="42805da0124fefeddc0f01eea873fe19fa380f38211af3f081768cc8000000c481b5e5bc2b0000002167f00fbab204000000ca6b2179dae5e54175450f2e1a8f0818ef0d0e0000000044dbe271fb0703")
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffff9c)
getpid()
getresuid(&(0x7f0000000200), &(0x7f00000003c0), &(0x7f0000000400))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), &(0x7f0000000480)=0xc)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000004c0))
getresuid(&(0x7f0000000500), &(0x7f0000000540), &(0x7f0000000580))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000005c0), &(0x7f0000000600)=0xc)
gettid()
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000f00), &(0x7f0000000f40)=0xc)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000001e40))
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000fc0)={{{@in6=@loopback, @in=@local}}, {{@in=@local}, 0x0, @in=@rand_addr}}, &(0x7f00000010c0)=0xe8)
stat(&(0x7f0000001100)='./file0\x00', &(0x7f0000001140))
fcntl$getown(0xffffffffffffffff, 0x9)
stat(&(0x7f00000011c0)='./file0\x00', &(0x7f0000001200))
fstat(0xffffffffffffffff, &(0x7f0000001280))
getpid()
getresuid(&(0x7f0000001740), &(0x7f0000001780), &(0x7f00000017c0))
stat(&(0x7f00000006c0)='./file0\x00', &(0x7f0000000640))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000340), &(0x7f0000000040)=0xffffff73)

21:14:04 executing program 1:
r0 = socket$unix(0x1, 0x5, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000180))
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = creat(&(0x7f0000000000)='./file0\x00', 0x102)
write$P9_RFSYNC(r2, &(0x7f0000000240)={0x4, 0x33, 0x2}, 0xfffffffffffffefb)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:04 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:04 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x60000000, 0x0, &(0x7f0000000300)})

21:14:04 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:04 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000003a9000000000000000000000000000000000000b0000000000c8863a4a2b0a1383983d3a83d3267c905dacf39e2772098cfb60e1aea398cceff53ee6a469cd4e758ccf9f2e4cb3965a03ce46b8f338dc6aee6170e7010101000041e647708a0e22cb0926a78dd9c74b5cb05b8bbdc6f078c9ce552128c668b9dba032396005a7c1f99921d3282469ef681ca97eef3f793dabdc4d607f112e07e2bfe7fc4d82bfe7e74826e4b7c7f20258df554ff25b85a7fa279b4b", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  516.255494] binder_transaction: 95 callbacks suppressed
[  516.255511] binder: 3540:3541 transaction failed 29189/-22, size 7-12288 line 2855
[  516.275896] binder_alloc: 3533: binder_alloc_buf, no vma
[  516.297536] binder_alloc: 3533: binder_alloc_buf, no vma
[  516.303252] binder: 3538:3539 transaction failed 29189/-3, size 108-12288 line 2970
[  516.312741] binder: 3533:3534 transaction failed 29189/-3, size 0-47244640256 line 2970
[  516.322886] binder: 3542:3543 transaction failed 29189/-3, size 0-12288 line 2970
[  516.331079] binder: 3536:3546 transaction failed 29189/-3, size 0-12288 line 2970
[  516.347213] binder: 3538:3539 transaction failed 29189/-3, size 108-12288 line 2970
[  516.351501] binder: BINDER_SET_CONTEXT_MGR already set
21:14:04 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:04 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x2000, 0x0, &(0x7f0000000300)})

[  516.382971] binder: 3533:3551 ioctl 40046207 0 returned -16
[  516.404150] binder: 3533:3534 transaction failed 29189/-3, size 0-47244640256 line 2970
21:14:04 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  516.448332] binder: 3555:3556 transaction failed 29189/-3, size 1073741824-12288 line 2970
21:14:04 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x10000, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000140)={0x3, 0x400, 0x8000, 0x8, 0x3000000000, 0x6, 0x4, 0xfff, <r3=>0x0}, &(0x7f0000000180)=0x20)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f00000001c0)={r3, 0x40}, &(0x7f0000000200)=0x8)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:04 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  516.534393] binder: 3559:3560 transaction failed 29189/-22, size 0-12288 line 2855
[  516.557635] binder: 3561:3562 transaction failed 29189/-22, size 96-12288 line 2855
21:14:04 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  516.669921] binder: BINDER_SET_CONTEXT_MGR already set
[  516.711736] binder: 3567:3570 ioctl 40046207 0 returned -16
21:14:05 executing program 2:

21:14:05 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x12, 0x0, &(0x7f0000000300)})

21:14:05 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:05 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})
r2 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x8, 0x10000)
r3 = syz_open_dev$sndpcmp(&(0x7f0000000140)='/dev/snd/pcmC#D#p\x00', 0x2, 0x1)
ioctl$TUNSETFILTEREBPF(r2, 0x800454e1, &(0x7f0000000180)=r3)

21:14:05 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:05 executing program 1:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x800)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000cd00e100000000000000000030000000000000f782e0", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000000300)})

[  517.214333] binder: BINDER_SET_CONTEXT_MGR already set
[  517.226629] binder_release_work: 63 callbacks suppressed
[  517.226637] binder: undelivered TRANSACTION_ERROR: 29189
[  517.233831] binder: 3597:3601 ioctl 40046207 0 returned -16
[  517.249752] binder: undelivered TRANSACTION_ERROR: 29189
21:14:05 executing program 2:

21:14:05 executing program 1:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000240))
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f0000000000)=ANY=[@ANYBLOB="83b8b2ff71f50a52d147c7b9fb000000ae59000000000000"]], 0x0, 0x0, &(0x7f0000000300)})
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x220080, 0x0)
getpeername$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev}, &(0x7f00000001c0)=0x10)

21:14:05 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:05 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  517.276710] binder: undelivered TRANSACTION_ERROR: 29189
21:14:05 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x2020011, 0xffffffffffffffff, 0x400000000000010)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00634040f8ff00000000000000000000000000000000000000000000000000000000ff0f00000000000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:05 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x300000000000000, 0x0, &(0x7f0000000300)})

[  517.342973] binder: undelivered TRANSACTION_ERROR: 29189
[  517.348708] binder: undelivered TRANSACTION_ERROR: 29189
21:14:05 executing program 1:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
open$dir(&(0x7f0000000000)='./file0\x00', 0x200080, 0x111)
socketpair(0x1f, 0x0, 0x3, &(0x7f0000000140)={<r1=>0xffffffffffffffff})
setsockopt$inet_mreqsrc(r1, 0x0, 0x0, &(0x7f0000000180)={@remote, @empty, @multicast2}, 0xc)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:05 executing program 2:

[  517.424130] binder: undelivered TRANSACTION_ERROR: 29189
[  517.443563] binder: undelivered TRANSACTION_ERROR: 29189
21:14:05 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  517.493674] binder: 3620:3626 got transaction to invalid handle
[  517.529304] binder: undelivered TRANSACTION_ERROR: 29189
21:14:05 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  517.542647] binder: undelivered TRANSACTION_ERROR: 29189
[  517.550375] binder: BINDER_SET_CONTEXT_MGR already set
[  517.578181] binder: 3620:3635 ioctl 40046207 0 returned -16
21:14:05 executing program 2:

21:14:05 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x4800000000000000, 0x0, &(0x7f0000000300)})

21:14:05 executing program 1:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0)
write$FUSE_INIT(r0, &(0x7f0000000140)={0x50, 0x0, 0x1, {0x7, 0x1b, 0x5, 0x220000, 0x7, 0x80, 0x200, 0x5}}, 0x50)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  517.603835] binder: undelivered TRANSACTION_ERROR: 29189
[  517.612358] binder: 3620:3626 got transaction to invalid handle
21:14:05 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:05 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:05 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})
r2 = accept4$inet6(0xffffffffffffff9c, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000140)=0x1c, 0x80000)
setsockopt$inet6_MCAST_LEAVE_GROUP(r2, 0x29, 0x2d, &(0x7f0000000180)={0x3f, {{0xa, 0x4e20, 0xcc, @mcast1, 0x3}}}, 0x84)

21:14:05 executing program 1:

21:14:05 executing program 2:

21:14:05 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x4000000, 0x0, &(0x7f0000000300)})

21:14:05 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:05 executing program 1:
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000140), 0xc, &(0x7f0000000180)={&(0x7f0000000240)=@getae={0x40, 0x1f, 0x0, 0x0, 0x0, {{@in6=@dev}, @in=@multicast2}}, 0x40}}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/net/tun\x00', 0x0, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, &(0x7f00000006c0), 0x4)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000001c0), &(0x7f0000000200)=0xc)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000300)={{{@in6=@ipv4={[], [], @local}, @in=@loopback}}, {{@in6=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000280)=0xe8)
fstat(0xffffffffffffffff, &(0x7f0000000400))
fstat(0xffffffffffffffff, &(0x7f0000000480))
stat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540))
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f00000005c0)=ANY=[], 0x0, 0x0)
finit_module(0xffffffffffffffff, &(0x7f0000000040)=']{\x00', 0x0)
seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]})
syz_execute_func(&(0x7f0000000240)="428055a0876969ef69dc00d990c841ff0f1837370f38211ac4c19086d9f28fc9410feefa4e2179fbe5e54175455d0f2e1a1a010d64ac1e5d31a3b786e2989f7f")

[  517.931491] binder: BINDER_SET_CONTEXT_MGR already set
[  517.969277] binder: 3662:3674 ioctl 40046207 0 returned -16
[  517.969706] binder_alloc_mmap_handler: 19 callbacks suppressed
21:14:06 executing program 2:
mq_open(&(0x7f0000000900)='trusted.overlay.upper\x00', 0x0, 0x0, &(0x7f0000000940))
fdatasync(0xffffffffffffffff)
setxattr$trusted_overlay_upper(&(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='trusted.overlay.upper\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)
open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000280), 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), 0x0, &(0x7f0000000680)=""/213, 0xd5}, 0x0)
seccomp(0x0, 0x0, &(0x7f0000000100))
socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000200))
ioctl$sock_SIOCBRADDBR(0xffffffffffffffff, 0x89a0, &(0x7f00000003c0)='bridge_slave_0\x00')
ustat(0x0, &(0x7f0000000140))
getpgid(0xffffffffffffffff)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000006c0)={&(0x7f0000000680)='./file0\x00'}, 0x10)
ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0x80087601, &(0x7f0000000700))
openat(0xffffffffffffffff, &(0x7f0000000600)='./file0\x00', 0x0, 0x0)
ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000640))
socket$key(0xf, 0x3, 0x2)
seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]})
pivot_root(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00')
pipe(&(0x7f0000000080))
timer_create(0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, @thr={&(0x7f00000003c0), &(0x7f00000000c0)}}, &(0x7f0000000340))
getresuid(&(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000000500))
connect$netlink(0xffffffffffffffff, &(0x7f0000000440)=@unspec, 0xc)
timer_delete(0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f00000000c0))
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f00000005c0))
ioctl$EVIOCGABS2F(0xffffffffffffffff, 0x8018456f, &(0x7f00000002c0)=""/98)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc)
sched_getparam(0x0, &(0x7f00000001c0))
syz_execute_func(&(0x7f0000000440)="42805da0d10fef69dc0f01ee660f3a608600088041cb913591913d062900770f78993d233d23410feefa6b21e5660f38302fbae5e5e57542ee3828c44379dfb9d6adbe90dfe2989f7f")

21:14:06 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  517.969723] binder_alloc: binder_alloc_mmap_handler: 3672 20001000-20004000 already mapped failed -16
[  517.975183] binder_alloc: binder_alloc_mmap_handler: 3663 20001000-20004000 already mapped failed -16
21:14:06 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})
syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x1000, 0x400000)

21:14:06 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:06 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0xa00, 0x0, &(0x7f0000000300)})

[  518.179773] binder: BINDER_SET_CONTEXT_MGR already set
[  518.201234] binder: 3690:3695 ioctl 40046207 0 returned -16
[  518.208693] binder_alloc: binder_alloc_mmap_handler: 3693 20001000-20004000 already mapped failed -16
21:14:06 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000140, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  518.238551] binder_alloc: binder_alloc_mmap_handler: 3696 20001000-20004000 already mapped failed -16
21:14:06 executing program 4:
perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x800, 0x0, 0x0, 0x7ece, 0x0, 0x7f, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x4000, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000140)=0x2ede260, &(0x7f0000000180)=0x4)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:06 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:06 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x60, 0x0, &(0x7f0000000300)})

21:14:06 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  518.394910] binder: BINDER_SET_CONTEXT_MGR already set
[  518.422759] binder: 3708:3709 ioctl 40046207 0 returned -16
[  518.446775] binder_alloc: binder_alloc_mmap_handler: 3712 20001000-20004000 already mapped failed -16
21:14:06 executing program 4:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})
ioctl$int_in(r2, 0x5421, &(0x7f0000000140)=0x101)
ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x1)

[  518.492209] binder_alloc: binder_alloc_mmap_handler: 3714 20001000-20004000 already mapped failed -16
[  518.621729] binder: BINDER_SET_CONTEXT_MGR already set
[  518.634191] binder: 3724:3727 ioctl 40046207 0 returned -16
21:14:06 executing program 1:
add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080), 0x0, 0x0, 0xfffffffffffffffe)
seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]})
syz_execute_func(&(0x7f0000000140)="428055a0610fef69dce9d92a5c41ff0f1837370f38211ac4c482fd2520410feefa4e2179fbe5f54175455de0932ebc2ebc0d64ac1e5d9f7f")
socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f00000000c0))
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000280)={0x0, &(0x7f0000000240)}, 0x10)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000001c0))
sched_setscheduler(0x0, 0x0, &(0x7f0000000200))
ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000180)={'ip6gre0\x00', {0x2, 0x0, @dev}})

21:14:07 executing program 2:
seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]})
pipe2(&(0x7f0000000140), 0x0)
fchmodat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0x28, &(0x7f0000000440)}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040), 0xc)
ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4008556c, &(0x7f0000000300)='syz1\x00')
syz_execute_func(&(0x7f0000000d00)="428055a0876969ef69dc00d9f0008f00008020c421fa7fb432322333331837370f38211ac4c461cde2d3410feefa4e2179fbe5e54175450f2e1ac4010d64ac1e5d31a3b706f0802403089f4b")

21:14:07 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:07 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:07 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x2, 0x0, &(0x7f0000000300)})

21:14:07 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rtc0\x00', 0x200000, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000200)={<r3=>0x0, 0x80000, <r4=>0xffffffffffffff9c})
syz_open_dev$usb(&(0x7f0000000240)='/dev/bus/usb/00#/00#\x00', 0x2, 0x10400)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000280)={r3, 0x80000, r4})
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r5, 0xc0605345, &(0x7f0000000140)={0x7ff, 0x2, {0x1, 0x1, 0xfffffffffffff000, 0x3, 0x4}})
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})
ioctl$SG_GET_RESERVED_SIZE(r2, 0x2272, &(0x7f0000000300))
syz_open_dev$adsp(&(0x7f00000002c0)='/dev/adsp#\x00', 0x0, 0x800)

[  519.098344] binder_alloc: binder_alloc_mmap_handler: 3741 20001000-20004000 already mapped failed -16
21:14:07 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  519.143780] binder_alloc: binder_alloc_mmap_handler: 3744 20001000-20004000 already mapped failed -16
[  519.182051] binder: BINDER_SET_CONTEXT_MGR already set
21:14:07 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  519.202908] binder: 3740:3755 ioctl 40046207 0 returned -16
21:14:07 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0xa00, 0x0)
ioctl$KDSIGACCEPT(r2, 0x4b4e, 0x6)
setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000140)={{0x84, @local, 0x4e24, 0x4, 'rr\x00', 0x10, 0x6, 0x29}, {@empty, 0x4e24, 0x0, 0x3f, 0x100000001, 0xfffffffffffffffe}}, 0x44)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000a04e67ca322b160000000000000002000000000000000000000000000000000000000000e0daf1a736a25a671868faa7056586d12642cd6493bca7febdc786883719a68b266f6d087424a46673f244743f141c1cccc6cfbbaa83dfd49060505aa69804422cc31bdf7998315294c53c493e2bf59bcc6dbe9d81b6bc32237604277029b201af07db21b27687071a99c25a9a5e38d2523a8c7177f03a3df8faefef54e29eda13eccea6a5188531afdf79f5bc832cad5406afded1fb66d03c2e572146bf22cca33aecb9dd775ac857e2cb23c85c492061a523fc85d52624e345ff30198727d161d6e851e8b77a12a2173e2220c4d2a6bd1d0bc38e17d86140605cc70ce646ea", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:07 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0xa00000000000000, 0x0, &(0x7f0000000300)})

21:14:07 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  519.321678] binder_alloc: binder_alloc_mmap_handler: 3761 20001000-20004000 already mapped failed -16
21:14:07 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  519.397671] binder: BINDER_SET_CONTEXT_MGR already set
[  519.427232] binder: 3766:3772 ioctl 40046207 0 returned -16
[  519.453233] binder_alloc: binder_alloc_mmap_handler: 3773 20001000-20004000 already mapped failed -16
21:14:07 executing program 1:
add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080), 0x0, 0x0, 0xfffffffffffffffe)
seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]})
syz_execute_func(&(0x7f0000000140)="428055a0610fef69dce9d92a5c41ff0f1837370f38211ac4c482fd2520410feefa4e2179fbe5f54175455de0932ebc2ebc0d64ac1e5d9f7f")
socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f00000000c0))
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000280)={0x0, &(0x7f0000000240)}, 0x10)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000001c0))

21:14:08 executing program 2:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0xa00000000000000, 0x0, &(0x7f0000000300)})

21:14:08 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:08 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x3000000, 0x0, &(0x7f0000000300)})

21:14:08 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:08 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x2, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f0000000140)={0x30, 0x5, 0x0, {0x0, 0x0, 0x100000001, 0x524b}}, 0x30)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)="e79b2e2f6367726f050000d31a56958ad9132800", 0x1ff)

[  520.110309] binder: BINDER_SET_CONTEXT_MGR already set
21:14:08 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:08 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  520.133615] binder: 3798:3805 ioctl 40046207 0 returned -16
21:14:08 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
membarrier(0x1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00ea2a0159365cdf54f56340400000000000000000000000000000000000000100477e0000000000000000000000000000000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:08 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x7400, 0x0, &(0x7f0000000300)})

21:14:08 executing program 2:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x300000000000000, 0x0, &(0x7f0000000300)})

21:14:08 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  520.336498] binder: 3821:3822 unknown command 19589632
[  520.342109] binder: 3821:3822 ioctl c0306201 20000040 returned -22
[  520.384117] binder_alloc_new_buf_locked: 38 callbacks suppressed
[  520.384302] binder_alloc: 3821: binder_alloc_buf, no vma
[  520.426791] binder_alloc: 3821: binder_alloc_buf, no vma
[  520.457758] binder: BINDER_SET_CONTEXT_MGR already set
[  520.463138] binder: 3821:3822 ioctl 40046207 0 returned -16
[  520.464163] binder_alloc: 3821: binder_alloc_buf, no vma
[  520.485872] binder: 3821:3828 unknown command 19589632
[  520.491194] binder: 3821:3828 ioctl c0306201 20000040 returned -22
21:14:08 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x1000000, &(0x7f0000000300)})

21:14:08 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:08 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x4c, 0x0, &(0x7f0000000300)})

21:14:08 executing program 4:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x1000000, 0x10, r0, 0x60)

21:14:08 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:08 executing program 2:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x60000000, 0x0, &(0x7f0000000300)})

21:14:08 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  520.693823] binder_alloc: 3852: binder_alloc_buf, no vma
[  520.706500] binder_alloc: 3852: binder_alloc_buf, no vma
[  520.726436] binder: BINDER_SET_CONTEXT_MGR already set
[  520.731846] binder: 3852:3858 ioctl 40046207 0 returned -16
[  520.738567] binder_alloc: 3852: binder_alloc_buf, no vma
21:14:08 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x22400, 0x0)
ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000200)=0x9)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$amidi(&(0x7f0000000140)='/dev/amidi#\x00', 0x5, 0x900)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000180)={@reserved})
r3 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
prctl$getname(0x10, &(0x7f0000000000)=""/27)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  520.743684] binder: BINDER_SET_CONTEXT_MGR already set
21:14:08 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x3, 0x0, &(0x7f0000000300)})

21:14:08 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x1200, &(0x7f0000000300)})

[  520.782266] binder: 3850:3851 ioctl 40046207 0 returned -16
[  520.809846] binder: 3850:3864 ioctl c0306201 20000040 returned -14
21:14:08 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:08 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:08 executing program 1:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x48, 0x0, &(0x7f0000000300)})

[  520.975029] binder_alloc: 3875: binder_alloc_buf, no vma
[  520.993687] binder: BINDER_SET_CONTEXT_MGR already set
[  521.007154] binder_alloc: 3875: binder_alloc_buf, no vma
21:14:09 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0xfdfdffff00000000, 0x0, &(0x7f0000000300)})

[  521.023269] binder: 3866:3867 ioctl 40046207 0 returned -16
21:14:09 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x1200, &(0x7f0000000300)})

21:14:09 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:09 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:09 executing program 1:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x7a00, 0x0, &(0x7f0000000300)})

[  521.076536] binder_alloc: 3866: binder_alloc_buf, no vma
21:14:09 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x802)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:09 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:09 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:09 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x1200000000000000, 0x0, &(0x7f0000000300)})

[  521.259837] binder_transaction: 106 callbacks suppressed
[  521.259869] binder: 3908:3909 transaction failed 29189/-22, size 0-0 line 2855
[  521.284607] binder: BINDER_SET_CONTEXT_MGR already set
[  521.291844] binder: 3906:3907 ioctl 40046207 0 returned -16
[  521.299748] binder_alloc: 3908: binder_alloc_buf, no vma
[  521.325535] binder: 3898:3911 transaction failed 29189/-3, size 0-12288 line 2970
[  521.325796] binder: 3913:3914 transaction failed 29189/-3, size 10-12288 line 2970
[  521.328019] binder: BINDER_SET_CONTEXT_MGR already set
[  521.345389] binder: 3908:3915 ioctl 40046207 0 returned -16
[  521.356351] binder: 3906:3907 transaction failed 29189/-3, size 0-0 line 2970
[  521.370611] binder: 3908:3909 transaction failed 29189/-22, size 0-0 line 2855
21:14:09 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  521.401532] binder: 3918:3920 transaction failed 29189/-22, size 2-12288 line 2855
[  521.432411] binder: 3917:3919 transaction failed 29189/-22, size 0-12288 line 2855
21:14:09 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  521.444449] binder: 3918:3920 transaction failed 29189/-22, size 2-12288 line 2855
21:14:09 executing program 4:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xa, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0xff, 0x2)
setsockopt$inet6_udp_int(r2, 0x11, 0x1, &(0x7f0000000040)=0xae95, 0x4)
ioctl$FIONREAD(r2, 0x541b, &(0x7f0000000200))
r3 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x2010, r0, 0x1000000)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000000c0)={0xc, 0x0, &(0x7f0000000080)=[@dead_binder_done={0x40086310, 0x2}], 0x26, 0x0, &(0x7f0000000140)="91f0e9c7f32341fd2b1b1ca093a20d9386abe819bbe8ff0b5934138d02f93a9f7ee7ef8d5fd9"})

[  521.473594] binder: 3925:3926 transaction failed 29189/-3, size 301989888-0 line 2970
21:14:09 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x7a00000000000000, 0x0, &(0x7f0000000300)})

[  521.534362] binder: 3930:3933 BC_DEAD_BINDER_DONE 0000000000000002 not found
[  521.546252] binder: 3931:3932 transaction failed 29189/-3, size 12288-12288 line 2970
21:14:09 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:09 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  521.577755] binder: 3930:3935 BC_DEAD_BINDER_DONE 0000000000000002 not found
[  521.596052] binder: BINDER_SET_CONTEXT_MGR already set
21:14:09 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:09 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  521.640558] binder: 3930:3933 ioctl 40046207 0 returned -16
21:14:09 executing program 2:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4c00000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:09 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000002100000000000000000000000000000000000000000000000000000000664e4698ee4ab7e8caf5c6c6d91a16639d155476379a57e320d8318fe902767c837dd0ce052059eb0c01b457825a8e9c690bc26f0172f677618e251d130b62d399b0cd906529c1ab8090f20bba2c0138d776dbdae462ce", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:09 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x6c000000, 0x0, &(0x7f0000000300)})

21:14:09 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:09 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:09 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  521.874402] binder: BINDER_SET_CONTEXT_MGR already set
21:14:10 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x1200, 0x0, &(0x7f0000000300)})

21:14:10 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:10 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  521.922741] binder: 3959:3960 ioctl 40046207 0 returned -16
[  521.947582] binder: BINDER_SET_CONTEXT_MGR already set
[  521.960420] binder: BINDER_SET_CONTEXT_MGR already set
[  521.966159] binder: 3969:3976 ioctl 40046207 0 returned -16
[  522.000415] binder: 3959:3977 ioctl 40046207 0 returned -16
21:14:10 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x12000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:10 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  522.055643] binder: BINDER_SET_CONTEXT_MGR already set
[  522.070549] binder: 3959:3960 ioctl 40046207 0 returned -16
21:14:10 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:10 executing program 4:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
getsockopt$inet_mreqn(r0, 0x0, 0x0, &(0x7f0000000140)={@local, @broadcast}, &(0x7f0000000180)=0xc)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00634040000000000000000000000000000000fdff00000000000000000000000000000000000000000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40106614, &(0x7f0000000100)={0x0, @aes256})

21:14:10 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x74, 0x0, &(0x7f0000000300)})

21:14:10 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = dup(r0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000000)={<r2=>0xffffffffffffffff}, 0x106, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_DISCONNECT(r1, &(0x7f0000000080)={0xa, 0x4, 0xfa00, {r2}}, 0xc)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:10 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x12000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:10 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  522.345772] binder_release_work: 64 callbacks suppressed
[  522.345778] binder: undelivered TRANSACTION_ERROR: 29189
[  522.364616] binder: BINDER_SET_CONTEXT_MGR already set
[  522.377353] binder: 4002:4007 ioctl 40046207 0 returned -16
[  522.378394] binder: BINDER_SET_CONTEXT_MGR already set
21:14:10 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:10 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:10 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x7a, 0x0, &(0x7f0000000300)})

21:14:10 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x600000, 0x0)
ioctl$SIOCGIFMTU(r2, 0x8921, &(0x7f0000000140))
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  522.397850] binder: undelivered TRANSACTION_ERROR: 29189
[  522.408145] binder: 4014:4015 ioctl 40046207 0 returned -16
21:14:10 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  522.476079] binder: undelivered TRANSACTION_ERROR: 29189
21:14:10 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0xfdfdffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:10 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  522.595003] binder: undelivered TRANSACTION_ERROR: 29189
[  522.604923] binder: undelivered TRANSACTION_ERROR: 29189
[  522.630430] binder: BINDER_SET_CONTEXT_MGR already set
21:14:10 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x1200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:10 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40010020, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:10 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  522.655931] binder: 4035:4042 ioctl 40046207 0 returned -16
[  522.738975] binder: 4045:4046 got transaction to invalid handle
[  522.747161] binder: undelivered TRANSACTION_ERROR: 29189
[  522.758833] binder: undelivered TRANSACTION_ERROR: 29189
[  522.764349] binder: undelivered TRANSACTION_ERROR: 29189
[  522.768865] binder: BINDER_SET_CONTEXT_MGR already set
21:14:10 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0063404000006ebd0000000000000000000000000000000000000000000000a81f7353bc65000000000000000000000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})
setxattr$trusted_overlay_redirect(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='trusted.overlay.redirect\x00', &(0x7f0000000180)='./file0\x00', 0x8, 0x2)

21:14:10 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  522.785103] binder: 4053:4054 ioctl 40046207 0 returned -16
21:14:10 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:10 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x100000000000000, 0x0, &(0x7f0000000300)})

21:14:10 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  522.850136] binder: 4062:4063 got transaction to invalid handle
21:14:10 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x630c, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  522.951359] binder: undelivered TRANSACTION_ERROR: 29189
[  522.954055] binder: BINDER_SET_CONTEXT_MGR already set
[  522.998608] binder_alloc_mmap_handler: 25 callbacks suppressed
[  522.998623] binder_alloc: binder_alloc_mmap_handler: 4072 20001000-20004000 already mapped failed -16
[  523.002639] binder: 4062:4075 ioctl 40046207 0 returned -16
[  523.012048] binder: 4062:4063 got transaction to invalid handle
[  523.014188] binder: undelivered TRANSACTION_ERROR: 29189
[  523.031718] binder: BINDER_SET_CONTEXT_MGR already set
[  523.038689] binder: 4071:4078 ioctl 40046207 0 returned -16
21:14:11 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:11 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  523.038697] binder: 4071:4083 got reply transaction with no transaction stack
[  523.060713] binder: BINDER_SET_CONTEXT_MGR already set
[  523.067207] binder_alloc: binder_alloc_mmap_handler: 4074 20001000-20004000 already mapped failed -16
[  523.076006] binder: 4080:4082 ioctl 40046207 0 returned -16
[  523.126257] binder: 4080:4090 unknown command 0
21:14:11 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x200000000000000, 0x0, &(0x7f0000000300)})

21:14:11 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
r2 = gettid()
ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r1, 0xc1105518, &(0x7f00000001c0)={{0x3, 0x3, 0x9, 0x9, '\x00', 0x10001}, 0x4, 0x700, 0x1, r2, 0x2, 0x8001, 'syz1\x00', &(0x7f0000000000)=['.\\\x00', '#eth0{\x00'], 0xa, [], [0x6, 0xee, 0x0, 0x8]})
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00630b4000000000000000000000000000000000000000000000000000000000000000000800000000e39ec97100000000000000455e39b16818b336a4b3f463611d9cf39a35c2a2fa03dc6dad007cfd031ca481a769e2b69388f4ede7335843", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:11 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  523.146608] binder: 4080:4090 ioctl c0306201 20000040 returned -22
[  523.181798] binder_alloc: binder_alloc_mmap_handler: 4092 20001000-20004000 already mapped failed -16
21:14:11 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40086303, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  523.228870] binder: 4098:4099 ioctl c1105518 200001c0 returned -22
21:14:11 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x630c, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:11 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  523.272743] binder: 4098:4101 unknown command 1074488064
[  523.287134] binder: 4098:4101 ioctl c0306201 20000040 returned -22
[  523.288020] binder_alloc: binder_alloc_mmap_handler: 4096 20001000-20004000 already mapped failed -16
[  523.348498] binder: 4098:4099 ioctl c1105518 200001c0 returned -22
[  523.365209] binder: BINDER_SET_CONTEXT_MGR already set
[  523.371545] binder: 4109:4110 ioctl 40046207 0 returned -16
[  523.381293] binder: BINDER_SET_CONTEXT_MGR already set
[  523.392364] binder: 4098:4116 unknown command 1074488064
21:14:11 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  523.405873] binder: 4112:4113 ioctl 40046207 0 returned -16
[  523.405949] binder: BINDER_SET_CONTEXT_MGR already set
[  523.405993] binder: 4098:4101 ioctl 40046207 0 returned -16
[  523.417570] binder: 4109:4110 BC_FREE_BUFFER u0000000000000000 no match
[  523.442860] binder: 4112:4113 unknown command 0
21:14:11 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0xffffff7f, 0x0, &(0x7f0000000300)})

[  523.449292] binder_alloc: binder_alloc_mmap_handler: 4114 20001000-20004000 already mapped failed -16
[  523.472542] binder: 4109:4110 unknown command 0
[  523.477113] binder: 4098:4116 ioctl c0306201 20000040 returned -22
[  523.478453] binder: 4112:4113 ioctl c0306201 20000040 returned -22
[  523.495987] binder: 4109:4110 ioctl c0306201 20000040 returned -22
21:14:11 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:11 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:11 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x100, 0xc000)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000140), &(0x7f0000000180)=0x14)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000200)='nbd\x00')
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8200c00}, 0xc, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="10042abd7000fedbdf25020000000c00040009000000000000000c0002003f000000000000002ba05941b1e3ef377d466ad59dba5643735fc2653b59f86d7983fcd2adaf839ca333190a5a4a58adf7ce65af8dff517d232867c433591bc9fee55e21670553ad4a8a8ae425bf74ba89ab5223b712f9e3a537d3dd3db4b40584484d7840b4b74a6666369284fc84dff313eba7034155b338e8ace51767d43e27745689865162bae9ea324f213f5bceb84afbdd095b3cb75f094dae122b70b3a391d0ea2d96b89ccfa9b7c7b318d37f8dc8cdb2a98b579807f1d7bfd08695478ab5c970a88b385d67a644ca33d06af92ae5a4b8c6602d33e8be8748f13840ad76f6077657d1134d6cd6fd1bc683b67931d7c412c294f81b000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x8000)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})
fanotify_init(0x53, 0x9002)

[  523.554549] binder_alloc: binder_alloc_mmap_handler: 4123 20001000-20004000 already mapped failed -16
21:14:11 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x80040800000000)

21:14:11 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  523.621400] binder_alloc: binder_alloc_mmap_handler: 4132 20001000-20004000 already mapped failed -16
21:14:11 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x68000000, 0x0, &(0x7f0000000300)})

21:14:11 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x630c, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:11 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  523.780932] binder_alloc: binder_alloc_mmap_handler: 4141 20ffd000-20fff000 already mapped failed -16
[  523.809100] binder: BINDER_SET_CONTEXT_MGR already set
[  523.820235] binder: 4147:4154 ioctl 40046207 0 returned -16
21:14:11 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:11 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="006340400019a87bc4ca23d3e3190000000300000000000000000006000000000000000000000000000000000000000700000000000000000000309e00", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  523.820531] binder: BINDER_SET_CONTEXT_MGR already set
[  523.836251] binder: 4138:4150 ioctl 40046207 0 returned -16
[  523.850165] binder_alloc: binder_alloc_mmap_handler: 4152 20001000-20004000 already mapped failed -16
[  523.860393] binder_alloc: binder_alloc_mmap_handler: 4148 20001000-20004000 already mapped failed -16
[  523.867766] binder: 4147:4154 unknown command 0
21:14:11 executing program 1:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0xffffff7f, 0x0, &(0x7f0000000300)})

[  523.892726] binder: 4147:4154 ioctl c0306201 20000040 returned -22
21:14:12 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:12 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x48000000, &(0x7f0000000300)})

21:14:12 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0xfdfdffff, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  523.966433] binder: 4160:4162 got transaction to invalid handle
[  523.989660] binder: BINDER_SET_CONTEXT_MGR already set
[  524.006870] binder: 4160:4168 ioctl 40046207 0 returned -16
[  524.023171] binder: 4160:4162 got transaction to invalid handle
21:14:12 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:12 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})
r2 = request_key(&(0x7f0000000000)='rxrpc\x00', &(0x7f0000000140)={0x73, 0x79, 0x7a, 0x2}, &(0x7f0000000180)='/dev/binder#\x00', 0xfffffffffffffff9)
keyctl$read(0xb, r2, &(0x7f00000001c0)=""/123, 0x7b)

21:14:12 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:12 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:12 executing program 2:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:12 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0xa000000, &(0x7f0000000300)})

21:14:12 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2500, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  524.293889] binder: BINDER_SET_CONTEXT_MGR already set
21:14:12 executing program 2:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:12 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3007, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  524.329620] binder: 4189:4200 ioctl 40046207 0 returned -16
21:14:12 executing program 1 (fault-call:2 fault-nth:0):
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:12 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:12 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0xea7, 0x2867, 0xc9f, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair(0x10, 0x0, 0x3daa, &(0x7f0000000280)={<r0=>0xffffffffffffffff})
ioctl$BLKSECTGET(r0, 0x1267, &(0x7f00000002c0))
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000340)='/dev/zero\x00', 0x2502, 0x0)
r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000180)='fou\x00')
sendmsg$FOU_CMD_GET(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x3c, r3, 0x3, 0x70bd25, 0x25dfdbff, {}, [@FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e22}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e23}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_TYPE={0x8, 0x4, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x14)
r4 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:12 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x2000, &(0x7f0000000300)})

21:14:12 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3002, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:12 executing program 2 (fault-call:2 fault-nth:0):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  524.503070] FAULT_INJECTION: forcing a failure.
[  524.503070] name failslab, interval 1, probability 0, space 0, times 0
[  524.555654] CPU: 0 PID: 4223 Comm: syz-executor1 Not tainted 4.19.0-rc3+ #134
[  524.562953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  524.572307] Call Trace:
[  524.574937]  dump_stack+0x1c4/0x2b4
[  524.578597]  ? dump_stack_print_info.cold.2+0x52/0x52
[  524.583835]  should_fail.cold.4+0xa/0x17
[  524.587931]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  524.593096]  ? graph_lock+0x170/0x170
[  524.596919]  ? mark_held_locks+0x130/0x130
[  524.601167]  ? graph_lock+0x170/0x170
[  524.604994]  ? find_held_lock+0x36/0x1c0
[  524.609082]  ? __lock_is_held+0xb5/0x140
[  524.613174]  ? ___might_sleep+0x1ed/0x300
[  524.617336]  ? arch_local_save_flags+0x40/0x40
[  524.621931]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  524.627479]  ? check_preemption_disabled+0x48/0x200
[  524.632537]  ? dput.part.26+0x241/0x790
[  524.636557]  ? graph_lock+0x170/0x170
[  524.640397]  ? check_preemption_disabled+0x48/0x200
[  524.645450]  __should_failslab+0x124/0x180
[  524.649712]  should_failslab+0x9/0x14
[  524.653521]  kmem_cache_alloc+0x2be/0x730
[  524.653538]  ? __lock_acquire+0x7ec/0x4ec0
[  524.661917]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  524.661933]  ? may_expand_vm+0x1e3/0x810
[  524.661955]  vm_area_dup+0x7a/0x230
[  524.661976]  ? vm_area_alloc+0x1d0/0x1d0
[  524.679233]  ? memset+0x31/0x40
[  524.682538]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  524.688132]  __split_vma+0xae/0x570
[  524.691787]  ? find_vma+0x34/0x190
[  524.695352]  do_munmap+0xd14/0xf90
[  524.698901]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  524.698916]  ? check_preemption_disabled+0x48/0x200
[  524.698937]  mmap_region+0x6a4/0x1cd0
[  524.709485]  ? __x64_sys_brk+0x7d0/0x7d0
[  524.709500]  ? graph_lock+0x170/0x170
[  524.709517]  ? graph_lock+0x170/0x170
[  524.709536]  ? get_pid_task+0xd6/0x1a0
[  524.709558]  ? mpx_unmapped_area_check+0xd8/0x108
[  524.733706]  ? arch_get_unmapped_area_topdown+0xc2/0x940
[  524.739167]  ? find_held_lock+0x36/0x1c0
[  524.743260]  ? arch_get_unmapped_area+0x750/0x750
[  524.748112]  ? lock_acquire+0x1ed/0x520
21:14:12 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:12 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x88440, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r2, 0x4010ae74, 0xffffffffffffffff)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  524.752121]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  524.757206]  ? cap_mmap_addr+0x52/0x130
[  524.761187]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  524.766741]  ? security_mmap_addr+0x80/0xa0
[  524.771092]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  524.776648]  ? get_unmapped_area+0x292/0x3b0
[  524.781105]  do_mmap+0xa10/0x1220
[  524.784612]  ? mmap_region+0x1cd0/0x1cd0
[  524.788706]  ? vm_mmap_pgoff+0x1b5/0x2c0
[  524.792774]  ? down_read_killable+0x1f0/0x1f0
[  524.797286]  ? security_mmap_file+0x174/0x1b0
[  524.801826]  vm_mmap_pgoff+0x213/0x2c0
[  524.805739]  ? vma_is_stack_for_current+0xd0/0xd0
[  524.810309] binder: BINDER_SET_CONTEXT_MGR already set
[  524.810713]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  524.810730]  ? check_preemption_disabled+0x48/0x200
[  524.810760]  ksys_mmap_pgoff+0x4da/0x660
[  524.822751] binder: 4239:4242 ioctl 40046207 0 returned -16
[  524.826599]  ? do_fast_syscall_32+0x150/0xfb2
[  524.826620]  ? find_mergeable_anon_vma+0xd0/0xd0
[  524.826636]  ? trace_hardirqs_on+0xbd/0x310
[  524.826652]  ? __ia32_sys_read+0xb0/0xb0
21:14:12 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  524.826670]  ? entry_SYSENTER_compat+0x70/0x7f
[  524.826686]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  524.826705]  __ia32_sys_mmap_pgoff+0xdd/0x1a0
[  524.826725]  do_fast_syscall_32+0x34d/0xfb2
[  524.864130]  ? do_int80_syscall_32+0x890/0x890
[  524.864149]  ? entry_SYSENTER_compat+0x68/0x7f
[  524.864165]  ? trace_hardirqs_off_caller+0xbb/0x310
[  524.864198]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  524.864212]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  524.864233]  ? trace_hardirqs_on_caller+0x310/0x310
[  524.873035]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  524.873054]  ? prepare_exit_to_usermode+0x291/0x3b0
[  524.873078]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  524.873102]  entry_SYSENTER_compat+0x70/0x7f
[  524.873117] RIP: 0023:0xf7f12ca9
[  524.873135] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  524.906956] FAULT_INJECTION: forcing a failure.
[  524.906956] name fail_page_alloc, interval 1, probability 0, space 0, times 0
21:14:12 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x400000000000000, &(0x7f0000000300)})

[  524.911944] RSP: 002b:00000000f5f0e0cc EFLAGS: 00000296 ORIG_RAX: 00000000000000c0
[  524.911962] RAX: ffffffffffffffda RBX: 0000000020ffd000 RCX: 0000000000002000
[  524.911972] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000003
[  524.911987] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  524.921339] binder: 4246:4247 got transaction to context manager from process owning it
[  524.924570] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  524.924580] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  524.962642] CPU: 0 PID: 4248 Comm: syz-executor2 Not tainted 4.19.0-rc3+ #134
[  524.970857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  524.985383] Call Trace:
[  524.985402]  dump_stack+0x1c4/0x2b4
[  524.985419]  ? dump_stack_print_info.cold.2+0x52/0x52
[  524.985446]  should_fail.cold.4+0xa/0x17
[  525.040129]  ? get_page_from_freelist+0x29a4/0x5340
[  525.045161]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  525.050338]  ? print_usage_bug+0xc0/0xc0
[  525.054400]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  525.059935]  ? __alloc_pages_nodemask+0x638/0xde0
[  525.064780]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  525.070261]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  525.075857]  ? kasan_unpoison_shadow+0x35/0x50
[  525.080446]  ? preempt_count_add+0x7d/0x160
[  525.084772]  ? get_page_from_freelist+0x17ae/0x5340
[  525.089800]  ? __lock_acquire+0x7ec/0x4ec0
[  525.094047]  ? __lock_acquire+0x7ec/0x4ec0
[  525.098319]  ? mark_held_locks+0x130/0x130
[  525.102558]  ? __isolate_free_page+0x610/0x610
[  525.107144]  ? debug_smp_processor_id+0x1c/0x20
[  525.111823]  ? perf_trace_lock_acquire+0x15b/0x800
[  525.116777]  __alloc_pages_nodemask+0x34b/0xde0
[  525.121468]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  525.127011]  ? check_preemption_disabled+0x48/0x200
[  525.132035]  ? __alloc_pages_slowpath+0x2d80/0x2d80
[  525.137052]  ? debug_smp_processor_id+0x1c/0x20
[  525.141739]  ? perf_trace_lock_acquire+0x15b/0x800
[  525.146669]  ? debug_smp_processor_id+0x1c/0x20
[  525.151336]  ? perf_trace_lock_acquire+0x15b/0x800
[  525.156273]  ? perf_trace_lock+0x7a0/0x7a0
[  525.160516]  ? graph_lock+0x170/0x170
[  525.164323]  ? graph_lock+0x170/0x170
[  525.168125]  ? print_usage_bug+0xc0/0xc0
[  525.172186]  ? print_usage_bug+0xc0/0xc0
[  525.176255]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  525.181795]  alloc_pages_current+0x10c/0x210
[  525.186236]  skb_page_frag_refill+0x45f/0x6a0
[  525.190738]  ? sock_kfree_s+0x60/0x60
[  525.194556]  ? check_preemption_disabled+0x48/0x200
[  525.199586]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[  525.205403]  ? kasan_check_read+0x11/0x20
[  525.209570]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  525.214852]  ? rcu_bh_qs+0xc0/0xc0
[  525.218414]  tun_build_skb.isra.54+0x358/0x2230
[  525.223111]  ? tun_device_event+0x1070/0x1070
[  525.227613]  ? __lock_acquire+0x7ec/0x4ec0
[  525.231858]  ? __lock_acquire+0x7ec/0x4ec0
[  525.236133]  ? __lock_acquire+0x7ec/0x4ec0
[  525.240412]  ? mark_held_locks+0x130/0x130
[  525.244687]  ? mark_held_locks+0x130/0x130
[  525.248927]  ? print_usage_bug+0xc0/0xc0
[  525.252993]  ? debug_smp_processor_id+0x1c/0x20
[  525.257667]  ? print_usage_bug+0xc0/0xc0
[  525.261724]  ? check_preemption_disabled+0x48/0x200
[  525.266744]  ? print_usage_bug+0xc0/0xc0
[  525.270804]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  525.276372]  ? check_preemption_disabled+0x48/0x200
[  525.281388]  ? print_usage_bug+0xc0/0xc0
[  525.285473]  ? __lock_acquire+0x7ec/0x4ec0
[  525.289719]  ? perf_trace_lock+0x7a0/0x7a0
[  525.293960]  ? mark_held_locks+0x130/0x130
[  525.298210]  tun_get_user+0xc5c/0x42a0
[  525.302108]  ? check_preemption_disabled+0x48/0x200
[  525.307149]  ? tun_build_skb.isra.54+0x2230/0x2230
[  525.312090]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  525.317400]  ? rcu_bh_qs+0xc0/0xc0
[  525.320953]  ? aa_file_perm+0x490/0x1060
[  525.325026]  ? find_held_lock+0x36/0x1c0
[  525.329096]  ? tun_get+0x206/0x370
[  525.332634]  ? lock_downgrade+0x900/0x900
[  525.336775]  ? check_preemption_disabled+0x48/0x200
[  525.341793]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[  525.347627]  ? kasan_check_read+0x11/0x20
[  525.351773]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  525.357053]  ? rcu_bh_qs+0xc0/0xc0
[  525.360608]  ? tun_get+0x22d/0x370
[  525.364151]  ? tun_chr_close+0x180/0x180
[  525.368210]  ? debug_lockdep_rcu_enabled+0x77/0x90
[  525.373156]  ? common_file_perm+0x236/0x7f0
[  525.377483]  tun_chr_write_iter+0xb9/0x154
[  525.381739]  do_iter_readv_writev+0x8b0/0xa80
[  525.386240]  ? vfs_dedupe_file_range+0x670/0x670
[  525.391013]  ? apparmor_file_permission+0x24/0x30
[  525.395878]  ? rw_verify_area+0x118/0x360
[  525.400031]  do_iter_write+0x185/0x5f0
[  525.403917]  ? iov_iter_get_pages+0x1210/0x1210
[  525.408583]  ? proc_cwd_link+0x1d0/0x1d0
[  525.412644]  ? graph_lock+0x170/0x170
[  525.416449]  compat_writev+0x233/0x410
[  525.420353]  ? do_pwritev+0x280/0x280
[  525.424172]  ? fget_raw+0x20/0x20
[  525.427650]  ? wait_for_completion+0x8a0/0x8a0
[  525.432252]  ? __lock_is_held+0xb5/0x140
[  525.436357]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  525.441895]  ? __fdget_pos+0xde/0x200
[  525.445711]  ? __fdget_raw+0x20/0x20
[  525.449418]  ? __sb_end_write+0xd9/0x110
[  525.453503]  do_compat_writev+0x119/0x250
[  525.457671]  ? compat_writev+0x410/0x410
[  525.461766]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  525.467214]  ? mm_fault_error+0x380/0x380
[  525.471369]  __ia32_compat_sys_writev+0x74/0xb0
[  525.476043]  do_fast_syscall_32+0x34d/0xfb2
[  525.480571]  ? do_int80_syscall_32+0x890/0x890
[  525.485177]  ? entry_SYSENTER_compat+0x68/0x7f
[  525.489781]  ? trace_hardirqs_off_caller+0xbb/0x310
[  525.494803]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  525.499653]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  525.504493]  ? trace_hardirqs_on_caller+0x310/0x310
[  525.509511]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  525.514526]  ? prepare_exit_to_usermode+0x291/0x3b0
[  525.519553]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  525.524408]  entry_SYSENTER_compat+0x70/0x7f
[  525.528839] RIP: 0023:0xf7f5cca9
[  525.532210] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  525.551110] RSP: 002b:00000000f5f37054 EFLAGS: 00000292 ORIG_RAX: 0000000000000092
21:14:13 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300a, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  525.558841] RAX: ffffffffffffffda RBX: 00000000000000f0 RCX: 00000000f5f370a4
[  525.566132] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000003
[  525.573396] RBP: 00000000f5f37168 R08: 0000000000000000 R09: 0000000000000000
[  525.580662] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  525.587926] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
21:14:13 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  525.606009] binder: BINDER_SET_CONTEXT_MGR already set
21:14:13 executing program 1 (fault-call:2 fault-nth:1):
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

[  525.641672] binder: 4246:4252 ioctl 40046207 0 returned -16
[  525.647337] binder_alloc_new_buf_locked: 57 callbacks suppressed
[  525.647344] binder_alloc: 4246: binder_alloc_buf, no vma
[  525.709988] binder_alloc: 4246: binder_alloc_buf, no vma
21:14:13 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$UI_SET_PHYS(r0, 0x4004556c, &(0x7f0000000000)='syz1\x00')
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x2000, 0x0)
ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x4)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000008000000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:13 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200031c0, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  525.753401] FAULT_INJECTION: forcing a failure.
[  525.753401] name failslab, interval 1, probability 0, space 0, times 0
21:14:13 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  525.797655] binder: 4270:4271 ioctl 4004556c 20000000 returned -22
[  525.837637] Unknown ioctl 1074025830
21:14:13 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x4c00000000000000, &(0x7f0000000300)})

[  525.851227] binder_alloc: 4270: binder_alloc_buf, no vma
[  525.863997] binder: 4270:4271 got transaction to context manager from process owning it
[  525.874362] CPU: 1 PID: 4268 Comm: syz-executor1 Not tainted 4.19.0-rc3+ #134
[  525.881369] binder: BINDER_SET_CONTEXT_MGR already set
[  525.881661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  525.881670] Call Trace:
[  525.881692]  dump_stack+0x1c4/0x2b4
[  525.881714]  ? dump_stack_print_info.cold.2+0x52/0x52
[  525.881757]  ? is_bpf_text_address+0xd3/0x170
[  525.887255] binder: 4270:4280 ioctl 40046207 0 returned -16
[  525.896423]  should_fail.cold.4+0xa/0x17
[  525.896443]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  525.896469]  ? save_stack+0xa9/0xd0
[  525.896487]  ? save_stack+0x43/0xd0
[  525.899465] binder: 4270:4271 ioctl 4004556c 20000000 returned -22
[  525.902684]  ? kasan_kmalloc+0xc7/0xe0
[  525.902696]  ? kasan_slab_alloc+0x12/0x20
[  525.902710]  ? kmem_cache_alloc+0x12e/0x730
[  525.902722]  ? vm_area_dup+0x7a/0x230
[  525.902734]  ? __split_vma+0xae/0x570
[  525.902760]  ? do_munmap+0xd14/0xf90
[  525.902772]  ? mmap_region+0x6a4/0x1cd0
[  525.902782]  ? do_mmap+0xa10/0x1220
[  525.902803]  ? vm_mmap_pgoff+0x213/0x2c0
[  525.908782] Unknown ioctl 1074025830
[  525.912515]  ? ksys_mmap_pgoff+0x4da/0x660
[  525.912530]  ? __ia32_sys_mmap_pgoff+0xdd/0x1a0
[  525.912561]  ? do_fast_syscall_32+0x34d/0xfb2
[  525.912594]  ? entry_SYSENTER_compat+0x70/0x7f
[  525.912628]  ? percpu_ref_put_many+0x11c/0x260
[  525.918653] binder_alloc: 4270: binder_alloc_buf, no vma
[  525.922399]  ? lock_downgrade+0x900/0x900
[  525.922432]  ? check_preemption_disabled+0x48/0x200
[  525.922462]  ? kasan_check_read+0x11/0x20
[  525.922486]  ? graph_lock+0x170/0x170
[  525.953455]  ? rcu_bh_qs+0xc0/0xc0
[  525.961021]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  525.961044]  ? check_preemption_disabled+0x48/0x200
[  525.961057]  ? check_preemption_disabled+0x48/0x200
[  525.961092]  __should_failslab+0x124/0x180
[  526.048563]  should_failslab+0x9/0x14
[  526.052367]  kmem_cache_alloc+0x47/0x730
[  526.056441]  ? rcu_read_lock_sched_held+0x108/0x120
[  526.056540] binder_alloc: 4270: binder_alloc_buf, no vma
[  526.061494]  anon_vma_clone+0x140/0x710
[  526.061528]  ? unlink_anon_vmas+0xa60/0xa60
[  526.061542]  ? memset+0x31/0x40
[  526.061561]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  526.070984]  __split_vma+0x183/0x570
[  526.078566]  ? find_vma+0x34/0x190
[  526.078584]  do_munmap+0xd14/0xf90
[  526.078598]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  526.078615]  ? check_preemption_disabled+0x48/0x200
[  526.105441]  mmap_region+0x6a4/0x1cd0
[  526.109275]  ? __x64_sys_brk+0x7d0/0x7d0
[  526.113383]  ? graph_lock+0x170/0x170
[  526.117194]  ? graph_lock+0x170/0x170
[  526.121019]  ? get_pid_task+0xd6/0x1a0
[  526.124951]  ? mpx_unmapped_area_check+0xd8/0x108
[  526.129857]  ? arch_get_unmapped_area_topdown+0xc2/0x940
[  526.135309]  ? find_held_lock+0x36/0x1c0
[  526.135330]  ? arch_get_unmapped_area+0x750/0x750
[  526.144223]  ? lock_acquire+0x1ed/0x520
[  526.144238]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  526.144252]  ? cap_mmap_addr+0x52/0x130
[  526.144268]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  526.162756]  ? security_mmap_addr+0x80/0xa0
[  526.167127]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  526.172661]  ? get_unmapped_area+0x292/0x3b0
[  526.177086]  do_mmap+0xa10/0x1220
[  526.180541]  ? mmap_region+0x1cd0/0x1cd0
[  526.184586]  ? vm_mmap_pgoff+0x1b5/0x2c0
[  526.188632]  ? down_read_killable+0x1f0/0x1f0
[  526.193113]  ? security_mmap_file+0x174/0x1b0
[  526.197596]  vm_mmap_pgoff+0x213/0x2c0
[  526.201527]  ? vma_is_stack_for_current+0xd0/0xd0
[  526.206407]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  526.211926]  ? check_preemption_disabled+0x48/0x200
[  526.216949]  ksys_mmap_pgoff+0x4da/0x660
[  526.221010]  ? do_fast_syscall_32+0x150/0xfb2
[  526.225513]  ? find_mergeable_anon_vma+0xd0/0xd0
[  526.230258]  ? trace_hardirqs_on+0xbd/0x310
[  526.234577]  ? __ia32_sys_read+0xb0/0xb0
[  526.238637]  ? entry_SYSENTER_compat+0x70/0x7f
[  526.243207]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  526.248658]  __ia32_sys_mmap_pgoff+0xdd/0x1a0
[  526.253153]  do_fast_syscall_32+0x34d/0xfb2
[  526.257473]  ? do_int80_syscall_32+0x890/0x890
[  526.262065]  ? entry_SYSENTER_compat+0x68/0x7f
[  526.266639]  ? trace_hardirqs_off_caller+0xbb/0x310
[  526.271636]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  526.276474]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  526.281300]  ? trace_hardirqs_on_caller+0x310/0x310
[  526.286332]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  526.291360]  ? prepare_exit_to_usermode+0x291/0x3b0
[  526.296375]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  526.301223]  entry_SYSENTER_compat+0x70/0x7f
[  526.305614] RIP: 0023:0xf7f12ca9
[  526.308959] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  526.327842] RSP: 002b:00000000f5f0e0cc EFLAGS: 00000296 ORIG_RAX: 00000000000000c0
[  526.335532] RAX: ffffffffffffffda RBX: 0000000020ffd000 RCX: 0000000000002000
[  526.342798] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000003
21:14:14 executing program 2 (fault-call:2 fault-nth:1):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:14 executing program 4:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r3 = open(&(0x7f0000000000)='./file0\x00', 0x10000, 0x1e3)
setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r3, 0x84, 0x12, &(0x7f0000000240)=0x5, 0x4)
ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000140)="5ce1e838f00bd5c946a60e85783b5405965f4e5ab72ccffad9f0f32a6856d864e0bea30f8ba240cbe6fceffaa1f47cfabb4d1aa5638e9e39a740ead8c147af73930be1e43750c7072db067cec592d4e05d7e0967096e95d8f2eadb9f2ef2c1232cc926c51c927c0de6ae1d9a8c3bca888872d6c61c557f7d82f4b0cea4ec57289822e11d6081a3ffa2ab0e84990f7ae101ce9d541364d1adb07ca17c1bc653d0c2cd0b30f6cc6b5d0e184134ef6e2e79e40441c254a468ea7f4b69703b62a3e527c65bcb925d1e4ccf34f1b461ce960809d5f9cf72880ab6af45dff9b90afd29429c4cf8512dba39341b93bdca93b92e0a5c1aab96e96dd49e7118cd79f403bc")
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:14 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0xffffff7f00000000, &(0x7f0000000300)})

21:14:14 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3048, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:14 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  526.350081] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  526.357346] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  526.364706] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  526.396082] binder_transaction: 107 callbacks suppressed
[  526.396097] binder: 4292:4293 transaction failed 29189/-22, size 0-12360 line 2855
[  526.446246] binder: 4297:4298 transaction failed 29189/-22, size 144115188075855872-12288 line 2855
[  526.458141] binder_alloc: 4291: binder_alloc_buf, no vma
[  526.463745] binder_alloc: 4291: binder_alloc_buf, no vma
[  526.463948] binder: 4291:4299 transaction failed 29189/-3, size 0-0 line 2970
[  526.471732] FAULT_INJECTION: forcing a failure.
[  526.471732] name failslab, interval 1, probability 0, space 0, times 0
[  526.488240] CPU: 0 PID: 4301 Comm: syz-executor2 Not tainted 4.19.0-rc3+ #134
[  526.495513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  526.496024] binder: 4294:4296 transaction failed 29189/-3, size 0-12288 line 2970
[  526.504862] Call Trace:
[  526.504882]  dump_stack+0x1c4/0x2b4
[  526.504902]  ? dump_stack_print_info.cold.2+0x52/0x52
[  526.504938]  should_fail.cold.4+0xa/0x17
[  526.527972]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  526.533092]  ? __lock_acquire+0x7ec/0x4ec0
[  526.533112]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  526.542869]  ? check_preemption_disabled+0x48/0x200
[  526.547901]  ? check_preemption_disabled+0x48/0x200
[  526.547933]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  526.558488]  ? mark_held_locks+0x130/0x130
[  526.562724]  ? perf_trace_lock_acquire+0x15b/0x800
[  526.567680]  ? rcu_pm_notify+0xc0/0xc0
[  526.571608]  ? rcu_read_lock_sched_held+0x108/0x120
[  526.576626]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  526.582169]  ? check_preemption_disabled+0x48/0x200
[  526.582182]  ? graph_lock+0x170/0x170
[  526.582219]  ? debug_smp_processor_id+0x1c/0x20
[  526.595673]  ? perf_trace_lock_acquire+0x15b/0x800
[  526.600610]  ? debug_smp_processor_id+0x1c/0x20
[  526.605291]  ? perf_trace_lock+0x7a0/0x7a0
[  526.609563]  __should_failslab+0x124/0x180
[  526.611108] binder: BINDER_SET_CONTEXT_MGR already set
[  526.613843]  should_failslab+0x9/0x14
[  526.613860]  kmem_cache_alloc+0x47/0x730
[  526.613883]  ? ___might_sleep+0x1ed/0x300
[  526.613896]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  526.613922]  __build_skb+0xab/0x430
[  526.622989]  ? skb_try_coalesce+0x1b70/0x1b70
[  526.623010]  ? graph_lock+0x170/0x170
[  526.623029]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  526.640368]  ? check_preemption_disabled+0x48/0x200
[  526.640382]  ? check_preemption_disabled+0x48/0x200
[  526.640407]  build_skb+0x77/0x270
[  526.645243] binder_alloc: 4291: binder_alloc_buf, no vma
[  526.648713]  ? __build_skb+0x430/0x430
[  526.648741]  tun_build_skb.isra.54+0x8a8/0x2230
[  526.648766]  ? tun_device_event+0x1070/0x1070
[  526.648782]  ? __lock_acquire+0x7ec/0x4ec0
[  526.648803]  ? __lock_acquire+0x7ec/0x4ec0
21:14:14 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x3, &(0x7f0000000300)})

21:14:14 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  526.648833]  ? __lock_acquire+0x7ec/0x4ec0
[  526.659365]  ? mark_held_locks+0x130/0x130
[  526.659401]  ? mark_held_locks+0x130/0x130
[  526.686473] binder: 4291:4306 transaction failed 29189/-3, size 0-0 line 2970
[  526.690597]  ? print_usage_bug+0xc0/0xc0
[  526.690615]  ? debug_smp_processor_id+0x1c/0x20
[  526.690630]  ? print_usage_bug+0xc0/0xc0
[  526.690646]  ? check_preemption_disabled+0x48/0x200
[  526.698992] binder: 4291:4299 ioctl 40046207 0 returned -16
[  526.699143]  ? print_usage_bug+0xc0/0xc0
21:14:14 executing program 1 (fault-call:2 fault-nth:2):
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:14 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x304c, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:14 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=<r2=>0x0)
ptrace$poke(0x4e29d188cfdc8f33, r2, &(0x7f0000000140), 0x2)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0063404000000000008b690999455d789100000000000000000000000000000000000000000000000000000000000000000000007e232463dca581948683a3137191d33490362425f2d8862cf301068bd29334a74c612cfd41a0c7ff3f7f9516be14f61dc3f5469b48e9e3da875bfac008085167496bed0fae66eb8947b7d2f6b697c7b9daa56199795da00959405ffe23805dd3d46db95cd56cd21f2d05787abc14015fb1caa78ca725c57cde7b71f929b28f690cd62bba19504e1f6517c0ec7dee7dd1e567bf19eb7486244bdd8b416ba3f0dc4b0e042a7a6fbb7a0173af3e24ec5b1046eec82d88d32088c166271053256630b6a63b47e7fe0c196a164cab94ed36", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  526.738303]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  526.747902]  ? check_preemption_disabled+0x48/0x200
[  526.747917]  ? print_usage_bug+0xc0/0xc0
[  526.747941]  ? __lock_acquire+0x7ec/0x4ec0
[  526.747966]  ? perf_trace_lock+0x7a0/0x7a0
[  526.747990]  ? mark_held_locks+0x130/0x130
[  526.769758]  tun_get_user+0xc5c/0x42a0
[  526.773658]  ? check_preemption_disabled+0x48/0x200
[  526.773693]  ? tun_build_skb.isra.54+0x2230/0x2230
[  526.783655]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  526.788944]  ? rcu_bh_qs+0xc0/0xc0
[  526.792507]  ? aa_file_perm+0x490/0x1060
[  526.796588]  ? find_held_lock+0x36/0x1c0
[  526.800685]  ? tun_get+0x206/0x370
[  526.804236]  ? lock_downgrade+0x900/0x900
[  526.808387]  ? check_preemption_disabled+0x48/0x200
[  526.813429]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[  526.819235]  ? kasan_check_read+0x11/0x20
[  526.823399]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  526.828684]  ? rcu_bh_qs+0xc0/0xc0
[  526.832243]  ? tun_get+0x22d/0x370
[  526.835825]  ? tun_chr_close+0x180/0x180
[  526.839893]  ? debug_lockdep_rcu_enabled+0x77/0x90
[  526.839910]  ? common_file_perm+0x236/0x7f0
[  526.839932]  tun_chr_write_iter+0xb9/0x154
[  526.839955]  do_iter_readv_writev+0x8b0/0xa80
[  526.839976]  ? vfs_dedupe_file_range+0x670/0x670
[  526.863350]  ? apparmor_file_permission+0x24/0x30
[  526.868209]  ? rw_verify_area+0x118/0x360
[  526.872369]  do_iter_write+0x185/0x5f0
[  526.873167] FAULT_INJECTION: forcing a failure.
[  526.873167] name failslab, interval 1, probability 0, space 0, times 0
[  526.876280]  ? iov_iter_get_pages+0x1210/0x1210
[  526.876294]  ? proc_cwd_link+0x1d0/0x1d0
[  526.876309]  ? graph_lock+0x170/0x170
[  526.876332]  compat_writev+0x233/0x410
[  526.876351]  ? do_pwritev+0x280/0x280
[  526.876380]  ? fget_raw+0x20/0x20
[  526.876418]  ? wait_for_completion+0x8a0/0x8a0
[  526.876452]  ? __lock_is_held+0xb5/0x140
[  526.920617]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  526.926160]  ? __fdget_pos+0xde/0x200
[  526.929970]  ? __fdget_raw+0x20/0x20
[  526.933689]  ? __sb_end_write+0xd9/0x110
[  526.937783]  do_compat_writev+0x119/0x250
[  526.941961]  ? compat_writev+0x410/0x410
[  526.946049]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  526.951509]  ? mm_fault_error+0x380/0x380
[  526.955666]  __ia32_compat_sys_writev+0x74/0xb0
[  526.960353]  do_fast_syscall_32+0x34d/0xfb2
[  526.964684]  ? do_int80_syscall_32+0x890/0x890
[  526.969291]  ? entry_SYSENTER_compat+0x68/0x7f
[  526.973882]  ? trace_hardirqs_off_caller+0xbb/0x310
[  526.978900]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  526.979062] binder: 4310:4317 transaction failed 29189/-22, size 0-12364 line 2855
[  526.983760]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  526.983775]  ? trace_hardirqs_on_caller+0x310/0x310
[  526.983795]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  527.006394]  ? prepare_exit_to_usermode+0x291/0x3b0
[  527.011422]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  527.016281]  entry_SYSENTER_compat+0x70/0x7f
[  527.020726] RIP: 0023:0xf7f5cca9
[  527.024111] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
21:14:15 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3012, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  527.043017] RSP: 002b:00000000f5f58054 EFLAGS: 00000292 ORIG_RAX: 0000000000000092
[  527.050734] RAX: ffffffffffffffda RBX: 00000000000000f0 RCX: 00000000f5f580a4
[  527.058011] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000004
[  527.058035] RBP: 00000000f5f58168 R08: 0000000000000000 R09: 0000000000000000
[  527.058045] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  527.058053] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  527.076168] binder_alloc: 4312: binder_alloc_buf, no vma
[  527.083536] CPU: 1 PID: 4315 Comm: syz-executor1 Not tainted 4.19.0-rc3+ #134
[  527.098876] binder_alloc: 4312: binder_alloc_buf, no vma
[  527.100004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  527.100011] Call Trace:
[  527.100029]  dump_stack+0x1c4/0x2b4
[  527.100049]  ? dump_stack_print_info.cold.2+0x52/0x52
[  527.100079]  should_fail.cold.4+0xa/0x17
[  527.105954] binder: 4312:4320 transaction failed 29189/-3, size 0-0 line 2970
[  527.114891]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  527.114910]  ? perf_trace_lock+0x7a0/0x7a0
[  527.114929]  ? graph_lock+0x170/0x170
[  527.118057] binder: 4313:4321 transaction failed 29189/-3, size 0-12288 line 2970
[  527.121142]  ? graph_lock+0x170/0x170
[  527.121163]  ? lock_acquire+0x1ed/0x520
[  527.121184]  ? find_held_lock+0x36/0x1c0
[  527.121205]  ? __lock_is_held+0xb5/0x140
[  527.121246]  ? ___might_sleep+0x1ed/0x300
[  527.146125] binder: BINDER_SET_CONTEXT_MGR already set
[  527.147104]  ? arch_local_save_flags+0x40/0x40
[  527.150894] binder: 4312:4323 ioctl 40046207 0 returned -16
[  527.158495]  ? do_raw_spin_unlock+0xa7/0x2f0
[  527.158528]  __should_failslab+0x124/0x180
[  527.173881] binder: 4312:4320 transaction failed 29189/-3, size 0-0 line 2970
[  527.174412]  should_failslab+0x9/0x14
[  527.174429]  kmem_cache_alloc+0x2be/0x730
[  527.174446]  ? __vma_adjust+0x1850/0x1850
[  527.174465]  vm_area_alloc+0x7a/0x1d0
[  527.198526]  ? arch_release_thread_stack+0x10/0x10
[  527.198553]  mmap_region+0x9d4/0x1cd0
[  527.198579]  ? __x64_sys_brk+0x7d0/0x7d0
[  527.198595]  ? graph_lock+0x170/0x170
[  527.227103] binder: 4311:4319 transaction failed 29189/-22, size 1275068416-12288 line 2855
[  527.230908]  ? graph_lock+0x170/0x170
[  527.254795]  ? get_pid_task+0xd6/0x1a0
[  527.258703]  ? mpx_unmapped_area_check+0xd8/0x108
[  527.263566]  ? find_held_lock+0x36/0x1c0
[  527.267641]  ? arch_get_unmapped_area+0x750/0x750
[  527.272502]  ? lock_acquire+0x1ed/0x520
[  527.276492]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  527.281516]  ? cap_mmap_addr+0x52/0x130
[  527.285475]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  527.291007]  ? security_mmap_addr+0x80/0xa0
[  527.295329]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  527.300882]  ? get_unmapped_area+0x292/0x3b0
[  527.305300]  do_mmap+0xa10/0x1220
[  527.308743]  ? mmap_region+0x1cd0/0x1cd0
[  527.312790]  ? vm_mmap_pgoff+0x1b5/0x2c0
[  527.316854]  ? down_read_killable+0x1f0/0x1f0
[  527.321349]  ? security_mmap_file+0x174/0x1b0
[  527.325841]  vm_mmap_pgoff+0x213/0x2c0
[  527.329751]  ? vma_is_stack_for_current+0xd0/0xd0
[  527.334577]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  527.340096]  ? check_preemption_disabled+0x48/0x200
[  527.345144]  ksys_mmap_pgoff+0x4da/0x660
[  527.349246]  ? do_fast_syscall_32+0x150/0xfb2
[  527.353741]  ? find_mergeable_anon_vma+0xd0/0xd0
[  527.358480]  ? trace_hardirqs_on+0xbd/0x310
[  527.362826]  ? __ia32_sys_read+0xb0/0xb0
[  527.366923]  ? entry_SYSENTER_compat+0x70/0x7f
[  527.371525]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  527.376963]  __ia32_sys_mmap_pgoff+0xdd/0x1a0
[  527.381445]  do_fast_syscall_32+0x34d/0xfb2
[  527.385753]  ? do_int80_syscall_32+0x890/0x890
[  527.390319]  ? entry_SYSENTER_compat+0x68/0x7f
[  527.394881]  ? trace_hardirqs_off_caller+0xbb/0x310
[  527.399910]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  527.404746]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  527.409570]  ? trace_hardirqs_on_caller+0x310/0x310
[  527.414570]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  527.419570]  ? prepare_exit_to_usermode+0x291/0x3b0
[  527.424583]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  527.429425]  entry_SYSENTER_compat+0x70/0x7f
[  527.433826] RIP: 0023:0xf7f12ca9
21:14:15 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x4800000000000000, &(0x7f0000000300)})

[  527.437191] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  527.456072] RSP: 002b:00000000f5f0e0cc EFLAGS: 00000296 ORIG_RAX: 00000000000000c0
[  527.463786] RAX: ffffffffffffffda RBX: 0000000020ffd000 RCX: 0000000000002000
[  527.471093] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000003
[  527.478396] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  527.485659] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  527.492941] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
21:14:15 executing program 2 (fault-call:2 fault-nth:2):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:15 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0d6340400000003a3ef34753f51cc900000000000000000000000000000000000000000000000000000000000000000000000000c0be8eb98592456c5a084f514833aabae20000000000ff3991de0043d68ae1bf61fdba03f1beb87141579503883d16f9346749f22928911b61a3ba4837f00e5c", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:15 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:15 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3006, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:15 executing program 1 (fault-call:2 fault-nth:3):
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

[  527.627456] binder: 4339:4340 unknown command 1077961485
[  527.628236] binder_release_work: 48 callbacks suppressed
[  527.628243] binder: undelivered TRANSACTION_ERROR: 29189
[  527.641594] binder: 4339:4340 ioctl c0306201 20000040 returned -22
[  527.662457] FAULT_INJECTION: forcing a failure.
[  527.662457] name failslab, interval 1, probability 0, space 0, times 0
[  527.673777] CPU: 1 PID: 4346 Comm: syz-executor2 Not tainted 4.19.0-rc3+ #134
[  527.681079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  527.685719] binder: undelivered TRANSACTION_ERROR: 29189
[  527.690443] Call Trace:
[  527.690469]  dump_stack+0x1c4/0x2b4
[  527.690491]  ? dump_stack_print_info.cold.2+0x52/0x52
[  527.690522]  ? mark_held_locks+0x130/0x130
[  527.711584]  should_fail.cold.4+0xa/0x17
[  527.715656]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  527.716303] binder: undelivered TRANSACTION_ERROR: 29189
[  527.720769]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  527.731728]  ? check_preemption_disabled+0x48/0x200
[  527.736756]  ? debug_smp_processor_id+0x1c/0x20
[  527.741434]  ? perf_trace_lock_acquire+0x15b/0x800
[  527.746368]  ? __lock_acquire+0x7ec/0x4ec0
[  527.750617]  ? perf_trace_lock+0x7a0/0x7a0
[  527.754862]  ? graph_lock+0x170/0x170
[  527.758684]  ? mark_held_locks+0x130/0x130
[  527.762926]  ? find_held_lock+0x36/0x1c0
[  527.767009]  __should_failslab+0x124/0x180
[  527.771272]  should_failslab+0x9/0x14
[  527.775075]  kmem_cache_alloc+0x47/0x730
[  527.779150]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  527.784448]  ? rcu_bh_qs+0xc0/0xc0
[  527.788016]  skb_clone+0x1bb/0x500
[  527.791565]  ? skb_split+0x11e0/0x11e0
[  527.795464]  ? run_filter+0x27c/0x420
[  527.799280]  ? packet_cached_dev_get+0x340/0x340
[  527.804056]  packet_rcv+0x727/0x1820
[  527.807789]  ? run_filter+0x420/0x420
[  527.811606]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  527.817154]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[  527.822614]  ? refcount_add_not_zero_checked+0x330/0x330
[  527.822702] binder: undelivered TRANSACTION_ERROR: 29189
[  527.828092]  ? __lock_is_held+0xb5/0x140
[  527.828144]  __netif_receive_skb_core+0x1a6a/0x3b60
[  527.828163]  ? unwind_get_return_address+0x61/0xa0
[  527.847599]  ? netif_receive_skb+0x430/0x430
[  527.852025]  ? print_usage_bug+0xc0/0xc0
[  527.856092]  ? save_stack+0x43/0xd0
[  527.859735]  ? kasan_kmalloc+0xc7/0xe0
[  527.863640]  ? kasan_slab_alloc+0x12/0x20
[  527.867821]  ? kmem_cache_alloc+0x12e/0x730
[  527.872155]  ? __build_skb+0xab/0x430
[  527.875988]  ? build_skb+0x77/0x270
[  527.879646]  ? tun_get_user+0xc5c/0x42a0
[  527.883717]  ? tun_chr_write_iter+0xb9/0x154
[  527.888136]  ? do_iter_readv_writev+0x8b0/0xa80
[  527.892828]  ? mark_held_locks+0x130/0x130
[  527.897109]  ? __lock_acquire+0x7ec/0x4ec0
[  527.901365]  ? graph_lock+0x170/0x170
[  527.905174]  ? graph_lock+0x170/0x170
[  527.908990]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  527.914539]  ? check_preemption_disabled+0x48/0x200
[  527.919571]  ? __lock_is_held+0xb5/0x140
[  527.923657]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  527.925481] binder: undelivered TRANSACTION_ERROR: 29189
[  527.929202]  ? check_preemption_disabled+0x48/0x200
[  527.929221]  ? debug_smp_processor_id+0x1c/0x20
[  527.929235]  ? perf_trace_lock_acquire+0x15b/0x800
[  527.929258]  ? perf_trace_lock+0x7a0/0x7a0
[  527.953519]  ? netif_receive_skb_internal+0x242/0x620
[  527.958715]  ? lock_downgrade+0x900/0x900
[  527.962873]  ? ktime_get_with_offset+0x38e/0x470
[  527.967646]  ? pvclock_read_flags+0x160/0x160
[  527.972161]  ? netif_receive_skb_internal+0x242/0x620
[  527.977361]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  527.982826]  ? __local_bh_enable_ip+0x160/0x260
[  527.987514]  ? lock_acquire+0x1ed/0x520
[  527.991497]  ? netif_receive_skb_internal+0xaa/0x620
[  527.996620]  __netif_receive_skb_one_core+0xd0/0x200
[  528.001755]  ? __netif_receive_skb_core+0x3b60/0x3b60
[  528.006951]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  528.012251]  ? rcu_bh_qs+0xc0/0xc0
[  528.015809]  __netif_receive_skb+0x2c/0x1e0
[  528.020152]  netif_receive_skb_internal+0x12c/0x620
[  528.025174]  ? check_preemption_disabled+0x48/0x200
[  528.026372] binder: undelivered TRANSACTION_ERROR: 29189
[  528.030197]  ? dev_cpu_dead+0xa80/0xa80
[  528.030219]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[  528.030237]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  528.050513]  ? rcu_pm_notify+0xc0/0xc0
[  528.054439]  netif_receive_skb+0xe5/0x430
[  528.058592]  ? netif_receive_skb_internal+0x620/0x620
[  528.063820]  ? find_held_lock+0x36/0x1c0
[  528.067912]  ? tun_rx_batched.isra.55+0x494/0x8c0
[  528.072774]  tun_rx_batched.isra.55+0x4ba/0x8c0
[  528.077458]  ? lockdep_hardirqs_on+0x421/0x5c0
[  528.082057]  ? tun_sock_write_space+0x3a0/0x3a0
[  528.086736]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  528.092200]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  528.097746]  ? check_preemption_disabled+0x48/0x200
[  528.102765]  ? tun_get_user+0x3020/0x42a0
[  528.106925]  ? tun_get_user+0x3020/0x42a0
[  528.111077]  tun_get_user+0x2b13/0x42a0
[  528.115069]  ? check_preemption_disabled+0x48/0x200
[  528.120148]  ? tun_build_skb.isra.54+0x2230/0x2230
[  528.125114]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  528.130421]  ? rcu_bh_qs+0xc0/0xc0
[  528.133989]  ? aa_file_perm+0x490/0x1060
[  528.138084]  ? tun_get+0x206/0x370
[  528.138100]  ? lock_downgrade+0x900/0x900
[  528.138111]  ? check_preemption_disabled+0x48/0x200
[  528.138136]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[  528.145809]  ? kasan_check_read+0x11/0x20
[  528.145836]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  528.145852]  ? rcu_bh_qs+0xc0/0xc0
[  528.145877]  ? tun_get+0x22d/0x370
[  528.164271] binder: BINDER_SET_CONTEXT_MGR already set
[  528.166103]  ? tun_chr_close+0x180/0x180
[  528.166120]  ? debug_lockdep_rcu_enabled+0x77/0x90
[  528.166135]  ? common_file_perm+0x236/0x7f0
[  528.166156]  tun_chr_write_iter+0xb9/0x154
[  528.166183]  do_iter_readv_writev+0x8b0/0xa80
[  528.169805] binder: 4339:4375 ioctl 40046207 0 returned -16
[  528.173260]  ? vfs_dedupe_file_range+0x670/0x670
[  528.173297]  ? apparmor_file_permission+0x24/0x30
[  528.173334]  ? rw_verify_area+0x118/0x360
[  528.179649] binder: 4339:4340 unknown command 1077961485
[  528.182646]  do_iter_write+0x185/0x5f0
21:14:15 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x6c00000000000000, &(0x7f0000000300)})

21:14:15 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:15 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0xffffff7f, &(0x7f0000000300)})

21:14:15 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0xdf001000, 0x0, 0x11, r0, 0x0)

21:14:15 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0xffffe000, 0x0, 0x11, r0, 0x0)

21:14:16 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x2000000, &(0x7f0000000300)})

21:14:16 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x400000, 0x0, 0x11, r0, 0x0)

[  528.182662]  ? iov_iter_get_pages+0x1210/0x1210
[  528.182675]  ? proc_cwd_link+0x1d0/0x1d0
[  528.182688]  ? graph_lock+0x170/0x170
[  528.182711]  compat_writev+0x233/0x410
[  528.182729]  ? do_pwritev+0x280/0x280
[  528.182743]  ? fget_raw+0x20/0x20
[  528.182765]  ? wait_for_completion+0x8a0/0x8a0
[  528.182801]  ? __lock_is_held+0xb5/0x140
[  528.188835] binder: 4339:4340 ioctl c0306201 20000040 returned -22
[  528.192042]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  528.192057]  ? __fdget_pos+0xde/0x200
[  528.192075]  ? __fdget_raw+0x20/0x20
[  528.225661]  ? __sb_end_write+0xd9/0x110
[  528.225704]  do_compat_writev+0x119/0x250
[  528.225723]  ? compat_writev+0x410/0x410
[  528.234261]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  528.298903]  ? mm_fault_error+0x380/0x380
[  528.303055]  __ia32_compat_sys_writev+0x74/0xb0
[  528.307746]  do_fast_syscall_32+0x34d/0xfb2
[  528.312058]  ? do_int80_syscall_32+0x890/0x890
[  528.316628]  ? entry_SYSENTER_compat+0x68/0x7f
[  528.321202]  ? trace_hardirqs_off_caller+0xbb/0x310
[  528.326218]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  528.331058]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  528.335904]  ? trace_hardirqs_on_caller+0x310/0x310
[  528.340908]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  528.345913]  ? prepare_exit_to_usermode+0x291/0x3b0
[  528.351045]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  528.355876]  entry_SYSENTER_compat+0x70/0x7f
[  528.360266] RIP: 0023:0xf7f5cca9
[  528.363615] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  528.382499] RSP: 002b:00000000f5f58054 EFLAGS: 00000292 ORIG_RAX: 0000000000000092
[  528.390204] RAX: ffffffffffffffda RBX: 00000000000000f0 RCX: 00000000f5f580a4
[  528.397466] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000004
[  528.404741] RBP: 00000000f5f58168 R08: 0000000000000000 R09: 0000000000000000
[  528.412002] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  528.419292] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
21:14:16 executing program 2 (fault-call:2 fault-nth:3):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:16 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x300, &(0x7f0000000300)})

21:14:16 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2002, 0x0, 0x11, r0, 0x0)

21:14:16 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3004, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:16 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:16 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x101000, 0x0)
write$UHID_SET_REPORT_REPLY(r2, &(0x7f0000000180)={0xe, 0x3, 0x4aa5, 0x9, 0xff, "b41d41128d14e2dd66cf11909f8ed76b184a206eae59d8acc735997ac9deea063212454f5a6e88968d1e3b1b5f6c9b8403cd6982e03c17bf8ebff99c9f98551ac9fb3f46bd2bde8666f52ad2bf8999ea55c3cd24fd0dbf0e726fdb83a08908178ab7e989b25f730b2d78e4f50ceb2707b1452e137fa1bc3910de0e3c95d6aeced1cbab336f7894c3f74738f34ba405cd2817b76a8fe70dda8349f4ef2ba7714c4df5f807244fcf5363abf06bf69b8fcca3926c1a7d255a091953a7cb25b5a95e2fc4707d509dd217d1d73f9a5787f6913288dc1af8f384e693f304f7cd85abcafc08dcba3ec5792452dd715656e2d6a7cb8d5bfdbcc46b1b97aed2b94ebb19"}, 0x10b)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  528.524648] binder_alloc_mmap_handler: 25 callbacks suppressed
[  528.524662] binder_alloc: binder_alloc_mmap_handler: 4379 20ffd000-21000000 already mapped failed -16
[  528.527192] binder: undelivered TRANSACTION_ERROR: 29189
[  528.531988] binder_alloc: binder_alloc_mmap_handler: 4387 20001000-20004000 already mapped failed -16
[  528.557105] binder_alloc: binder_alloc_mmap_handler: 4379 20ffd000-21000000 already mapped failed -16
[  528.569234] FAULT_INJECTION: forcing a failure.
21:14:16 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  528.569234] name failslab, interval 1, probability 0, space 0, times 0
[  528.580572] CPU: 1 PID: 4395 Comm: syz-executor2 Not tainted 4.19.0-rc3+ #134
[  528.587880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  528.597248] Call Trace:
[  528.599847]  dump_stack+0x1c4/0x2b4
[  528.603574]  ? dump_stack_print_info.cold.2+0x52/0x52
[  528.603608]  should_fail.cold.4+0xa/0x17
[  528.603652]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  528.612903]  ? sock_def_readable+0x2c7/0x710
[  528.612924]  ? perf_trace_lock+0x7a0/0x7a0
[  528.612945]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[  528.612962]  ? kasan_check_read+0x11/0x20
[  528.612978]  ? graph_lock+0x170/0x170
[  528.640412]  ? find_held_lock+0x36/0x1c0
[  528.644482]  ? lock_downgrade+0x900/0x900
[  528.648631]  ? check_preemption_disabled+0x48/0x200
[  528.653646]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[  528.659442]  ? kasan_check_read+0x11/0x20
[  528.663614]  __should_failslab+0x124/0x180
[  528.667872]  should_failslab+0x9/0x14
[  528.671671]  kmem_cache_alloc+0x47/0x730
[  528.675741]  ? __nf_conntrack_find_get.part.42+0x110b/0x1cf0
[  528.681549]  __nf_conntrack_alloc+0x1aa/0x7c0
[  528.686047]  ? early_drop+0xc00/0xc00
[  528.689849]  ? perf_trace_lock+0x7a0/0x7a0
[  528.694092]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  528.699288]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  528.704850]  init_conntrack+0xff2/0x1490
[  528.708936]  ? nf_conntrack_alloc+0x50/0x50
[  528.713265]  ? check_preemption_disabled+0x48/0x200
[  528.718277]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  528.723462]  ? generic_pkt_to_tuple+0xd/0x90
[  528.727917]  ? lock_acquire+0x1ed/0x520
[  528.731887]  ? nf_conntrack_in+0x571/0x1240
[  528.736218]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  528.741770]  ? check_preemption_disabled+0x48/0x200
[  528.746808]  ? kasan_check_read+0x11/0x20
[  528.750967]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  528.756249]  ? debug_smp_processor_id+0x1c/0x20
[  528.760915]  ? perf_trace_lock_acquire+0x15b/0x800
[  528.765858]  nf_conntrack_in+0xbf6/0x1240
[  528.770023]  ? nf_conntrack_update+0xb90/0xb90
[  528.774617]  ? __lock_is_held+0xb5/0x140
[  528.778716]  ? __do_replace+0xab0/0xab0
[  528.782690]  ? graph_lock+0x170/0x170
[  528.786523]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  528.792060]  ? check_preemption_disabled+0x48/0x200
[  528.797089]  ? ipv6_conntrack_local+0x30/0x30
[  528.801579]  ipv4_conntrack_in+0x61/0x90
[  528.805655]  nf_hook_slow+0xc2/0x1c0
[  528.809370]  ip_rcv+0x392/0x610
[  528.812654]  ? ip_local_deliver+0x750/0x750
[  528.816974]  ? pvclock_read_flags+0x160/0x160
[  528.821488]  ? ip_rcv_finish_core.isra.15+0x1f40/0x1f40
[  528.826908]  ? lock_acquire+0x1ed/0x520
[  528.830883]  ? netif_receive_skb_internal+0xaa/0x620
[  528.835990]  __netif_receive_skb_one_core+0x14d/0x200
[  528.841194]  ? __netif_receive_skb_core+0x3b60/0x3b60
[  528.846381]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  528.851670]  ? rcu_bh_qs+0xc0/0xc0
[  528.855228]  __netif_receive_skb+0x2c/0x1e0
[  528.859568]  netif_receive_skb_internal+0x12c/0x620
[  528.864583]  ? check_preemption_disabled+0x48/0x200
[  528.869597]  ? dev_cpu_dead+0xa80/0xa80
[  528.873603]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[  528.879170]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  528.884455]  ? rcu_pm_notify+0xc0/0xc0
[  528.888368]  netif_receive_skb+0xe5/0x430
[  528.892526]  ? netif_receive_skb_internal+0x620/0x620
[  528.897721]  ? find_held_lock+0x36/0x1c0
[  528.901786]  ? tun_rx_batched.isra.55+0x494/0x8c0
[  528.906637]  tun_rx_batched.isra.55+0x4ba/0x8c0
[  528.911315]  ? lockdep_hardirqs_on+0x421/0x5c0
[  528.915911]  ? tun_sock_write_space+0x3a0/0x3a0
[  528.920582]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  528.926044]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  528.931597]  ? check_preemption_disabled+0x48/0x200
[  528.936629]  ? tun_get_user+0x3020/0x42a0
[  528.940776]  ? tun_get_user+0x3020/0x42a0
[  528.944929]  tun_get_user+0x2b13/0x42a0
[  528.948911]  ? check_preemption_disabled+0x48/0x200
[  528.953951]  ? tun_build_skb.isra.54+0x2230/0x2230
[  528.958882]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  528.964173]  ? rcu_bh_qs+0xc0/0xc0
[  528.967732]  ? aa_file_perm+0x490/0x1060
[  528.971818]  ? tun_get+0x206/0x370
[  528.975403]  ? lock_downgrade+0x900/0x900
[  528.979551]  ? check_preemption_disabled+0x48/0x200
[  528.984571]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[  528.990396]  ? kasan_check_read+0x11/0x20
[  528.994548]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  528.999833]  ? rcu_bh_qs+0xc0/0xc0
[  529.003386]  ? tun_get+0x22d/0x370
[  529.006929]  ? tun_chr_close+0x180/0x180
[  529.010990]  ? debug_lockdep_rcu_enabled+0x77/0x90
[  529.015923]  ? common_file_perm+0x236/0x7f0
[  529.020250]  tun_chr_write_iter+0xb9/0x154
[  529.024485]  do_iter_readv_writev+0x8b0/0xa80
[  529.028991]  ? vfs_dedupe_file_range+0x670/0x670
[  529.033744]  ? apparmor_file_permission+0x24/0x30
[  529.038589]  ? rw_verify_area+0x118/0x360
[  529.042736]  do_iter_write+0x185/0x5f0
[  529.046620]  ? iov_iter_get_pages+0x1210/0x1210
[  529.051289]  ? proc_cwd_link+0x1d0/0x1d0
[  529.055361]  ? graph_lock+0x170/0x170
[  529.059187]  compat_writev+0x233/0x410
[  529.063093]  ? do_pwritev+0x280/0x280
[  529.066907]  ? fget_raw+0x20/0x20
[  529.070384]  ? wait_for_completion+0x8a0/0x8a0
[  529.075000]  ? __lock_is_held+0xb5/0x140
[  529.079091]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  529.084624]  ? __fdget_pos+0xde/0x200
[  529.088469]  ? __fdget_raw+0x20/0x20
[  529.092203]  ? __sb_end_write+0xd9/0x110
[  529.096281]  do_compat_writev+0x119/0x250
[  529.100436]  ? compat_writev+0x410/0x410
[  529.104545]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  529.109992]  ? mm_fault_error+0x380/0x380
[  529.114161]  __ia32_compat_sys_writev+0x74/0xb0
[  529.118870]  do_fast_syscall_32+0x34d/0xfb2
[  529.123216]  ? do_int80_syscall_32+0x890/0x890
[  529.127820]  ? entry_SYSENTER_compat+0x68/0x7f
[  529.132404]  ? trace_hardirqs_off_caller+0xbb/0x310
[  529.137461]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  529.142317]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  529.147161]  ? trace_hardirqs_on_caller+0x310/0x310
[  529.152175]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  529.157191]  ? prepare_exit_to_usermode+0x291/0x3b0
[  529.162222]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  529.167110]  entry_SYSENTER_compat+0x70/0x7f
[  529.171520] RIP: 0023:0xf7f5cca9
[  529.174904] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  529.193800] RSP: 002b:00000000f5f58054 EFLAGS: 00000292 ORIG_RAX: 0000000000000092
[  529.201550] RAX: ffffffffffffffda RBX: 00000000000000f0 RCX: 00000000f5f580a4
[  529.208825] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000004
[  529.216106] RBP: 00000000f5f58168 R08: 0000000000000000 R09: 0000000000000000
21:14:17 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  529.223371] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  529.230635] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  529.239257] binder_alloc: binder_alloc_mmap_handler: 4377 20001000-20004000 already mapped failed -16
[  529.256249] binder: BINDER_SET_CONTEXT_MGR already set
[  529.261736] binder: undelivered TRANSACTION_ERROR: 29189
21:14:17 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2004, 0x0, 0x11, r0, 0x0)

[  529.275331] binder: 4384:4394 ioctl 40046207 0 returned -16
[  529.299219] binder: undelivered TRANSACTION_ERROR: 29189
[  529.305961] binder_alloc: binder_alloc_mmap_handler: 4397 20001000-20004000 already mapped failed -16
[  529.306749] binder: undelivered TRANSACTION_ERROR: 29189
21:14:17 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x3)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})
r2 = syz_open_dev$vcsa(&(0x7f00000002c0)='/dev/vcsa#\x00', 0xe9, 0x48000)
ioctl$EVIOCGABS20(r2, 0x80184560, &(0x7f0000000140)=""/196)

21:14:17 executing program 2 (fault-call:2 fault-nth:4):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:17 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x48, &(0x7f0000000300)})

[  529.357073] binder_alloc: binder_alloc_mmap_handler: 4402 20ffd000-21000000 already mapped failed -16
21:14:17 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2300, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  529.413702] binder_alloc: binder_alloc_mmap_handler: 4402 20ffd000-21000000 already mapped failed -16
21:14:17 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:17 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x80040800000000, 0x11, r0, 0x0)

[  529.488790] FAULT_INJECTION: forcing a failure.
[  529.488790] name failslab, interval 1, probability 0, space 0, times 0
[  529.500639] CPU: 0 PID: 4416 Comm: syz-executor2 Not tainted 4.19.0-rc3+ #134
[  529.500649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  529.500654] Call Trace:
[  529.500673]  dump_stack+0x1c4/0x2b4
[  529.500691]  ? dump_stack_print_info.cold.2+0x52/0x52
[  529.500708]  ? mark_held_locks+0x130/0x130
[  529.500725]  ? kernel_text_address+0x79/0xf0
[  529.500745]  should_fail.cold.4+0xa/0x17
[  529.500764]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  529.500779]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  529.500792]  ? check_preemption_disabled+0x48/0x200
[  529.500809]  ? debug_smp_processor_id+0x1c/0x20
[  529.500853]  ? perf_trace_lock_acquire+0x15b/0x800
[  529.500867]  ? save_stack+0xa9/0xd0
[  529.500882]  ? save_stack+0x43/0xd0
[  529.500902]  ? perf_trace_lock+0x7a0/0x7a0
[  529.500918]  ? ip_rcv+0x392/0x610
[  529.500937]  ? __netif_receive_skb+0x2c/0x1e0
[  529.500959]  ? netif_receive_skb_internal+0x12c/0x620
[  529.534937] binder: BINDER_SET_CONTEXT_MGR already set
[  529.537589]  ? netif_receive_skb+0xe5/0x430
[  529.537606]  ? tun_rx_batched.isra.55+0x4ba/0x8c0
[  529.537620]  ? tun_get_user+0x2b13/0x42a0
[  529.537633]  ? tun_chr_write_iter+0xb9/0x154
[  529.537648]  ? graph_lock+0x170/0x170
[  529.537664]  ? do_compat_writev+0x119/0x250
[  529.537683]  ? __ia32_compat_sys_writev+0x74/0xb0
[  529.542319] binder: 4411:4421 ioctl 40046207 0 returned -16
[  529.547108]  ? do_fast_syscall_32+0x34d/0xfb2
21:14:17 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x500000000000000, &(0x7f0000000300)})

21:14:17 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b00, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  529.547142]  ? entry_SYSENTER_compat+0x70/0x7f
[  529.547158]  ? find_held_lock+0x36/0x1c0
[  529.547186]  ? find_held_lock+0x36/0x1c0
[  529.547231]  __should_failslab+0x124/0x180
[  529.547262]  should_failslab+0x9/0x14
[  529.557197] binder_alloc: binder_alloc_mmap_handler: 4413 20001000-20004000 already mapped failed -16
[  529.558050]  __kmalloc_track_caller+0x5f/0x750
[  529.623668] binder_alloc: binder_alloc_mmap_handler: 4425 20001000-20004000 already mapped failed -16
[  529.628080]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
21:14:17 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  529.628099]  ? rcu_bh_qs+0xc0/0xc0
[  529.628135]  ? nf_ct_ext_add+0x369/0x7b0
[  529.628172]  __krealloc+0x6f/0xb0
[  529.628205]  nf_ct_ext_add+0x369/0x7b0
[  529.628239]  ? nf_ct_ext_destroy+0x370/0x370
[  529.628255]  ? perf_trace_lock+0x7a0/0x7a0
[  529.628274]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  529.716455]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  529.716476]  ? generic_pkt_to_tuple+0x90/0x90
[  529.716508]  init_conntrack+0x5ef/0x1490
[  529.716532]  ? nf_conntrack_alloc+0x50/0x50
21:14:17 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f784136645ec44ad77495038f03f40259daacb311778d55b1d04c8ba45ee8455d03c5e42d663879099917097d7e4f748f1891e32ed02c1f8776213d4e50cf0df0c2bbc655ff51d192b95a9c0bb05c5df7b98dbbb28e23cab885d01e111a7ce074db5b695ddd461acd005070b4f475c58cd4fbe415e087ada19b96a5185c54c98c0a270c02728b4d733d4fa9e4846ae0274df725a3e1e81319be0c75a4deaf6ae3ce65eab96020e8511a32c00d755ec6143210d845463c4d733f1cf9fe0154bbedf098ef8d6d559a4677270aa0553ea88cceed7", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  529.716547]  ? check_preemption_disabled+0x48/0x200
[  529.716563]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  529.716579]  ? generic_pkt_to_tuple+0xd/0x90
[  529.716599]  ? lock_acquire+0x1ed/0x520
[  529.716615]  ? nf_conntrack_in+0x571/0x1240
[  529.716630]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  529.716644]  ? check_preemption_disabled+0x48/0x200
[  529.716667]  ? kasan_check_read+0x11/0x20
[  529.716685]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  529.716706]  ? debug_smp_processor_id+0x1c/0x20
[  529.716720]  ? perf_trace_lock_acquire+0x15b/0x800
21:14:17 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d00, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  529.716743]  nf_conntrack_in+0xbf6/0x1240
[  529.716775]  ? nf_conntrack_update+0xb90/0xb90
[  529.716805]  ? __lock_is_held+0xb5/0x140
[  529.716850]  ? __do_replace+0xab0/0xab0
[  529.716862]  ? graph_lock+0x170/0x170
[  529.716880]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  529.716894]  ? check_preemption_disabled+0x48/0x200
[  529.716920]  ? ipv6_conntrack_local+0x30/0x30
[  529.716934]  ipv4_conntrack_in+0x61/0x90
[  529.716949]  nf_hook_slow+0xc2/0x1c0
[  529.716972]  ip_rcv+0x392/0x610
[  529.716990]  ? ip_local_deliver+0x750/0x750
21:14:17 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  529.717014]  ? pvclock_read_flags+0x160/0x160
[  529.717035]  ? ip_rcv_finish_core.isra.15+0x1f40/0x1f40
[  529.717057]  ? lock_acquire+0x1ed/0x520
[  529.717074]  ? netif_receive_skb_internal+0xaa/0x620
[  529.717096]  __netif_receive_skb_one_core+0x14d/0x200
[  529.717115]  ? __netif_receive_skb_core+0x3b60/0x3b60
[  529.717129]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  529.717145]  ? rcu_bh_qs+0xc0/0xc0
[  529.717167]  __netif_receive_skb+0x2c/0x1e0
[  529.717186]  netif_receive_skb_internal+0x12c/0x620
21:14:17 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4000000, 0x11, r0, 0x0)

[  529.717197]  ? check_preemption_disabled+0x48/0x200
[  529.717212]  ? dev_cpu_dead+0xa80/0xa80
[  529.717229]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[  529.717242]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  529.717257]  ? rcu_pm_notify+0xc0/0xc0
[  529.717284]  netif_receive_skb+0xe5/0x430
[  529.717299]  ? netif_receive_skb_internal+0x620/0x620
[  529.717315]  ? find_held_lock+0x36/0x1c0
[  529.717334]  ? tun_rx_batched.isra.55+0x494/0x8c0
[  529.717351]  tun_rx_batched.isra.55+0x4ba/0x8c0
[  529.717369]  ? lockdep_hardirqs_on+0x421/0x5c0
[  529.717386]  ? tun_sock_write_space+0x3a0/0x3a0
[  529.717402]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  529.717417]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  529.717429]  ? check_preemption_disabled+0x48/0x200
[  529.717443]  ? tun_get_user+0x3020/0x42a0
[  529.717457]  ? tun_get_user+0x3020/0x42a0
[  529.717476]  tun_get_user+0x2b13/0x42a0
[  529.717493]  ? check_preemption_disabled+0x48/0x200
[  529.717526]  ? tun_build_skb.isra.54+0x2230/0x2230
[  529.717543]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  529.717558]  ? rcu_bh_qs+0xc0/0xc0
[  529.717596]  ? aa_file_perm+0x490/0x1060
[  529.717623]  ? tun_get+0x206/0x370
[  529.717637]  ? lock_downgrade+0x900/0x900
[  529.717647]  ? check_preemption_disabled+0x48/0x200
[  529.717666]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[  529.717678]  ? kasan_check_read+0x11/0x20
[  529.717692]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  529.717706]  ? rcu_bh_qs+0xc0/0xc0
[  529.717729]  ? tun_get+0x22d/0x370
[  529.717741]  ? tun_chr_close+0x180/0x180
[  529.717755]  ? debug_lockdep_rcu_enabled+0x77/0x90
[  529.717769]  ? common_file_perm+0x236/0x7f0
[  529.717790]  tun_chr_write_iter+0xb9/0x154
[  529.717809]  do_iter_readv_writev+0x8b0/0xa80
[  529.717842]  ? vfs_dedupe_file_range+0x670/0x670
[  529.717856]  ? apparmor_file_permission+0x24/0x30
[  529.717879]  ? rw_verify_area+0x118/0x360
[  529.717898]  do_iter_write+0x185/0x5f0
[  529.717913]  ? iov_iter_get_pages+0x1210/0x1210
[  529.717927]  ? proc_cwd_link+0x1d0/0x1d0
[  529.717941]  ? graph_lock+0x170/0x170
[  529.717964]  compat_writev+0x233/0x410
[  529.717983]  ? do_pwritev+0x280/0x280
[  529.717997]  ? fget_raw+0x20/0x20
[  529.718026]  ? wait_for_completion+0x8a0/0x8a0
[  529.718046]  ? __lock_is_held+0xb5/0x140
[  529.718072]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  529.718086]  ? __fdget_pos+0xde/0x200
[  529.718108]  ? __fdget_raw+0x20/0x20
[  529.774280] binder_alloc: binder_alloc_mmap_handler: 4434 20001000-20004000 already mapped failed -16
[  529.774351]  ? __sb_end_write+0xd9/0x110
[  529.883832] binder: BINDER_SET_CONTEXT_MGR already set
[  529.887507]  do_compat_writev+0x119/0x250
21:14:18 executing program 2 (fault-call:2 fault-nth:5):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:18 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000ffff000000000000000000000000000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:18 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x60000000, &(0x7f0000000300)})

21:14:18 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x200000000000000, 0x11, r0, 0x0)

21:14:18 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3074, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:18 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  529.887543]  ? compat_writev+0x410/0x410
[  529.887602]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  529.887635]  ? mm_fault_error+0x380/0x380
[  529.887657]  __ia32_compat_sys_writev+0x74/0xb0
[  529.887678]  do_fast_syscall_32+0x34d/0xfb2
[  529.887713]  ? do_int80_syscall_32+0x890/0x890
[  529.903100] binder: 4440:4443 ioctl 40046207 0 returned -16
[  529.907473]  ? entry_SYSENTER_compat+0x68/0x7f
[  529.907490]  ? trace_hardirqs_off_caller+0xbb/0x310
[  529.907505]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  529.907519]  ? trace_hardirqs_off_thunk+0x1a/0x1c
21:14:18 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2, 0x11, r0, 0x0)

[  529.907534]  ? trace_hardirqs_on_caller+0x310/0x310
[  529.907550]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  529.907567]  ? prepare_exit_to_usermode+0x291/0x3b0
[  529.907587]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  529.998027]  entry_SYSENTER_compat+0x70/0x7f
[  530.007161] RIP: 0023:0xf7f5cca9
[  530.007178] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
21:14:18 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  530.007187] RSP: 002b:00000000f5f58054 EFLAGS: 00000292 ORIG_RAX: 0000000000000092
[  530.007204] RAX: ffffffffffffffda RBX: 00000000000000f0 RCX: 00000000f5f580a4
[  530.007213] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000004
[  530.007222] RBP: 00000000f5f58168 R08: 0000000000000000 R09: 0000000000000000
[  530.007232] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  530.007241] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  530.271498] binder: binder_mmap: 4468 20ffd000-20fff000 bad vm_flags failed -1
21:14:18 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:18 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3005, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:18 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x600, &(0x7f0000000300)})

[  530.316703] binder: binder_mmap: 4468 20ffd000-20fff000 bad vm_flags failed -1
21:14:18 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  530.445107] binder: BINDER_SET_CONTEXT_MGR already set
21:14:18 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0)

[  530.479847] binder: 4478:4487 ioctl 40046207 0 returned -16
21:14:18 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x408102, 0x0)
ioctl$KVM_S390_INTERRUPT_CPU(r2, 0x4010ae94, &(0x7f0000000180)={0x1d, 0x3, 0x8})
ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000140))

21:14:18 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0xfdef, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:18 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x500, &(0x7f0000000300)})

21:14:18 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x8000000000000000, 0x11, r0, 0x0)

21:14:18 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x307a, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:18 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:18 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:18 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000000000000, 0x11, r0, 0x0)

[  530.757638] binder_alloc_new_buf_locked: 19 callbacks suppressed
[  530.757682] binder_alloc: 4519: binder_alloc_buf, no vma
21:14:18 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x1200, &(0x7f0000000300)})

21:14:18 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0xd, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  530.840690] binder_alloc: 4519: binder_alloc_buf, no vma
[  530.858565] binder: BINDER_SET_CONTEXT_MGR already set
[  530.863868] binder: 4519:4533 ioctl 40046207 0 returned -16
[  530.873344] binder_alloc: 4519: binder_alloc_buf, no vma
21:14:18 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:18 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xfdffffffffff0f00, 0x11, r0, 0x0)

[  530.918492] binder_alloc: 4519: binder_alloc_buf, no vma
[  530.938346] binder_alloc: 4519: binder_alloc_buf, no vma
21:14:19 executing program 4:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
socketpair(0xa, 0x6, 0x8, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffff9c, 0x84, 0x1d, &(0x7f0000000140)={0x3, [0x0, 0x0, <r3=>0x0]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f00000001c0)=@assoc_value={r3}, &(0x7f0000000200)=0x8)
r4 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000080)={0x4, [0x0, 0x0, 0x0, 0x0]}, &(0x7f00000003c0)=0x14)
ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f00000000c0)={0x1, [0x0]}, &(0x7f0000000240)=0x8)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="671609e902d990c512f33357f9a186e1ce60fd981958e9564e400053961843f311e855ea20fc0f271f9fa4166ec6badf6f5a2b5cb4e4d5b786f45c43fb31de65d0e5d162e9bd9397f772e5b8280279bdcdf087989ac596beaaeda3790b4873a871753fb20a018c497bbb55cbf14fd1e84934195e36a99cd249149db6a564641c4da1831c829abc5aa2d1469062247d36cd4d18e6130e2c3d54e438429fdcf8fa1ab655049c67bef3e156d4248ce11b1aa871b20d8428f32cedb6c926e4fa30f4bd7b91686af8106d9455f516872f8ebf30aac12d95dce4170d8ab1c599d61b5e66d70cb08b6de3cd7131b92ed48994d45c943645729acbf83478d191b8e7dba5ad61509373b14fc642796d7e02c250193e7a91799b6b015de9d72a9fea2ba414bc62bf9191bafc2a344cf032a343005971"], 0x0, 0x0, &(0x7f0000000300)})

21:14:19 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x306c, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:19 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x4c000000, &(0x7f0000000300)})

21:14:19 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:19 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:19 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x400000000000000, 0x11, r0, 0x0)

21:14:19 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3003, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  531.168322] binder_alloc: 4561: binder_alloc_buf, no vma
[  531.203256] binder_alloc: 4561: binder_alloc_buf, no vma
21:14:19 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x200000ea, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:19 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  531.226134] binder_alloc: 4561: binder_alloc_buf, no vma
21:14:19 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3068, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:19 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x11, r0, 0x0)

[  531.277024] binder: BINDER_SET_CONTEXT_MGR already set
[  531.282324] binder: 4561:4589 ioctl 40046207 0 returned -16
21:14:19 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x4000000, &(0x7f0000000300)})

21:14:19 executing program 4:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x800)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
r3 = syz_open_pts(0xffffffffffffffff, 0x40000)
ioctl$PIO_UNISCRNMAP(r3, 0x4b6a, &(0x7f00000001c0)="cb2411048d9edb70a15b870c7ff56b8d99041a21591de3aa6b3745505dde8f44bfef505e96ff5e69f34083a5bca9543423dd51f62ce89d583b864848e7ea418000f3a28af57f15d092148f483f6182c1ceaf3d204fab0496bc0d9e80d58ed59eb3e397b4f4ac67fa9b9091608e43ec9df22486a157d2215bbc5857d1324d4d6041be390ea4983b2db768feb3faa07de446400ed8193379d5d4ea84657c65bd3f2475")
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x403c5404, &(0x7f0000000180)={{0x3, 0x2, 0x1f, 0x0, 0xffffffff}, 0x101, 0x5})
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x0, 0x0)
r5 = dup3(r0, r4, 0x80000)
ioctl$KVM_IRQ_LINE_STATUS(r4, 0xc008ae67, &(0x7f0000000140)={0x4, 0x3})
flock(r5, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00cV@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:19 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:19 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x40010020]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:19 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x7ffff000, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:19 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x8048000, 0x11, r0, 0x0)

[  531.467144] binder_transaction: 57 callbacks suppressed
[  531.467159] binder: 4606:4607 transaction failed 29189/-22, size 0-12288 line 2855
[  531.517656] binder: 4612:4614 transaction failed 29189/-22, size 0-12288 line 2855
[  531.559043] binder: 4619:4620 transaction failed 29189/-22, size 67108864-12288 line 2855
[  531.571058] binder: 4613:4616 unknown command 1079403264
[  531.583426] binder: 4613:4616 ioctl c0306201 20000040 returned -22
21:14:19 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x700000000000000, &(0x7f0000000300)})

21:14:19 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7a000000]}}], 0x0, 0x0, &(0x7f0000000300)})

[  531.609330] binder: BINDER_SET_CONTEXT_MGR already set
[  531.615692] binder: 4613:4630 unknown command 1079403264
[  531.649598] binder: 4613:4616 ioctl 40046207 0 returned -16
21:14:19 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0xfffffffffffffdef, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:19 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:19 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xffffffffffffd, 0x11, r0, 0x0)

[  531.665220] binder: 4613:4630 ioctl c0306201 20000040 returned -22
[  531.668654] binder: 4631:4632 transaction failed 29189/-22, size 0-12288 line 2855
[  531.726306] binder: 4636:4638 transaction failed 29189/-22, size 0-12288 line 2855
21:14:19 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0x0, 0x2)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:19 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x500]}}], 0x0, 0x0, &(0x7f0000000300)})

[  531.771482] binder: 4643:4645 transaction failed 29189/-22, size 4294967167-12288 line 2855
21:14:19 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x6800000000000000, &(0x7f0000000300)})

21:14:19 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0xfffffdef, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:19 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:19 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x11, r0, 0x0)

[  531.885796] binder: 4654:4656 transaction failed 29189/-22, size 0-12288 line 2855
[  531.892702] binder: 4653:4655 transaction failed 29189/-22, size 0-0 line 2855
21:14:20 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6c00]}}], 0x0, 0x0, &(0x7f0000000300)})

[  531.964311] binder: 4663:4665 transaction failed 29189/-22, size 768-12288 line 2855
[  531.994132] binder: BINDER_SET_CONTEXT_MGR already set
[  531.996252] binder: 4657:4661 transaction failed 29189/-22, size 0-12288 line 2855
21:14:20 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x80000, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x2, 0x1, 0x6000, 0x1000, &(0x7f0000001000/0x1000)=nil})
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  532.018167] binder: 4653:4669 ioctl 40046207 0 returned -16
21:14:20 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x1200000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:20 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x800408, 0x11, r0, 0x0)

21:14:20 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x500, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:20 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:20 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0xfdfdffff00000000, &(0x7f0000000300)})

[  532.174875] binder_alloc: 4681: binder_alloc_buf, no vma
[  532.213003] binder: BINDER_SET_CONTEXT_MGR already set
21:14:20 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x1000000)

[  532.224227] binder_alloc: 4681: binder_alloc_buf, no vma
[  532.229893] binder: 4681:4697 ioctl 40046207 0 returned -16
21:14:20 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3f000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:20 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x8906, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:20 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:20 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x7a, &(0x7f0000000300)})

21:14:20 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})
r2 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x7fffffff, 0x40000)
ioctl$UI_SET_FFBIT(r2, 0x4004556b, 0x3a)

21:14:20 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x8048000)

21:14:20 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x1000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:20 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x900, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:20 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:20 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x7, &(0x7f0000000300)})

[  532.473335] binder: BINDER_SET_CONTEXT_MGR already set
[  532.494391] binder: 4722:4732 ioctl 40046207 0 returned -16
21:14:20 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x2)

21:14:20 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4800]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:20 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00634040000006000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  532.656397] binder_release_work: 56 callbacks suppressed
[  532.656403] binder: undelivered TRANSACTION_ERROR: 29189
[  532.688944] binder: undelivered TRANSACTION_ERROR: 29189
21:14:20 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:20 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x6000000000000000, &(0x7f0000000300)})

21:14:20 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x8000000000000000)

[  532.701801] binder: undelivered TRANSACTION_ERROR: 29189
[  532.702210] binder: 4756:4760 got transaction to invalid handle
[  532.712810] binder: undelivered TRANSACTION_ERROR: 29189
21:14:20 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3f00]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:20 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x83c, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  532.762467] binder: BINDER_SET_CONTEXT_MGR already set
[  532.795696] binder: 4756:4763 ioctl 40046207 0 returned -16
21:14:20 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  532.848300] binder: undelivered TRANSACTION_ERROR: 29189
[  532.856125] binder: undelivered TRANSACTION_ERROR: 29189
[  532.874549] binder: undelivered TRANSACTION_ERROR: 29189
21:14:20 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x2000000)

21:14:20 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x6, &(0x7f0000000300)})

21:14:20 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x5]}}], 0x0, 0x0, &(0x7f0000000300)})

[  532.899693] binder: undelivered TRANSACTION_ERROR: 29189
21:14:21 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x829, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  532.973279] binder: undelivered TRANSACTION_ERROR: 29189
[  532.982250] binder: undelivered TRANSACTION_ERROR: 29189
21:14:21 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
write$cgroup_type(r1, &(0x7f0000000000)='threaded\x00', 0x9)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:21 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:21 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x80040800000000)

21:14:21 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x200000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:21 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  533.247964] binder: BINDER_SET_CONTEXT_MGR already set
21:14:21 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x82b, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:21 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x200000000000000)

21:14:21 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x2000000000000000, &(0x7f0000000300)})

[  533.308347] binder: 4810:4815 ioctl 40046207 0 returned -16
21:14:21 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6c00000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:21 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:21 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0xfdffffffffff0f00)

21:14:21 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0)
write$FUSE_INIT(r2, &(0x7f0000000200)={0x50, 0xffffffffffffffda, 0x8, {0x7, 0x1b, 0x20, 0x10, 0xf3, 0xffffffffffffff80, 0x8, 0x6}}, 0x50)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140)='/dev/hwrng\x00', 0x0, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r3, 0x8004e500, &(0x7f0000000180)=r4)

21:14:21 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4c000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:21 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x1000000, &(0x7f0000000300)})

21:14:21 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x81c, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  533.562591] binder_alloc_mmap_handler: 72 callbacks suppressed
[  533.562605] binder_alloc: binder_alloc_mmap_handler: 4849 20ffd000-20fff000 already mapped failed -16
21:14:21 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  533.604714] binder: BINDER_SET_CONTEXT_MGR already set
[  533.615806] binder: 4847:4854 ioctl 40046207 0 returned -16
21:14:21 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:21 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x3000000, &(0x7f0000000300)})

[  533.678006] binder_alloc: binder_alloc_mmap_handler: 4855 20001000-20004000 already mapped failed -16
[  533.683622] binder_alloc: binder_alloc_mmap_handler: 4866 20001000-20004000 already mapped failed -16
[  533.715355] binder_alloc: binder_alloc_mmap_handler: 4849 20ffd000-20fff000 already mapped failed -16
21:14:21 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x20000, 0x0)
accept4$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000300)=0x14, 0x80000)
setsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000340)={r3}, 0xc)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:21 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x4000000)

21:14:21 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3068, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:21 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x8864, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:21 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xffffff7f00000000]}}], 0x0, 0x0, &(0x7f0000000300)})

[  533.864616] binder_alloc: binder_alloc_mmap_handler: 4876 20001000-20004000 already mapped failed -16
21:14:21 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6800000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:22 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x7a00, &(0x7f0000000300)})

[  533.935139] binder_alloc: binder_alloc_mmap_handler: 4883 20ffd000-20fff000 already mapped failed -16
[  533.957155] binder_alloc: binder_alloc_mmap_handler: 4892 20001000-20004000 already mapped failed -16
[  533.968882] binder: BINDER_SET_CONTEXT_MGR already set
[  533.974252] binder: 4884:4885 ioctl 40046207 0 returned -16
21:14:22 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x806, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:22 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3060, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:22 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  534.018183] binder_alloc: binder_alloc_mmap_handler: 4883 20ffd000-20fff000 already mapped failed -16
21:14:22 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0xffffffffffffd)

21:14:22 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4800000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

[  534.113694] binder_alloc: binder_alloc_mmap_handler: 4903 20001000-20004000 already mapped failed -16
21:14:22 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0xfffffdfd, &(0x7f0000000300)})

21:14:22 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2000000]}}], 0x0, 0x0, &(0x7f0000000300)})

[  534.166015] binder_alloc: binder_alloc_mmap_handler: 4913 20001000-20004000 already mapped failed -16
[  534.197461] binder: BINDER_SET_CONTEXT_MGR already set
[  534.206622] binder: 4919:4925 ioctl 40046207 0 returned -16
21:14:22 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x100000000000000)

21:14:22 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2500, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:22 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
r2 = gettid()
ptrace$pokeuser(0x6, r2, 0x1, 0x8)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
open_by_handle_at(r3, &(0x7f0000000140)={0x49, 0x8, "ec284fc5cf28005dfcb4b8381383c1ea1245d4790f74f45af2cbab1d3791cd55a9d67e6d0326ef8efda53b271a02670fd10737def7b3ba208c946e9921ec1aa751"}, 0x2000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})
recvmmsg(r3, &(0x7f0000002800)=[{{&(0x7f00000001c0)=@pppol2tp={0x18, 0x1, {0x0, <r4=>0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000240)=""/231, 0xe7}, {&(0x7f0000000340)=""/75, 0x4b}, {&(0x7f00000003c0)=""/123, 0x7b}, {&(0x7f0000000440)=""/175, 0xaf}], 0x4, &(0x7f0000000500)=""/100, 0x64, 0x7}, 0x8}, {{&(0x7f0000000580)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000600)=""/240, 0xf0}, {&(0x7f00000013c0)=""/4096, 0x1000}], 0x2, &(0x7f0000000740), 0x0, 0x800}, 0x3}, {{&(0x7f0000000780)=@hci, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000800)=""/181, 0xb5}, {&(0x7f00000008c0)=""/26, 0x1a}, {&(0x7f0000000900)=""/152, 0x98}], 0x3, &(0x7f0000000a00)=""/2, 0x2, 0xc9}, 0x10001}, {{&(0x7f0000000a40)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000000e40)=[{&(0x7f0000000ac0)=""/160, 0xa0}, {&(0x7f0000000b80)=""/92, 0x5c}, {&(0x7f0000000c00)=""/180, 0xb4}, {&(0x7f0000000cc0)=""/152, 0x98}, {&(0x7f0000000d80)=""/139, 0x8b}], 0x5, &(0x7f0000000e80)=""/88, 0x58, 0xffffffffffffffe1}, 0x3}, {{&(0x7f0000000f00)=@nl, 0x80, &(0x7f00000011c0)=[{&(0x7f0000000f80)=""/88, 0x58}, {&(0x7f0000001000)=""/79, 0x4f}, {&(0x7f0000001080)=""/176, 0xb0}, {&(0x7f0000001140)=""/88, 0x58}], 0x4, &(0x7f0000001200)=""/54, 0x36, 0x10001}, 0x6}, {{&(0x7f0000001240)=@ipx, 0x80, &(0x7f0000001340)=[{&(0x7f00000012c0)=""/72, 0x48}], 0x1, &(0x7f00000023c0)=""/113, 0x71, 0xdf76}, 0x99eb}, {{&(0x7f0000002440)=@un=@abs, 0x80, &(0x7f00000026c0)=[{&(0x7f00000024c0)=""/52, 0x34}, {&(0x7f0000002500)=""/123, 0x7b}, {&(0x7f0000002580)=""/9, 0x9}, {&(0x7f00000025c0)=""/48, 0x30}, {&(0x7f0000002600)=""/53, 0x35}, {&(0x7f0000002640)=""/97, 0x61}], 0x6, &(0x7f0000002700)=""/253, 0xfd}, 0x1}], 0x7, 0x2000, &(0x7f0000002900)={0x77359400})
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000002940)=[@in6={0xa, 0x4e23, 0x1, @dev={0xfe, 0x80, [], 0xa}, 0x1}], 0x1c)

21:14:22 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x807, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:22 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x74000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:22 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x600000000000000, &(0x7f0000000300)})

21:14:22 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000)='/dev/binder#\x00', 0x2)
getsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000140), &(0x7f0000000180)=0x4)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  534.416730] binder: BINDER_SET_CONTEXT_MGR already set
[  534.430703] binder: 4939:4951 ioctl 40046207 0 returned -16
21:14:22 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5800, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:22 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x800408)

21:14:22 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x82f, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:22 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x5000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:22 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x4)

21:14:22 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:22 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})
r2 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x6, 0x40)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x2000, 0x0)
unlinkat(r3, &(0x7f0000000200)='./file0\x00', 0x200)
ioctl$EVIOCGBITKEY(r2, 0x80404521, &(0x7f0000000140)=""/70)

21:14:22 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x5, &(0x7f0000000300)})

21:14:22 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x803, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:22 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x74]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:22 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x400000000000000)

21:14:22 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x307a, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:22 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x8100, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:22 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x700, &(0x7f0000000300)})

[  534.918031] binder: BINDER_SET_CONTEXT_MGR already set
[  534.923372] binder: 4989:5012 ioctl 40046207 0 returned -16
21:14:23 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xa]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:23 executing program 1:
r0 = getpid()
ioprio_get$pid(0x2, r0)
r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x800000801)
r2 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x7, 0x2000)
ioctl$TCSETSW(r2, 0x5403, &(0x7f0000000040)={0x8001, 0x8, 0xfffffffffffffff7, 0x9, 0xb44a, 0x101, 0x0, 0xfffffffffffffffd, 0x8, 0x7ff, 0x2, 0x8})
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0)
r3 = add_key(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={0x73, 0x79, 0x7a, 0x0}, &(0x7f0000000180)="620398c849e180cac909abad319294c11170b9c57240beba68dea9976c838c558b7be1acf40852c72f794bc7bf4e0f8bb3f1c6fc67863f0a61d1b925cf8485c09e0b80a6bce703d38b1276cd52ca98096b059eee6dbe692ba0b8dd99196dee16e679065f1da036a59c1bf6438e0b85b453b6b1293bc5bacc667b8a06b8e6183d9fa561543958dae3a91f77b49ef570308feff9f2d796c223ac2d5fddeb0783d0f7ed43dbe40d3306f6b25524409be3da7d9e7c154c9ab44d8eb87e5e3f262d2094bbc11e0092c9", 0xc7, 0xfffffffffffffff8)
fstat(r2, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
getresuid(&(0x7f0000000300), &(0x7f0000000340), &(0x7f0000000380)=<r5=>0x0)
lstat(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
lstat(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r7=>0x0})
getresuid(&(0x7f0000000540)=<r8=>0x0, &(0x7f0000000580), &(0x7f00000005c0))
stat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
stat(&(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0})
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000780)={0x0, 0x0, <r11=>0x0}, &(0x7f00000007c0)=0xc)
fstat(r2, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, <r12=>0x0})
getgroups(0x5, &(0x7f0000000880)=[0xffffffffffffffff, 0xee00, <r13=>0xee01, 0xffffffffffffffff, 0xee00])
lstat(&(0x7f00000008c0)='./file0\x00', &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, <r14=>0x0})
fsetxattr$system_posix_acl(r1, &(0x7f0000000100)='system.posix_acl_access\x00', &(0x7f0000000980)={{}, {0x1, 0x4}, [{0x2, 0x1, r4}, {0x2, 0x6, r5}, {0x2, 0x2, r6}, {0x2, 0x1, r7}, {0x2, 0x2, r8}, {0x2, 0x5, r9}], {0x4, 0x5}, [{0x8, 0x6, r10}, {0x8, 0x4, r11}, {0x8, 0x7, r12}, {0x8, 0x6, r13}, {0x8, 0x1, r14}], {0x10, 0x7}, {0x20, 0x6}}, 0x7c, 0x1)
keyctl$get_keyring_id(0x0, r3, 0x2)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x1010, r2, 0x2)

21:14:23 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3074, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:23 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x1366613d7836ffb4, 0x0)
fcntl$notify(r2, 0x402, 0x20)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000dff9", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})
r3 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x3, 0x200)
write$P9_RREAD(r3, &(0x7f0000000140)={0x31, 0x75, 0x1, {0x26, "2b6c3c3124aef294fa78584ab221f28abacfab65906173411e91f4c9ec32c2a56165c766a537"}}, 0x31)

21:14:23 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x4305, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:23 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x63, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:23 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x12000000, &(0x7f0000000300)})

21:14:23 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x12000000]}}], 0x0, 0x0, &(0x7f0000000300)})

[  535.197370] binder: BINDER_SET_CONTEXT_MGR already set
21:14:23 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0x0, 0x805)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x82042, 0x0)
write$P9_RREADDIR(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="9f00000029020001000000090000000001000000000000000180000000696c65300203000000070000000000000000000000000000000307002e2f66696c65300904000000020000000000000003000000000000009907002e2f66696c653020030000000600000000000000ff010000000000000107002e2f66696c6530200300000007000000000000002704000000000000400000"], 0x9f)

[  535.243316] binder: 5038:5042 ioctl 40046207 0 returned -16
21:14:23 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x8848, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:23 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0xcf, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:23 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:23 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f00, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:23 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x7a000000, &(0x7f0000000300)})

21:14:23 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x3f, 0x2002)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000080)={0x6, &(0x7f0000000040)=[{0x0, 0xfffffffffffffffa, 0x6, 0xfffffffffffffff9}, {0x3, 0x4, 0x0, 0x3}, {0xf9e7, 0x3, 0x6, 0x7}, {0x0, 0x8000, 0xfffffffffffffffc, 0x1}, {0x1, 0x2, 0x8, 0xfff}, {0x4, 0x81, 0x1, 0xffffffff}]}, 0x8)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

[  535.455676] binder: BINDER_SET_CONTEXT_MGR already set
21:14:23 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4c00000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:23 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = dup(r0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000000)={<r2=>0xffffffffffffffff}, 0x106, 0x100d}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000080)={0x13, 0x10, 0xfa00, {&(0x7f0000000180), r2, 0x2}}, 0x18)

[  535.488794] binder: 5070:5076 ioctl 40046207 0 returned -16
21:14:23 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x8847, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:23 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2300, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:23 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x6000000, &(0x7f0000000300)})

21:14:23 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:23 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x48000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:23 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x805)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x800, 0x0)
getsockopt$inet_udp_int(r1, 0x11, 0x6f, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
r2 = fcntl$dupfd(r0, 0x0, r0)
recvmsg(r2, &(0x7f0000001880)={&(0x7f0000000180)=@xdp={0x2c, 0x0, <r3=>0x0}, 0x80, &(0x7f0000001700)=[{&(0x7f0000000200)=""/239, 0xef}, {&(0x7f0000000100)=""/27, 0x1b}, {&(0x7f0000000300)=""/123, 0x7b}, {&(0x7f0000000380)=""/143, 0x8f}, {&(0x7f0000000440)=""/171, 0xab}, {&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000001500)=""/154, 0x9a}, {&(0x7f00000015c0)=""/26, 0x1a}, {&(0x7f0000001600)=""/250, 0xfa}], 0x9, &(0x7f0000001780)=""/194, 0xc2, 0x8}, 0x40000000)
connect$packet(r1, &(0x7f00000018c0)={0x11, 0x0, r3}, 0x14)
ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000000))
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

[  535.712886] binder: BINDER_SET_CONTEXT_MGR already set
[  535.726471] binder: 5106:5112 ioctl 40046207 0 returned -16
21:14:23 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x8035, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:23 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3006, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:23 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0063404000000000000000000000000b40510dc192c3100000000000000000000000000000000000000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:23 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x4800, &(0x7f0000000300)})

[  535.820913] binder: 5116:5119 ioctl 540f 20000000 returned -22
21:14:23 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x40000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:23 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3003, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  535.878791] binder: 5116:5129 ioctl 540f 20000000 returned -22
21:14:24 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x82c, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:24 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x80010, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:24 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x74, &(0x7f0000000300)})

[  535.950904] binder_alloc_new_buf_locked: 37 callbacks suppressed
[  535.950911] binder_alloc: 5131: binder_alloc_buf, no vma
[  535.985928] binder_alloc: 5131: binder_alloc_buf, no vma
21:14:24 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7400]}}], 0x0, 0x0, &(0x7f0000000300)})

[  536.034752] binder_alloc: 5131: binder_alloc_buf, no vma
[  536.046016] binder: BINDER_SET_CONTEXT_MGR already set
[  536.051319] binder: 5131:5146 ioctl 40046207 0 returned -16
21:14:24 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3004, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:24 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x802, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:24 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})
socketpair(0x1f, 0x800, 0xffffffff00000001, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0x40a45323, &(0x7f0000000140)={{0x2, 0xffff}, 'port0\x00', 0x80, 0x100020, 0x0, 0x2, 0x4, 0x7f, 0x6, 0x0, 0x1, 0x81})

21:14:24 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3, 0x100010, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x1f, r0, 0x20400000000000)
clone(0x80000, &(0x7f0000000080), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)="f5903b5f24e21a8e88215994d3de9a9d0a6448a8b66414f580e43348")
futex(&(0x7f000000cffc)=0xffffffffffffffff, 0x800000000009, 0x0, &(0x7f000000b000)={0x77359400}, &(0x7f0000000080)=0x1, 0x0)
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f0000edfff0)={0x77359400, 0x4}, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000fd7ff0)={0x77359400}, &(0x7f0000048000), 0x0)
clock_gettime(0x0, &(0x7f0000000040)={<r1=>0x0})
futex(&(0x7f000000cffc)=0x4, 0xb, 0x4, &(0x7f000000b000)={r1}, &(0x7f0000048000), 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/autofs\x00', 0x101000, 0x0)
clock_gettime(0x0, &(0x7f0000000240))
sendmsg$key(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)=ANY=[@ANYBLOB]}}, 0x80)
setitimer(0x1, &(0x7f00000004c0)={{0x0, 0x2710}}, &(0x7f0000000500))
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f000000d000)={0x0, 0x7f}, &(0x7f0000048000)=0x1c0000000, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f0000000000)={0x4, 0x40000000006})

21:14:24 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x48]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:24 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3005, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:24 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x4c, &(0x7f0000000300)})

21:14:24 executing program 4:
fcntl$getownex(0xffffffffffffff9c, 0x10, &(0x7f0000000000)={0x0, <r0=>0x0})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x3, 0x0, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000000}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f00000002c0)='/dev/snd/pcmC#D#p\x00', 0x1ff, 0x0)
mq_timedreceive(r2, &(0x7f0000000300)=""/80, 0x50, 0x7, &(0x7f0000000380)={0x77359400})
socketpair$inet6(0xa, 0x807, 0x3, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000240), &(0x7f0000000280)=0x4)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x40, 0x0)
getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r4, 0x84, 0xc, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:24 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x304c, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:24 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x804, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:24 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7400000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

[  536.488923] binder_transaction: 115 callbacks suppressed
[  536.488944] binder: 5206:5207 transaction failed 29189/-22, size 0-12364 line 2855
[  536.491409] binder: 5204:5205 transaction failed 29189/-22, size 0-12288 line 2855
[  536.506978] binder: 5201:5209 got transaction to context manager from process owning it
[  536.521566] binder_alloc: 5201: binder_alloc_buf, no vma
21:14:24 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x2, &(0x7f0000000300)})

21:14:24 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x4, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  536.535965] binder: 5204:5205 transaction failed 29189/-3, size 0-12288 line 2970
[  536.544591] binder: 5201:5209 transaction failed 29201/-22, size 0-0 line 2846
[  536.574756] binder: BINDER_SET_CONTEXT_MGR already set
21:14:24 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x30]}}], 0x0, 0x0, &(0x7f0000000300)})

[  536.602527] binder: 5201:5209 ioctl 40046207 0 returned -16
[  536.602544] binder_alloc: 5201: binder_alloc_buf, no vma
21:14:24 executing program 1:
socketpair(0x8, 0x3, 0x5cdb, &(0x7f00000002c0)={<r0=>0xffffffffffffffff})
ioctl$sock_inet_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000040))
r1 = syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0xffffffffffffffff, 0x800)
r2 = socket$pppoe(0x18, 0x1, 0x0)
ioctl$PPPIOCSMRU(r2, 0x40047452, &(0x7f0000000000))
r3 = socket$nl_crypto(0x10, 0x3, 0x15)
preadv(r1, &(0x7f0000000140)=[{&(0x7f00000001c0)=""/206, 0xce}], 0x1, 0x3c)
fsetxattr$trusted_overlay_origin(r3, &(0x7f0000000080)='trusted.overlay.origin\x00', &(0x7f00000000c0)='y\x00', 0x2, 0x1)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0)
sendfile64(r1, r1, &(0x7f0000000100)=0x3f, 0x0)

[  536.651009] binder_alloc: 5201: binder_alloc_buf, no vma
[  536.657715] binder: 5201:5217 transaction failed 29189/-3, size 0-0 line 2970
[  536.673486] binder: 5212:5213 transaction failed 29189/-3, size 0-12288 line 2970
[  536.686762] binder: 5206:5207 transaction failed 29189/-22, size 0-12364 line 2855
21:14:24 executing program 4:
r0 = syz_open_dev$adsp(&(0x7f00000001c0)='/dev/adsp#\x00', 0x3f, 0x101000)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000200)={<r1=>0x0, 0xffffffffffff8001}, &(0x7f0000000240)=0x8)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000280)={r1, 0xfffffffffffffffd}, &(0x7f00000002c0)=0x8)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0x2, 0x5, 0x8, 0x1, 0xfffffffffffffb3b, 0xffffffffffffff4c, 0x7, 0x7ff, 0x0, 0x1000})
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000300)='erspan0\x00', 0x10)
getsockopt$SO_COOKIE(r0, 0x1, 0x39, &(0x7f0000000140), &(0x7f0000000180)=0x8)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  536.690958] binder: 5223:5225 transaction failed 29189/-22, size 0-12288 line 2855
[  536.718371] binder: 5212:5226 transaction failed 29189/-22, size 0-12288 line 2855
21:14:24 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b00, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:24 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x22800, 0x8)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000080)=0xc)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000000c0)={<r2=>0x0, 0x4}, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000180)={r2, 0x40}, &(0x7f00000001c0)=0x8)

21:14:24 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x6800, &(0x7f0000000300)})

21:14:24 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x6, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  536.854592] binder_alloc: 5240: binder_alloc_buf, no vma
[  536.886456] binder: 5240:5241 transaction failed 29189/-3, size 0-0 line 2970
[  536.898138] binder_alloc: 5240: binder_alloc_buf, no vma
21:14:24 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x68]}}], 0x0, 0x0, &(0x7f0000000300)})

[  536.914018] binder: BINDER_SET_CONTEXT_MGR already set
21:14:25 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x408600, 0x0)
ioctl$ASHMEM_GET_NAME(r1, 0x81007702, &(0x7f0000000040)=""/158)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:25 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  536.936747] binder: 5240:5253 ioctl 40046207 0 returned -16
[  536.947671] binder_alloc: 5240: binder_alloc_buf, no vma
[  536.961862] binder_alloc: 5240: binder_alloc_buf, no vma
21:14:25 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0xa00000000000000, &(0x7f0000000300)})

21:14:25 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r2, &(0x7f0000000140)=""/4096, 0x1000, 0x62, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000001140)='/dev/hwrng\x00', 0x600, 0x0)
ioctl$PPPIOCGCHAN(r3, 0x80047437, &(0x7f0000001180))
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:25 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6c]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:25 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x9, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:25 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0x1010, r0, 0x0)

[  537.145656] binder: BINDER_SET_CONTEXT_MGR already set
21:14:25 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3007, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  537.180211] binder: 5275:5280 ioctl 40046207 0 returned -16
21:14:25 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x7400, &(0x7f0000000300)})

21:14:25 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:25 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:25 executing program 1:
inotify_init()
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0x0, 0x802)
mmap$binder(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3, 0x1010, r0, 0x4)
r1 = socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_inet_SIOCSIFPFLAGS(r1, 0x8934, &(0x7f0000000000)={'ifb0\x00', 0x8001})
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2000001, 0x1010, r0, 0x0)
modify_ldt$read(0x0, &(0x7f0000000180)=""/4096, 0x1000)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x680000, 0x0)
ioctl$BLKREPORTZONE(r2, 0xc0101282, &(0x7f0000001180)={0x6, 0x7, 0x0, [{0xe0, 0xfffffffffffffc01, 0x7ff, 0x7, 0x7f9, 0x1, 0x8}, {0x2, 0x7fff, 0xaf, 0x9f6, 0xbe7, 0x0, 0x4}, {0xde00000000, 0x3, 0x1ff, 0x7, 0x4, 0x54bf, 0x9}, {0xffffffffffff2db7, 0xffffffffffff8001, 0xef, 0x46, 0x1, 0x2, 0x7}, {0xe561, 0x400000000000000, 0x7, 0x8, 0x5, 0x2, 0x4}, {0x101, 0xc63, 0x1, 0x1, 0x1, 0xb612, 0x400}, {0x4, 0x12, 0x4, 0x3, 0x90, 0x8, 0x2}]})

21:14:25 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3012, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:25 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x6, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:25 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x68, &(0x7f0000000300)})

21:14:25 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x300000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:25 executing program 4:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000740)='/dev/binder#\x00', 0x0, 0x2)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0063404000000000000000000000a553000000000000000000000000000000000000000000000000000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})
io_setup(0xfffffffffffffff7, &(0x7f0000000000)=<r3=>0x0)
r4 = syz_open_dev$admmidi(&(0x7f0000000200)='/dev/admmidi#\x00', 0xe1, 0x40002)
socketpair(0x1f, 0x5, 0x1ff, &(0x7f0000000340)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000440)='/dev/vcs\x00', 0xa00, 0x0)
r7 = fcntl$dupfd(r0, 0x406, r0)
r8 = syz_open_dev$midi(&(0x7f0000000640)='/dev/midi#\x00', 0x10000, 0x400)
io_submit(r3, 0x6, &(0x7f00000006c0)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x5, 0x4, r2, &(0x7f0000000140)="238308a87ccac5b135e9f2f06063e67df2baa7c5ae6e616e8a841f7641cd85927d9db498802b71261a701ad35eeaea3008762a4dc20d089ba53c8050e431b54a3b09726411e758b212a04cdbc04027af0e6fba56600a4043b5768a46cbb8ceb4e1c356e3e7b8f20b78fc9ef901a5133fa3a45b28ed98f2dfd9eca287b1039a088ccd3e572c2ba0e3f986ab9dc06614492b9347d6dcfdf1e1524f3ae7d9da7e651eb6a790b5f1c4aa1321ba8b09600c0ec917f13c07f55eb0c38f", 0xba, 0x8, 0x0, 0x3, r4}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x7, 0x9, r0, &(0x7f0000000280)="cc617732dceb4e64c33f3f0ad448368c077d6f5781e754382dc5c2cbe6a564cfc82c1619710ba2e9a5e23d255050e4863f40c5caa33b93d600a4d4cc186c13bb7e4c7343105f967265b17c36e37c24abfda5b22f3312e072dd84c851b4acc03fda8b3b8a09cf9287d5569a1f61caf1c4c5df543c850cef63fd6451b29457c39367b6441aed979ae258484ca7c2f410ecc6b5028fc7d6f6a4cee0462154714dcaf8396f65576be2", 0xa7, 0x80000001, 0x0, 0x0, r5}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0xd, 0xf45b, r2, &(0x7f00000003c0)="fc39b98f750e1801e580e1d0e42778355ee36c04e2c8defc92d91f3f904d2a51c93a7ea0e51a05c5aa72fa8ce08c848225384ac91814e8e071026a0c367e34ed48b9c5cd0287bf8d9229cea6eec041e5d426ed63235d11aa91ba44", 0x5b, 0x3, 0x0, 0x2, r6}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x2, 0x4, r1, &(0x7f00000004c0)="564304cc8ecdb7bde566cfab27bce9d9088ca08648c867e4c2e234b854cf80c770c846fb824848e47f6da502abe67a79e71cdb92801a", 0x36, 0x5, 0x0, 0x1, r7}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x3, 0xffffffffffffffff, r1, &(0x7f0000000540)="804cb01ef41801cb809a87e17feb6e1526c34eda48e406cb15ef6605ec3dd02456ea07f062cc4df99fb5cb61d3c0f89a1bea3941ddec2b1d0d00d4c21c424c6f2d1120c4ca6ad315f6c5f8b530750fb4d88fca0191df88122aa4b8e3be9bc1957b9b36a59f01460f8b85445893300525e867611acfc6d15262c2250f138a2e6d200f8f86889e7bbb114ecfb4a6111e6880dd98b41ef2f6b029c353867a", 0x9d, 0x72be00000, 0x0, 0x3}, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1, 0xfff, r2, &(0x7f00000013c0)="be51937bf5169fca58862bac973011d8fca5c4f7b826aaaeed974b67ce87244438493d3ebc7a1ebce9f3ff93d5688da55f5f24ddd12365cfa9fe26b65822be152136d77c424f20a9a0e5d81349971310f5a650de37f44bb3202d4a8b4ba75e40aa9a33b2b1d7ad36b95f6cb3f96ca382eb11ee84e948aa18f4bb93c5b82788c38762f2e0dd0fbe324c727e4d9fba55b1b1c699f3997aba292d752735746aef3cc8c37022397d1629bfaa7baf325dff0af3ab608506539fa056c7adb560f4055f576c496b61a36622cd8c1c529b1d2b8c14ed02df73ae01d4da9f7e53b27d840eb0429f1c28024944c0eba76338a080f3e1f8eac86317fa4fad2fc21ad706001523edf08a1868ef64de089ee1c8e07ec8e8e81f3a6ab558849f7e748ecff541bb6ab6ea410afaa21a3af82e705ff890b1453eba8a773306ccbd663d496610203737f2e51c142767699b37ccdd733e898dc148f2c1564adcc02fe8ad3ff70c7a48c84a75d1a6a8bc91aea375926fcb1403435680ad2c99f488c8397a56f42b88f2473270ad383bbbc6c28668b9dd1c198b882332637cbe5def5e9f7d3bd57326f332fe76b7e8b17b85aac7fc09b460d904638b114a6b1e84e13faf11809c702e2361ddb251e8d2a0983f0b920e8921ed9f7a41a58a484dcf842fcd61df6fdd6a9ab9250ec6aade8217ca9f983484288c39e6400da1ae088b5b6e64a38b22d462166e7d2f8f68655e0ada33731bad080c25fd8b4f0b5adf3a42c7a12eaef4530febe9f777a6c209311396ed4e2935e114aa3c474f9f60fcf05344fd4bb4ea8d3017a181c1450044bbfd440f252f619bc30bbeb6d4d0d88abdb642b0fd269daf9448de54c4e7d8f61534475a94457009e476ee8c422ef75156aa29fa0a441a940f4d4c81943d284a56de7cc7cc50bf82d0e8526c0f41d09d0b64c4e83dc0db9b323ac2609f74b39c67fdd436b2c7d2e9831c9a83dcaeac33659cb3f45348b013a1849e963ec32218543d41ac630aed3ff21a3550629c9992ea9553d3d14b3612e474016c21839a07801cf6ad1a019ac48f1b615319a7406408af8cf2d50d9e736455fc5763461ec4324b06e914d6e922df55c1cf0335e30705b5d188e9d410b267639247f6b0aec00107cfe3f3c9cc20df23d9ebd7eb54c3dd0bb3144101a6b9f0c4ecdc6477a1a941b03eec6184556b80110f8c4a255dfb93682c072afc3661b1e7f9af40ed39c7ee9bbee092c5071b777c30fe8e2e9c307ab4b2bce9643bb1c54f2cd8ce4c299a6c91a2576a693dab45558b070b0c702f161445ba113361e0ba08da388923693807a69c91c6b0ff6529f482b421f6bf8f5d97e68276aad34c324c671054835668c513402987c313c516e4da1f436a5d17a11d77bc03583675323a4ca5fd9ad85558ad1cbb8cae674f9d6d9833d09e41f7f6debb74e9f074c0b8c119d80b0159bceab27688fb8a6d7778c7e10ea1ce64a2a672fb176ab147174640337420eb08849f45c0649773f5fd52e2a437d13ffd7e4430d530c363a636ba9948e7b281c9d6daa7ab4b48c52933f2d704f97d12802d05af15e2778458b782ef8f3f1cb28bbc056e9ca023d7054287ae7248ba9acc7309b63cec8f861916076174a8a45137ce4411a201e51e464f5b01977c782e4919eeb08eed0c55f76dc2e6d74d4d0c502b2d5b236aea72cf24ec78beaf0861ae26ee49569ab7635f93ae0849469cf9ecd5c3a5f17bc8e6b4b8c320d9a93e4cd5ad12ee0e4b6da257231263656e5c6cb5b3f61de4430cc2da065d85a75be6ce38e3ba1d95597c684a99895fcd38a8833aa9f5cb146e3bbcdaf8dd5244f686b735be599da7c9d0ac9d0ffb165e1fd1c4e7b8e0e71e5e2257f139317b919510b97ef21af31892afce85da72534ec6ba6b467e9a3bdef0315d2735521cec618ff3e6d185679a8158e7398e88ef2e68409cd7b3780b992ab960a7370d43be9374ffba9171d6f78574338a6ca619f568f9695bcd7bd99a30b55ba7f839e04d4b93f91514d9f726e3028bd8361348ddfbf31ad88aca2c9df07261c0777fd2732273aa07e49459634d6720d4800be527ff9c42299dc2ad2ae860be7fd710df06d874392a67897661dbe003977907f0f9a8f568e7423eb54678b4aa4d9c789e6a717acd9bccc83bd7f6776da2940f38bd307f50073f8957af5c0a7cce748d0c14ef2e68139840dc4d8a190e090c454462997add20fad299c62e8ce471b4f3d536a28a2fdc88d557a321b758cc23747d218f2fe80fd7a036afa541161d23470a871f65fc633c5d55afc7e1a61de0f76bf4f763e8b0d083fcef950bc65fb15669fdcf36a43e7d25732303dc0078ed7840b8de7f7c8359d6323a8ef86a31dc4e4b50c7a7f7e79ffe510a5d935c91619182c7ffcd5dcff0bc85436ea92cbecb0d18425a0e7447de3ae00f1474ca1943670f118fd5fe670c5331fa86256c635b2f7d2ee19a68b63253ff99b96f79d586398487ab29ab076e782c7846f92652f37a9e6c71d73e81d5f3cda353ceab18108350ecb77ecbf8c827eca6c26947918e0dcde7c6922d76f689e0f166c06a0f7c7cd652b0e91a3dd63d32571571cdc7cc2c1eeda1e5508b32e9e0e534d1e30784175944920e40e2d2a6ba9bafe4915f2aa81bd9085d68cbc9f536902c0d8bb0a783154230a3a0a5590772c4eb84bb9ffb323b627bae98a7096e2ac5c042a8d55ac8b489ce941e5d1f6443d2455acd3aaa690ad6c898fd6f9e4defc4e95c7e45a3309d120b33ed7581dbdc413cbabb91e37e7ee456f3b42e555756069b56e2bb46ba3b8082f6e527bfead30bc8751b02268626a2868e8f90d8e34ab76fb9b0d9097424e5284af536320ced304f1416720e6686d01ba43fc0e1669e107ad2d15d663c579a608bb0c94c0190bd15b58f2397e2f6725f6286b08d228a390de23ec79c7434cd8308bbca39a3b3c951254042205b83aec7ea1482c74c9e0d38190946cebc26c7e309cc92cae82f5999df1f80802282cbbf5fa90cab0d7db1131d86266e62664c585864a85520a4929ba8db003db397057198b638e53555fddefa8dc7e43f94d5dd58ce937aa3345952a4b45dc930fe5613fd70a633770865899e27f1ae288a9905b1a8d50fd4fc9405007aa18caeb8bc7708962ad3d78ba422e2d89b884f7275473fa384b25246ec1162b59311b0b70bb72735624c330dd7e7c8ed097b673f05210312e9660b1dd9b0daeb8c2755c5ec8d1f31953483164ac3aba67803912e869e78742f7c66a90db9a7909c6a7f7eb2a8d4d28e032d11a531dfced28ba7f485475dca9303be1d115f7a4699f61aa21667ecbfee1d383d6d38cbfac67ba4e32ed873f182faf3c4e4075e6bfcc16d28979e228aa286978b822745f72f03d00e3a4a8b58723397b33f1b5aae14343c492cdf85cf5a3135120b5305b7587c140648ef8cd58c75188d6b6eabc15af4032d35bb2de4017d5a88682b35ac38742375916453e0424cee12b8491bfd519aca0192f66e7d71cb456528a291b02125a2f0e85f17adf032459b7629de82d3cdc4b2ee24e0e6adf3dd17072eba37105bc639869fd68455c790055331b5029772853d079e1f72b03656cf07362e1f8ebdc567d11f7b95b37011c552047f3d8af78275857952a7ca86d26d45639b62d757a60000a98dfc9278d638d91a4de2f559b1497a14d6eda3764e758cca0f534f0e1b00cb615d23f1fa0a688c814f3d092d0175ffd31733d2e899033fb6d8bbd238180788234eebd7a41655a037b7698f12f9436e9dd03be695bed0c12259214b896809cd359b4f08fee5ff64309347d7b300c2cd32030e9dd91425c68477f290161acb103e88c0aeeaadb422474ab52c5bf7ef35f00e608b50caa025d5d0426bb3001759eb5b16d2926fd800d07d91edd5bca86180154f932688427970b6a66713629a8f47f3746150273669ace21701415a1d4d84107cb8cccff68ff159a6b1bffd1e43b946f5828532ead408b0d0ac3c7581ded9b6a6688afbb5e735dd1bc6d969f7bdc41dd7591ccdbe7fa7192e74880eb1b827deef49c586ad20a208565d5d98b76b7d27c054ae94272566b69c7ba4d4078dea93f2587410542c3828c8419a5c8813774846af3992a6bde747752651b6cbaf5df5ddee04b5bb87800689f536077e8acb67633fa5b2cf303c68f318662c7f71baf4896c413b52372f2b59c37c972f9b40248609919df92c24f073b3fd3fb26932c92a46467530dc683f79b8fd693239c049819322040abb8084e576a7fd2df6dfbab64708a47b2b0688d50e02db0597ed56a2c5abb4f3b02532109b6a409755bc2bf5f1bbd990619f581a8c25b6eb81a16453c9a6df8840aaefaa417bc19015b236b8c0c8eb5b8d65b8d2f54e2d5de1f687a6d8ad2672dfc6b7b0e98b8b571c9eabcaca3634d4ed3adf2a8a3bc294518eac34b6d9cbdadfd5a4a0c9e29b9f558af0d7f6aa7d9c5e54864559410ca626097f466269396359ac76b2bfc310e102661e12cc82a6d70a584a1fcdcc51b6743d598856c43d8fd5d462fce2a780819361b90ada8d1a3f9a3f90b8013466f7e0cedee58477aac8d3876c3487c5f29602b274f66ea295ddb005e0c2accc05c8d5b81ea0ce5c9b156893d2ce8cb240d8cf09fb301652f3c52d14a2d06edfb1cb62922fc3b42c0709abbe4e60890ec4a8389bfcf37bdad07a772717c227b63551d6dd7cdadf9e70fbd8ab5585758414ebdb9001f0a39446045d10ec5b5e42931b7b70c8084a30a0ec2c0af7a6a7b2f68fdef7461acd60efa0e3956c1ec34b251a9f10120c1af26d9e80cf52e06be4580f18620a640086d05acc387c5560c600de589b80735d299552a40e243282cfc3ea7fddafe7d05e1f219836c73c8c29bbcda61f3d782f9a41267e2487bfa7db7e0ade532ca24edc725d31de2abf597a5eebffba210eb86eb540a650dc0b5dd63bf4e173c0365a95cbd701fb50aecfe34d060e4af82430004952c5f87b07146397b425cb950ca5831823966e1dc7059331caa3366d3ad5c92223019507ba379a5e2286561b9b05f07e3f38d61811dd213d5fe95c21058419d4fd9f689bcac067689f849f08c22054cf4c6418250e82dfb64dac25129513a79f0285e2f563035b6f89fa36271011efabccf2b4e005a882b78e7d34990cc681549fc515a6078904e37bd7ca0504c8f382ce3dd9eade0622cfdab17db5d40bdf0e1005bbe3bed1215615908e53403b488422b85de11981af2da4e107838795f7d0fee74fe6b0c81881d76c52e907ae636e2e605d4e12fa6970cf988a87e37c19b75233d57ef4a2f41ab376f09217b9360b13942c95364d697c62fd61b923a093f8248377ae1071dfc54f6c2d5dc5a6d6d753aa0f1748d4661a0bf27f53ebd1e212edf7f86bff6e8515c42c5d4147c8f008bc63914e09ef9d913ef0643ca012b0b852c7a50ba0d7cfb740125d5390a719f78402802a4897c52f3d57a240d61fbc6a37e036e6b2c0c2b78556a75529e8076dcc1627b36342b427d21c29fadb3c18f8568b41156a136d2bef29792714e697fcccc7ddd7cebdbf56ba5953a4e4a339ef5b7a935e60631a0dab6ab26e596952e46c21f1174100643cd28659979e70dc34b02daf0388cb773f0b9b272151e88497b494536daafced3320e77e5e04f91b02effeb23eb9f652798931a3ee87694d74838ab02bdebaa3d3734ef663ef414f88af22b95e17051054fb3fac488a82bfb4905a4bb43a392cad6b6fa9a58d60e8fc567831cebf235270f85f1f22a2c8434044cc22b8c47acd7115", 0x1000, 0x0, 0x0, 0x0, r8}])

21:14:25 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x800)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x10, r0, 0x0)

21:14:25 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3002, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:25 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x2, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:25 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7a00]}}], 0x0, 0x0, &(0x7f0000000300)})

[  537.611253] binder: BINDER_SET_CONTEXT_MGR already set
21:14:25 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x1200000000000000, &(0x7f0000000300)})

21:14:25 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
chdir(&(0x7f0000000000)='./file0\x00')

[  537.635447] binder: 5338:5355 ioctl 40046207 0 returned -16
21:14:25 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7a]}}], 0x0, 0x0, &(0x7f0000000300)})

[  537.701322] binder_release_work: 98 callbacks suppressed
[  537.701328] binder: undelivered TRANSACTION_ERROR: 29189
21:14:25 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x3, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:25 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x306c, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  537.765115] binder: undelivered TRANSACTION_ERROR: 29189
21:14:25 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x20000000, &(0x7f0000000300)})

21:14:25 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000000))
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:25 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x300000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

[  537.829444] binder: undelivered TRANSACTION_ERROR: 29189
21:14:25 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x10, r0, 0xfffffffffffffffa)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x80, 0x0)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0086426, &(0x7f0000000080)={0x8, &(0x7f0000000040)=[{}, {}, {}, {<r2=>0x0}, {}, {}, {}, {}]})
r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000180)='fou\x00')
sendmsg$FOU_CMD_GET(r1, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x6040000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x20, r3, 0x800, 0x70bd2b, 0x25dfdbfd, {}, [@FOU_ATTR_PORT={0x8, 0x1, 0x4e22}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4008010}, 0x400c0)
ioctl$DRM_IOCTL_UNLOCK(r1, 0x4008642b, &(0x7f00000000c0)={r2, 0x2})
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:26 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x9, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  537.932577] binder: undelivered TRANSACTION_ERROR: 29189
[  537.953139] binder: BINDER_SET_CONTEXT_MGR already set
[  537.965521] binder: undelivered TRANSACTION_ERROR: 29189
21:14:26 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:26 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0xa00, &(0x7f0000000300)})

[  537.979613] binder: undelivered TRANSACTION_ERROR: 29189
[  537.987097] binder: 5399:5402 ioctl 40046207 0 returned -16
[  538.008924] binder: undelivered TRANSACTION_ERROR: 29189
21:14:26 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300a, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:26 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
r1 = dup2(r0, r0)
getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f0000000000)=""/189, &(0x7f00000000c0)=0xbd)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:26 executing program 4:
r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x78c31e06, 0x20000)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1a, &(0x7f0000000140)={<r1=>0x0, 0x31, "2da353f28b51cd154c4a7fac2eba949b3462a89835265eda596116c53972865373a0a1e03f1967b9d17d4881010954694e"}, &(0x7f0000000180)=0x39)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000006c0)={{{@in=@multicast2, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@dev}}}, &(0x7f00000007c0)=0xe8)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000800)={'vcan0\x00', r2})
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f00000001c0)={r1, 0xffffffff}, &(0x7f0000000200)=0x8)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  538.093026] binder: undelivered TRANSACTION_ERROR: 29189
[  538.099588] binder: undelivered TRANSACTION_ERROR: 29189
21:14:26 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x7, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:26 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x600]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:26 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f5e0ff, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  538.185728] binder: undelivered TRANSACTION_ERROR: 29189
21:14:26 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0xa, &(0x7f0000000300)})

[  538.251619] binder: BINDER_SET_CONTEXT_MGR already set
21:14:26 executing program 1:
r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x401, 0x2)
write$P9_ROPEN(r0, &(0x7f0000000040)={0x18, 0x71, 0x2, {{0x91, 0x4, 0x3}, 0xf917}}, 0x18)
r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0)

[  538.291868] binder: 5436:5437 ioctl 40046207 0 returned -16
21:14:26 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x89ffffff00000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:26 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xffffffff00000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:26 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d00, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:26 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
unshare(0x9a21b4dfbf577ed9)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0x5e, 0x0, &(0x7f0000000140)="59b003f1cf165cb3c644c82894220882e6029fbc7f9674194a165ab99480e7051065252fc191c5dba375ea155b8e8fd46ad43a2b2e020b31fc273783497442f3e8d12859684416cb94c65ca4c53a6cd45dd880c96d25d7fa11fd6d725cb6"})

21:14:26 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x7000000, &(0x7f0000000300)})

21:14:26 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x200000a, 0x11, r0, 0x0)

21:14:26 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x30000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:26 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0xffffffff00000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  538.530590] binder: binder_mmap: 5478 20ffd000-20fff000 bad vm_flags failed -1
21:14:26 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3048, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  538.580534] binder_alloc_mmap_handler: 67 callbacks suppressed
[  538.580569] binder_alloc: binder_alloc_mmap_handler: 5475 20001000-20004000 already mapped failed -16
[  538.610618] binder: BINDER_SET_CONTEXT_MGR already set
[  538.610783] binder: binder_mmap: 5478 20ffd000-20fff000 bad vm_flags failed -1
[  538.629970] binder: 5479:5486 ioctl 40046207 0 returned -16
21:14:26 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x20000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:26 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0x12, 0x0, &(0x7f0000000000)="97cfc4420a610389a6c1867234697a78c819"})

21:14:26 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0xfdfdffff, &(0x7f0000000300)})

[  538.658891] binder_alloc: binder_alloc_mmap_handler: 5495 20001000-20004000 already mapped failed -16
21:14:26 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x12200, 0x0)
syz_open_dev$midi(&(0x7f0000000100)='/dev/midi#\x00', 0x800, 0x2a01)
ioctl$RTC_IRQP_READ(r1, 0x8004700b, &(0x7f00000000c0))
r2 = syz_open_dev$sndpcmp(&(0x7f0000000080)='/dev/snd/pcmC#D#p\x00', 0x8, 0x240001)
syz_open_dev$amidi(&(0x7f0000000180)='/dev/amidi#\x00', 0x9b, 0xdcbd6f98a9beeb79)
ioctl$TIOCPKT(r2, 0x5420, &(0x7f0000000040)=0x29)

21:14:26 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xa000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:26 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x68000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:26 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x2000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  538.835749] binder_alloc: binder_alloc_mmap_handler: 5514 20ffb000-20ffe000 already mapped failed -16
[  538.850907] binder_alloc: binder_alloc_mmap_handler: 5505 20001000-20004000 already mapped failed -16
[  538.871260] binder: BINDER_SET_CONTEXT_MGR already set
21:14:26 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x4c00, &(0x7f0000000300)})

21:14:26 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x42202, 0x0)
ioctl$NBD_SET_SIZE(r2, 0xab02, 0x2)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  538.884878] binder: 5506:5519 ioctl 40046207 0 returned -16
[  538.894274] binder_alloc: binder_alloc_mmap_handler: 5522 20001000-20004000 already mapped failed -16
[  538.904047] binder_alloc: binder_alloc_mmap_handler: 5514 20ffb000-20ffe000 already mapped failed -16
21:14:27 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x68000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:27 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x200, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000040))

21:14:27 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:27 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7a000000]}}], 0x0, 0x0, &(0x7f0000000300)})

[  539.011168] binder: BINDER_SET_CONTEXT_MGR already set
[  539.020350] binder_alloc: binder_alloc_mmap_handler: 5529 20001000-20004000 already mapped failed -16
[  539.034174] binder: 5530:5539 ioctl 40046207 0 returned -16
21:14:27 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x300, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:27 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0x29, 0x5, 0x0)
setsockopt$sock_int(r2, 0x1, 0xc, &(0x7f0000000000)=0x9, 0x4)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:27 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x6c00, &(0x7f0000000300)})

[  539.164303] binder_alloc: binder_alloc_mmap_handler: 5552 20001000-20004000 already mapped failed -16
[  539.187142] binder_alloc: binder_alloc_mmap_handler: 5553 20ffd000-20fff000 already mapped failed -16
21:14:27 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x1200]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:27 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6]}}], 0x0, 0x0, &(0x7f0000000300)})

[  539.231536] binder_alloc: binder_alloc_mmap_handler: 5553 20ffd000-20fff000 already mapped failed -16
21:14:27 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x4, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  539.285764] binder: BINDER_SET_CONTEXT_MGR already set
21:14:27 executing program 1:
timerfd_create(0x7, 0x80802)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x80000, 0x0)
r1 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x6, 0xa010, 0xffffffffffffff9c, 0x0)
ioctl$TIOCCONS(r0, 0x541d)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000040)={r1})
r2 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000002, 0x13, r2, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="150000004c00000009000000000000000000000000"], 0x15)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r2, 0x0)
syz_open_pts(r0, 0x0)

[  539.325879] binder: 5563:5570 ioctl 40046207 0 returned -16
21:14:27 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x700]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:27 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4000000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:27 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x60, &(0x7f0000000300)})

21:14:27 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})
ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000000)={0x5, 0x7, 0x6, 0x2, 0x9})

21:14:27 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x200000000000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  539.446403] binder: binder_mmap: 5588 20ffd000-20ffe000 bad vm_flags failed -1
21:14:27 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x74000000, &(0x7f0000000300)})

[  539.528543] binder: binder_mmap: 5588 20ffd000-20ffe000 bad vm_flags failed -1
[  539.552729] binder: 5591:5597 ioctl 401845e0 20000000 returned -22
21:14:27 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x500]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:27 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xa00]}}], 0x0, 0x0, &(0x7f0000000300)})

[  539.591448] binder: BINDER_SET_CONTEXT_MGR already set
21:14:27 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$IP_VS_SO_GET_DAEMON(r1, 0x0, 0x487, &(0x7f0000000000), &(0x7f0000000040)=0x30)

[  539.626537] binder: 5591:5609 ioctl 40046207 0 returned -16
[  539.643593] binder: 5591:5602 ioctl 401845e0 20000000 returned -22
21:14:27 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x1c00, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:27 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x6c, 0x8000)
ioctl$KVM_REINJECT_CONTROL(r0, 0xae71, &(0x7f0000000080)={0x5})
syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)

21:14:27 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x7400000000000000, &(0x7f0000000300)})

21:14:27 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6c00]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:27 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
socketpair(0x3, 0xa, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$UI_SET_ABSBIT(r1, 0x40045567, 0x4)

21:14:27 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xa00000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:27 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x2b, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:27 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x6c000000, &(0x7f0000000300)})

21:14:28 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7a00000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

[  539.926554] binder: BINDER_SET_CONTEXT_MGR already set
[  539.958435] binder: 5630:5645 ioctl 40046207 0 returned -16
21:14:28 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x800, 0x0)
ioctl$KVM_GET_PIT(r1, 0xc048ae65, &(0x7f0000000040))
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:28 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6c]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:28 executing program 4:
r0 = syz_open_dev$sndmidi(&(0x7f0000000140)='/dev/snd/midiC#D#\x00', 0xfffffffffffffff9, 0x400)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000180)=ANY=[@ANYBLOB="0000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000c0ffffffffffff7f000000008000000000000000eed40000000000000400000000000000000000000000000000000000000000000000000000000000ff0300000500000010000000000000000900000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000017000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040020000000000000000000000000000000000"])
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x101000, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000004c2782ba11860000000000000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})
timer_create(0x6, &(0x7f0000000440)={0x0, 0x19}, &(0x7f0000000480)=<r4=>0x0)
sysfs$3(0x3)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000004c0)={<r5=>0x0, 0x401, 0x2, [0x5, 0x4]}, &(0x7f0000000500)=0xc)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000540)={0x7, 0x3, 0x6, 0x4, r5}, 0x10)
timer_getoverrun(r4)

21:14:28 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x2f00000000000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:28 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x1200]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:28 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000004, 0x5114, r0, 0x8000000)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x110, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:28 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xfdfdffff00000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:28 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x68000000, &(0x7f0000000300)})

[  540.233018] binder: BINDER_SET_CONTEXT_MGR already set
[  540.274745] binder: 5675:5676 ioctl 40046207 0 returned -16
21:14:28 executing program 1:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xd2, &(0x7f00000001c0), 0x100)
r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0xfffffffffffffffd)
socket$bt_hidp(0x1f, 0x3, 0x6)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x4010, r1, 0x4)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x301000, 0x0)
ioctl$KDGETMODE(r2, 0x4b3b, &(0x7f0000000040))

21:14:28 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x68]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:28 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4c]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:28 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x6000, &(0x7f0000000300)})

21:14:28 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:28 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x2f000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:28 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:28 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4]}}], 0x0, 0x0, &(0x7f0000000300)})

[  540.496509] binder: 5717:5718 got transaction to context manager from process owning it
[  540.517945] binder: BINDER_SET_CONTEXT_MGR already set
[  540.540704] binder: 5717:5721 ioctl 40046207 0 returned -16
21:14:28 executing program 1:
socketpair$inet6(0xa, 0x0, 0x5, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
readv(r0, &(0x7f0000000100)=[{&(0x7f00000000c0)}], 0x1)
pwrite64(r1, &(0x7f0000000080)="5f97f02302f648754dc9b255534b0aa612f0fabe2c2d3dcd456ae59e15603f", 0x1f, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB="2c726f6f746d6f64653d30303030303030303030303030303030303034303030302c757365725f69643de81ad922a96cafa2d3f85531bd8de3d531b3587c710e20ee06c7fd37bd643e98c4bea09b8bc57c25ca1879045e0371cd7156bc78b315c3b38f4d691037af519c0c25027b7471dc568c8a5bf9e04e259f15acad6319548912a7366ba459cfbf34c102f168954bc4f4c101cad26acbfea1df1b96de8e96b852531e8457d47a8df30bc63c2e55500c3137605c499f", @ANYRESDEC=0x0, @ANYBLOB="000000003a9dfa0f235bb39d234700fe7f000000000f25c98deac4d9405763bb930febe56c", @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
stat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000240))
stat(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000480))
read$FUSE(r2, &(0x7f0000001000), 0x1000)
read$FUSE(r2, &(0x7f00000020c0), 0x1000)
write$FUSE_INIT(r2, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50)
read$FUSE(r2, &(0x7f00000030c0), 0x1000)
read$FUSE(r2, &(0x7f0000001000), 0x1000)
listxattr(&(0x7f0000000180)='./file0\x00', &(0x7f0000000040), 0xffffffffffffff94)
write$FUSE_LSEEK(r2, &(0x7f0000000380)={0x18, 0x0, 0x4, {0xfffffffffffffffe}}, 0x18)
clock_gettime(0x0, &(0x7f00000001c0)={<r3=>0x0, <r4=>0x0})
nanosleep(&(0x7f00000002c0)={r3, r4+10000000}, &(0x7f0000000340))
r5 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000003, 0x11, r5, 0x3)

21:14:28 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x4, &(0x7f0000000300)})

21:14:28 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x3c00, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:28 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00634040000000000000e30000000000000000000000000000000000000000000000000000000000000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x40400, 0x0)

21:14:28 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xffffff7f]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:28 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x600000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

[  540.757412] binder: binder_mmap: 5735 20ffd000-20fff000 bad vm_flags failed -1
[  540.779978] binder: BINDER_SET_CONTEXT_MGR already set
[  540.792472] binder: 5746:5750 ioctl 40046207 0 returned -16
21:14:28 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x12, &(0x7f0000000300)})

21:14:28 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xa00]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:28 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$evdev(&(0x7f0000000140)='/dev/input/event#\x00', 0xfffffffffffff7cf, 0x410000)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x2000, 0x0)
ioctl$VT_ACTIVATE(r2, 0x5606, 0xa)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0063404000000000000000000000000000f20000000000000000000000000000000000050000000000000000fe57276cd6ce948efae5cfa98cb66272b2729864fba07394ed57ac40a53effbf06b04594954574dfaa9b7c04b722c9c916983e01a466c5f6b0a3b1be82a5e487e88d43f07189ecfffc7fa68d5d91b10c6bed8a4dcc0ef8e3198e9a465c5bbf3dc26503c77d1e9d25c8b2effb82", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:28 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x1c00000000000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:28 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x12]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:29 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7400]}}], 0x0, 0x0, &(0x7f0000000300)})

[  541.004589] binder_alloc_new_buf_locked: 43 callbacks suppressed
[  541.004628] binder_alloc: 5767: binder_alloc_buf, no vma
[  541.030812] binder_alloc: 5767: binder_alloc_buf, no vma
[  541.053421] binder_alloc: 5767: binder_alloc_buf, no vma
[  541.055756] binder: BINDER_SET_CONTEXT_MGR already set
[  541.089028] binder: 5767:5780 ioctl 40046207 0 returned -16
[  541.094971] binder_alloc: 5767: binder_alloc_buf, no vma
21:14:29 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x3, 0x680040)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f00000000c0), &(0x7f0000000100)=0x14)
ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r1, 0xc008551b, &(0x7f0000000180)=ANY=[@ANYBLOB="fa0000001000000003000000400000000700370007e77edb1be08e000000"])
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
accept4$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x0, @my=0x0}, 0x10, 0x80000)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xc, 0x11, r0, 0x0)

21:14:29 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x200000000000000, &(0x7f0000000300)})

21:14:29 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x500000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:29 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x2b000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:29 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="006340400000000000000000000000f3f0a5e290fc179b570000000000000000000000000000000000070000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:29 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x48]}}], 0x0, 0x0, &(0x7f0000000300)})

[  541.517514] binder: binder_mmap: 5735 20ffd000-20fff000 bad vm_flags failed -1
[  541.558955] binder_transaction: 122 callbacks suppressed
[  541.558985] binder: 5800:5801 transaction failed 29189/-22, size 0-12288 line 2855
[  541.584782] binder_alloc: 5796: binder_alloc_buf, no vma
21:14:29 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)

[  541.606262] binder: 5796:5797 transaction failed 29189/-3, size 7696581394432-9007204623450112 line 2970
[  541.606588] binder_alloc: 5796: binder_alloc_buf, no vma
[  541.621727] binder: BINDER_SET_CONTEXT_MGR already set
[  541.621745] binder: 5796:5811 ioctl 40046207 0 returned -16
[  541.636608] binder_alloc: 5796: binder_alloc_buf, no vma
[  541.636834] binder: 5798:5799 transaction failed 29189/-3, size 0-12288 line 2970
[  541.642236] binder_alloc: 5796: binder_alloc_buf, no vma
[  541.662261] binder: 5805:5806 transaction failed 29189/-3, size 0-12288 line 2970
[  541.670970] binder: 5796:5797 transaction failed 29189/-3, size 7696581394432-9007204623450112 line 2970
21:14:29 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:29 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x34000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  541.702804] binder: 5805:5806 transaction failed 29189/-22, size 0-12288 line 2855
21:14:29 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x4, 0x20000)
getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x40, &(0x7f0000000140)={'security\x00'}, &(0x7f00000001c0)=0x54)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
syz_kvm_setup_cpu$x86(r2, r2, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000080)="0fc76c13f70f01398fe85ca2ccc33e0fc7aa03000000650f01f6ea832e832340002e0f001f64360fc79938000000c4e27921308fc978c76535", 0x39}], 0x1, 0x1, &(0x7f00000002c0), 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="006340400000000000eeffffffffffffff000000000000000000000200000000200000867d000000000000000000000000000000baece436c851c7b2b381c1f40d7fcfc12a394f916e5d106e8910ed16395791b24fedf329dcd3090849bc5492328ef8c57bb8cda25ce9b7f32f1d0dd72fbbc42b86be1a5309b0f9", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:29 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = memfd_create(&(0x7f0000000000)='/dev/binder#\x00', 0x3)
ioctl$KDGKBSENT(r1, 0x4b48, &(0x7f0000000040)={0x3, 0x6, 0x5})

21:14:29 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x7a00000000000000, &(0x7f0000000300)})

[  541.779091] binder: 5820:5821 transaction failed 29189/-22, size 0-12288 line 2855
21:14:29 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x300000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:29 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4000000]}}], 0x0, 0x0, &(0x7f0000000300)})

[  541.911126] binder_alloc: 5829: binder_alloc_buf, no vma
[  541.934176] binder: 5829:5833 transaction failed 29189/-3, size 125-0 line 2970
21:14:30 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x210080, 0x0)
write$P9_RSYMLINK(r1, &(0x7f0000000040)={0x14, 0x11, 0x2, {0x0, 0x2, 0x4}}, 0x14)

21:14:30 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x40030000000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  541.976664] binder: BINDER_SET_CONTEXT_MGR already set
[  541.994180] binder: 5829:5838 ioctl 40046207 0 returned -16
[  542.000254] binder_alloc: 5829: binder_alloc_buf, no vma
[  542.027849] binder: 5839:5840 transaction failed 29189/-3, size 0-12288 line 2970
[  542.035727] binder: 5835:5841 transaction failed 29189/-3, size 0-12288 line 2970
21:14:30 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="006340400000000000000000000009002e2700000000000000000000000000000000000000000000000000eeffffffffffffff00", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:30 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001080)='/dev/sequencer2\x00', 0x541800, 0x0)
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000010c0)={[0x101, 0x0, 0x19, 0x80, 0xc358, 0x9, 0xfff, 0xffffffffffffff7f, 0x4, 0x3ff, 0x5, 0x4, 0x9b, 0x10001, 0x907, 0x9], 0x1f004, 0x200000})
mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x802)
flistxattr(r2, &(0x7f0000000080)=""/4096, 0x1000)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:30 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7400000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:30 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x100000000000000, &(0x7f0000000300)})

[  542.220155] binder: BINDER_SET_CONTEXT_MGR already set
21:14:30 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x2900000000000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:30 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4c00]}}], 0x0, 0x0, &(0x7f0000000300)})

[  542.225549] binder: 5857:5863 ioctl 40046207 0 returned -16
21:14:30 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x200000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:30 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
syz_extract_tcp_res$synack(&(0x7f0000000000), 0x1, 0x0)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x4000, 0x4)
ioctl$SG_SET_KEEP_ORPHAN(r1, 0x2287, &(0x7f0000000080)=0x9)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:30 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x5000000, &(0x7f0000000300)})

21:14:30 executing program 4:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$sock_inet_SIOCRTMSG(r0, 0x890d, &(0x7f0000000140)={0x1, {0x2, 0x4e21, @loopback}, {0x2, 0x4e21, @local}, {0x2, 0x4e21, @broadcast}, 0x0, 0x1ff, 0xd5, 0x9, 0x7, &(0x7f0000000000)='lo\x00', 0x2, 0x5, 0x5})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:30 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x300]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:30 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x1000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:30 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xfffffdfd]}}], 0x0, 0x0, &(0x7f0000000300)})

[  542.489807] binder: BINDER_SET_CONTEXT_MGR already set
[  542.526656] binder: 5889:5898 ioctl 40046207 0 returned -16
21:14:30 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x6c, &(0x7f0000000300)})

21:14:30 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0xc000, 0x0)
ioctl$TCSETA(r1, 0x5406, &(0x7f0000000040)={0x6, 0x3, 0x1f, 0x7, 0x4, 0x6, 0x401, 0x6, 0x1497, 0xfffffffffffff801})
socket$can_raw(0x1d, 0x3, 0x1)
ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r1, 0xc008551b, &(0x7f00000000c0)={0x8, 0x18, [0x8000, 0x6, 0x8, 0x7, 0x1, 0x3]})
openat$userio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/userio\x00', 0x0, 0x0)

21:14:30 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x700000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:30 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x4147, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, @perf_config_ext={0xef01, 0xcc}, 0x0, 0x7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})
r2 = fcntl$dupfd(r0, 0x406, r0)
ioctl$VT_RESIZE(r2, 0x5609, &(0x7f0000000000)={0xfdc7, 0x5, 0x10000})

21:14:30 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x3f00, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:30 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x100000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

[  542.707019] binder_release_work: 85 callbacks suppressed
[  542.707027] binder: undelivered TRANSACTION_ERROR: 29189
21:14:30 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x20010, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

[  542.771956] binder: 5932:5933 ioctl 5609 20000000 returned -22
[  542.773239] binder: undelivered TRANSACTION_ERROR: 29189
[  542.785712] binder: undelivered TRANSACTION_ERROR: 29189
21:14:30 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x300000000000000, &(0x7f0000000300)})

21:14:30 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x400000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

[  542.816004] binder: BINDER_SET_CONTEXT_MGR already set
21:14:30 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6000000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:30 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x200, 0x0)
ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r1, 0x5386, &(0x7f0000000180))
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r1, 0x40045542, &(0x7f00000001c0)=0x100000001)
ioctl$sock_ifreq(r0, 0x0, &(0x7f00000000c0)={'bond_slave_1\x00', @ifru_map={0x101, 0x1, 0x5, 0x4, 0x2, 0x20}})
r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x400, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, &(0x7f0000000040)=""/25, &(0x7f0000000080)=0x19)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000200)=0x14, 0x4)

21:14:30 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x3, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  542.860979] binder: 5932:5936 ioctl 40046207 0 returned -16
[  542.966270] binder: undelivered TRANSACTION_ERROR: 29189
[  542.980371] binder: undelivered TRANSACTION_ERROR: 29189
[  542.987611] binder: 5950:5951 ioctl 0 200000c0 returned -22
[  542.996882] binder: undelivered TRANSACTION_ERROR: 29189
21:14:31 executing program 4:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
r3 = getpgrp(0x0)
r4 = syz_open_procfs(r3, &(0x7f0000000000)='environ\x00')
waitid(0x2, r3, &(0x7f0000000180), 0xc000000b, 0x0)
ioctl$DRM_IOCTL_AGP_ACQUIRE(r0, 0x6430)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="006340400000000000000000000000000000000a49b00030d9bcc5f8378d0000100000000000000000000000000000000000000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})
ioctl$sock_inet6_udp_SIOCOUTQ(r4, 0x5411, &(0x7f0000000140))
recvmmsg(r4, &(0x7f0000004d80)=[{{&(0x7f0000000080)=@ax25, 0x80, &(0x7f0000000480)=[{&(0x7f0000000240)=""/73, 0x49}, {&(0x7f00000002c0)=""/184, 0xb8}, {&(0x7f0000000380)=""/23, 0x17}, {&(0x7f00000003c0)=""/10, 0xa}, {&(0x7f0000000400)=""/69, 0x45}], 0x5, &(0x7f00000004c0)=""/195, 0xc3, 0x2}, 0x8}, {{&(0x7f00000005c0)=@can={0x1d, <r5=>0x0}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000640)=""/240, 0xf0}, {&(0x7f0000000740)=""/46, 0x2e}, {&(0x7f00000013c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/210, 0xd2}, {&(0x7f0000000880)}], 0x5, &(0x7f0000000900)=""/165, 0xa5, 0x6}, 0xae}, {{&(0x7f00000009c0)=@ax25, 0x80, &(0x7f0000000ec0)=[{&(0x7f0000000a40)=""/132, 0x84}, {&(0x7f0000000b00)=""/188, 0xbc}, {&(0x7f0000000bc0)=""/36, 0x24}, {&(0x7f0000000c00)=""/123, 0x7b}, {&(0x7f0000000c80)=""/113, 0x71}, {&(0x7f0000000d00)=""/206, 0xce}, {&(0x7f0000000e00)=""/172, 0xac}], 0x7, &(0x7f0000000f00)=""/234, 0xea, 0x1ec}, 0x9}, {{0x0, 0x0, &(0x7f0000001100)=[{&(0x7f0000001000)=""/244, 0xf4}], 0x1, &(0x7f0000001140)=""/166, 0xa6, 0x9}, 0x800}, {{&(0x7f0000001200)=@generic, 0x80, &(0x7f00000035c0)=[{&(0x7f0000001280)=""/255, 0xff}, {&(0x7f00000023c0)=""/4096, 0x1000}, {&(0x7f00000033c0)=""/103, 0x67}, {&(0x7f0000003440)=""/137, 0x89}, {&(0x7f0000003500)=""/44, 0x2c}, {&(0x7f0000003540)=""/87, 0x57}], 0x6, &(0x7f0000003600)=""/26, 0x1a, 0xf2f}, 0x1}, {{0x0, 0x0, &(0x7f0000003d00)=[{&(0x7f0000003640)=""/241, 0xf1}, {&(0x7f0000003740)}, {&(0x7f0000003780)=""/21, 0x15}, {&(0x7f00000037c0)=""/182, 0xb6}, {&(0x7f0000003880)=""/238, 0xee}, {&(0x7f0000003980)=""/237, 0xed}, {&(0x7f0000003a80)=""/11, 0xb}, {&(0x7f0000003ac0)=""/239, 0xef}, {&(0x7f0000003bc0)=""/30, 0x1e}, {&(0x7f0000003c00)=""/196, 0xc4}], 0xa, &(0x7f0000003d80)=""/4096, 0x1000, 0x8001}, 0xfffffffffffffffb}], 0x6, 0x40002001, 0x0)
setsockopt$inet6_mreq(r4, 0x29, 0x1d, &(0x7f0000004e40)={@empty, r5}, 0x14)

21:14:31 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:31 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00634040000000000000424ec74d0000000000000000000000000000200000000000000000300000000016020000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000001f28"]], 0x0, 0x0, &(0x7f0000000300)})
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00')
sendmsg$IPVS_CMD_GET_DAEMON(r1, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xd73540a15c5ed1e2}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0xf4, r2, 0x204, 0x70bd26, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x20, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x31}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sh\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2, 0x11}}]}, @IPVS_CMD_ATTR_DEST={0x60, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xffff}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e21}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@multicast2}]}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e20}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xfffffffffffffffb}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x1d}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x1d}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x45}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3ff}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}]}, 0xf4}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000)
r3 = syz_open_dev$usbmon(&(0x7f00000001c0)='/dev/usbmon#\x00', 0x7f, 0x10000)
ioctl$BLKGETSIZE(r3, 0x1260, &(0x7f0000000400))

21:14:31 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x700000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

[  543.020077] binder: 5950:5962 ioctl 0 200000c0 returned -22
21:14:31 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x2c, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:31 executing program 1:
r0 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x800, 0x2000)
mq_getsetattr(r0, &(0x7f0000000040)={0x2, 0xe2, 0x2, 0xf077, 0x1, 0x4, 0x6, 0x8}, &(0x7f0000000080))
r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x800)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0)

[  543.137724] binder: undelivered TRANSACTION_ERROR: 29189
[  543.155866] binder: undelivered TRANSACTION_ERROR: 29189
[  543.181397] binder: BINDER_SET_CONTEXT_MGR already set
21:14:31 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x700]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:31 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4800]}}], 0x0, 0x0, &(0x7f0000000300)})

[  543.227166] binder: 5968:5981 ioctl 40046207 0 returned -16
[  543.250873] binder: undelivered TRANSACTION_ERROR: 29189
[  543.261409] binder: undelivered TRANSACTION_ERROR: 29189
21:14:31 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x4058534c, &(0x7f0000000040)={0x4, 0x1f, 0xfff, 0x5, 0x1, 0xc12})
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:31 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})
ioctl$DRM_IOCTL_ADD_BUFS(r1, 0xc0186416, &(0x7f0000000000)={0x6, 0x5, 0x20, 0x7fff, 0xa})

21:14:31 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x2c000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:31 executing program 0:
r0 = syz_open_dev$usbmon(&(0x7f0000000340)='/dev/usbmon#\x00', 0x4, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffff9c, 0x84, 0x22, &(0x7f00000003c0)={0x2, 0x8, 0x0, 0x6, <r1=>0x0}, &(0x7f0000000400)=0x10)
setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000440)={r1, 0x7}, 0x8)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x0, 0x0)
ioctl$TIOCMGET(r2, 0x5415, &(0x7f0000000240))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r4, 0x0)
r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x400, 0x0)
getsockopt$kcm_KCM_RECV_DISABLE(r5, 0x119, 0x1, &(0x7f0000000180), 0x4)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:31 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3f00000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:31 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4c00]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:31 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
socket$nl_crypto(0x10, 0x3, 0x15)
mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x10, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
clock_adjtime(0x2, &(0x7f0000000000)={0x2, 0x8, 0x5, 0x8, 0x0, 0xffffffff8447cc11, 0x9, 0xa17c, 0x2, 0x65, 0x0, 0xfffffffffffffff8, 0x1, 0x8, 0x7b, 0x0, 0x7, 0x7, 0x9, 0x0, 0x7fff, 0x3, 0x2, 0x9, 0x6, 0x3})

[  543.450375] binder: 6002:6004 ioctl c0186416 20000000 returned -22
[  543.487230] binder: BINDER_SET_CONTEXT_MGR already set
21:14:31 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$void(r0, 0x5451)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:31 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x500000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:31 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x100000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:31 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x2f, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  543.532070] binder: 6002:6019 ioctl 40046207 0 returned -16
[  543.567775] binder: 6002:6010 ioctl c0186416 20000000 returned -22
21:14:31 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x3)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz1\x00', 0x1ff)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000000)="a5fa2f31ae251ae0330620afe9017f74", 0x10)
fchdir(r0)

21:14:31 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x6, 0x610040)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0xe0422000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xb0, r3, 0x106, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x14, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x2e}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x74}]}, @IPVS_CMD_ATTR_DEST={0x48, 0x2, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x400}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@rand_addr=0x6}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x8}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x9}, @IPVS_DEST_ATTR_U_THRESH={0x8}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6e}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x4}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xdf}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x4}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x40051}, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:31 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3]}}], 0x0, 0x0, &(0x7f0000000300)})

[  543.721264] binder_alloc_mmap_handler: 59 callbacks suppressed
[  543.721286] binder_alloc: binder_alloc_mmap_handler: 6037 20001000-20004000 already mapped failed -16
[  543.721517] binder_alloc: binder_alloc_mmap_handler: 6042 20001000-20004000 already mapped failed -16
[  543.748681] binder_alloc: binder_alloc_mmap_handler: 6045 20ffd000-20fff000 already mapped failed -16
21:14:31 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2000000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:31 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x801)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000000300)})

[  543.796880] binder: BINDER_SET_CONTEXT_MGR already set
[  543.802335] binder_alloc: binder_alloc_mmap_handler: 6045 20ffd000-20fff000 already mapped failed -16
[  543.816359] binder: 6047:6054 ioctl 40046207 0 returned -16
21:14:31 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x600000000000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:31 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x110010, r0, 0x0)

21:14:31 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x60000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:31 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4001002000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:32 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x3)
ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f00000000c0)=@get={0x1, &(0x7f0000000080)=""/52, 0x101})
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00634040000000000002000000000000000000000001000080000000000000000000000000000000000000000000f80c000000000000c78e4cc84c21bd187267c3e914bb3f51b13913141db2c36217885ecf96e121d6deaa708dc2a89cdd52935e5d658700fe1f044c116c7a866ddc55bd415cb7f6494745073889b42e5b717f8ea9282d6f241294e34a3b8c194cc647b583e0cf5fa9edefccfe9e0c1a81812b00000000000000000000bff145cddd488f96097ac0baafd13f06", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x2, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000240)={{{@in6=@local, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6}, 0x0, @in=@dev}}, &(0x7f0000000340)=0xe8)
setsockopt$packet_drop_memb(r1, 0x107, 0x2, &(0x7f0000000380)={r2, 0x1, 0x6, @remote}, 0x10)
munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)

21:14:32 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000000, 0x108010, r0, 0x0)

21:14:32 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x80000000004)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="006340400000001a00000000000000000000000000000000250827e7d9fb504cdc334bb722820000000000000000000000000000000000000049f649800e439b92008986e17dc3b847f6108e7a8570915523e791176afba9181313bd157a4952324629c1f94b734436a19dfa7a856579a1afc6d6c79c6275452f2e7fab71a7e4195c990ce7d7a1579dc1fc9774c174bf081b8e15be549e80bf57a026844cc83bb93434bea9cb38a847a55d1582b3b68ebb06941ac6c9d9b5b8eee0b95616d5d66138ea134d6bbda973e4eb6ad99642b0c1495f6b5e552c", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB="0400000000000000"]], 0x0, 0x0, &(0x7f0000000300)})

[  544.005342] binder_alloc: binder_alloc_mmap_handler: 6077 20001000-20004000 already mapped failed -16
21:14:32 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x2b00000000000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  544.053484] binder: 6082:6083 ioctl 8940 200000c0 returned -22
21:14:32 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2000000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:32 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x8000000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

[  544.125200] binder: 6082:6093 ioctl 8940 200000c0 returned -22
[  544.150611] binder: 6090:6091 got transaction to invalid handle
21:14:32 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ppp\x00', 0x400800, 0x0)
ioctl$PIO_FONTRESET(r0, 0x4b6d, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ppp\x00', 0x200, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="006340400000000000000000000000b8000000000000000000000000000000000000000000001000000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={<r3=>0x0}, &(0x7f0000000140)=0xc)
wait4(r3, &(0x7f0000000180), 0x2, &(0x7f00000001c0))

21:14:32 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2)
r1 = syz_open_dev$dmmidi(&(0x7f0000000100)='/dev/dmmidi#\x00', 0x80, 0x0)
ioctl$TUNSETNOCSUM(r1, 0x400454c8, 0x0)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x400, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000180)=ANY=[@ANYBLOB="0400002edc1861d660b8afc46b82e584a4a05e85ffcdad39071fc82ae239bdb905161e7738fe372aa4d7c5b6687d30e87dc700001ddb1cb30345bd142672d6ee33bf3d309bbe2401582ccc01000000000000008b4cd000000000de81419b3315268703be00b0819acb596b8a1c9795884a559d4fe2e7c75a0426434fb13b276db1e86ca61cca6b82be71aeca6568592d9f786a5d48f7ff2c056aa05b36bebe86536035a63e3dd9", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f00000000c0)=0x14)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f00000002c0)={<r3=>0x0, 0x9f}, &(0x7f0000000300)=0x8)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000340)={r3, 0x8001, 0x3f}, &(0x7f0000000140)=0x8)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
ioctl$BLKROSET(r2, 0x125d, &(0x7f0000000040)=0x4)

21:14:32 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xffffff7f]}}], 0x0, 0x0, &(0x7f0000000300)})

[  544.190630] binder_alloc: binder_alloc_mmap_handler: 6098 20001000-20004000 already mapped failed -16
[  544.207555] binder_alloc: binder_alloc_mmap_handler: 6090 20001000-20004000 already mapped failed -16
21:14:32 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x29, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  544.278900] binder_alloc: binder_alloc_mmap_handler: 6108 20ffd000-20fff000 already mapped failed -16
21:14:32 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x74000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:32 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2080)
ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r2, 0x80045700, &(0x7f0000000180))
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  544.320960] binder: BINDER_SET_CONTEXT_MGR already set
[  544.329011] binder_alloc: binder_alloc_mmap_handler: 6108 20ffd000-20fff000 already mapped failed -16
21:14:32 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6c000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:32 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x800)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0xfffffffffffffff8, 0x100)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000040), &(0x7f0000000080)=0x14)
mlock(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
recvmsg$kcm(r1, &(0x7f0000001440)={&(0x7f00000000c0)=@rc, 0x80, &(0x7f00000013c0)=[{&(0x7f0000001480)=""/4096, 0x1000}, {&(0x7f0000001180)=""/197, 0xc5}, {&(0x7f0000001280)=""/27, 0x1b}, {&(0x7f00000012c0)=""/5, 0x5}, {&(0x7f0000001300)=""/178, 0xb2}], 0x5, &(0x7f0000001400)=""/34, 0x22, 0x100000001}, 0x12000)

[  544.396148] binder: 6110:6112 ioctl 40046207 0 returned -16
[  544.402939] binder_alloc: binder_alloc_mmap_handler: 6118 20001000-20004000 already mapped failed -16
21:14:32 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x1c, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:32 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x12]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:32 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x10)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:32 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x100000000, 0x3)
unlinkat(r1, &(0x7f0000000040)='./file0\x00', 0x0)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:32 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:32 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x2, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:32 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt$SO_COOKIE(r1, 0x1, 0x39, &(0x7f0000000000), &(0x7f0000000180)=0x8)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  544.635038] binder: BINDER_SET_CONTEXT_MGR already set
[  544.651781] binder: 6151:6155 ioctl 40046207 0 returned -16
21:14:32 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x20000140]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:32 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2000000, 0x10001f, r0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000), &(0x7f0000000040)=0x4)

21:14:32 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6800000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:32 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x167000, 0x0)
fadvise64(r0, 0x0, 0x400, 0x0)
ioctl$ASHMEM_SET_NAME(r1, 0x41007701, &(0x7f0000000140)='/dev/binder#\x00')
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0063404000100000000000000000000000000000000000000000c1d22838c3b229fbcd3111a29e00000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:32 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r2, 0x40047703, 0x5)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x009\f\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB="000e008000000000"]], 0x0, 0x0, &(0x7f0000000300)})
ioctl$FIGETBSZ(r2, 0x2, &(0x7f0000000180))

21:14:32 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6800]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:32 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x7000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  544.853010] sctp: [Deprecated]: syz-executor1 (pid 6180) Use of int in max_burst socket option.
[  544.853010] Use struct sctp_assoc_value instead
21:14:32 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7a]}}], 0x0, 0x0, &(0x7f0000000300)})

[  544.914683] binder: 6179:6181 got transaction to invalid handle
21:14:33 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x0, 0x0)
ioctl$KVM_GET_NR_MMU_PAGES(r1, 0xae45, 0x2)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:33 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x6c, 0x0, &(0x7f0000000300)})

21:14:33 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x700, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  545.002808] binder: 6179:6198 got transaction to invalid handle
[  545.002811] binder: BINDER_SET_CONTEXT_MGR already set
[  545.002855] binder: 6179:6186 ioctl 40046207 0 returned -16
[  545.034013] binder: 6187:6191 unknown command 4219648
21:14:33 executing program 1:
r0 = dup2(0xffffffffffffff9c, 0xffffffffffffff9c)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=<r1=>0x0)
ioctl$TIOCSPGRP(r0, 0x5410, &(0x7f0000000040)=r1)
mmap$binder(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x3000000, 0x24050, r0, 0x0)
sendto(r0, &(0x7f0000000080)="b9394e59ec53120030438eb0710f8d3d7988a7cc0a49a30859ddd13fef8da3928a07d37424c854720a27fffe42a38fd43d14c249eda3d63b189c0f6f126eff21c9d5ecb9ed3eefc8adad49bb89db5869fce5a745783cbf595af0677c858dc227152a9fac44046b42c97a32ca5095b99965451d9fe75040a1dd2009a3be22dcf21f10c684f091b1cf6accdc3a7a9a3b0a", 0x90, 0x44081, &(0x7f0000000180)=@pppoe={0x18, 0x0, {0x0, @broadcast, 'veth0\x00'}}, 0x80)
r2 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0x0, 0x2)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r2, 0x0)

[  545.067131] binder: 6187:6191 ioctl c0306201 20000040 returned -22
[  545.100145] binder: 6187:6191 unknown command 4219648
[  545.110542] binder: 6187:6191 ioctl c0306201 20000040 returned -22
21:14:33 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x6c00000000000000, 0x0, &(0x7f0000000300)})

21:14:33 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7a00000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:33 executing program 0:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x8003, 0x0)
ioctl$EVIOCGLED(r0, 0x80404519, &(0x7f0000000840)=""/239)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x20801, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000003c0)=ANY=[@ANYBLOB="6e617400000000000000000000000000000000000000000000000000000000001b0000000500000018040000f8000000c4010000f8000000c401000090020000840300008403000084030000840300008403000005000000", @ANYPTR=&(0x7f0000000a40)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000007e61bce752d6beffbfe317ec103ba500000000000000000000000000000000000000000000000000000000000000000000000000000000dacd9ffca5460db2dbc47fa95a45acac7bf3a8e7f46a61fee701145f579e112b01734b747c4155d1f01d33a05f2983dec9fd126859b03685361076536120a8663649521de71d5c5ebf95d984afc5a1d9f35e3ee4d0cccead9f5c0d71e17c946e0691899057c1cef4d3a73f5ae6e4fe67b5ff785b7af48a5c7d6f0a93f2197ac9c2abd8ca84db94d69b43dc6a9b8abd62c7dba424d4e383e50bc9fbf9c4510ba4ace56e0787488fbaaa8863f7b1cd507c227cbecba9b1875a839ff832270d4206fb6facbf0b2041c6fdf96096c377bee323d76594685efc570f158ac3c13fd338028693efc017da4bb7551e6b3843b0c1fe4b15"], @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c400f8000000000000000000000000000000000000000000000000002c006164647274797065000000000000000000000000000000000000000000008600000000000000010000003400524544495245435400000000000000000000000000000000000000000000010000001c000000e0000002e000000107004e237f00000100000000ffffffffffffffff6272696467655f736c6176655f31000076657468300000000000000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000ff0000000000000000000000000000000000010400000000000000000000000000009800cc0000000000000000000000000000000000000000000000000034005245444952454354000000000000000000000000000000000000000000000100000011000000ac1414aaac14140d4e200400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800cc0000000000000000000000000000000000000000000000000034004e45544d41500000000000000000000000000000000000000000000000000100000010000000ac1414aaffffffff4e234e24000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f4000000000000000000000000000000000000000000000000005c00434c5553544552495000000000000000000000000000000000000000000000000000aaaaaaaaaa1400000e0014003c001a000b001200350033002d002000180020002c0034003a000e0015000000020000000200000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000940000000000000000000000000000000000000000002400000000000000000000000000000000000000000000000000000000000000feffffff"], 0x474)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x100000000, 0x200000)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000000080)=""/96)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r3, 0x84, 0x6c, &(0x7f0000000940)={<r4=>0x0, 0x12, "3f6c2b00182b5c1fefaa8eb5389930da629f"}, &(0x7f0000000980)=0x1a)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f00000009c0)={r4, 0x5, 0x1, 0x1, 0x5, 0x180}, &(0x7f0000000a00)=0x14)
r5 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x20011, r5, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4040aea0, &(0x7f0000000340)={0x1, 0x0, 0x8, 0x0, 0x7, 0x401, 0x9, 0x7, 0xdd, 0x8000, 0x1, 0x20000000000000, 0x0, 0x0, 0x2, 0x0, 0x9, 0x4, 0x6})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000000000070000007d3f76ecd8be0000000000000000000000003000000000aa3e", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000000300)})

21:14:33 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000280)={0x8, 0x7ff, 0x2, 0x200, 0x6, [{0x7, 0x8, 0x7, 0x0, 0x0, 0x481}, {0x6126, 0xea60, 0x0, 0x0, 0x0, 0x200}, {0xfffffffeffffffff, 0x5, 0xfffffffffffffff7, 0x0, 0x0, 0x2}, {0x0, 0x200, 0x2, 0x0, 0x0, 0xa}, {0xfb, 0x3f, 0x3, 0x0, 0x0, 0x4}, {0xf0b8, 0x4, 0x0, 0x0, 0x0, 0x2000}]})
r2 = syz_open_dev$audion(&(0x7f0000000180)='/dev/audio#\x00', 0x858, 0x4000)
ioctl$SCSI_IOCTL_PROBE_HOST(r2, 0x5385, &(0x7f00000001c0)={0xf, ""/15})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2ecefac2, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000280)})
r3 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x800, 0x0)
ioctl$KVM_TRANSLATE(r3, 0xc018ae85, &(0x7f0000000140)={0xf006, 0x0, 0x0, 0x3, 0x8})

21:14:33 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x2900, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:33 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
r1 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x3, 0x800)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x7, 0x13, r0, 0xffffff7fffffffff)

[  545.302057] binder: 6232:6233 unknown command 0
21:14:33 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x20000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:33 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0xffffffff00000000, 0x0, &(0x7f0000000300)})

[  545.342030] binder: 6232:6233 ioctl c0306201 20000240 returned -22
[  545.374387] binder: BINDER_SET_CONTEXT_MGR already set
21:14:33 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x3c, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  545.386100] binder: binder_mmap: 6239 20ffd000-20fff000 bad vm_flags failed -1
[  545.398616] binder: binder_mmap: 6239 20ffd000-20fff000 bad vm_flags failed -1
[  545.425690] binder: 6232:6244 ioctl 40046207 0 returned -16
[  545.427999] binder: 6232:6253 unknown command 0
21:14:33 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x74]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:33 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x700000000000000, 0x0, &(0x7f0000000300)})

21:14:33 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x50, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
socketpair(0x15, 0x80002, 0x1, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x10001, 0x1, 0x6000, 0x1000, &(0x7f0000ffe000/0x1000)=nil})

21:14:33 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000000)={'vcan0\x00', {0x2, 0x4e21, @loopback}})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  545.488577] binder: 6232:6253 ioctl c0306201 20000240 returned -22
21:14:33 executing program 4:
socket$inet(0x2, 0xe, 0x4)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:33 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x400000, 0x0)
ioctl$TUNSETVNETHDRSZ(r1, 0x400454d8, &(0x7f0000000040)=0xe29)

21:14:33 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x1200000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:33 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x3f00000000000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:33 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x1000000, 0x0, &(0x7f0000000300)})

21:14:33 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0063404000deff000000000000000000000000000000000000000000000000000000000200000000000000000030000008000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000000300)})

21:14:33 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2, 0x80010, r0, 0x202)

21:14:33 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6c000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:33 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000002a1a72e4db5b5b5f92bc482e00000000000000000000000000000000000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:33 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x20000140, 0x0, &(0x7f0000000300)})

21:14:33 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x400300, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  545.851861] binder: 6297:6298 got transaction to invalid handle
[  545.954309] binder: BINDER_SET_CONTEXT_MGR already set
21:14:34 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000240)='/dev/binder#\x00', 0x0, 0x2)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x10000, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffff9c, 0x84, 0xa, &(0x7f0000000040)={0x3, 0xffffffff, 0x202, 0x3, 0x5, 0xffffffffffffff16, 0x7, 0x5, <r2=>0x0}, &(0x7f0000000080)=0x20)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r1, 0x84, 0x79, &(0x7f00000000c0)={r2, 0x7, 0xfffffffffffffff9}, 0x8)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x80042, 0x0)
setsockopt$inet_int(r1, 0x0, 0x16, &(0x7f0000000180), 0x4)
socket(0x1, 0x803, 0x7)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, &(0x7f0000000200)=0xc)

21:14:34 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7a00]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:34 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/54, 0x36}, {&(0x7f0000000200)=""/167, 0xa7}], 0x2)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  545.990814] binder: 6305:6313 ioctl 40046207 0 returned -16
21:14:34 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0xa, 0x0, &(0x7f0000000300)})

21:14:34 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffe)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})
syz_open_dev$binder(&(0x7f0000000200)='/dev/binder#\x00', 0x0, 0x802)
r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x4000, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000140)={<r3=>0xffffffffffffffff}, 0x13f, 0x1009}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f00000001c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e21, 0xe3, @ipv4={[], [], @broadcast}, 0x4}, r3}}, 0x30)

21:14:34 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:34 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x2c00, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:34 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x1, 0x20000)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f0000000080)={<r2=>0x0})
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000140)={0x16, 0x4, 0x2})
ioctl$DRM_IOCTL_SET_SAREA_CTX(r1, 0x4008641c, &(0x7f0000000100)={r2, &(0x7f00000000c0)=""/38})

21:14:34 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10010, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f0000000240)=ANY=[@ANYBLOB="00000000000000001c9cf4662df686904cc8da866bd488ac4cae50941ad30ee27fc0ad8212ee3edcdc3909322f9568b0b39868d0e7e90c79e18e7e779bd9a5f3e95aa40382804518b31821b23395566a1f83e3f49bae076a91ddbd736a60c47bc2e11ff5da8a"]], 0x0, 0x0, &(0x7f0000000300)})

21:14:34 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x4800000000000000, 0x0, &(0x7f0000000300)})

[  546.238754] binder: BINDER_SET_CONTEXT_MGR already set
[  546.259118] binder: 6338:6346 ioctl 40046207 0 returned -16
21:14:34 executing program 1:
r0 = dup2(0xffffffffffffff9c, 0xffffffffffffffff)
getsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000000), 0x4)
r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0)
ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000080)=@add_del={0x2, &(0x7f0000000040)='ip6gre0\x00', 0x706})

21:14:34 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xa00000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:34 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x4001002000000000, 0x0, &(0x7f0000000300)})

21:14:34 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x800000)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffff9c, 0x8933, &(0x7f0000000140)={'team0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=@bridge_newneigh={0x24, 0x1c, 0x20, 0x70bd2d, 0x25dfdbff, {0x1f, 0x0, 0x0, r3, 0x2c, 0x4, 0x8}, [@NDA_SRC_VNI={0x8, 0xb, 0xfffffffffffff522}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:34 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0xffffffffffffffff, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:34 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0xffffffffffffffff, 0x2)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB="390d00000000eeff"]], 0x0, 0x0, &(0x7f0000000300)})

[  546.513993] binder: BINDER_SET_CONTEXT_MGR already set
21:14:34 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
syz_open_dev$midi(&(0x7f0000000100)='/dev/midi#\x00', 0x9, 0x20000)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='attr/sockcreate\x00')
ioctl$sock_SIOCSIFBR(r1, 0x8941, &(0x7f00000000c0)=@get={0x1, &(0x7f0000000040)=""/95, 0xaf})

21:14:34 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4c000000]}}], 0x0, 0x0, &(0x7f0000000300)})

[  546.540148] binder: 6364:6370 ioctl 40046207 0 returned -16
[  546.572740] binder_transaction: 115 callbacks suppressed
[  546.572791] binder: 6381:6382 transaction failed 29189/-22, size 0-12288 line 2855
21:14:34 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:34 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x2000, 0x0, &(0x7f0000000300)})

21:14:34 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x3c00000000000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  546.611138] binder: 6386:6388 transaction failed 29189/-22, size 0-12288 line 2855
21:14:34 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x20000, 0x20)
ioctl$KVM_SET_NESTED_STATE(r1, 0x4080aebf, &(0x7f0000000180)={0x2, 0x0, 0x2080, {0x5003, 0x7000, 0x3}, [], "106071853632839943e018c455473dc5bc237afc6eb86b4b95333e7b8e851409994f64e993eb63f7ce60f321e06dbba9c4eb1ffd0fc59924beffbfbd685f79ce254a49278876e24eabb2635fab5b310db13afa973ee4f7b62be06ee358fbde8fa222dfe97f93124a785b05cb5c823f3c280c900d6e9389d736d31fb4f63fe8e0fc8dc3906e9ff69c76128a41eebb86372712708b3762f3148089a9c9b6a080407b988dc9ba7c57e8bc4113f8edb3af1f0a031148ee9cb63f68be82f83e8d3a7bacc559b5c218586113833c018f201e5b35204df3d3745118cfd2d1d123994abfba6be0c6e0cae6ba6b9a6d75f90a89b6629aa99ca246c7572158dfcc8d5dff24441b2408996759398f0029964e9ce814ddfb66c88c077aae67e4f9adf6cfc7689f93f549858440da7edd0031c0430701891c1eaf88d1a1766362753934742849480c25b237974a7f273cbd9593b7ce14d9b61736c518cb088283ba0a31af9508c6b522fc6df25eef567d9a02066d919601d07862a7f34673faa378a87d8b18a253dc28e2f157327dd1aa4e4fdf8db98dc1747c59d227ca36a7184c4507149b3996620717c2eabd3bb518a7f18164cd85eb008fc18c55f9d9d886e10f6151a1270600924f81d4b7ec00310fd5e0d09be07d6fa096c1c6f858308d8ebb653d4b50e8d492f8748274588a50edb34bda59c00579781f8ca16a351ab6ad0e059b1be330b71b67dc7a4125eeaf89ec232d5b15df9a1e60cc6ecb4d2bf833b53cb699dcd4ef062c53d53252a8600ef55e61ea35d124a4b291b00e93839eaf959e080085102e87060875beb0c5bce5994f06d22a17baf4b01168e729595956879ff9cddf744a3c4e6849b20fe99a4710516e75512b41b191b5d93df42295f929881b762ae566b90c4d0aeb15d3edc459163835dc8d72da38a78a7cf17d9068b6ae585bded70a9b04cfb47575e80a77f8a038224c7490f945fbb9a1e91c24fc00ed60f36fa7caea0e549f9f7134dd513e92a18dca34970d01e30aabedc020e50615c9b1986d40ff0e36b8626f6bbbce7c76ec747363595fca5a6797f4e1331aa453cc1bd5589342339ce48926772daf9bc2b5bb25e641000a0393b9aae471a8c77a5da907db3850e07924d0dfd168fac2d55b11cffc21e2daa1a4ee01257932318fa920a4a1b2eb857c776a7a2df014a8a028be631fb9cb2a4dd0ccdf09a48872f64e2b17453cc38d176ba2762a83efa523880eabdbda12c955e3f819f3e2483ddf19d714e5218a3715f6b4bcd122c7ba6c8f1c0046031542ddef814e774827f9cd3e817ee8b22511d0f209a42d3b25fc6e7d6c3495ef41601c9bbdf8f9a315a8a73540e802968d67385aa8f866b626036d7ef6f43f202c91029a139a15ad85cfcaaa43e1a65d79ff5916887d980e6fc493cf57730ce99ad13601ee0987b800d69011260ad56a7021b518a34d0d89259c08205107d6e854cf8996bd62ac593d11ec64ddc226799181dfba80badbf3478998163d26767bce11a6717d016c5f235fff21acf9a38f19575c15fc7851122d7e0ce96a261e19d17726e7ad8431dbfe1a44bb0bef1b3b21a8a48ff5ba8f9291aba052630ab1639d8ffce2b9ce6f5d382c5cbc64e29ae207659f8835a07a02d8a79ec94fa83989d31ce7248a375b81b765c26d152d2fce0a1eb79ba0460a5ce27600a0699938dc63377ab71b63fd84c2c5f53c5de17fd23ea9aaceaaa69340b366171d876c29b3274340754ecb8d60dfae1ee4a8db5af92c7a9cedafe687da069c07ff87d15381952189d607060d00c51e1defae2f7ea7ed6986ab76d714ffb0a00fb25e9a9bcfaf6cdb5601bf71098912fcfb90f9d1c0f7a86e2908f13ffe97d0b27a2e115a347a758b8ba740dac1f95c524aaeab67768a05ca08e0e8bc3bdb994c74940f53025974bff40adeac6cb6814a28bfc3ba614d6e5bb00d24b2e177c1d000e1f2311b46243b5d3ada2c38590c0949593f43024316b4ccc28b3669200e886d8b61047dbca80a8d895a1aac346751bf6ef05a240e5093529eb8276f2a588e81d034e7faf857ee837ba9eb93cfd9c42cb7aed6fb6a7ba21d2e46e7ed2ae64d03e739bc929b948ca2e79e88db7e9380ee316c8eb4eb3d39f53220ee551a4c3d3be4efdf703b0a691e3b272faed3d3da897d6f8478926613937a354133fc339c8a23431fbf080a0544a4707b29a857d6509b60312836e8c6844f6876970cf791f3f0d01afe52f94382c31d9ec5cd617af65bd56ed433d48b14083f4f49858d2caabdbb940148c006b91267a0bc116cab727f6a79c3240f8c62411867d108bfa29c2f95ab0e30d6051812b97deff36425adc2076bc29c25debc1715ce73c1f1234770d0ba1214ea8731cd2eea5ac9202f34672ef01ed419bd0606db6d472a4151bbe58d0a2c9c353741d6d093268a6e139970eb7008a39ce7e43d0b3b7d3f6f2b28366912738a665e5ceb9ea31f1986a2b1e6821bc3f83a1cc24262a061831d5dcf976bf662d0d261c32d8da1a6bbdcb9526813bde98ef2a6096446831225d4744323b54be7af0c1e2ff677ba04f8f26ffa6ba3165d69b3d9b0ea37b02f90bf755ebcc514586c775d1550ddc856462bdb39cf4bc94678efe7f3694bf8a461d56101c8af5604f5bcaa931a16401568a37cdad93b62826bcf6c7d902667515d211f0a0c1b39292f00668d22b321f0e405bb32950156a3b79fff0e0a52b815bfa5de53bf1d3be63727b186fcf2d6c8d0143bd1f2d7474417def2681a8a6ac6f41594c443ba314a92930dc8e5b24724c87469107f9fee579bf8e6456589b20be75a6ff58ba106b62cdffa21be6a43958948b985677a6b568a3f3220e72108c42ea1f42e12eaffd76b02c8a61d5d0ed4c9d4dcccc0f19005b26424007c55fdcbfe495d8a874f0eb6417d7522b250da52ebe9002bf2f9b1b66252294c75de64e4ea45f657332835b2f2f655c14e73132fc210aea7cb4a7aff96a56d8f363e32e3a28366c029aebb0551e20d231a98facb783c5ede714c28e96b095025c95c493d48042da01ef8fa6b8c701310ed0c4f0fa93471bb6b3d437011f684b5f5984a2ee775f8ab02afffa99cfb21c32ca81885773a9c3a292ef16ebac33cb9c64c3c5c55fdbef98c87d98f041e9704d0bb477c339f88142fbc7d56591ff64fe04c8450e36b1098a62bae1f2ea010f8ffe378a56f0c0832fcf764a2dc0b9b12368dde0586ac8f2956228c7f401271004ed27cd1e45ed55b5d0309d3f02909ce818ba538161a90c259ca1e2c3aeaa5fbd10f7b873a12e2ce75f757b1532861b32deecd19c217123694046d3c1cc0af15eb19fe7e6b8df7dcd94eec2ded0eb89823efd4974c20e04512c1ad4ad2f7699a1dd8e5edc05cd6cfd4e7984af7f7eb726a9eab1f9fec808194bd34d8f58939479c8360422fb8ff99433456641e6521fd489e3bdfce1e932e807f96afe76f0cd592beef9059c3afc7f7ccf6789884ee8a0e244d7a5ad83c64ea7f33e72b655657cf0761a4ffd1d79834ef0a445e709b282b370ca49d52aa952f68e6ad56c0ac1902023d69559f9da699fdce66bf2eaf1b4bb7f8374a4e60c84f38dd9cca8d9298040d56af19c27e82019d66a45e337a8c8ab89870e7792319168f4e9b67fef1ee81c9af6ead7f2b0f624822b924202f0b84831b63e2aa076e707cae84904d49201e708356627b9c79b1005af77b4fe09636f3de2c2060bc0ac7d8265830b5b4d6f531c49d6c29eca037a2c65faef7f7e5ef1ba4e3361ee65d1ee39ddac76d199ec244f196089f18737b4573962b1fd6ae2501684b87250f32c179e7485a74266f705bcdfdf07cc55e79fa7f2c5555ff4313c5a29114c084d876b2d1485aa6a7092308efc6b6b9b6adb013689ef07b8a20b31944aaa92c71f5912f5b96b5718189347a46b6d90e0d15d373d9f7a4db75a2b24d3025df4e4a9f5699a66b61e1f2dbc4633d6f72e68889f641a7985f064758e4406aabacd8bb0b09da2c6bc2f6384b48d135cb106f8e52d694e5a8ba5e4dd13b061993d9be18d23b1067515a35192feefd288a70ebdc0465d41f8b8f2c6080aefc750a03f2a5f29b3d809b09ec4f2f68b3c4c38bf6bc190dd0ac1781398436619b6adab7fceb456b55cf014a54f2c8f56aa3dff619ec5c557695f1022921478c8f5eb3ad1ad6ad77e9818f57da34c1c82380d4d97f02e980ada6d457130c4a5e44f31a1dd0c2d72026455124bfef1c1bf9b262eeeb8f58c00efdc93f461911a7cf278fb3373b4a6ae4eb5e2829c227a3145b7463a8c6b52ae79379fcd66ec927705a15d46c3c8e956923c167b1b00861a1de8ae88e15416c4d123fef506c00ff12dd9847ae4b73092a28d3feb65e175f46e5697d8371f0fb131e8adb5e1e63825576d21eba05bdbbbc413c6867784fd478706f327664b2cf097626800a5065e6e73572d8d0b32c3c4370e91821c4648e04ab8fcc8274a69002e1dece8479dae80123ac3dae0fd2a95b6c1415732806ff11091759e30c4d8d8e0ff3217a5f774b10ce8589fd875cd904fb263f4c4a3fb710e6c02f4a9487add2e0fcde38706bb4a64fa0349589c9c2a705d68a0ce9027b22e25f430a71f97ae686f4481ca4de37bfdde981d549ad3c5ee8c53659e4dc559865302fcbaab790de7b167efed8e8290c5fe39973da872e1130eeee2345df25f46d4a9299cbb5891596781666f4c4cd0333f24a6d678bf43d956ce696599009efd89451fe5bfb8672c8184e89d61130a4f08e96ef79022056aad4fc5ce753ddc90b50e02cd0d83194b4e617dd0a2a9c049e4fbd7d16bb4c7574d80772e515c82356a759615aaa6de3dbd0f0607aa8a5f8af5768888d7e81bc6da4d406cfc1ab1dcc331ccb00e5668e0327736245630d19a5e2d572b5475ef5df6a293ba94d74749b3e716501ed31f88f8a529fcdf83b2d1aeab2d53d30c52d6eeae92e67d91e7969db96f0af979a6ebe87100f434b9de6fd995c2e50dd4f49e8d0483be49a49da9ed3026d329e24d14febef57a1716cb44c134b057922a0116dd2f1b2c0a10ba9e038629c5c5b35d5e58701fa6da424180f8b1b5471ebdbcf67ba3805820fbd806621ddd9c6289af206d5b3ffa8015f307e8ccb8d49c6e071d1f14211b179268c1854375ca4a3e9b4d0a7aa6b260ec338dedfbd1dbb664254551b97c7e66ccc7a8f87ded3bf82095eb563287373e527a6bb9e55a4d464d495b6da864e78daef8a622ddbd9798892a0474902f36a521622efebee2189bba2a8ca6c8febb219dc7d88d8593a248451d51b60747aa08f34aae7730f24923e30a2e2a8ac16035bfce7bde66c277ccd33a70b3c6f620850da4225a689a5c258f20783d4fa3815425ca6fd577d687cdd6b5e3d0a4ba7b330aa176028d18aca0ba21ff78e373997598152747c5de08d26f5810e4c0a611e75475b4914ceeb661e023bac6f94eafde9c7067752968d4debd261c3b0d6dce3bacf9a69e7f72687028683b73d2f98dbfe99c461ae587644d9a45c884ff01af9da85856fb2c712e4d2b419a2becbf04a4b033182707888d2447bd8cd6b828b8bb36f006dd9f4465fb4c09fcb9bfa82037cd4003a0d9db1a05bd69dae05635c60a97ee019f91c54db9adf3c7444a6e946481b2172d017bef9ba50578ee24999164f1e7acc46566ff670fac5ae23d25a8f69b38b5140d569ceff220c72d30827bfa954ac3f266ff9a5fd8aa04be0433e23b46da67542728a8b29e7f62ef737409b225c0289d3c932b0dbd34bc96745f4f428a44656d18ed378fb0332", "0531d2879b3d27529a105353636cf77a723a3deeb136df057d82018dc1c2bc7ed7359acfc4a0d481e66a9d35ba320bebbb762d956e6e6c5529c5acd3d56ea795d00a47b2e6d8acb4d198e4eb122f7902b0bc058366bed14f236d1aa899a1a4b939956f6412bd9dc5ea73ae13e2930571059b4933d6224bb3ba6ef9a6c7747e9ba28362ad538c069ae67881cda88ef01714d6863597345156c0f7c54fafe41fafccf80a80fa002fedd3243b0ea57326a92f05e3c9ad02aa1915f2ffceaf29d697453fb60f6e2aa7e5aacda394d9e7f8228101ae4bb7d91affe982379ed2ea4dd3ad9039d65d926463fb452ed1b162bee3e95978a0e5dae20eedb702b0eeab3de1e68429d28bba65f62011a99ee6da576031602dba4482a94ece6844fa5fa0db5a83c2147f1458bf85c8d575081195bdf4941a9241cd1b1d3dfdc4d6fb73c47db39fec2144f6963ff61f3468cbcb63a6e02c298b9a2663358d41f78d66f95f3adb21250460cd7b8cbcb54270555409368eb6225d75dc65532a13d54610d7926ae255bf6be39cbd19723abcf47d5e05a41776a01d270e01e47cdec01ddd55f77e0b11ef5c0ca44afb633b93abdff16daf10fa18fc3c026a79b7c017a014dc11f5b235e375e33786f6f178cab29f9a4b24589ac214b74a7cc7598605a44042df4a55822a808e4cb0f56fdb836174121690371af5ab5a492daa225db595866094ac57fa3877f36c2b3051055eb1c75e127e97714f38b524cc8fcfc41f34b610b9e37e1fdab5daf96af2a3f4ccf2e4453fe3197e3730bbf557cb4911f1bc6c3708ccfd90b77794caa0e550edd99721c4da0a72a8c791689ac725126e1b389a761491ab11ffb027d74db6d09d944bf0d2f1daac165e14b596ad800a3fb6cf311810880ec451f22216b0e63995b00b0142e27e26598255d95109134237e790c9ec059a7521be5203ffbbb5b615c3ab300ccffa2fc71673c3cb75991fd1553c45819526e8a5697c0ff9a030632b6f2b82a8e183fa4d7e164b058239b15f72707a1318e6c6dbfd6f67435016aed108d24ccf33f65f2c095f18c39e07b666a0d2105932c65d302476a55b781b7d4799c43bf9863ddc5ddd0224f517454644052d61f135a9c4d7285fa6dfcbb2399d68b40d9d09db6480ce0e6cb3146adc252b6bc5cf931391aab70e8d4e59bbc68f40c36ecff5ebb55709575c6fadafd307ef8986cd02bcf1f6d1991d2200bd452418b91f75cd75c20c3fbaf5aa819c8538e18eab90ad4c5d6f2add290e563348dfb5bee1c6d6051c285693bf3e33ede4fd6bac7ec6c0961d127bc74b7091ff3277a0b35b2d92e6c79ead5979673548f7aea229a58f47ab1b55cb77403e58324e6142aa904fb724dd0b02df58754dcb4339727f031513c3d8babc62b3091ff4746d53efcf7fb8305d67f9257e6928cdf56eefe528444e3e084f89150462be01424a127fc47e0842c0752d607810d430dc95e7aea04dee3873c0d3c139aaeb08bd10f7a4c7ac158e4487ebdfa923a725393f41a9f6ece85e5e8e015c5b1ca983456086a07edb5fcb2d87561257bbf87c187c25c623027c4de5eecefcc488a0feb431b8b7e8984c9a2d402e87bee9b1cf826558cecad8584c949dc119b3609d2490512bc6d4eb74c7ca949fe6d380d99f453a9c21f6e993d496d49feb5d602384dbbd958d7158d0323ee4a4e3621395a36e4eb03b2970be3ef7c74fd530c61d05e68cfa93fb9669f3c1796a810deebe6272043173c3a1d7c5e82efd25f5085b8660f34473c1e694391c5b0f92b4bc1c612b5bfe1ddbd51a2d511bbafc25391fdee2b81a1ff2f73e7e061fc24ce179fbded3978658005aa5f1e829f13d5a1841385c4bc16a5682d0e986f2d61fc7bbe49c682f8171b8e092dc6a42f65322f93956f641118e782ae3488b67ee191ff9245feae63297f9b0a2bcfb52fdfb6dcfd676c3b24161c0aa4059aac3f0f3f1dccde743b95e1aa91e421171559fd567899ceb6ceb19656bd3b4bdcd62ab2dcdc8ca7949bcbcf09567fe067181a22c342c3ba02f85fe0bf1ebd5492ba02bfc5a0b0ff68bcb471b5b7314c229107ec10562d1dbc88608cfb0f7e5814b3781457fb262a23ec81ba524a9e2c663ec5793906321074227c3123a99a7f4ee3fc1bc6329f64084cba0c339817cb14c97235b0245bc4fd9cc0f594a6ebbe1ccfe7533645a82178c84e2bfae39a35ad3d296028a39ac493f154217a7b87f82fceb094ab2a7e38472cfcac4806946a9a33f548a28e6af590abb1f50f07010f044636875bc4bc62ec5e6263ad3c768eb97147df27cdefa66aafd65f71502f3623229b3760c4200b30cab60e1aeafe3b3197d85299edde58af73a5d26c6bfac86985c3549f80fafd52aae9410525432124ccfbf064a764b10d9d05c3accf5322c8ec794fae72da8541d544c220d6d38bb37fa9cf084fa09c42744832fb4a70d420258973cabb73153402055d2a709447a1e0c5135a51dd6f3f4698fef919970ad5b02d22a136a036642de48bafcce6e3ec88e2a1f1d86add1fd1a59111c0ab4ba96f07b856e98e92b9e890738c908adb3a91bd3a6fa826068a38658de56182d64d43d53a4f0499b1e4e71c4c4df47b25b668510fe530e2e4478b7428caa14a26305b3d109474548dbb508d8fb260a9d610cfe608daedc29a9e6df05193212456f0b59605e6c77bccdfd31556652bbf3db8c24670d8f4d7b5cfecd16b6647f9869a6f09d4ce5827a4dba79ab1606599b16c98faf58423265a5163c3c0d3a359cbd7a3ae9dfff6ed636f60c6756eb6eb22e7e8bc302c9bea46c065eb50ccc4ec6e37f27ed8ecc51e14d7e865e2c4df6b97f98a22effc648a29e3f5986c1a55cc612dcc93a1efd6f9720afb1592557909fe12efe2f07574f0a32ec40e939a5d21799def38a842a2d7c399c4435b48431ccddca15b280e83f73b1b2a658b730af8af8ea2b6153585d259f31be2c3c8739de90502bd1e4081250dd451284c49f60726ca773b77327494eb310187a7c0d26c5effb280fd44e039421a7c4622369e1ec69608131c4e831f4b62dc99fb353d56c1941a25cea9818c1fce34049fd1fd13df0c6956e19b573d2ed2bc991971faa283ca8fb7ac53294dc8408daca9b861749e07931046ca309602a8c3d760fd5a32134d1f82d65befad580335c047d58ded1e4583102cf45ca72b018664063bcb002df6104518b6bb1dcd987dcad25ebfa7d51dccdeb270e751dcd4cd369d915d76f13e19cd08594498070f00bec261a89bc2da8c3f81735ffa328863963f7a7dd8e4e937be30e7f34f1a47d2074e95c9273cf3562515d371a93b3d2077900c17429a8053c6106712e501a08c0adbdd6f7e63a932256e44e0b7993bc8ecc80920d9f3bfbd193d4f9d41b4bcd69299687c2e15ce076ad7d6c382f32abaffd2b2b1794958534272b47499a973d46a7f6cc8139405795464d333337106d6c46027b9d39efebd694c127e4b74ba46e553cabc20e2df07904c10b7a70918de1d5f0a6237855dedabfb349cdb2470a9157a8211a122c8d325799dd7bc7d3b288c256384cba5d09bf3f911dc027707d2f1da4e35419a8cffe50360de6fe965232f2b37e871046e08b262e59731b340988e1a30eb295ea4eca7bcff36a7f767d5861d894cdb83ab96bc5c2d6d96ca9863c4630466ec10d768009b0606182702bdc4cc2e015110c72636118a5d9b8d30c59c81f5c888606723f5a5e76084fffcb62e5054d75d91539c32aad33593d65d4a6c87253a9a77d2f8656be02760db890031daec7549fab7192f696bddfeae1d903672ddab6107fc1e6887f896ce8cb5669832e2faa12896c28794e5f84117c23f230e563ee0ae162a24abb0b7697c7641eeb636371b20955ff4e53c5a09c1756ef043fd1928dd9d7109fa7e43d83e011a945ab7e8e3453cfea1cf0b29f77ab13fb86e128763d80f377d9f404f0ad53390fc63d4f0b91c2a34ac383cbea6a06711cce78cac8678a78e5f8c938ba9ea7728098b64630e666e37b303ac9c9ebb2d281d6bab665b2116cbb3b0b8d48898510c69f02e0484d2211c80b75613c3a094cd80138bc5e66eeda5d8a6f8ec3a704a67632ddf7cc9b68a242c4efa8f6793f0bb888008e0aa381d932da5fadd781c49e379e6f50e1f83af91294d6f3f31b8bd805ed79413b23d40ec3f02eb05193bde8520428a2045e15bb22edf9aed987f18c0427592616e5a6acc20dc759d817cd0af072c2f3022a05b3f677439026c165308eb5722544cd927f037dba8bf4d347c7531b30566628130dfe3ce6f07fd5c026b8a0112cb7ce8be915375023e9b0e51759fe017f62652857873900d8bb3c51c18f4b71ff5d39813ca70ccffe3b7bf8e8460d749c431e466437984296ea02a839c928bad1595d73983a150eb5919c9e3b95d80f0770c3bbd0ab4c59cbb4b906b42d6b8357faf11d2062fe195b5fd38d3c3e8c80c0cda44779008ce3e3aaf7b08d8819418f8cb6e9331e12b85a276cf6986d901dcd47455ced9ef5b03819800700e567e4dd11ee6fbb03c3f5377563476824c7cd8e534796386fdb96086924a017b17161b0290ad15516816302fdd85354710975ceff2c1f69d76f4120973eec73d362c56c9a80598b0ab479ba9ede52684d3c7dc7c4ef3f25769a3b9a76d5ac4b2e81f6e666e5e9fa957ec553d94a2b2aaae6d0bc3e413ab4626497d53566d3d7473f61f08943c8cba14345777083a070adf2afe3b2678f808afad16f9b53d2e7ec85de072a1cf55603df7d7f1acb13527e74a64806ad2c5eb52ac8ad2c3cb09ac177018544f1b733a9a0514a7907f3167a6aba8ee8bc9468e4e6c903c66644aa0ab7574927581d2c72c9c49e81516a30263e607176f299646358dc8245da3f786e2747837f58b11729a982f9c29e90cea0e7482c2b340037c7782431727eb01f695d842bf54121f3c2de6a59af6dcb16498e682d4b91ad141a0529597b3de30bdd71987f7281055143361d18a25cdd231242b3a665d5796c20e0a76dd62ab65756c77eb9eb99fd0215a44a8c2e33beff505723fa457ca10ce78f2d9edacad62f51030ce6a1e5edfdc129be70ed0271c44a0a32631b8ff6bf42e5d36b38d5b32e262017f3b144e693fd4586c642e21a25021cdc44303d2af492eacffc54daf2cbf28fa15e1691964296064eb15d12540998c3f663eb6d483e6daa780c86cac98262ec6a18c869f83c74b3e4057fbe4e8ab77f549a676ebd55c5b560afa02a8b3359e010b9cee98bd47a710d6e1ee416d4517d2eb8463a295d64837536b2c853bd39233f421e49546335e0d4830400baefacea1d52d03dbb2280a6c2145160fb53308a1ef4e335c4cc26d35f51c672d6519cfa3fdfc4ce6fa446f46f3798aa5cc28bf620c595d4907c2f15181cd11d92db1f2455d10081d16ddeabadb3b1ce4a6f70b1074c0516d1b78d4a912b772d1e4838c7d20b12c14ec46d034a56afd97644271077cde4741b0173bca0724a8b3e016ba3e7dce3f0695d2d38dffc9cef2e49a7f903422a1a37bf72573ea94680049cb2c24ce09f5146f8a62ddc831831e99c49fab480a7b438ea81b221e990263b777411d01c7f58ea833746237f5851a63b1096877eb75dc4c13442347a7bb47c09a800291666fa4841ff421f3aaace7ed84b520373a9fd6ed2fdb5cdee3ea5dfce27f4b227feb2b13949ffe49bea48aac5a6033345abee692eec44454366bc91219291fc94e77d9927240355a52c05eb4478e37dbe3876e6984ec9ed31d62978fdaad3234cf9950b57"})
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000003, 0x80010, r0, 0x0)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x8000, 0x0)

21:14:34 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB="5e72130000000000"]], 0x0, 0x0, &(0x7f0000000300)})

[  546.699402] binder: 6395:6396 transaction failed 29189/-22, size 0-12288 line 2855
[  546.723211] binder: 6397:6398 transaction failed 29189/-22, size 0-0 line 2855
21:14:34 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4800000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

[  546.763874] binder: BINDER_SET_CONTEXT_MGR already set
21:14:34 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x300, 0x0, &(0x7f0000000300)})

[  546.793232] binder: 6397:6404 ioctl 40046207 0 returned -16
[  546.817943] binder_alloc_new_buf_locked: 43 callbacks suppressed
[  546.818008] binder_alloc: 6397: binder_alloc_buf, no vma
[  546.841875] binder: 6397:6398 transaction failed 29189/-22, size 0-0 line 2855
[  546.853971] binder: 6405:6406 transaction failed 29189/-3, size 0-12288 line 2970
[  546.855921] binder_alloc: 6397: binder_alloc_buf, no vma
21:14:34 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x3c000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:34 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x8000, 0x0)
ioctl$KVM_SET_DEBUGREGS(r2, 0x4080aea2, &(0x7f0000000140)={[0x4004, 0x2000, 0xf000], 0x5, 0x10, 0x5})
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:34 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x5, 0x800)
ioctl$UI_BEGIN_FF_ERASE(r2, 0xc00c55ca, &(0x7f0000000180)={0xc, 0x1, 0x2})
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:35 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
fcntl$addseals(r0, 0x409, 0x4)

[  546.908745] binder: 6410:6412 transaction failed 29189/-3, size 0-12288 line 2970
[  546.928392] binder: 6416:6417 transaction failed 29189/-22, size 0-12288 line 2855
[  546.999376] binder_alloc: 6419: binder_alloc_buf, no vma
[  547.005233] binder: 6419:6420 transaction failed 29189/-3, size 0-0 line 2970
21:14:35 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x1200, 0x0, &(0x7f0000000300)})

21:14:35 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x48000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:35 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x90000, 0x0)
r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r2 = gettid()
rt_sigqueueinfo(r2, 0x1e, &(0x7f0000000040)={0xc, 0x80, 0x33, 0x1ff})
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)
r3 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r3, 0x0)
mmap$binder(&(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x200002, 0x11, r3, 0x1)

[  547.075091] binder_alloc: 6419: binder_alloc_buf, no vma
[  547.100596] binder: 6425:6429 transaction failed 29189/-3, size 0-12288 line 2970
[  547.109411] binder: BINDER_SET_CONTEXT_MGR already set
21:14:35 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x3f000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  547.143544] binder_alloc: 6419: binder_alloc_buf, no vma
[  547.149570] binder: 6419:6434 ioctl 40046207 0 returned -16
[  547.160992] binder_alloc: 6419: binder_alloc_buf, no vma
21:14:35 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB]], 0x0, 0x0, &(0x7f0000000300)})

21:14:35 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:35 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:35 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x300000000000000, 0x0, &(0x7f0000000300)})

21:14:35 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x100000000000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:35 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x4, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip6_flowlabel\x00')
r2 = syz_open_dev$audion(&(0x7f0000000140)='/dev/audio#\x00', 0x80000000, 0x14000)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000180)={r1, r2})
r3 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080), 0x2e, 0x0, &(0x7f0000000000)="e953889e000000009519b107c9f631d917a4d2aa2bf8ec5d0c9d4a32ec7d91d6b880d837e479c9f8d0dadd97bf60"})

21:14:35 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x2000, 0x8)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffff9c, 0x84, 0x6d, &(0x7f0000000180)={<r3=>0x0, 0x35, "8867c9b01b83f9d3756c30498dfb6078d514526c43f39f0bf28885988f9d4e2260e88e34caeee5c27299d84e229c08971463b36fdd"}, &(0x7f0000000200)=0x3d)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000240)={r3, @in={{0x2, 0x4e23, @broadcast}}, 0x5, 0x4, 0x6, 0x2, 0x54}, &(0x7f0000000300)=0x98)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:35 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
socket$inet_sctp(0x2, 0x5, 0x84)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x4)

21:14:35 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:35 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x5000000, 0x0, &(0x7f0000000300)})

21:14:35 executing program 1:
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000), 0x14)
sigaltstack(&(0x7f0000000000/0x3000)=nil, &(0x7f0000000140))
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000080)={'security\x00'}, &(0x7f0000000100)=0x54)
r1 = syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0xffffffffffffffff, 0x7fe)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0)
mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2, 0x11, r1, 0x0)
ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0)

21:14:35 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x700000000000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  547.515730] binder: BINDER_SET_CONTEXT_MGR already set
[  547.544100] binder_alloc: 6476: binder_alloc_buf, no vma
[  547.550364] binder: 6476:6484 ioctl 40046207 0 returned -16
21:14:35 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xfffffffffffffffc, 0x12, r0, 0x0)
r1 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x2, 0x200000)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000080)={<r2=>0x0}, &(0x7f0000000200)=0x8)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000240)={r2, 0x6}, 0x8)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x400000000000001, 0x0)
getsockopt$inet_sctp6_SCTP_NODELAY(r3, 0x84, 0x3, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f00000000c0)={0x0, 0x3}, &(0x7f0000000100)=0x8)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

[  547.584964] binder_alloc: 6476: binder_alloc_buf, no vma
[  547.595676] binder_alloc: 6476: binder_alloc_buf, no vma
21:14:35 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000000))
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000100)={{}, {0x0, @broadcast}, 0x0, {0x2, 0x0, @loopback}, 'bond0\x00'})
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000140)={<r3=>0x0})
ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000180)={r3})
r4 = dup(r2)
ioctl$EVIOCSABS2F(r4, 0x401845ef, &(0x7f0000000000)={0x2c94772b, 0x6, 0x9, 0x70be8b71, 0x5, 0x9})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000efff00000000000000000000f9ffffff00000000000000000000000080246c040000000000000090354fe8f7514c136dda88861fe73040ef6e99999221da82441e14738b49ec1e74165ab3657ca9a20e8941a0e972b26c5bdf3392404fac89d6bcb3990071ac0199164148dfb0bf5d0eb698c0ac1ffe17db00653e041ef8c5531f973e8a4062f9e46679910164b189355ee1abc971387aef8aceb7e7efecc3cd76c70cfd8042065e0000000000000000000000000000000012ea0ece6bff10d2ed31885d416a15472fa619b4b4191ad3057f0b199ae8e94e004d7b8c1d3cc8426b50ab4618492ebb0b0552b32525187c6d4a3b388405a7a321a236dfde181cd7582209ff4d029b16b67c7670978f30fad334391272117291b65d0cab177e3b6047d4555de95e9fc60518f69fb018275213628bf2b560dcdd75aea1971f379ca2f97aaffb51daf66b603627c91b82f99ef01e5c70e8d394b6fd30013dba01f3463fdc1f4350aea6762736517489602c2492e6b45ba7db6103eab12cf8f1e5ff87c3d3e651bd30dfd940e6000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r4, 0x84, 0xa, &(0x7f00000001c0)={0x9, 0x9, 0x201, 0x7ff, 0x8, 0x2920, 0x9, 0x8001, <r5=>0x0}, &(0x7f0000000200)=0x20)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000240)={r5, @in={{0x2, 0x4e20, @local}}, 0x1, 0xfff, 0x1cfc, 0x2, 0x32}, 0x98)

21:14:35 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:35 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x7a000000, 0x0, &(0x7f0000000300)})

21:14:35 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x400000000000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:35 executing program 0:
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000280))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000300), &(0x7f0000000340)=0x4)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x20000000043)
r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x2082, 0x0)
sendmsg$netlink(r3, &(0x7f0000000240)={&(0x7f0000000180)=@kern={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000200)=[{&(0x7f00000013c0)={0x1144, 0x40, 0x304, 0x70bd2a, 0x25dfdbfc, "", [@generic="7e978b6daf7eb0d934b27d72c10f3afbb8d632b4207e4a223ebee2a683c570aba0856708bf410bc3", @generic="fe9bf00af5f36024969fe858daee50cf2050c6b412d09995fda4a4b17234ad0cd7ec3002f301c48726ac7622eb708c8e8baa40e441e7cc644ecc40dee770d06fe6e16f28eb584395432e6d67c272ca8d234ab5c085203a32e08a3aa01e3425ecbd4f3a1f45cd271d058aa99eb0f6338705a3470a50f8a02f648b92ab1da46de51e3b0aa97d3da0d9d52e79753c7ca95e9c228780c59ea02a630a6283e60ca4561e93aeedf1464ac5ee2a784a292c891a11a5a0531d189b4d8e9c4addfc3cbba3de607f5728036dbdef379001efb59cbcf91109100829a2ff9021d87f64a958c71e14e8bf711d1a4693d7415b6d4d9f1242ed84f059f09260d83f740ae03e7496160938db39fa6c1a5fb03a96164df300d88c27ceadd560fbcd76cd32e67ec43588c96d7c50a478f70809d1f3f5e81f268c563d60742e0417b5f4ad3822026c5ecca1d2417176c87e6353942aedde634b1e2ada6829792b6abfb8e48451fd2bbc577f4e6fcf585c9f035afae8bb3b4afa42748ae6c561bb90e36678cd15b18359ff63fcf5148c3e1bfc0762f4e75762a26d8605bbc40137744e425fc20337dc2233b174f4c4b93dac1deb8ffa13835bc6b60721e2b8e02b0d388703c76cc635202e75581031fe3b0d665056f01418d745ea7d9569000727b5c7a518a8d8bf4b1eb3fb63b20086b1d44578137ef6c4405c2a432ba89e628397722fb0d9c9b4506133d55d1a78b84052cf7c327e96eeb42461d5c96b610ddc2ac8d2227897f9a210208ef14eef2c20682034b9c45718466dfec45796fae830e5a786baab27a86591e89b9138184a61b937333fd077e1e512e192127ee1f7ded13ea55e5884a89461e70f35cf5c899dc20aa811bf73a2cd4c0c1e33613f69ee5943a80b6d1c684821e772767de88ae9e13d5989643da2400e043f473edde1f18ce73ce64965b7c64884dcaef01307967aa2bca92134cec4ff6de871f914feeb1e36578cad2e396f1916f02667b0dffd3098e126b4bda04e3ac3767fa908d12e9f99f9fb749581fdf680f42613a7a1e1fce4401b5424821ee8403a7c2951a0b114dea7fbf98b9b1a5eefd8311deee92871c2ea79da0552ce6206d4287a321305cfee1a592ebb52919384e12df16ececacc6258d3112d33b59c222a9ffa78912cb189f8b31d6dafdf6581e784c8b3152fc3bde8e128f8c6baa77f6c8bea29abaa39f9ab3e1f0eeb77fb1c1a6e4c784e113d82783b74a578a96cee0fdee2a4bc856a38d8daf83d37d756157a9a8405b861f663159b01553b8fd47825d2ebaceda19ed6eb92ab66aa000db0d680b9b5a55f55df7c67d327c803e5735e45d7693e7256338741fb1e608a1c7fbb584152709eef78314047e97933b18da1d7ecc86b70e19711ae3c6540f94d9dc06b933646ec2aa7fbede3cbf7246a7c85afea14de15303f43021e8c01a45299b52e40e28f4cce006ea20f7ce662d16611bbe9fe1af760f9c5b1e6a03b73fdd75fe459796d216b1f450a6e4693977b101a4a2ef9968492717a01acd17951699785dd9f80296672299c77aae2ad0b0aa9ad8f222b37aca1f26ec2aadd4828ee7ddc8704a26afd79b62c2ad40dc20fd9d1e585cf595478d910a4f1d26d4888c9fadf5dcd0fc524a59ff29c311083a5d51a6c10956c359d097c1dc0c3a9bbcd786f095eeb350da7d8d216bb098d4bbde29fc25462b093779efa3ed4ec7bbb2aebf5a82da16106007dfe4546b49decac973ab31c98ab40cae197839f5db0319b1b24041fc076b14dae3b2075ecdea64efd8ce5ff497527d3d4678d44539a9140a8472b76c2f2ab59b8ede86437ed5001113b0baf433fcead83268c1cd048ecff78c28d786bc9fc4b90421f796f86ef7537735708ec2aa70dba651bb9a0ef438a1870362df1cfdb9368d38ccf262ef06192a314ae2e40313e441a24950245fc0cfbe3dacb7d0c53a96f8b6b49c8fdabab2fc2a557ba18a83aec940f5ae6269f5693baffd7f49e2421db31e3b61f0523e4abf49ad9d55f3c76ae9e531009e1f0e927bd9e34c3aa9bf95bf25d46b98a64634ce5fbf48796e047a0841035c9f40447d9fd0e0fccb0c1d1f91736b27a64242718fad38ad25de6713955d93d83ec7542c111d53722500d362df63385f4983f051440f6efcbad18502499cdccdc97dfb3ffd40d9eb4eed57cb351ce606c1b9e77b3078c03df0165018d3f2ee48397786d80cd934d01b4ddbd25b566d4054a7c9e8d19997941d73adde2a1f15bdfaf7f3c13f7dfeb3f3317d2b4b553fe849814ae069e1f2142cfe40bd2acd5ab5c27d342fa47d25591be8c003eb2bc3312e9a8ce720d9fc4ca9804b4a2343d51ea0370a9828ea7ffd02739135a319f7da17abd1b67ad042dd08a23b69356338f8798578c7c30d1395affc5ae9f4b15fdf2b7ecfa92d54cc160fb573debc9b4082302b252e0296c0097f2945afdccafe5438c03dd19bf83de6821299be19e080820c2edee22f757a09997828c102bf10b4d07914a5d2d216aa458ee16b24bb7f62eaf66b8751d9ee224d954f0223a54d6592754c253c1286f4f48667377f125badc2745896c5b352e65e601e200d286e3816f440fa734e92cf8417ebf54a954c38437e597c2913959f0f225e8180316dd3a85fe7cc9f8f628606607ec3942faa69916d8bdf53214e214ee299cf9ba110d98ad29e57d06f616945f6b1026cbce8c7cfee92090ff860a8dc6e394f6c2aeacd7d978a71cda97932a7735f47875eb3f6de404d68b9ddbf6fcab1d8c8a1f2559be78faea3090df00798b3d0ac8c4e01843efc4e8dd6da0caceb3a4c6c857127c05cfade215868026183f2c80ee0d27950ce3e397981896777c8d4304cdc554270e43a698e3bcd12dffd60e302b643cfbec3ef0b907fc62e51440514908109271809213b29d701226780420f57433701ecb5d6f2ebf62d1f520101a5f8aada49f1f014f5e843fe6088b4b583b37da0f0acff6b205217c6b0c7c0577acb6872e485cc43cf9d8b980040708434982e6cff2741939fd50d697ab1735e3ba3d08a366c1388d8bc48135f4e379efb6dc279f94a5101aa9b21153f8ca721c91c58d9fd4d7f89c763a2a79c7e2c8a3c635e71e8d5b57158c9ffcc6d6c7414ae9a9cc736fd782930b74abbf1dc6e0b7ef385fcb828091baf43203e670be068c7bbc84f8f301ebbd36f57c316a62d26847fa06a8fc7f76783071bc85504e525386b28d8ac80fcafe4a459d466702a044d65a0054dcc066d022c8b4f62b2cc584ad7b41612eb2d938838e54bec2e06c7d3c12bc18b57333e5f3db0971a9190d5f1ec22319b4abcf3b89ee424039174aacfbfe93b6c4620cf07255dce07fa00ed8696629e55d116141103343e710646a1c2af76d7e5df8c27cb217779ba4de5bf96584d7bd281ac9db8dbf7946e6f47da95aac63c37f8e07c2f9e6faaf9adbe55cf088620a2004e920c1dd9c3e4b394832713b1951230bbc8f5e0773836aba07b0bcc94cc558135ad4df859624263dcf2e832ba4720d85af3f883d888dd30bef7db0aa496d632fa97738fb29197acf2a17b2468b1174f1eb0c4d367b87bf3146675f09a9b380d6f81e950a0850afc88346cbfc9dccf8ad14a08ae720934213202ccef680591254ba5100b3a7b570b76acf4c725c59a51e76c116f02f1e8c768532469425391e842115fa795c308ae8468d4d2be9b925978e66d4a285babdc75b4e79c052bbc50809a4d32f270ae056ae3f04cda224d29b021a490c9629fc50b6b4243a89deffef0b751923299e14a9ff516d99f4f588868af89bf0906f67f70edd34075003e281dd654639cc023be6332094ca986cd917b7ef413e49a8ba51b1f4e8f86962ade748b5681788788b73fd5132a2983e3a724d5725b51d423c5c20896c8ccf0a3345133a040a737c714dfba559d849de12744953294a4e21e3edecbbdc40e560e86c8e614678b0426a87d50c9c4728360fd8eb85bd91d0df17f1136df098700ca47a401f1435a73e5923cb0f642ec102daa40faf83039918747643e58bd16a505b90dbadb692229a815fdfcc2d4d3c22b994fd5187b6ffad7edc3bcd40dab6b2c9ef95d8ab71e8ecbc5d0b31a97a152f7b2bd82b6d88255236a5da5bba452fd1d7abd485a99eca590968cef3c7e1523f5232d4ff512294d3b721081d1391b2a8a057c213e6dd30ca87b1a30adbc7be1465ee7150bb221a4ca24abf9d87bdb0f67e3b59c7238525590d256ddbec5677c75b7063facddfb32d57e76c63d50a5fc159044edb169ffc0336b9067a35d04f4f983b070c21feba0e5856a9ec2dbce26ae2fc940b31c688995b2b1f5df7f691086ca5fced69bafb1bfd723891d5e90d814a69accb0a54b6f71ce7209799940a7d9253bac95d9dc37a4a48a17cbaae9b2531831b47aaac1c14e89e8df62c17e2de42469c29e4321ae1cbc7c63ed6d600bdf8b2b3935c8f06ae76012307c9dda7af60dd8f20c0cc052b00dc89da2729d32783357cd8df143d950aa17427cd179fd4ef4e6dea76d8bd57cf8f9a1487ec1a70c47348ce78ad521ebbfeaf5649fd4ad73f2fbe96b66b98ed91e2001dcb2e82831c6e92457fe22dfaa25089c36b2ae283928055a3d3b9ae22aac3d99215763576b666e57c1ef77ec7d75638dafcc9ffe748e3fce9cba60e63fb45973a8286d331d076a04e46ee01f6f48b773eb7c628bc8299ecd6497a6f42eb0c20085660593ff0b45b6505f133878ffac36b336e2848f397c0d1802796f2543d708c23689f3ec3a58ebed4d01a35c845edfa54048cae997bd74491f8ce0002d45a6a361178cb4bd0a8e3a195748468a0d36386fe0c0f96e43771242d6f1ea0896e149f39ea4b29a1fda355670a5e4fcbecee08e82cadcc92e500dc792db20c4d8600f83867fa64cbfb237c98723eb7af5bc861c40fd405c1c5cf85775ad1fbf7cbef31ffb014c7d5076a089e57544b9d13aa97e05dfeaef59affcda435649f7dac44089afbb92f6606fe419e12b88a78b6a07367b587a98b65369fb2ca36e8e0744c6caf72a03f0af7e2c6fc7196159e4f7202409a391f42c75c71603ba340b329fefc68bca6f7dc610f5b6fd47c6859e70d5ecd27b4af53af2844b81f8a6efb5e98759330814c4172d7707d2bccac5ab8a65c72b73879cab2b0bd8ede728b71321bb6366f6fab2e86080b1992292c22325161c71ae47148bd119d9db072f6a031a94c9380567842af42c5db258b05c02007a8a9b77d9fe46a5a4119e254a7f047a79da40d5d31e7da8fadf98e15509a43b218db17a94101f4e05597793d067ded329e62810786b854215f8b26d1d21fff95ccd8ae10f156f5c8360dca5731d5773bd46b08e1332bce7a140b3a3f0514a47a5ba86eeb079c507dd7fef6e247258c3d8d8ed87afbf15adee4f2d186349836bd49b687b2d0fea1ad4d5ee9027816bc1ba184c3b7a7b287463f9e5bddf4c9779428deeb4e274d7f35c909927e4041ebfc839343de1b94d0cd1fc37ff6e1a6d65a62757b7865482a3e7e7fe0261243943a2d2fa387ae1a18f99ebe85d3fe03b0e9e2dff3f1099704d0837a5c7d354c2a88b2ba060b99ccadc203d124406db90b651775db73ee3914306a5bcd79c8764c437047e87a232ea33f2b5b4eaa9a95eb9bac2953a7d8092c6b887bf990e9ab057ac490a7637aeae49675ca1be2ded9e17430ab7118ecbe29794fceaac65a41339ecfb724d8b1effa4b30406b19231ec47f230019d574192baaf341bd478d8b149cb3c3a3d3b603c0cd15493dad91a3edee019c63dd3bc0c1df563f", @generic="008767bdfaca4e88d869a94ca5b3359f8cc053fcff8272ad42b255eb7402fb5aa10d802e24981bb52e4cc0d3dcc21cf6f7e25f64391aec6a81cb6f80eaf968d655f2420ad515bb825c2bf13aef15f6c561b6967bc769c3ca7576895ad962c5872701ac519e86ebcd6aa7604057f7c4d61d598856da6fb65e48f4f27b22", @typed={0x8, 0x46, @ipv4=@local}, @generic="ad96277ad4801da9b5277f6145d5de60ce0acdda1cccb0a2d21b99fed55f1137851aa525b21bfd6642df7418ab38fb8234263d128310832d07b102ea5a9c00ee54745aaf867a49db488634c3bd1c4a3b641295120a6ac66124315e4abc4ea8d9a381560ee1d13e2c78ca6de4d5abe416648f87432a7fd58c5083a4e99690e1216b7c1096ec"]}, 0x1144}], 0x1}, 0x40)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  547.722449] binder: 6502:6504 ioctl 401845ef 20000000 returned -22
21:14:35 executing program 1:
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000040)={0x5, 0x1, 0x8})
r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0)

[  547.780731] binder_alloc: 6502: binder_alloc_buf, no vma
[  547.800373] binder: BINDER_SET_CONTEXT_MGR already set
[  547.824068] binder: 6502:6504 ioctl 401845ef 20000000 returned -22
[  547.834609] binder: 6502:6514 ioctl 40046207 0 returned -16
[  547.834671] binder_release_work: 72 callbacks suppressed
[  547.834678] binder: undelivered TRANSACTION_ERROR: 29189
21:14:35 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4c]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:35 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x7, 0x0, &(0x7f0000000300)})

21:14:35 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x400, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f0000000140)=[@in={0x2, 0x4e20}, @in={0x2, 0x4e20, @multicast2}, @in6={0xa, 0x4e20, 0xb98, @mcast2, 0x7}], 0x3c)
ioctl$HDIO_GETGEO(r2, 0x301, &(0x7f0000000180))
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  547.885479] binder: undelivered TRANSACTION_ERROR: 29189
[  547.903959] binder: undelivered TRANSACTION_ERROR: 29189
21:14:35 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dsp\x00', 0x400800, 0x0)
getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f00000001c0), &(0x7f0000000200)=0x4)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f0000000080)={0x0, @aes128, 0x1, "6ad81f1b640b6444"})
connect$bt_rfcomm(r1, &(0x7f0000000240)={0x1f, {0x81, 0x6f97, 0x7f, 0xda0e, 0x6, 0x1}}, 0xa)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="006340400000001f2de8ce00000000000000000000000000000000000000000000000000000000000000000000000030000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f0000000000)=ANY=[@ANYBLOB="00a95d571b3f7f117552bcb52816cb53710000000000"]], 0x0, 0x0, &(0x7f0000000300)})

21:14:36 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x4000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:36 executing program 1:
r0 = openat$cgroup(0xffffffffffffff9c, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)
ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000100)={0x3, 0x0, 0x2})
r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x10800, 0x0)
ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000040)={0x2, 0x81, 0xfffffffffffffff7, 0x6, 0x7, 0x9})
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0)

[  547.978530] binder: undelivered TRANSACTION_ERROR: 29189
[  547.985380] binder: undelivered TRANSACTION_ERROR: 29189
21:14:36 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x60]}}], 0x0, 0x0, &(0x7f0000000300)})

[  548.033201] binder: undelivered TRANSACTION_ERROR: 29189
[  548.049341] binder: 6543:6544 got transaction to invalid handle
21:14:36 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x7000000, 0x0, &(0x7f0000000300)})

[  548.090240] binder: undelivered TRANSACTION_ERROR: 29201
[  548.112116] binder: BINDER_SET_CONTEXT_MGR already set
21:14:36 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
pipe2(&(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x800)
getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffff9c, 0x84, 0x11, &(0x7f0000000440)={<r2=>0x0}, &(0x7f0000000480)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffff9c, 0x84, 0x1f, &(0x7f00000004c0)={<r3=>0x0, @in={{0x2, 0x4e24, @loopback}}, 0x1, 0x9}, &(0x7f0000000580)=0x88)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000980)={<r4=>0x0, 0x1, 0xa, [0x7, 0x8, 0x3ff, 0xfd41, 0x3b4, 0x9, 0x9b9f, 0x7, 0xffffffffffff8000, 0xff79]}, &(0x7f00000009c0)=0x1c)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffff9c, 0x84, 0x71, &(0x7f0000001f00)={<r5=>0x0, 0xffffffff}, &(0x7f0000001f40)=0x8)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffff9c, 0x84, 0x75, &(0x7f0000001f80)={<r6=>0x0, 0x705}, &(0x7f0000001fc0)=0x8)
sendmmsg$inet_sctp(r1, &(0x7f0000002080)=[{&(0x7f0000000040)=@in={0x2, 0x4e24, @broadcast}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000080)="570c0ef3bf6343e479760fcf2da9cccfd384353749ced67cb0a11bdc1a5994e34b6b61af02a5fc9e4b", 0x29}, {&(0x7f00000000c0)="1b1fb86744b4fb37fe43b146c33d6a476d1bb2a0b34ea20ce36d74", 0x1b}, {&(0x7f0000000180)="befa689960128ab44f0b5221df7d2e66bfb403384107f1e63029913663d5c5874c7749a646cc5637b24a5544b1cd221498c1c4c12ce371e389e6dbfec4993ae51128edb8106c9e29f09bc5bd17a87587c86bc6d62de507d2839829d93b5f72786b72745684196970ca54911b2cb907daf07c292a04fd9648ab1f7933b97b395b78", 0x81}, {&(0x7f0000000240)="4a2c65c0a42617357375be5d9164cda23f03018e017e55ab7bcf301049b409a2cd1dbb988304de9c018404f8925463bfaf60e7b064fd9afdcc1bdb14df1bdc905c95923e7ed8b7d884eb9e23cba08b4c4c27fed95528d80d7cc02936ab75e74c8c7a0d49fd50a4e6b1216f58e2f0b63d300929a1571513bcd150a616b860c7096d3d4e40221d860ada841da337bf6e4b912c8ce0abc735ca93f7449d01a9ae9c246cc0a3abf8dee28e1c42e1ca55936e340ce79bf91a7e26459a7f615a72b8d367fff486d7d16d1d3fe1fe", 0xcb}, {&(0x7f0000000340)="4305a529084038e298f7f798fa389b16aa2a7d4897bd13a662cc2e4f22a7e8d5f69910f8d252f3c4e99b3da1579fb800882386a7f12f2a68aa499653000cd748bc5b72539433416d", 0x48}, {&(0x7f00000003c0)="a4810c52527296db4ffff6398afa971688bb64d9ca42295b32d4136d45aa2ce228de72d233dab9b6ab5bd35089641bff2c013f7da8adea3bbfe67107e2227c6b6aa088270eb0e735e2caecaa4e3a", 0x4e}], 0x6, &(0x7f00000005c0)=[@authinfo={0x10, 0x84, 0x6, {0x8}}, @authinfo={0x10, 0x84, 0x6, {0x453467cf}}, @sndrcv={0x2c, 0x84, 0x1, {0xffffffffffffff01, 0x1, 0xc, 0x1, 0x401, 0x0, 0x9, 0x4ce, r2}}, @init={0x14, 0x84, 0x0, {0x4f0, 0x3, 0xffffffffffff96a0, 0x8}}, @init={0x14, 0x84, 0x0, {0x8, 0x100, 0x40, 0x401}}, @dstaddrv6={0x1c, 0x84, 0x8, @mcast2}, @authinfo={0x10, 0x84, 0x6, {0x8}}, @sndrcv={0x2c, 0x84, 0x1, {0xfffffffffffffff9, 0x1, 0x8200, 0x1, 0xffffffffffffff7f, 0x20, 0x1, 0x1, r3}}, @prinfo={0x14, 0x84, 0x5, {0x30, 0x6aa}}], 0xe0}, {&(0x7f00000006c0)=@in={0x2, 0x4e22, @broadcast}, 0x10, &(0x7f0000000940)=[{&(0x7f0000000700)="877ad1c374f816a07f8a981e1795f229c832ecf5b1f0eb3770cb6b00f9b697a2310cffe208f3aff700d102b47948413355a21b51450b59c34f", 0x39}, {&(0x7f0000000740)="6b75dbac912ae08a191473c503c836eaba06b48d78c6cdffb1b461193e07e9f00212cb707945d6616790bd8db9d572f7944ffcef3134ed", 0x37}, {&(0x7f0000000780)="55ff1b18f8e6b42e801320904a6fd1fba9c35a70b518c51966aa299a7c652d72d1a410891f8056976eb9c300639b3b7358f213dbc0c5876be2e5d5a2c4b2a1b0484d022a9e1a6f4f35e9c11061195128b5fc7e624d8323a650e2ccb35a79caa6f6d051b66867fe22b354fdc7602342a6e8129f3528f13092851930e9fbcce731c015179663509a9d773d89bbcf771fe486a87c1e6f9d13537197455fc38d1fe74cabd4c1", 0xa4}, {&(0x7f0000000840)="653a73361a855f8b8c3fea2daa556698103f52060ad6410b6326840b6e17ace15c7120a527d6f60afbb6b4979f185d536ba2dceb0fd38e7454d35a370bab5867257055169fd57de7e7972b06e95524b874328ebb52abfbf3a4f80b8b8fb2b9b4c4ac0cb61fba48ac00437ffab887a2a584accbd7ce19014e04bff3218e5136e2b46e62d69c00e59f48d78265287eb58c9cda071a3d1b66debae3301466895ea0084434e1d28838fe76290830d521fc4adc580dd369d7ef84c5430393101d8c65b02bb39fc3953b1de2d6d3289d416cde", 0xd0}], 0x4, &(0x7f0000000a00)=[@sndinfo={0x1c, 0x84, 0x2, {0x1, 0x8, 0xffffffffffffff93, 0x74db, r4}}, @prinfo={0x14, 0x84, 0x5, {0x0, 0x44}}], 0x30, 0x50}, {&(0x7f0000000a40)=@in={0x2, 0x4e20, @local}, 0x10, &(0x7f0000001ec0)=[{&(0x7f0000000a80)="da5016649bba34b3efa39cf9dd8e442c02f5f701afd271ff5405c4920ef3f0f31880303ef5b8583215c2cac3bb58780c3c9741e628a39bb19a016215894f1981c8570d544df09e83f69b479d05875e", 0x4f}, {&(0x7f0000000b00)="f87668ce86addd5376452129bbd52bcbef799e1ed9a9ea2d899e744829e3a6cc5b544e1c28c3adee86e75d481d97044d2c0bb27085a223676629f39b4b617199b85bff4d02bc27519a9b1a38cd4ebb20edbe3d8e038ab9e1225a737015487c5dd9f15e03f4ee6b4fb7497f990ac645697e272e1dd27555e81a0d9796ad3e4c22a9ca2975a93f29c9633f5f87c30715fb05d02fbf0b43195b69c4c92b28", 0x9d}, {&(0x7f0000000bc0)="80ea89194af22ed336c914dd6cfa2828cc85540d622013acbd4cb14dd7825f19a31d6e71fc40171528a767f43b268873159d2986c87cfa0bba5b322651435eba5d1c4ec846cd87e91c02ce67b0e031aded5785fe218299312d68ffde73d1f5fbe6c8a7f8ec9227efa7d32db74112e25aaaaf96221732ad20d271fda8cb605ad796c647b72028aea920ab2cc67f0b97142e32f14e01c80c8571eb0fdcfeaa34df554648cdd7645c06977b907cfaec6ab6cd9a2e888601335159cb703c34182a142ec128157d8750fde5b66a91fc7bf9a81178b4f33e11d04223e0e6c106e9398d1b8c1195cce0e96c00f593719c", 0xed}, {&(0x7f0000000cc0)="7f321b45edb28cc2bafdf33ef4ae0b132832ba6850376af56c8c56ee0235744d982a65aedea4d9269d686ddc002324528f893487bc6227810e2a09bf077312f95a1cfac769068e3fdf4c1ad46bbeeecfe705314dba9e3d43b676e59cfbcd2c03e5b4d82110cd587c3c01d3f8299f3980e7755a1a858e55b83825dae82e4e210c5f8183dcabdb35c4e8846271e44308da5c5a8108226c3871b2e164ed9be3e18a168c7ea0e935ea796ddc03a5d2bba3d9fb57d68d009bca6f9bfa3a285dc6014133a237e751ceffa4a39c02ee9ba88a622d36", 0xd2}, {&(0x7f0000000dc0)="6354aa977bf42b125fe3198dcddf02be67b5d99b59fe9374a24755fc5f95ddb7ec005629812904590a366699cefd9637f0485095f391dfd30efec92e7f801e021503275dd535c18db0cff9d166c0bef20a198d4fe0fd6c377e924d3ef62d599c49f3906f1d0278a3458ca37abea706fd124a418fa5c1b7fd5496bbc48392a40693cff27f3ed4dddc80baf39f17c53d90d3faa6087fa20d1924bbaded6fcd23133fa18f4651df3ff252c706063b82bd3a983b1205ea72b16b8d68c429cef37f1cc2f15d6b4f789d986cb71e7885e04a841d77f2cde507b631fa9e3fa66454c56d701e067c3b43b385046990318156f70f99cdf7d89ad9aefa53c1e809da9a237979bda678d05443017e023511c35980e7e384271b9524c08c6c377ae0d584ff2b6d11d684c7207d9f0cb77687eead96a5c3727142395d27ae8de98cade19bd5fa94f6dfcb26708bcc3dc4cc635d07061f35675df2ce1169d9b7c4febafa7b3e464207ff43b971fae73126a4c6f3ea6c6b6c8b177155df0861dcd3a8308b5373e7e77e4b3623175d1b0e2715eddfc97f5693558aef727dc88ce793e2265a801675fbc966335e6ea4438d7154d7531dacc7ec653ff7b42ddf6217a557903ac23f1f621a493d0eaa7a257d87c2e124955c85aa02d0aa8524e35b863b9f24aad29be9c1602d69b28103835efd84f37f856592c6ed5b084f336d53be8450068c9bdb856552061cb28307fd1c5f20698cb645ffaf3da62ada42388709595f8f92cb7bed1f5537088083c0a36ef74d065f766e3515e67eb3886cf23942e6b2ce5d7bae326f330d6c7d61baedb0cf1d2ee4c9eda3fa399a7ccd150b33569ff102cc113d6a74dffed9e6f924c9bdd052cc9afd3aa6fb1ca258424de69d2e8623035bd0a2586cc3b5989a59381398426c762e228b632f37143ec702eb6b1ad856946efdcb945abab35f24340a785ce16549e71973208e88184731caa623d6dab04a05adb9f6bb7dd55cfa2cd025efbb1f153741bf5169a3a9effec5a8cebb394b4673c89cf0559c810f7e6300641679dbb6e9e8636fe36868ad0bc09a283f0bebf3c0a398a4345634ace78e26c01bc58a8b8849d674c07857f18f64ee9565e189ef5c0cd208f00da9f6a277daa53e28d1e470dd50986412221c1036b4ba42ad9eb15b24e3df541c62baf63cf1f6a2d3173324548b4700670ba8462b5c0eaf98d9f8c807436661a1b16bd111168a368cb1b55b4df920ee9cfb93fda686900038b028509a28a8b7d1a16a78bfecf354a50d11b1f27566cade05eef6c207c6fd24ef4e12031d1f5a0f023aaf53cf2930e63bb39c741d01fbb8ac81718e0dc23d5a9b60c5255fb6288dccd2b82bb1d7497aa1a33571192681d2ee2a3b028eadf898ebab68ab28a7cfb5dacc075ce1b6f5d1272b0ff31f2f45df8bf48d46efe8f8f89f3637ff5d5e384a9cc71cb003289993e33f106c6a840a734ee8dac7f13d657255c54ec869398e0ab5659b09896c1c27c3ad84b9927d0ac0b72f1a86d360e0de4c7cb70cc612f9927bd59d14ba12b7c6a01e36c0b7aacdb024b2ee648fb07bf3d9a3cf00d9f09a0683bd2b4e28796dcf0165ae0e07f2a307cc8bae099920e3951c4481d73a187525a57b16bd4af4884e3e0f9ebfcf3e8f368429d76bf92fd907736a8d5f24e499d84a8250b1afb8951b52d418ffa71758f58bd04fbb8626c822e908c5d9df91e1fa91937b9558cb928f26365e00cb5bd2cbe60e1f9fc9e05e6d7dfc73d7ca85e9376b8983741626f0650e19cdf40f58dee3f3a1cff2c8fb8e4c659529db887aeaf93eb02997bf4bc95d42864faa20ece75191ce92c2d3d90349dee8ecca622502dfd04814abece0f985878d060e19d3dc37f9b42b43d845a5686e377620a9e71a8ccf36921aeae9dabc9435641b7ba97a623f8795383cf91ea3ba61c1cf65eb01015d0c401424aa75067e62eda6749a69f1f713211ae38e5af7be5d728116f7004dfe6f0388aed848b57a8c21d1709f2a9742b5b1ca778da126ff9934829f245af1f17b66c8629c03f03b98bf18a7244ba48091aeacbf5e506e131bdc5b6608b909605ce26545bcb27ad84556bef9ce2ddc8d8e3a0126580343b877d087a8832d74355fce0c921d856b7e2feee83d9563ee25624b8b3a144bdfb4211dea136967e01ea3f59f1bf9e2caff020a46dc8332977ab03f375afca665be07acae60487ab3234af9449a1d53a4ec145a06f0e4f8f1090c4ba259e478e430f0382fb5e888b60401110cface16cc947e2a9550efc6a6815d7c8202e2e27af2cb35c17ab3f417295b379960d58d01e2cbce2c536f5e4fea37d331528a1ccbcccd2a56df02a41f57921caa8700b61da5431704ff21b8b87c18f5d6e98fb694313298e8e36931a56cdfca6cdd2f544245365aeb2d6cd47ea4dfe0f579de8fdc940a989909412acf61acdfd7262d2e51d4c229e34e0a1085950f667b862852cebe591c91d66ff3d257a34c85f6afa742535637a0c537bab19e0ccbc73c6c25f9d60c8e12cdd76dae717613fb43cf2f9eb3cc21c4026c5ef2b16d5e7bc5e41bccd3c4dbe9d8bd7dc32bf6459702ec8ccd9b1c077809331360c143e9c324f88ad1a060ec248bda1c647a8d8062c9494a87fefee4478893cc7c58d4f3da08891a7c62bd59b20f3ae80556aaf43bcecc402401427656ae610485e5bc1e0b73631f6beacf953151564e2f98fee3bf124b0fa458d3db4329bb3a9ed382d6f4ef2d6924541b64c0eb19ad88ee0f32e0c0c44c4bca964d14925ecc712c02170665fbd30fa30705bfd62e6e318be4f4059fefe50e3f81b00c33733222e283c6c3658024edaf464440da4e570ef498981554cedecc5bdf2a8d3101063688086ec41397d6a7db87d8d6c51f29ab2d04d52e633f5c609195253537197bed3f1f23d35a943e43b98f2787cdbc75bf4f93d3a338775ef3112982d5b706990b5265f76cf0063044456ca3b0fc37a849c090507ce1aa6409008e4929b9eec942c6c619bb761428fea91be9f8b1ef74ea1f4d730fd3eb53197e6c04363641d263b595e14e387531fe2caef0d69e281428cfdf00b828c7070c7f44d586164a47573be4a13ca48b3040959103912cb1723ea0e58ed0c206fafda27fb0b4b0b2c02ee56b9135c3a23f3f170058c7c88676f6cd649c78dcf2fcb5da7133592e357e58695e16468fbcbbb1db6ad8900fd89289b5ff2e4dc41b9ec930c64a43619306d327ea6f81a40a6310fef4c80ef762a6731552754bf367da1bdd367305429a9ecd8b0efa4e0cf31cf16a292e2f7762e9dd9a1ff7490088e51205e3737591de420bcfb50f59cc8a461c4c2ebb5944abd9f1af9febed1b9748839a7c0d69e7b6e946568b578ce806a43b158ea11601269d3ab8dac25d8aa6b3dccacbe0eb6410e225577dc938f3eeb727dd5a55dcf4b405fd59fb2ce43bc442cd1b3426fa09b288d66bb9a224b1b398a76c6c68606032aec2e5bc466b85ee132f3e7ad88b24f82dcb1393bf965adc825cbbfc31c0ef98b716d9daa6600103c741818d560628cd0b5bb2eb700fdbfc5ee7856fa285b07c6417574d1e28919f611385b7ad014b4977660c8bf41e7b2d40f2e49587365d0f1bf4e35aca2f46f1562ea64c085a6dc3d4d3762d59da46c7777d22e3f54a34b0cc29b27f13993ef2015c731b3662a2aa84cc6060e35cc92576955849244dc4e9ed36a467ca6328aa57a1fc77bbec5a4be161fa1d63fe85f13e240b7353d2881162164b2bbabbcc456635d13ac4d9307c14dc5adbae1cf1c8e96d6cf252ada8dacf32b92b2101b052e2c950602f0de28ebf586351671cea6c088839bee42231b2fb4966bb3683cf15bc9936b596214f29747588fe77bc80aeedbc4b2773897b99e34c1986a39282adf600c8bf326802c2fc6dacba29ded53302f4ef7163f52e3df5db3bb2a499d6e208de2b5af6b9cff7d4a0fbf88ac2b4c2e0f7a58848dab3be88174b9a5cb724752be371954a37e81e3d015f748f8dd286306d2eff13d0e1e3b9a13812a536cd437c51ef553d2480b2093588c8c5a356f9a3ddc64bab463a34343acb8eaea77867eea75ca38d85e1cabc142113e96f6e8cbb5695c486b24f01bff7b46f6957665f0d1b5a7f79956c27deed25457ac6afe936d15fff693c3b1959aefc5124afa5d7dbee50df68e48ceae59ee7c885ed8cf66e2ff70bba74b8bb7f6ef84e3f83b433efa3044728ccd91af851d5bd481e8a7351d128d7cc9748ec642c504b5b0262338bb7872b13d7995ebe3bcae2be968139d4d45b1e9b261c07bf5668d99e65a317001d28166c6da7b7136194ded7554c6f8a754a94bb56eb7eb9b95c41640fb1c7f11e717d136dd3e08a9bab0b31b694a6d1e6dfa35539d0a03517db06d591919ac7b1fa85053c9ded3f6c8da92281322c2a02c192daeda1e5c96083a6f15743b80d2895744cf790b29b40c5bfac29d5b95ad33ce4daeb95fcbfa06eec432f60c5ba62a29d1ff37623d535250e4ab01edddd30ff50c9ad463851906c38dfb8b8b145aaed96620ce6c0e5b90fdfaeeed41b6d3338752d2ccd79218a05b22cad98e3986ba7b3f814bf9a1d798c5b4dc475f257fb165719b0dd3b31447d8f791464f1a9220cecb0fd135dc9bf08fe674dca4ca0f7aadad9bbb169907866ebe46ee9630225358a2b7eb4db6022a8d0f689d1ab9f3adc0d399e1fa300791dca62a76b0808c02be0b50b7f5ff442b8d3fee4be9e843c45e5078f06b62da3224e9db3648aa799a6110b57fccd0ee1d104e5aac5938eb7235d7a347a92c87a1e3142f9633b0b565cb74baae47685c4590d69a51923afb2b1dd4effb619c9e6db2277d09f009ccc68861cc309d2fd1f15fe7a16b69032e961b66e00d72fc50e48ca4417f39b2fcd853c7549604f6eda5932dc36b15c8e0bf599dc9d411bfab148be862756c2c3c9d7c6fb0ef68a8d429def229b3954392d302d6647167e92d2e8f5b3b424820eb27a8fed86d8bc295689f75628fd9bc209227629ec166d0cc5112cad0d24a53af1d712bf65a597087841ebd970655792fa31effee43a334a5871e754aabcc14ea48104d912b918f5d53765e9ec1bbcda3097f877fef8e48c448d14d5611849560c6859bca0edc5f2f786e1e41eed395e02b74138285fbb2477bb706988c2c6b0b7cd8fcb22eb8df45d58f6878e68eeb056ea180d36289e30e106bd1d1a6d0b41212fc54b22e040b574f20cd80b7770e77b70bec0ec633eead925ea900bb07d422c6f67f30bed169b53b76a4c76441e9df05f602a172e2aaff2804a891feebe85247f42906c4fdc5bc071f4e85ce0b096ffaeb1b2900bb62afc2fe11e8261f4b6dccb4f21dc6aebb3b7e033a5d29202b20d03433d34bf294c958f69b00ed94345af9f84830fadfc261ba4bf1b822991d97366043e8cdec7210e2a6d997254fdc339ad2904be7f57add6b4beacca9d14bc64fc9bb4b64eea5c7364b1794dddc4dfe71d48f58b5bc1a39443f561a0adb94100e741146e0a7d3d58e36a50cd82ef5f948de3c0ed03c0decc48b1fa3b3462008cc4062debc6ec071128ba9df39770aedc36a0238d961de0e8b504a2dcb9f2488706375452d90ee4d7c28fc03d961e0a8d8d7c16bcba7220bbde0b94569e3f35658aea9b6d9eb691ba85f963afb14f74faa7aa0b0e8db3ef09ffeaf0a3439d703602ce42478618c336e2e8c4875d7d7dff85ca74bc6308d53ffba9f7d41393dd17933a50f80c30fafc82244b996dc1cf384a788d9e842d03a6c76c9f616b684e3a487c21c42ba8", 0x1000}, {&(0x7f0000001dc0)="2be77145ec5bb139621335176c09bffd4c09d3c68e2bf36713701a3c112996cb6773d14dabc637f4e9228d727741e66abada77e8a0cd015e46350cf86786b4c1f1038546e8aa1812a6a6ba0612f57e44bcdbb52514e990838cc7fa214d184fb39c5cb7fc820682909d19e603bcc13e7612a7b8b072a146d4ae9e1b7123626efd8b65bb250ffeb0e1c3d74117cb066ab8a7aead77f521c2cfc6a47577dee9db2c4893561c4ff702f4550c86fa9214e9b00c88cc9e62a55e13b4e134adbd95f5c61d055eaf85bea0fb4df022873b8db543bbf33bf745f8edbd45", 0xd9}], 0x6, &(0x7f0000002000)=[@sndrcv={0x2c, 0x84, 0x1, {0x7fffffff, 0x1f, 0x8003, 0x5, 0xc70f, 0x5, 0x8001, 0x6, r5}}, @sndinfo={0x1c, 0x84, 0x2, {0x7fffffff, 0x6, 0x5, 0x7, r6}}], 0x48, 0x4000000}], 0x3, 0x40000)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:36 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
r0 = syz_open_dev$ndb(&(0x7f0000000240)='/dev/nbd#\x00', 0x0, 0x2002)
ioctl$BLKBSZSET(r0, 0x40041271, &(0x7f0000000280)=0xb696)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x1, 0x0)
bind$pptp(r2, &(0x7f0000000180)={0x18, 0x2, {0x3, @loopback}}, 0x1e)
r3 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$FITRIM(r2, 0xc0185879, &(0x7f0000000200)={0x9, 0x68, 0xfffffffffffffffd})
r4 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r4, 0x0)
fcntl$setsig(r1, 0xa, 0x1b)
ioctl$IOC_PR_PREEMPT_ABORT(r2, 0x401870cc, &(0x7f0000000340)={0x1, 0x5c1c, 0x185, 0x5})
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f00000002c0)={<r5=>0x0, 0x5, 0x10}, &(0x7f0000000300)=0xc)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f00000003c0)={r5, @in6={{0xa, 0x4e23, 0x1, @empty, 0x6}}}, 0x84)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00634040000000e2ffffff00000000000000000000000000000000000000000000000000f49585fb000000000030000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000000300)})

[  548.136095] binder: 6545:6546 ioctl 40046207 0 returned -16
[  548.154906] binder: undelivered TRANSACTION_ERROR: 29189
21:14:36 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x600, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:36 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3]}}], 0x0, 0x0, &(0x7f0000000300)})

[  548.262505] Unknown ioctl -1072146311
21:14:36 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0xa00, 0x0, &(0x7f0000000300)})

21:14:36 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x2281, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r1, 0x84, 0x1c, &(0x7f0000000040), &(0x7f0000000080)=0x4)

21:14:36 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x800)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x10001, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000240)=0x15000, 0x4)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a45320, &(0x7f0000000280)={{0x1, 0x1000}, 'port1\x00', 0x0, 0x10000, 0xfffffffffffffff9, 0x6, 0x1, 0x5, 0x3, 0x0, 0x4, 0x800})
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612)
ioctl$LOOP_GET_STATUS(r1, 0x4c03, &(0x7f0000000140))
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x802)
openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x105000, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="00634040001e24903a3fae0624569db35b75af4e4b96058d3366074863baefbae2a83a75eff624ffffffff000000000000001025c948865e114f8e5398e1515444341ef7b294e9f8cdd470330edbcaa3244d7d72236670", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  548.303150] Unknown ioctl 1075343564
[  548.307380] binder: undelivered TRANSACTION_ERROR: 29189
[  548.307682] binder: undelivered TRANSACTION_ERROR: 29189
[  548.327670] binder: 6567:6569 got transaction to invalid handle
21:14:36 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6000000]}}], 0x0, 0x0, &(0x7f0000000300)})

[  548.363015] Unknown ioctl -1072146311
[  548.372225] Unknown ioctl 1075343564
[  548.376450] binder: 6567:6583 got transaction to invalid handle
21:14:36 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x6000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:36 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000000)={<r2=>0xffffffffffffff9c})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000180)={{0x9, 0x3, 0x0, 0x1, 0x7, 0x3}, 0x7})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:36 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x30, 0x0, &(0x7f0000000300)})

[  548.470307] binder: 6585:6586 ioctl 6612 0 returned -22
[  548.532101] binder: BINDER_SET_CONTEXT_MGR already set
21:14:36 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
fgetxattr(r0, &(0x7f0000000000)=@known='security.SMACK64EXEC\x00', &(0x7f0000000040)=""/190, 0xbe)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:36 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x12000000]}}], 0x0, 0x0, &(0x7f0000000300)})

[  548.563302] binder: 6585:6586 ioctl 40046207 0 returned -16
21:14:36 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x89ffffff, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:36 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0x0, 0x800)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:36 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x68, 0x0, &(0x7f0000000300)})

21:14:36 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x5000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:36 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x10000, 0x0)
ioctl$VHOST_GET_VRING_ENDIAN(r1, 0x4008af14, &(0x7f0000000100)={0x0, 0xefa})
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180)={0x0, 0x40, 0x6, 0x0, 0x3}, 0x14)
writev(r0, &(0x7f0000000240)=[{&(0x7f00000001c0)="df2c0658d9a4831d6fb73d1f6fe2f4cf2b91278e9cbe206f8963bd4b062849e5459fda71d3d7a85527c08164e298f1e3fea594fe319381fb0b00ec4a2e140aa7c6a338044208d0a20fba65d4", 0x4c}], 0x1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xa0040, 0x20)
getsockopt$inet_buf(r2, 0x0, 0x3f, &(0x7f0000000040)=""/38, &(0x7f0000000080)=0x26)

21:14:36 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x804)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f0000000240)=ANY=[@ANYBLOB="0000000000000000b03ab17fb7c1103200bc0a6bc4dcb33c415ee8d3c208c8cb01e964a8e262957e37554fa810ef08cdde31c0111406a7885dc310a987a9cc3d0b35305064580fbbcb4c65e86cc700e870dd64fba5694dc112f1e866c31522fe70a9920519ca1b76925393cb61a810df0e"]], 0x0, 0x0, &(0x7f0000000300)})

21:14:36 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x3000000, 0x0, &(0x7f0000000300)})

[  548.782477] binder: BINDER_SET_CONTEXT_MGR already set
[  548.799051] binder: 6628:6633 ioctl 40046207 0 returned -16
[  548.823008] binder_alloc_mmap_handler: 72 callbacks suppressed
[  548.823034] binder_alloc: binder_alloc_mmap_handler: 6634 20001000-20004000 already mapped failed -16
[  548.854598] binder_alloc: binder_alloc_mmap_handler: 6638 20ffd000-20fff000 already mapped failed -16
21:14:36 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x6, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  548.875169] binder_alloc: binder_alloc_mmap_handler: 6638 20ffd000-20fff000 already mapped failed -16
[  548.885820] binder_alloc: binder_alloc_mmap_handler: 6636 20001000-20004000 already mapped failed -16
21:14:36 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2, 0x20010, 0xffffffffffffff9c, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000340)={0x4c, 0x0, &(0x7f00000003c0)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x60, 0x20, &(0x7f0000000280)=[@fda={0x66646185, 0x7, 0x2, 0x4}, @ptr={0x70742a85, 0x0, &(0x7f0000000240), 0x1, 0x0, 0x38}, @flat={0x73682a85, 0x1, r1, 0x4}], &(0x7f0000000300)=[0x40, 0x38, 0x0, 0x28]}, 0x7}}], 0xe2, 0x0, &(0x7f0000000440)="9956259dc293703520fcd0309012965290c1b71c6727611702edb1d5297e5109cb5f1110e6af178bcc41158d4148cd2a97a098eb0977018d26a66295c222481dba1d225075d34bc335e87dc954cdff06fbf1fed61796f57f92ec3fbb8b3e7d945a1e76e8b67d045b74146b1d54122e1917bcc22734c3eb225decd66d78a136c76ac9dfa8a5c1dca09ff6f22708fc9c82ecb9406ba0a3493c29648d4cb8d1fce7bd3f2d314d6f8a20e78dfceb3e50b625eb14263f82d623ff841218dad8c9b762f9ecea90ef319ebc97f2575289319735c27cce233f93ef16b6990b08562a641a8556"})
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/ignore_tunneled\x00', 0x2, 0x0)
ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000000c00)=""/7)
rseq(&(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x2, 0x7ff, 0xfff, 0x40}, 0x1}, 0x20, 0x1, 0x0)
r3 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0xc0001, 0x0)
write$tun(r4, &(0x7f0000000580)={@val={0x0, 0x3}, @val={0x3, 0x0, 0x874a, 0x10000, 0x7ff, 0x3}, @mpls={[{0x0, 0xccf, 0x1d251649, 0x100000001}, {0x0, 0x3, 0x0, 0x4}, {0x5, 0x7, 0x10000, 0x44}, {0x7, 0x7b1, 0x401, 0xffffffffffffffff}, {0x40000000000, 0x75, 0x3, 0x8}, {0x80, 0x100000001, 0x6, 0x5}, {0x7, 0x2, 0x5, 0x13}], @ipv6={0x2, 0x6, "bc5ae4", 0x62a, 0x2f, 0x1000, @dev={0xfe, 0x80, [], 0x1b}, @ipv4={[], [], @remote}, {[@fragment={0x3c, 0x0, 0x7, 0x8, 0x0, 0x401, 0x65}, @hopopts={0xc, 0x26, [], [@pad1, @generic={0xfffffffffffffeff, 0x6f, "5c258efdeee976b9de6be535913577a2a110d03134e1ca80fc1bd65036e8632fcb1163e9c0a31354c121472587deb7df3ef2bc9a2694995a692e92b304818d60d423b4847f22f4b90035f1923948e17dd995d60d84086ca8469dfe6babd2a0f738a73c720dd8706a3ead9d4182a705"}, @pad1, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @generic={0x0, 0xab, "4ca71b7bfc3c096b0a155f44a9095c07cf550c3767e5e165700c29203b0f3f0359d97a01f1bcbff08a2f955aaff9f5f0999f167d5251000bb4d79528d017563a84d1d6070eddb38586757c04f40b4e07a836804607687c48d32a5fedcfc5bdfdd488d6e40f2e3fa7243ff4d4427c268362e4f4ec7b703613bb153761ebaa2b3b3bfac7061aac5074b008732d623d0dd67ab5b6e3488a518836fd57b551e362a46e5a16d34ecc6afaf39a02"}, @pad1, @pad1]}, @hopopts={0x19, 0x18, [], [@hao={0xc9, 0x10, @ipv4={[], [], @broadcast}}, @calipso={0x7, 0x38, {0x3, 0xc, 0x7, 0x3, [0xf673, 0xa000000000, 0x0, 0x0, 0x7, 0x100000000]}}, @calipso={0x7, 0x48, {0x5b0, 0x10, 0x5, 0x80, [0xfffffffffffffff9, 0x3, 0x42, 0x4, 0x1, 0x3, 0x9, 0x1]}}, @enc_lim={0x4, 0x1, 0x7fff}, @calipso={0x7, 0x28, {0x8, 0x8, 0xff, 0x0, [0xe7, 0x0, 0xb8d, 0x800]}}]}, @dstopts={0x5c, 0x2, [], [@padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x7f}, @enc_lim={0x4, 0x1, 0x8}, @jumbo={0xc2, 0x4, 0x4fb}]}, @dstopts={0x87, 0x5, [], [@hao={0xc9, 0x10, @local}, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @loopback}]}, @routing={0x88, 0x12, 0x3, 0x6d, 0x0, [@mcast1, @loopback, @remote, @mcast1, @dev={0xfe, 0x80, [], 0xb}, @dev={0xfe, 0x80, [], 0x20}, @local, @dev={0xfe, 0x80, [], 0xd}, @mcast2]}, @hopopts={0x11, 0xc, [], [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @padn={0x1, 0x1, [0x0]}, @pad1, @padn={0x1, 0x2, [0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x3}, @ra={0x5, 0x2, 0x7}, @padn={0x1, 0x1, [0x0]}, @pad1, @jumbo={0xc2, 0x4, 0x7f}, @generic={0xffffffffffff0000, 0x40, "d8629ef27f1cbb9c460141943b40e1cd48a2fb7171f7443e8ec18665c8ff7719ebbe518faa337f8152eaf3a10f6228c8c1fc51fcdd3f68b7cd8d8bfde3ec5a38"}]}, @hopopts={0x1, 0x1c, [], [@padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @dev={0xfe, 0x80, [], 0xd}}, @jumbo={0xc2, 0x4, 0x2}, @hao={0xc9, 0x10, @mcast2}, @generic={0x80000000, 0xad, "7a4840499cf492dba7c20f8ee56e7537c84b3ed61e33052f77e1c761152b15a0c0c1643e82d8cf659bfb439ef91d6abff1a9167825626fb2d378cb83c34eb328fb1e8ca81a7c737b4a04db98eacd23d94c19680a0500541d5aff8e230cf1eaca196945bc0e58b99ce55b8bd7720dae6646131ba029f003c22fa5dbd477666de3ce915bd9d55baaefe0e6ff9b0e5c2ffc6f95af172148e6c96fd89b572565246f1189dfbdf3123df2df2dc4a215"}, @enc_lim={0x4, 0x1, 0x3f}, @pad1]}, @routing={0x33, 0x2, 0x3, 0x5, 0x0, [@empty]}, @hopopts={0x7f, 0x21, [], [@enc_lim={0x4, 0x1, 0x597d1f3c}, @generic={0x2, 0xe7, "72c427c3b48405b4f6241bae31ba6309cedbeb11bba800f9d9cf6b367e8e256677a304cef576d2f9e5ce041f9af2d2e3c5ac0cc9a065b867b722e9950f63c642eeb0b402494ec4e6b5500ce98a94fa90f8bc1f8e10ac5d0e1c8ef97e11f8116107743ddfd2ca90bd721a88024ee7c47dff79dfcf75f82d947b32cade5b278bb2726f098d600991b35baf142169de569ada4a4c3a62a84a4556539cab6bb6526d7759ea854688126e85ef175cc576196fc9d8d7cf4e0933e62749af5f8bcb5130c2cd35086cadb7adbfb984f209831c79c3958349d37f0843ce9412a0c0570fba3e4a408f3b4b5a"}, @hao={0xc9, 0x10, @mcast2}, @jumbo={0xc2, 0x4, 0x7}, @jumbo={0xc2, 0x4, 0x8}, @pad1]}], @dccp={{0x4e20, 0x4e21, 0x4, 0x1, 0x40, 0x0, 0x0, 0x7, 0x1, "26c6b6", 0xb0a3, "d7167d"}, "2d9f44386891f19b478d9c806262565ea0aa527b38b9f8c0aa55faab87a85dc57ea5201e85af7592f24f217bf918fb0caa0426302b6b1468b503a93a7671b67e5c2ce3958f55585d9265c09443db57827f45d8febbb67c94298f878c8d5e4d45acc179d25151fee38b9f6d79d38535a300c953179a32ecf0cf7a52dd784369a5229a"}}}}}, 0x67c)
r5 = syz_open_dev$binder(&(0x7f0000000d40)='/dev/binder#\x00', 0x0, 0x802)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r5, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000040)={0xa3, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x3e3, 0x0, &(0x7f0000000300)})

21:14:36 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f0000000080), 0xffffffffffffff2b, 0x0, &(0x7f0000000300)})

21:14:37 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x48000000, 0x0, &(0x7f0000000300)})

21:14:37 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x600]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:37 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
r1 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x4, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x106, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x1, {0xa, 0x4e22, 0x0, @remote, 0xb2000000000000}, r2}}, 0x38)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$SO_COOKIE(r3, 0x1, 0x39, &(0x7f0000000000), &(0x7f0000000040)=0x8)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000080)={'syzkaller1\x00', 0xffffffff})

[  549.060912] binder: 6657:6658 unknown command 0
21:14:37 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0xffffff89, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  549.092207] binder: 6657:6658 ioctl c0306201 20000000 returned -22
[  549.122161] binder_alloc: binder_alloc_mmap_handler: 6666 20001000-20004000 already mapped failed -16
[  549.132752] binder: BINDER_SET_CONTEXT_MGR already set
21:14:37 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x6c00, 0x0, &(0x7f0000000300)})

21:14:37 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0, <r0=>0x0}, &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = request_key(&(0x7f0000000200)='big_key\x00', &(0x7f0000000240)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000280)='posix_acl_accesstrusted:\x00', 0x0)
keyctl$get_persistent(0x16, r0, r2)
add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000180)={0x73, 0x79, 0x7a, 0x1}, 0x0, 0x0, r2)
r3 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  549.149460] binder: 6657:6672 ioctl 40046207 0 returned -16
[  549.155410] binder_alloc: binder_alloc_mmap_handler: 6671 20ffd000-20fff000 already mapped failed -16
[  549.184160] binder: 6657:6658 unknown command 0
[  549.190736] binder: 6671:6678 ioctl 8922 20000080 returned -22
[  549.192932] binder: 6657:6658 ioctl c0306201 20000000 returned -22
21:14:37 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:37 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x2c00000000000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  549.253710] binder: 6671:6678 ioctl 8922 20000080 returned -22
[  549.253960] binder_alloc: binder_alloc_mmap_handler: 6671 20ffd000-20fff000 already mapped failed -16
21:14:37 executing program 4:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x8001, 0x840)
ioctl$KVM_PPC_GET_PVINFO(r3, 0x4080aea1, &(0x7f0000000200)=""/182)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="006340400000002000000000000000000000000000040000000000000002000000000000c07979c3e799b138387100000000000000000000000000000000af93ee263184b23d458cae16aa8a4a0d2842a576a9392d9c3bce6256b2d3b6e97bb44d67db9a57e8b4fdffc6813f486eb06d6b2418fd8e5e77cc896989740367d10b3ee148d6eaed928015a74896e453bb8ac996", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:37 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x5, 0x0, &(0x7f0000000300)})

21:14:37 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x5]}}], 0x0, 0x0, &(0x7f0000000300)})

[  549.303997] binder_alloc: binder_alloc_mmap_handler: 6682 20001000-20004000 already mapped failed -16
[  549.324899] binder_alloc: binder_alloc_mmap_handler: 6690 20001000-20004000 already mapped failed -16
21:14:37 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x200000, 0x0)
ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000040))
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:37 executing program 0:
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x20011, r1, 0x0)

21:14:37 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x500000000000000, 0x0, &(0x7f0000000300)})

[  549.457325] binder: 6696:6697 got transaction to invalid handle
[  549.457555] binder_alloc: binder_alloc_mmap_handler: 6699 20001000-20004000 already mapped failed -16
[  549.485184] binder: BINDER_SET_CONTEXT_MGR already set
21:14:37 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x1c000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  549.515145] binder: 6696:6710 ioctl 40046207 0 returned -16
21:14:37 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2000000]}}], 0x0, 0x0, &(0x7f0000000300)})

[  549.556863] binder: 6696:6709 got transaction to invalid handle
21:14:37 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
syz_emit_ethernet(0x2e8, &(0x7f0000006c40)=ANY=[@ANYBLOB="0180c2000000c9111c68304286dd605f4d1e02b20000fe8000000000000000000000000000aa000000000000000000000000000000000c20880900fd00030002c444e0986a0079fac7ace5715be28a11768941c645e1f6a3a8a053eaeb7d33cff5399f816895abe1e4c2599a41210a904b56d507a11a23a1622a1bbf89974ce89d5a3f2cd6f3312f3bbafd6d6db75c79078b1ee1fe3d09af6151b2218baf9de0e110621a1e329230f7b8855630de78c67cbfa786a169dc4a6569ab65e52a71d5575c02a21cfca8d78cd8a281b1bd963812fee526f31dd11add7933879fd0d4ded5a3bfa5bb9cbc121c9ade735aa2133a238e72eb1195f6af14d2604aa449d327ba87f177111f45f7749059ad610ba03ca1cce38d4e09de302d67345415fe07a1bbda42c57e991fd59607c65ced23fc9b67dcc0fb0319d3cfeb16e74e3404000800f8008289c54bd323c93c6f9d4dbe40dea849ad4bb3153671910d5d63f57a9ecc7967c28418bf6b08d840560234ee44c60ab7ef3fa48374342177803b7159abdd912172d2faa071ce750ce9b7f2501aaaf8bf8a66dc34c7fc6714be0482228a836bbd0bebb274f3f1d72176e1e1eb155cdfe10ac222e8f49cbf300a166a126c1673177789b17647f89e3ed54e9465525f4593088ccc533934726efc5ee2e54a4365c52d5e0c01f36ee6cc9e234ac12fc52a9b0ee0ad3d620062a67015b2f413a6a26ee9e60c981a127f2200d160057d1e60870e0fb515539f47c57aada31440504c07f704de820635ddb491640200040086dd2c3b3ecc361135b2173c06d9d62ce5aed9aa597bf755dfe552e77c70342cefd235660d44cc8626b4e9d2cf1da7d02ca91e6f4f2409841b39f0c861ed03e8640c9f22f17a031e3e1d3873ac844884e1381457038d5f93a4059575080088be00000001111633170100000000000040080022eb0000000325022c0102000000000004010003801108006558000000016df5f24772ab4078d561e3002cd6d7accb2b2a51344bd15ae7be3f930dbb1a89b2a039a836196f"], &(0x7f0000000c00)={0x1, 0x1, [0xa4, 0x328, 0xfc4, 0xe14]})
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r1, 0xc10c5541, &(0x7f0000000180)={0x3, 0x6e9b, 0xb808, 0x0, 0x0, [], [], [], 0x4, 0x6})
r2 = socket$pppoe(0x18, 0x1, 0x0)
setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f00000003c0)=@req3={0x8001, 0x7c7, 0x3c50, 0x7, 0x0, 0x7ff0000, 0x4}, 0x1c)
ppoll(&(0x7f0000000000)=[{r0, 0x4201}, {r2, 0x444}, {r0, 0x4410}, {r0, 0x20}, {r0, 0x20}], 0x5, &(0x7f0000000040)={0x0, 0x1c9c380}, &(0x7f0000000080)={0x7}, 0x8)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f00000000c0))
fadvise64(r1, 0x0, 0x3, 0x4)
r3 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000340)="5c6b0e0a228a86ebe496b5ab7e227774b815995ca7df52e6903d550b93fc9256309d73be1d326116d5c146d5df7184941e219384b3dda3191bb5be35e4a93831c2beb2ad8adba4bf5b310aaed0833fed9d22dec5982fc953595f0201719886", 0x5f, 0x0)
keyctl$setperm(0x5, r3, 0x0)

21:14:37 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x80, 0x0)
setsockopt$EBT_SO_SET_COUNTERS(r2, 0x0, 0x81, &(0x7f0000000200)={'broute\x00', 0x0, 0x0, 0x0, [], 0xa, &(0x7f0000000180)=[{}, {}], 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0xf0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000a489429800"]], 0x0, 0x0, &(0x7f0000000300)})

21:14:37 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0xffffff7f, 0x0, &(0x7f0000000300)})

21:14:37 executing program 4:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x8001, 0x840)
ioctl$KVM_PPC_GET_PVINFO(r3, 0x4080aea1, &(0x7f0000000200)=""/182)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="006340400000002000000000000000000000000000040000000000000002000000000000c07979c3e799b138387100000000000000000000000000000000af93ee263184b23d458cae16aa8a4a0d2842a576a9392d9c3bce6256b2d3b6e97bb44d67db9a57e8b4fdffc6813f486eb06d6b2418fd8e5e77cc896989740367d10b3ee148d6eaed928015a74896e453bb8ac996", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  549.701476] Unknown ioctl -1056156351
21:14:37 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:37 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x2b00, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  549.779228] Unknown ioctl -1056156351
21:14:37 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0)
epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  549.801213] binder: 6738:6740 got transaction to invalid handle
21:14:37 executing program 1:
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, 0xffffffffffffffff, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x101000, 0x0)
ioctl$NBD_SET_SIZE(r0, 0xab02, 0xb)
getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f0000000040)={'filter\x00', 0x92, "086ad4ad1564d6bdd5abcd765835703a0aac8dbceaf4b6dc26a7493136937a67c4e6b3fd01ed27a303ceddba252605915500e0444f37b80433eb49ea895e51b470043a07a01105b5314a30b6e1d25b7fd28c0855a4aa6dcf67d3cfba1aab90b5b4c30879d2df664f2ecb38fd168a2379beed9260701401863bedb8c2c547d67ea9f1a69d072cdabbcc5e80ecb7af3c636f59"}, &(0x7f0000000100)=0xb6)

21:14:37 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x6800, 0x0, &(0x7f0000000300)})

21:14:37 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6800]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:37 executing program 4:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0, <r0=>0x0}, &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = request_key(&(0x7f0000000200)='big_key\x00', &(0x7f0000000240)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000280)='posix_acl_accesstrusted:\x00', 0x0)
keyctl$get_persistent(0x16, r0, r2)
add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000180)={0x73, 0x79, 0x7a, 0x1}, 0x0, 0x0, r2)
r3 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r3, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:37 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x300000000000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:38 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x80)
ioctl$SCSI_IOCTL_SYNC(r1, 0x4)
ioctl$RTC_PIE_ON(r1, 0x7005)

21:14:38 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x6c000000, 0x0, &(0x7f0000000300)})

21:14:38 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:38 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000000))
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000100)={{}, {0x0, @broadcast}, 0x0, {0x2, 0x0, @loopback}, 'bond0\x00'})
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000140)={<r3=>0x0})
ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000180)={r3})
r4 = dup(r2)
ioctl$EVIOCSABS2F(r4, 0x401845ef, &(0x7f0000000000)={0x2c94772b, 0x6, 0x9, 0x70be8b71, 0x5, 0x9})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000efff00000000000000000000f9ffffff00000000000000000000000080246c040000000000000090354fe8f7514c136dda88861fe73040ef6e99999221da82441e14738b49ec1e74165ab3657ca9a20e8941a0e972b26c5bdf3392404fac89d6bcb3990071ac0199164148dfb0bf5d0eb698c0ac1ffe17db00653e041ef8c5531f973e8a4062f9e46679910164b189355ee1abc971387aef8aceb7e7efecc3cd76c70cfd8042065e0000000000000000000000000000000012ea0ece6bff10d2ed31885d416a15472fa619b4b4191ad3057f0b199ae8e94e004d7b8c1d3cc8426b50ab4618492ebb0b0552b32525187c6d4a3b388405a7a321a236dfde181cd7582209ff4d029b16b67c7670978f30fad334391272117291b65d0cab177e3b6047d4555de95e9fc60518f69fb018275213628bf2b560dcdd75aea1971f379ca2f97aaffb51daf66b603627c91b82f99ef01e5c70e8d394b6fd30013dba01f3463fdc1f4350aea6762736517489602c2492e6b45ba7db6103eab12cf8f1e5ff87c3d3e651bd30dfd940e6000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r4, 0x84, 0xa, &(0x7f00000001c0)={0x9, 0x9, 0x201, 0x7ff, 0x8, 0x2920, 0x9, 0x8001, <r5=>0x0}, &(0x7f0000000200)=0x20)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000240)={r5, @in={{0x2, 0x4e20, @local}}, 0x1, 0xfff, 0x1cfc, 0x2, 0x32}, 0x98)

21:14:38 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xa]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:38 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x29000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:38 executing program 1:
r0 = syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x8, 0x420000)
getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000180)={<r1=>0x0, 0x4, 0x0, 0x5, 0x80000001, 0x7}, &(0x7f00000001c0)=0x14)
setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000200)={r1}, 0x8)
r2 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0)
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x11, r2, 0x0)
r3 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x50000, 0x200000)
r4 = getuid()
getgroups(0x8, &(0x7f00000000c0)=[0xee00, 0xffffffffffffffff, 0x0, 0xee00, 0xffffffffffffffff, 0x0, 0xee00, <r5=>0xee00])
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0x80, &(0x7f0000000240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r4, @ANYBLOB=',group_id=', @ANYRESDEC=r5, @ANYBLOB="2c6d61785f726561643d3078303030303030308120203b227f2c00d3cd21361927287729dbdd14"])

21:14:38 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x2, 0x0, &(0x7f0000000300)})

[  550.289948] binder: 6788:6789 ioctl 401845ef 20000000 returned -22
21:14:38 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x400000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:38 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x3000000, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:38 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000000))
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000100)={{}, {0x0, @broadcast}, 0x0, {0x2, 0x0, @loopback}, 'bond0\x00'})
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000140)={<r3=>0x0})
ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000180)={r3})
r4 = dup(r2)
ioctl$EVIOCSABS2F(r4, 0x401845ef, &(0x7f0000000000)={0x2c94772b, 0x6, 0x9, 0x70be8b71, 0x5, 0x9})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000efff00000000000000000000f9ffffff00000000000000000000000080246c040000000000000090354fe8f7514c136dda88861fe73040ef6e99999221da82441e14738b49ec1e74165ab3657ca9a20e8941a0e972b26c5bdf3392404fac89d6bcb3990071ac0199164148dfb0bf5d0eb698c0ac1ffe17db00653e041ef8c5531f973e8a4062f9e46679910164b189355ee1abc971387aef8aceb7e7efecc3cd76c70cfd8042065e0000000000000000000000000000000012ea0ece6bff10d2ed31885d416a15472fa619b4b4191ad3057f0b199ae8e94e004d7b8c1d3cc8426b50ab4618492ebb0b0552b32525187c6d4a3b388405a7a321a236dfde181cd7582209ff4d029b16b67c7670978f30fad334391272117291b65d0cab177e3b6047d4555de95e9fc60518f69fb018275213628bf2b560dcdd75aea1971f379ca2f97aaffb51daf66b603627c91b82f99ef01e5c70e8d394b6fd30013dba01f3463fdc1f4350aea6762736517489602c2492e6b45ba7db6103eab12cf8f1e5ff87c3d3e651bd30dfd940e6000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r4, 0x84, 0xa, &(0x7f00000001c0)={0x9, 0x9, 0x201, 0x7ff, 0x8, 0x2920, 0x9, 0x8001, <r5=>0x0}, &(0x7f0000000200)=0x20)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000240)={r5, @in={{0x2, 0x4e20, @local}}, 0x1, 0xfff, 0x1cfc, 0x2, 0x32}, 0x98)

21:14:38 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x50000)
epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

[  550.520670] binder: 6815:6816 ioctl 401845ef 20000000 returned -22
21:14:38 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x6, 0x0, &(0x7f0000000300)})

21:14:38 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0x0, 0x802)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x2, 0x0)
getpeername$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000080)=0x1c)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r2 = syz_open_pts(r1, 0x0)
ioctl$KDSKBLED(r2, 0x4b65, 0x2)
mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:38 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffff9c, 0x50, &(0x7f0000000200)={0x0, <r0=>0x0}}, 0x10)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000180)=r0, 0x4)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x802)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:38 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x600000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:38 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x2f00, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:38 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000000))
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000100)={{}, {0x0, @broadcast}, 0x0, {0x2, 0x0, @loopback}, 'bond0\x00'})
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000140)={<r3=>0x0})
ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000180)={r3})
r4 = dup(r2)
ioctl$EVIOCSABS2F(r4, 0x401845ef, &(0x7f0000000000)={0x2c94772b, 0x6, 0x9, 0x70be8b71, 0x5, 0x9})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000efff00000000000000000000f9ffffff00000000000000000000000080246c040000000000000090354fe8f7514c136dda88861fe73040ef6e99999221da82441e14738b49ec1e74165ab3657ca9a20e8941a0e972b26c5bdf3392404fac89d6bcb3990071ac0199164148dfb0bf5d0eb698c0ac1ffe17db00653e041ef8c5531f973e8a4062f9e46679910164b189355ee1abc971387aef8aceb7e7efecc3cd76c70cfd8042065e0000000000000000000000000000000012ea0ece6bff10d2ed31885d416a15472fa619b4b4191ad3057f0b199ae8e94e004d7b8c1d3cc8426b50ab4618492ebb0b0552b32525187c6d4a3b388405a7a321a236dfde181cd7582209ff4d029b16b67c7670978f30fad334391272117291b65d0cab177e3b6047d4555de95e9fc60518f69fb018275213628bf2b560dcdd75aea1971f379ca2f97aaffb51daf66b603627c91b82f99ef01e5c70e8d394b6fd30013dba01f3463fdc1f4350aea6762736517489602c2492e6b45ba7db6103eab12cf8f1e5ff87c3d3e651bd30dfd940e6000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r4, 0x84, 0xa, &(0x7f00000001c0)={0x9, 0x9, 0x201, 0x7ff, 0x8, 0x2920, 0x9, 0x8001, <r5=>0x0}, &(0x7f0000000200)=0x20)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000240)={r5, @in={{0x2, 0x4e20, @local}}, 0x1, 0xfff, 0x1cfc, 0x2, 0x32}, 0x98)

21:14:38 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0xa00000000000000, 0x0, &(0x7f0000000300)})

21:14:38 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xa000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:38 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3, 0x30, r0, 0x3)
syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x800)
socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r0, 0x5386, &(0x7f0000000000))
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:38 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6, 0x2})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x8000, 0x0)
ioctl$KDSETMODE(r1, 0x4b3a, 0x8)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000200)={0x7ff, 0x0, {0xffffffffffffffff, 0x3, 0x6, 0x3, 0x1}})
getsockopt$inet6_mreq(r1, 0x29, 0x1c, &(0x7f00000002c0)={@dev}, &(0x7f0000000280)=0x4)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:38 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x4000000000000000, 0x0, &(0x7f0000000300)})

[  550.854696] binder: 6857:6858 ioctl 5386 20000000 returned -22
[  550.868037] binder: 6845:6846 ioctl 401845ef 20000000 returned -22
[  550.891024] binder: 6857:6861 ioctl 5386 20000000 returned -22
21:14:38 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:39 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x167000, 0x0)
fadvise64(r0, 0x0, 0x400, 0x0)
ioctl$ASHMEM_SET_NAME(r1, 0x41007701, &(0x7f0000000140)='/dev/binder#\x00')
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0063404000100000000000000000000000000000000000000000c1d22838c3b229fbcd3111a29e00000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

[  550.954013] QAT: Invalid ioctl
21:14:39 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x6000000, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  550.982796] binder: 6862:6864 ioctl c0605345 20000200 returned -22
21:14:39 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x628003, 0x0)
ioctl$KVM_INTERRUPT(r1, 0x4004ae86, &(0x7f0000000040)=0x4)
ioctl$KVM_REINJECT_CONTROL(r1, 0xae71, &(0x7f0000000080)={0x4})
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xfffffffffffffffd, 0x11, r0, 0x0)
mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x400000000000001, 0x13, r0, 0xfffffffffffffffd)

21:14:39 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x600, 0x0, &(0x7f0000000300)})

[  551.041848] QAT: Invalid ioctl
[  551.055104] binder: 6862:6874 ioctl c0605345 20000200 returned -22
[  551.073389] binder: 6875:6876 got transaction to invalid handle
21:14:39 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x1000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:39 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0, <r0=>0x0, <r1=>0x0}, &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r4 = dup(r2)
ioctl$DRM_IOCTL_RES_CTX(r2, 0xc0086426, &(0x7f0000000180)={0x6, &(0x7f00000000c0)=[{}, {}, {}, {<r5=>0x0}, {}, {}]})
write$FUSE_DIRENTPLUS(r4, &(0x7f0000000480)={0x210, 0x0, 0x1, [{{0x2, 0x3, 0x81, 0x5, 0x1f, 0x1, {0x3, 0x1, 0x5, 0x1307, 0x7, 0x100000001, 0x1, 0x4, 0x2, 0x200, 0x10001, r0, r1, 0x1, 0xc35}}, {0x4, 0x800, 0xd, 0x6, '/dev/binder#\x00'}}, {{0x3, 0x1, 0x1f, 0x2f5f, 0x20, 0xfff, {0x3, 0xb28, 0xa7bf, 0x9, 0x10, 0xbd7, 0x100000000, 0x1, 0x8, 0x869, 0x69a, r0, r1, 0x628e, 0x448f}}, {0x6, 0x3a46, 0x14, 0x1, ']#*posix_acl_access:'}}, {{0x4, 0x1, 0x4, 0x4, 0x401, 0x2, {0x4, 0x3, 0x79e, 0x4, 0x7, 0x7, 0xa7c, 0x8, 0x0, 0x6, 0x8000, r0, r1, 0xffff, 0x6}}, {0x5, 0x0, 0xe, 0x6, '/dev/snapshot\x00'}}]}, 0x210)
ioctl$DRM_IOCTL_RM_CTX(r4, 0xc0086421, &(0x7f0000000300)={r5, 0x2})
write$P9_RRENAME(r4, &(0x7f0000000340)={0x7, 0x15, 0x2}, 0x7)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x200, 0x0)
ioctl$EVIOCGABS20(r6, 0x80184560, &(0x7f0000000200)=""/196)
r7 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r7, 0x0)
ioctl$RTC_EPOCH_READ(r6, 0x8004700d, &(0x7f0000000080))
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="006340400000000000000000000008000000000000000000000000000000000000000000000000000000000000300000000000000f37eb71849499e980b385b042e6c645d7adaa1d5cec14d41acd5c6f49a22ab10100c5820a1b4a4df57777e45d998e23d117f33678acd46b45f9d700bb03f38e0035551dbb06bb7b8cd435c4eae8f9354844c02af92bb9d2", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000000300)})

21:14:39 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ppp\x00', 0x400800, 0x0)
ioctl$PIO_FONTRESET(r0, 0x4b6d, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ppp\x00', 0x200, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="006340400000000000000000000000b8000000000000000000000000000000000000000000001000000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={<r3=>0x0}, &(0x7f0000000140)=0xc)
wait4(r3, &(0x7f0000000180), 0x2, &(0x7f00000001c0))

21:14:39 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x3c, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:39 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x4, 0x0, &(0x7f0000000300)})

21:14:39 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x3)

21:14:39 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x600000000000000, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:39 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x6, 0x610040)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0xe0422000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xb0, r3, 0x106, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x14, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x2e}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x74}]}, @IPVS_CMD_ATTR_DEST={0x48, 0x2, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x400}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@rand_addr=0x6}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x8}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x9}, @IPVS_DEST_ATTR_U_THRESH={0x8}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6e}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x4}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xdf}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x4}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x40051}, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:39 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101000, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r1, &(0x7f0000000040)="8957d865590cf998a46099acb6953403e19a1d1164", &(0x7f0000000180)=""/4096}, 0x18)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:39 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x1200000000000000, 0x0, &(0x7f0000000300)})

21:14:39 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xfdfdffff]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:39 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x10, 0x0, &(0x7f0000000000)=[@request_death={0x400c630e, 0x0, 0x4}], 0x0, 0x0, &(0x7f0000000300)})

21:14:39 executing program 4:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
r3 = getpgrp(0x0)
r4 = syz_open_procfs(r3, &(0x7f0000000000)='environ\x00')
waitid(0x2, r3, &(0x7f0000000180), 0xc000000b, 0x0)
ioctl$DRM_IOCTL_AGP_ACQUIRE(r0, 0x6430)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="006340400000000000000000000000000000000a49b00030d9bcc5f8378d0000100000000000000000000000000000000000000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})
ioctl$sock_inet6_udp_SIOCOUTQ(r4, 0x5411, &(0x7f0000000140))
recvmmsg(r4, &(0x7f0000004d80)=[{{&(0x7f0000000080)=@ax25, 0x80, &(0x7f0000000480)=[{&(0x7f0000000240)=""/73, 0x49}, {&(0x7f00000002c0)=""/184, 0xb8}, {&(0x7f0000000380)=""/23, 0x17}, {&(0x7f00000003c0)=""/10, 0xa}, {&(0x7f0000000400)=""/69, 0x45}], 0x5, &(0x7f00000004c0)=""/195, 0xc3, 0x2}, 0x8}, {{&(0x7f00000005c0)=@can={0x1d, <r5=>0x0}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000640)=""/240, 0xf0}, {&(0x7f0000000740)=""/46, 0x2e}, {&(0x7f00000013c0)=""/4096, 0x1000}, {&(0x7f0000000780)=""/210, 0xd2}, {&(0x7f0000000880)}], 0x5, &(0x7f0000000900)=""/165, 0xa5, 0x6}, 0xae}, {{&(0x7f00000009c0)=@ax25, 0x80, &(0x7f0000000ec0)=[{&(0x7f0000000a40)=""/132, 0x84}, {&(0x7f0000000b00)=""/188, 0xbc}, {&(0x7f0000000bc0)=""/36, 0x24}, {&(0x7f0000000c00)=""/123, 0x7b}, {&(0x7f0000000c80)=""/113, 0x71}, {&(0x7f0000000d00)=""/206, 0xce}, {&(0x7f0000000e00)=""/172, 0xac}], 0x7, &(0x7f0000000f00)=""/234, 0xea, 0x1ec}, 0x9}, {{0x0, 0x0, &(0x7f0000001100)=[{&(0x7f0000001000)=""/244, 0xf4}], 0x1, &(0x7f0000001140)=""/166, 0xa6, 0x9}, 0x800}, {{&(0x7f0000001200)=@generic, 0x80, &(0x7f00000035c0)=[{&(0x7f0000001280)=""/255, 0xff}, {&(0x7f00000023c0)=""/4096, 0x1000}, {&(0x7f00000033c0)=""/103, 0x67}, {&(0x7f0000003440)=""/137, 0x89}, {&(0x7f0000003500)=""/44, 0x2c}, {&(0x7f0000003540)=""/87, 0x57}], 0x6, &(0x7f0000003600)=""/26, 0x1a, 0xf2f}, 0x1}, {{0x0, 0x0, &(0x7f0000003d00)=[{&(0x7f0000003640)=""/241, 0xf1}, {&(0x7f0000003740)}, {&(0x7f0000003780)=""/21, 0x15}, {&(0x7f00000037c0)=""/182, 0xb6}, {&(0x7f0000003880)=""/238, 0xee}, {&(0x7f0000003980)=""/237, 0xed}, {&(0x7f0000003a80)=""/11, 0xb}, {&(0x7f0000003ac0)=""/239, 0xef}, {&(0x7f0000003bc0)=""/30, 0x1e}, {&(0x7f0000003c00)=""/196, 0xc4}], 0xa, &(0x7f0000003d80)=""/4096, 0x1000, 0x8001}, 0xfffffffffffffffb}], 0x6, 0x40002001, 0x0)
setsockopt$inet6_mreq(r4, 0x29, 0x1d, &(0x7f0000004e40)={@empty, r5}, 0x14)

21:14:39 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x700000000000000, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:39 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, &(0x7f0000000180)={'filter\x00', 0x0, 0x4, 0x87, [], 0x1, &(0x7f0000000000)=[{}], &(0x7f0000000040)=""/135}, &(0x7f0000000100)=0x50)

21:14:39 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x68000000, 0x0, &(0x7f0000000300)})

21:14:39 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x300]}}], 0x0, 0x0, &(0x7f0000000300)})

[  551.658408] binder: 6936:6937 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  551.693677] binder_transaction: 103 callbacks suppressed
[  551.693691] binder: 6946:6947 transaction failed 29189/-3, size 0-12288 line 2970
21:14:39 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x7, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  551.697089] binder: 6938:6939 transaction failed 29189/-3, size 0-0 line 2970
[  551.743303] binder: 6952:6953 transaction failed 29189/-3, size 0-12288 line 2970
21:14:39 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x2, 0x80101)
fcntl$getownex(r0, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000180)={0x4, 0x4, 0x0, 0x1, 0x1})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:39 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000040)={<r2=>0x0, 0x101, 0x10}, &(0x7f0000000080)=0xc)
setsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f00000000c0)={r2, 0x0, 0x6, 0x20}, 0x10)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:39 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x40000000, 0x0, &(0x7f0000000300)})

21:14:39 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4c00000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:39 executing program 4:
r0 = syz_open_dev$sndmidi(&(0x7f0000000140)='/dev/snd/midiC#D#\x00', 0xfffffffffffffff9, 0x400)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000180)=ANY=[@ANYBLOB="0000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000c0ffffffffffff7f000000008000000000000000eed40000000000000400000000000000000000000000000000000000000000000000000000000000ff0300000500000010000000000000000900000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000017000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040020000000000000000000000000000000000"])
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x101000, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000004c2782ba11860000000000000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})
timer_create(0x6, &(0x7f0000000440)={0x0, 0x19}, &(0x7f0000000480)=<r4=>0x0)
sysfs$3(0x3)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000004c0)={<r5=>0x0, 0x401, 0x2, [0x5, 0x4]}, &(0x7f0000000500)=0xc)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000540)={0x7, 0x3, 0x6, 0x4, r5}, 0x10)
timer_getoverrun(r4)

[  551.887120] binder: 6963:6964 transaction failed 29189/-22, size 0-12288 line 2855
[  551.904043] binder: 6961:6962 transaction failed 29189/-22, size 0-12288 line 2855
[  551.927126] binder: 6963:6964 transaction failed 29189/-22, size 0-12288 line 2855
21:14:39 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x10880, 0x0)
ioctl$EVIOCGKEYCODE(r1, 0x80084504, &(0x7f0000000040)=""/205)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

[  551.956451] binder: 6973:6974 transaction failed 29189/-22, size 0-12288 line 2855
[  551.979568] binder: 6961:6976 transaction failed 29189/-22, size 0-12288 line 2855
21:14:40 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x6, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:40 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x2000000000000000, 0x0, &(0x7f0000000300)})

21:14:40 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f0000000000)=ANY=[@ANYBLOB="5ec16ffaf162f84b6c5dfe730338ddcd632bb5566b9f61ea"]], 0x0, 0x0, &(0x7f0000000300)})

[  552.021693] binder_alloc_new_buf_locked: 31 callbacks suppressed
[  552.021720] binder_alloc: 6979: binder_alloc_buf, no vma
21:14:40 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6c00000000000000]}}], 0x0, 0x0, &(0x7f0000000300)})

[  552.127931] binder: 6979:6980 transaction failed 29189/-3, size 0-0 line 2970
[  552.135718] binder_alloc: 6979: binder_alloc_buf, no vma
[  552.141884] binder: 6989:6992 transaction failed 29189/-3, size 0-12288 line 2970
[  552.163180] binder_alloc: 6979: binder_alloc_buf, no vma
21:14:40 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer\x00', 0x200000, 0x0)
openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x40040, 0x0)
ioctl$KVM_PPC_GET_SMMU_INFO(r1, 0x8250aea6, &(0x7f0000000180)=""/71)
socket$inet_udp(0x2, 0x2, 0x0)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)

[  552.173153] binder_alloc: 6979: binder_alloc_buf, no vma
21:14:40 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x400300, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:40 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x20000000, 0x0, &(0x7f0000000300)})

21:14:40 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040)={0x0, <r0=>0x0})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={<r1=>0x0}, &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r3, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB="1b00000000000000"]], 0x0, 0x0, &(0x7f0000000300)})
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
kcmp(r1, r0, 0x7, r2, r4)
memfd_create(&(0x7f0000000000)='/dev/binder#\x00', 0x2)

21:14:40 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xffffff7f00000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:40 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:40 executing program 1:
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
write$P9_RSETATTR(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0x7)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, 0xffffffffffffffff, 0x0)

21:14:40 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x2000000, 0x0, &(0x7f0000000300)})

21:14:40 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x600, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:40 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0x0, 0x802)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f0000000000)=ANY=[@ANYBLOB="000000004122e9c2dc805a273bfb1900000000"]], 0x0, 0x0, &(0x7f0000000300)})

21:14:40 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3000000]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:40 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0x0, 0x802)
r1 = socket(0xa, 0x1, 0x0)
r2 = socket$inet6(0xa, 0x202000000802, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000f68000)={@dev, 0x800, 0x0, 0xff, 0x1}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f000088c000)={@remote, 0x0, 0x0, 0x2, 0x80000000000041}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000040)={@loopback, 0x800, 0x2}, 0x20)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x200000c, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:40 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x4c00, 0x0, &(0x7f0000000300)})

21:14:40 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000ffff000000000000000000000000000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:40 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x3f000000, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:40 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB="56fec54f61ba0000"]], 0x0, 0x0, &(0x7f0000000300)})

21:14:40 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x4000000, 0x0, &(0x7f0000000300)})

21:14:40 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x5, 0x4000)
ioctl$UI_SET_PHYS(r1, 0x4004556c, &(0x7f0000000040)='syz0\x00')

[  552.674197] binder_alloc: 7053: binder_alloc_buf, no vma
21:14:40 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x12, 0x0, &(0x7f0000000300)})

21:14:40 executing program 4:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x4800000000000000, &(0x7f0000000300)})

21:14:40 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040)={0x0, <r0=>0x0})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB="0080000000"]], 0x0, 0x0, &(0x7f0000000300)})
rt_tgsigqueueinfo(r0, r0, 0x13, &(0x7f0000000000)={0x17, 0x1, 0xd700, 0x9})

21:14:40 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x2f00000000000000, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  552.841342] binder_release_work: 55 callbacks suppressed
[  552.841349] binder: undelivered TRANSACTION_ERROR: 29189
21:14:40 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x48, 0x0, &(0x7f0000000300)})

21:14:40 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x4800, 0x0, &(0x7f0000000300)})

21:14:40 executing program 1:
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, 0xffffffffffffffff, 0x0)

21:14:41 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x5, 0x4000)
ioctl$UI_SET_PHYS(r1, 0x4004556c, &(0x7f0000000040)='syz0\x00')

[  552.993209] binder: undelivered TRANSACTION_ERROR: 29189
[  553.026678] binder: undelivered TRANSACTION_ERROR: 29189
[  553.032224] binder: undelivered TRANSACTION_ERROR: 29189
21:14:41 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x7400000000000000, 0x0, &(0x7f0000000300)})

21:14:41 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
syz_emit_ethernet(0x3f8, &(0x7f0000000000)={@local, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x2, 0xffffff21, 0x0, @remote, @local, {[], @udp={0x0, 0x0, 0x8}}}}}}, &(0x7f0000000040))
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
r1 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x4, 0x20000)
ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f0000000100))

21:14:41 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xffffffffffffffff)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x4000, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f00000003c0)={0x204, 0x16, 0x800, 0x70bd2b, 0x25dfdbfe, {0x1b}, [@generic="ef14a614dc0347037c593402b326e9631f3a51513125112caf7a967fc8553a681e8934a68a2ab6ea3166a563820176d20d6c246b949fd050927f139e27f031ccf0e6dcf7cad9fab9f7a5def54b7d56cb5d3c95aaeec5108a51ecb04c62bb11a0f0120b6099a7401a1ca383a192a815bbf706af923cd99555fcdd126d91305979d0bbcd6dcd3cfc8bc5e01dc10dcb7aa164041f11785b26ffef79eff85c7e", @generic="6c80b911ff561c6a5c3bf13de7a3ac9fefcf317c4f3230d438b752adb6c5aaaf290b515cc770840ed2157e3c8b065b2b1aa332c271cb202df15faa2814fb8788d770329847dec0142299eef378aa5d1ecd767510dd17d8c547addb143e84d173f9e2644c698c164e5e5e81fce1e86bfeabfd8efebb210a918ba33faff7a9bfd9f74c6bb4de710d95eedae607de3e375f61c2b6489f70659dd183dc3385d490399b52c513ca02b1b3e2a6cda2bbd07dde4de5", @typed={0x14, 0x22, @str='/dev/binder#\x00'}, @generic="40d8c49193ce3ffed994892bc5585607a9c21cba93fead3c73f32559f2d7ab76a43f12f2385a720570091f3557530cdad3f8f6c886f7e6548c", @nested={0x48, 0x38, [@generic="c8c41867dc3a89ec741725ecd39c9cd74a42cafcbd63243210193ccbcc83cf18e8323b1b62ddab88eafdad3a408e58ae181e327ebb4897bd4a35cbeb056aebf770ecbe"]}, @typed={0x8, 0x6c, @u32=0x5}]}, 0x204}, 0x1, 0x0, 0x0, 0x40}, 0x4004080)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00634040000000004000000000000000000040000000000000001d000000002cc0000000010000000000001c0038000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000000300)})

21:14:41 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x6800, 0x0, &(0x7f0000000300)})

21:14:41 executing program 4:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x3, &(0x7f0000000300)})

21:14:41 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x2900000000000000, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  553.177522] dccp_invalid_packet: pskb_may_pull failed
21:14:41 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x7a00000000000000, 0x0, &(0x7f0000000300)})

[  553.232250] dccp_invalid_packet: pskb_may_pull failed
21:14:41 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x7a00000000000000, 0x0, &(0x7f0000000300)})

21:14:41 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x4000, 0x0)
ioctl$DRM_IOCTL_RM_MAP(r1, 0x4018641b, &(0x7f0000000180)={&(0x7f0000001000/0x3000)=nil, 0xbdb, 0x2, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x800})
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:41 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

[  553.278150] binder: undelivered TRANSACTION_ERROR: 29189
21:14:41 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x3000000, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:41 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$UI_SET_PHYS(r0, 0x4004556c, &(0x7f0000000000)='syz1\x00')
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x2000, 0x0)
ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x4)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000008000000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[]], 0xfffffdfd, 0x0, &(0x7f0000000300)})

21:14:41 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x3f00, 0x0, &(0x7f0000000300)})

21:14:41 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x100000000000000, 0x0, &(0x7f0000000300)})

21:14:41 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x600000, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x106, 0x100f}}, 0x20)
r3 = socket$pppoe(0x18, 0x1, 0x0)
getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f0000000180), &(0x7f00000001c0)=0x18)
ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="0f"]})
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r1, &(0x7f00000003c0)={0x15, 0x11f, 0xfa00, {r2, 0x3ff00000000000, 0x0, 0x0, 0x0, @in={0x2, 0x4e24, @rand_addr=0x8}, @ib={0x1b, 0x2, 0x8001, {"5927c13789af96dc444a41abd5d91ce4"}, 0x7f, 0x6, 0x3}}}, 0x118)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000002c0)={<r4=>0x0, 0x48, &(0x7f00000000c0)=[@in6={0xa, 0x4e24, 0x9, @loopback, 0x81}, @in6={0xa, 0x4e22, 0x7fffffff, @ipv4={[], [], @loopback}}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x16}}]}, &(0x7f0000000300)=0xc)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000340)={0x10000, 0x5, 0x820e, 0xd27, 0x64, 0x9, 0x2, 0x6e, r4}, &(0x7f0000000380)=0x20)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

[  553.431569] binder: undelivered TRANSACTION_ERROR: 29189
21:14:41 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='/dev/binder#\x00', r0}, 0x10)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  553.505974] binder: 7149:7151 ioctl 4004556c 20000000 returned -22
[  553.536256] binder_alloc: 7149: binder_alloc_buf, no vma
21:14:41 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x400000000000000, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  553.554687] Unknown ioctl 1074025830
[  553.579694] binder_alloc: 7149: binder_alloc_buf, no vma
[  553.607721] binder: 7149:7164 got transaction to context manager from process owning it
21:14:41 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x4c000000, 0x0, &(0x7f0000000300)})

21:14:41 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000200)='/dev/binder#\x00', 0x0, 0x800)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x2010, r0, 0x200000000000)
r1 = dup2(r0, r0)
write$P9_RLOCK(r1, &(0x7f00000001c0)={0x8, 0x35, 0x2}, 0x8)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)
getsockopt$EBT_SO_GET_INIT_INFO(r1, 0x0, 0x82, &(0x7f0000000040)={'broute\x00'}, &(0x7f00000000c0)=0x50)
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0106434, &(0x7f0000000100)={0x40000, <r2=>0x0, 0x0, 0x6})
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0106434, &(0x7f0000000180)={0x1f, r2, 0x0, 0x4})
open(&(0x7f0000000000)='./file0\x00', 0x2ad0336ff7b64b51, 0x120)

[  553.630088] binder_alloc: 7149: binder_alloc_buf, no vma
21:14:41 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x48000000, 0x0, &(0x7f0000000300)})

21:14:41 executing program 4 (fault-call:2 fault-nth:0):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  553.685902] binder: undelivered TRANSACTION_ERROR: 29189
[  553.707956] binder: undelivered TRANSACTION_ERROR: 29189
21:14:41 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x2c000000, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:41 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})
open_by_handle_at(r0, &(0x7f0000000200)={0x62, 0x40, "de72e8542359c0918461c2291909c9629481f68f70b5a7749129f5b7a4faee796f13518100c07590de68a7e449e8dfa21857a75a69aab9e3c9aaa69108aa048484a846268820fcc1b0efc1a280b0def96a055ea93d1980b5fc5e"}, 0x800)

21:14:41 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x4800, 0x0, &(0x7f0000000300)})

[  553.750502] binder: 7175:7177 ioctl c0106434 20000100 returned -22
[  553.816222] binder: 7175:7177 ioctl c0106434 20000180 returned -22
[  553.833697] binder_alloc_mmap_handler: 63 callbacks suppressed
[  553.833752] binder_alloc: binder_alloc_mmap_handler: 7181 20001000-20004000 already mapped failed -16
[  553.852332] binder: 7175:7191 ioctl c0106434 20000100 returned -22
[  553.856575] FAULT_INJECTION: forcing a failure.
[  553.856575] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  553.862862] binder: 7175:7177 ioctl c0106434 20000180 returned -22
[  553.896359] binder_alloc: binder_alloc_mmap_handler: 7183 20001000-20004000 already mapped failed -16
[  553.900595] CPU: 1 PID: 7187 Comm: syz-executor4 Not tainted 4.19.0-rc3+ #134
[  553.913047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  553.913054] Call Trace:
[  553.913075]  dump_stack+0x1c4/0x2b4
[  553.913124]  ? dump_stack_print_info.cold.2+0x52/0x52
[  553.913154]  should_fail.cold.4+0xa/0x17
[  553.937909]  ? get_page_from_freelist+0x29a4/0x5340
[  553.942927]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  553.948065]  ? print_usage_bug+0xc0/0xc0
[  553.952142]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  553.957673]  ? __alloc_pages_nodemask+0x638/0xde0
[  553.962513]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  553.967993]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  553.973534]  ? kasan_unpoison_shadow+0x35/0x50
[  553.978121]  ? preempt_count_add+0x7d/0x160
[  553.982473]  ? get_page_from_freelist+0x17ae/0x5340
[  553.987513]  ? __lock_acquire+0x7ec/0x4ec0
[  553.991754]  ? __lock_acquire+0x7ec/0x4ec0
[  553.996024]  ? mark_held_locks+0x130/0x130
[  554.000283]  ? __isolate_free_page+0x610/0x610
[  554.004886]  ? debug_smp_processor_id+0x1c/0x20
[  554.009558]  ? perf_trace_lock_acquire+0x15b/0x800
[  554.014492]  __alloc_pages_nodemask+0x34b/0xde0
[  554.019167]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  554.024704]  ? check_preemption_disabled+0x48/0x200
[  554.029742]  ? __alloc_pages_slowpath+0x2d80/0x2d80
[  554.034757]  ? debug_smp_processor_id+0x1c/0x20
[  554.039425]  ? perf_trace_lock_acquire+0x15b/0x800
[  554.044371]  ? debug_smp_processor_id+0x1c/0x20
[  554.049060]  ? perf_trace_lock_acquire+0x15b/0x800
[  554.054002]  ? perf_trace_lock+0x7a0/0x7a0
[  554.058261]  ? graph_lock+0x170/0x170
[  554.062077]  ? graph_lock+0x170/0x170
[  554.065889]  ? print_usage_bug+0xc0/0xc0
[  554.069947]  ? print_usage_bug+0xc0/0xc0
[  554.074014]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  554.079557]  alloc_pages_current+0x10c/0x210
[  554.083992]  skb_page_frag_refill+0x45f/0x6a0
[  554.088491]  ? sock_kfree_s+0x60/0x60
[  554.092296]  ? check_preemption_disabled+0x48/0x200
[  554.097324]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[  554.103120]  ? kasan_check_read+0x11/0x20
[  554.107268]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  554.112560]  ? rcu_bh_qs+0xc0/0xc0
[  554.116111]  tun_build_skb.isra.54+0x358/0x2230
[  554.120786]  ? tun_device_event+0x1070/0x1070
[  554.125278]  ? __lock_acquire+0x7ec/0x4ec0
[  554.129518]  ? __lock_acquire+0x7ec/0x4ec0
[  554.133768]  ? __lock_acquire+0x7ec/0x4ec0
[  554.138009]  ? mark_held_locks+0x130/0x130
[  554.142285]  ? mark_held_locks+0x130/0x130
[  554.146533]  ? print_usage_bug+0xc0/0xc0
[  554.150602]  ? debug_smp_processor_id+0x1c/0x20
[  554.155277]  ? print_usage_bug+0xc0/0xc0
[  554.159342]  ? check_preemption_disabled+0x48/0x200
[  554.164373]  ? print_usage_bug+0xc0/0xc0
[  554.168441]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  554.173974]  ? check_preemption_disabled+0x48/0x200
[  554.178984]  ? print_usage_bug+0xc0/0xc0
[  554.183058]  ? __lock_acquire+0x7ec/0x4ec0
[  554.187303]  ? perf_trace_lock+0x7a0/0x7a0
[  554.191544]  ? mark_held_locks+0x130/0x130
[  554.195786]  tun_get_user+0xc5c/0x42a0
[  554.199702]  ? check_preemption_disabled+0x48/0x200
[  554.204731]  ? tun_build_skb.isra.54+0x2230/0x2230
[  554.209677]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  554.214959]  ? rcu_bh_qs+0xc0/0xc0
[  554.218512]  ? aa_file_perm+0x490/0x1060
[  554.222580]  ? find_held_lock+0x36/0x1c0
[  554.226668]  ? tun_get+0x206/0x370
[  554.230210]  ? lock_downgrade+0x900/0x900
[  554.234388]  ? check_preemption_disabled+0x48/0x200
[  554.239414]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[  554.245212]  ? kasan_check_read+0x11/0x20
[  554.249363]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  554.254663]  ? rcu_bh_qs+0xc0/0xc0
[  554.258230]  ? tun_get+0x22d/0x370
[  554.261790]  ? tun_chr_close+0x180/0x180
[  554.265946]  ? debug_lockdep_rcu_enabled+0x77/0x90
[  554.270897]  ? common_file_perm+0x236/0x7f0
[  554.275254]  tun_chr_write_iter+0xb9/0x154
[  554.279509]  do_iter_readv_writev+0x8b0/0xa80
[  554.284016]  ? vfs_dedupe_file_range+0x670/0x670
[  554.288912]  ? apparmor_file_permission+0x24/0x30
[  554.293761]  ? rw_verify_area+0x118/0x360
[  554.297944]  do_iter_write+0x185/0x5f0
[  554.301865]  ? iov_iter_get_pages+0x1210/0x1210
[  554.306654]  ? proc_cwd_link+0x1d0/0x1d0
[  554.310712]  ? graph_lock+0x170/0x170
[  554.314521]  compat_writev+0x233/0x410
[  554.318415]  ? do_pwritev+0x280/0x280
[  554.322225]  ? fget_raw+0x20/0x20
[  554.325685]  ? wait_for_completion+0x8a0/0x8a0
[  554.330274]  ? __lock_is_held+0xb5/0x140
[  554.334381]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  554.339917]  ? __fdget_pos+0xde/0x200
[  554.343717]  ? __fdget_raw+0x20/0x20
[  554.347429]  ? __sb_end_write+0xd9/0x110
[  554.351692]  do_compat_writev+0x119/0x250
[  554.355850]  ? compat_writev+0x410/0x410
[  554.359920]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  554.365406]  ? mm_fault_error+0x380/0x380
[  554.369572]  __ia32_compat_sys_writev+0x74/0xb0
[  554.374248]  do_fast_syscall_32+0x34d/0xfb2
[  554.378612]  ? do_int80_syscall_32+0x890/0x890
[  554.383198]  ? entry_SYSENTER_compat+0x68/0x7f
[  554.387792]  ? trace_hardirqs_off_caller+0xbb/0x310
[  554.392822]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  554.397704]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  554.402566]  ? trace_hardirqs_on_caller+0x310/0x310
[  554.407598]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  554.412611]  ? prepare_exit_to_usermode+0x291/0x3b0
[  554.417626]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  554.422488]  entry_SYSENTER_compat+0x70/0x7f
[  554.426923] RIP: 0023:0xf7f1eca9
[  554.430292] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  554.449190] RSP: 002b:00000000f5f1a054 EFLAGS: 00000292 ORIG_RAX: 0000000000000092
[  554.456901] RAX: ffffffffffffffda RBX: 00000000000000f0 RCX: 00000000f5f1a0a4
21:14:42 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
setsockopt$IPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x41, &(0x7f0000000040)=ANY=[@ANYBLOB="6e61740000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x78)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

21:14:42 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x7400, 0x0, &(0x7f0000000300)})

[  554.464167] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000004
[  554.471431] RBP: 00000000f5f1a168 R08: 0000000000000000 R09: 0000000000000000
[  554.478714] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  554.485980] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
21:14:42 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x2900, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:42 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x5, 0x0, &(0x7f0000000300)})

[  554.529472] binder_alloc: binder_alloc_mmap_handler: 7199 20ffd000-20fff000 already mapped failed -16
21:14:42 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x8000000000000000, 0x0, &(0x7f0000000300)})

21:14:42 executing program 4 (fault-call:2 fault-nth:1):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  554.583083] binder_alloc: binder_alloc_mmap_handler: 7199 20ffd000-20fff000 already mapped failed -16
[  554.670593] binder: undelivered TRANSACTION_ERROR: 29189
[  554.677255] binder_alloc: binder_alloc_mmap_handler: 7210 20001000-20004000 already mapped failed -16
[  554.689404] binder: undelivered TRANSACTION_ERROR: 29189
[  554.690351] FAULT_INJECTION: forcing a failure.
[  554.690351] name failslab, interval 1, probability 0, space 0, times 0
[  554.706160] CPU: 0 PID: 7219 Comm: syz-executor4 Not tainted 4.19.0-rc3+ #134
[  554.713448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  554.722807] Call Trace:
[  554.725437]  dump_stack+0x1c4/0x2b4
[  554.729074]  ? dump_stack_print_info.cold.2+0x52/0x52
[  554.734283]  should_fail.cold.4+0xa/0x17
[  554.738627]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  554.743733]  ? __lock_acquire+0x7ec/0x4ec0
[  554.747985]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  554.753575]  ? check_preemption_disabled+0x48/0x200
[  554.758594]  ? check_preemption_disabled+0x48/0x200
[  554.763634]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  554.769210]  ? mark_held_locks+0x130/0x130
[  554.769224]  ? perf_trace_lock_acquire+0x15b/0x800
[  554.769240]  ? rcu_pm_notify+0xc0/0xc0
[  554.769265]  ? rcu_read_lock_sched_held+0x108/0x120
[  554.769281]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  554.769296]  ? check_preemption_disabled+0x48/0x200
[  554.778458]  ? graph_lock+0x170/0x170
[  554.778476]  ? debug_smp_processor_id+0x1c/0x20
[  554.778491]  ? perf_trace_lock_acquire+0x15b/0x800
[  554.778504]  ? debug_smp_processor_id+0x1c/0x20
[  554.778527]  ? perf_trace_lock+0x7a0/0x7a0
21:14:42 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
syz_extract_tcp_res$synack(&(0x7f0000000000), 0x1, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2, 0x14, r0, 0xffffffffffffffff)

21:14:42 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x700000000000000, 0x0, &(0x7f0000000300)})

21:14:42 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000200)="0502bbb87ba70dcb5539deff4f3fc814115faf39ebfc7ec512f66066ad9847045b5043cee181537efd222f21919234157ad936067b4ce3ab6451acc27298d8af7b55098f26d14f5109ea6f42eec3ffa8f46dffda1f79370ceb25527cfcf8ea52f530e92403e1c2418c8d88fa590fdaa3c6cb8a99377fe4339bf0cc3e515a089dec8a006a568e32ed00720493b9606eca3c8e586c8f12607e4b249a5405d330ed38308f9ec0fdddd429b290dc53551b30c03820d65395b14755af86b125f48b2d2ffae354368ebd7193ba5ee72b514a01f705fe49a7d6c2c7ef89105d3cd38cb031765959798ef122df6ea6ae3af478974ca2372746ebe06bf119655b0aa79027")
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x4b180000000000, 0x30000)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:42 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0xa000000, 0x0, &(0x7f0000000300)})

[  554.778552]  __should_failslab+0x124/0x180
[  554.778572]  should_failslab+0x9/0x14
[  554.778592]  kmem_cache_alloc+0x47/0x730
[  554.793018]  ? ___might_sleep+0x1ed/0x300
[  554.793040]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  554.793060]  __build_skb+0xab/0x430
[  554.793092]  ? skb_try_coalesce+0x1b70/0x1b70
[  554.801886]  ? graph_lock+0x170/0x170
[  554.801907]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  554.801921]  ? check_preemption_disabled+0x48/0x200
[  554.801934]  ? check_preemption_disabled+0x48/0x200
[  554.801957]  build_skb+0x77/0x270
[  554.811538]  ? __build_skb+0x430/0x430
[  554.811592]  tun_build_skb.isra.54+0x8a8/0x2230
[  554.811621]  ? tun_device_event+0x1070/0x1070
[  554.820500]  ? __lock_acquire+0x7ec/0x4ec0
[  554.820523]  ? __lock_acquire+0x7ec/0x4ec0
[  554.820543]  ? __lock_acquire+0x7ec/0x4ec0
[  554.820556]  ? mark_held_locks+0x130/0x130
[  554.820584]  ? mark_held_locks+0x130/0x130
[  554.828621]  ? print_usage_bug+0xc0/0xc0
[  554.828638]  ? debug_smp_processor_id+0x1c/0x20
[  554.828652]  ? print_usage_bug+0xc0/0xc0
[  554.828663]  ? check_preemption_disabled+0x48/0x200
[  554.828679]  ? print_usage_bug+0xc0/0xc0
[  554.828693]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  554.828710]  ? check_preemption_disabled+0x48/0x200
[  554.836922]  ? print_usage_bug+0xc0/0xc0
[  554.836959]  ? __lock_acquire+0x7ec/0x4ec0
[  554.836981]  ? perf_trace_lock+0x7a0/0x7a0
[  554.837003]  ? mark_held_locks+0x130/0x130
[  554.837035]  tun_get_user+0xc5c/0x42a0
[  554.837053]  ? check_preemption_disabled+0x48/0x200
21:14:43 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
socket$inet_tcp(0x2, 0x1, 0x0)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0)

[  554.938785] binder_alloc: binder_alloc_mmap_handler: 7230 20001000-20004000 already mapped failed -16
[  554.940191]  ? tun_build_skb.isra.54+0x2230/0x2230
[  554.940210]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  554.940225]  ? rcu_bh_qs+0xc0/0xc0
[  554.940255]  ? aa_file_perm+0x490/0x1060
[  554.993060]  ? find_held_lock+0x36/0x1c0
[  554.995252] binder_alloc: binder_alloc_mmap_handler: 7228 20001000-20004000 already mapped failed -16
[  554.997132]  ? tun_get+0x206/0x370
[  554.997148]  ? lock_downgrade+0x900/0x900
[  554.997160]  ? check_preemption_disabled+0x48/0x200
21:14:43 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0xffffff7f, 0x0, &(0x7f0000000300)})

[  554.997181]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[  554.997197]  ? kasan_check_read+0x11/0x20
[  554.997211]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  554.997227]  ? rcu_bh_qs+0xc0/0xc0
[  554.997250]  ? tun_get+0x22d/0x370
[  555.041684]  ? tun_chr_close+0x180/0x180
[  555.045782]  ? debug_lockdep_rcu_enabled+0x77/0x90
[  555.050727]  ? common_file_perm+0x236/0x7f0
[  555.055069]  tun_chr_write_iter+0xb9/0x154
[  555.059318]  do_iter_readv_writev+0x8b0/0xa80
[  555.063824]  ? vfs_dedupe_file_range+0x670/0x670
[  555.068597]  ? apparmor_file_permission+0x24/0x30
[  555.073456]  ? rw_verify_area+0x118/0x360
[  555.077623]  do_iter_write+0x185/0x5f0
[  555.081210] binder_alloc: binder_alloc_mmap_handler: 7238 20ffd000-20fff000 already mapped failed -16
[  555.081519]  ? iov_iter_get_pages+0x1210/0x1210
[  555.095556]  ? proc_cwd_link+0x1d0/0x1d0
[  555.099626]  ? graph_lock+0x170/0x170
[  555.103164] binder_alloc: binder_alloc_mmap_handler: 7239 20001000-20004000 already mapped failed -16
[  555.103471]  compat_writev+0x233/0x410
[  555.116749]  ? do_pwritev+0x280/0x280
[  555.120564]  ? fget_raw+0x20/0x20
[  555.120588]  ? wait_for_completion+0x8a0/0x8a0
[  555.120608]  ? __lock_is_held+0xb5/0x140
[  555.120639]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  555.128667]  ? __fdget_pos+0xde/0x200
[  555.128684]  ? __fdget_raw+0x20/0x20
[  555.128697]  ? __sb_end_write+0xd9/0x110
[  555.128723]  do_compat_writev+0x119/0x250
[  555.128742]  ? compat_writev+0x410/0x410
[  555.128761]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  555.128778]  ? mm_fault_error+0x380/0x380
[  555.128805]  __ia32_compat_sys_writev+0x74/0xb0
[  555.172453]  do_fast_syscall_32+0x34d/0xfb2
[  555.176809]  ? do_int80_syscall_32+0x890/0x890
[  555.181452]  ? entry_SYSENTER_compat+0x68/0x7f
[  555.186060]  ? trace_hardirqs_off_caller+0xbb/0x310
[  555.191101]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  555.195950]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  555.200805]  ? trace_hardirqs_on_caller+0x310/0x310
[  555.205881]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  555.210922]  ? prepare_exit_to_usermode+0x291/0x3b0
[  555.215950]  ? trace_hardirqs_off_thunk+0x1a/0x1c
21:14:43 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="00634019c94d4c5304a5855c44baa04000000000000000000000005000000000000000000000003ec8baacaa4800000000200000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f0000000280)=ANY=[@ANYBLOB="000000000000b01e7c2716378bc6639fc55dc18dd60fc742e821347872752fa27d1d2ac940ed2bdff4b66625931502d3fe1bfb94968cd64e809efc0a9fe029c7244f43619a780244d0b42afd69271deefd365abcf32a38ebe08a652e7dd8e4f2678279bce35791b1668289c80651e328f186e6073ade77a40093b0050b24ab12694a10b3"]], 0x0, 0x0, &(0x7f0000000300)})

21:14:43 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x2)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_GET_MP_STATE(r1, 0x8004ae98, &(0x7f0000000000))
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0)

[  555.217862] binder: 7246:7247 unknown command 423650048
[  555.220806]  entry_SYSENTER_compat+0x70/0x7f
[  555.220819] RIP: 0023:0xf7f1eca9
[  555.220843] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  555.220867] RSP: 002b:00000000f5f1a054 EFLAGS: 00000292 ORIG_RAX: 0000000000000092
[  555.220893] RAX: ffffffffffffffda RBX: 00000000000000f0 RCX: 00000000f5f1a0a4
[  555.249884] binder: 7246:7247 ioctl c0306201 20000040 returned -22
[  555.252879] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000004
[  555.252888] RBP: 00000000f5f1a168 R08: 0000000000000000 R09: 0000000000000000
[  555.252896] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  555.252904] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  555.333607] binder_alloc: binder_alloc_mmap_handler: 7250 20ffd000-20fff000 already mapped failed -16
21:14:43 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x3f000000, 0x0, &(0x7f0000000300)})

21:14:43 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x1c00, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:43 executing program 4 (fault-call:2 fault-nth:2):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:43 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x3, 0x0)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x3, 0xbf35897aba81b995)
ioctl$TIOCCBRK(r1, 0x5428)
sendfile(r1, r0, &(0x7f0000000180), 0x8001)
syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$RTC_WIE_OFF(r2, 0x7010)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000040)={0x5, 0x2})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4, 0x11, r2, 0x0)

21:14:43 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
socketpair$inet6_sctp(0xa, 0x5, 0x84, &(0x7f0000000180))
socketpair$inet6_udplite(0xa, 0x2, 0x88, &(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000280), &(0x7f0000000140)=0xaa08a1e7c8b12f94)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:43 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0xa000000, 0x0, &(0x7f0000000300)})

[  555.445202] FAULT_INJECTION: forcing a failure.
[  555.445202] name failslab, interval 1, probability 0, space 0, times 0
[  555.456452] CPU: 0 PID: 7263 Comm: syz-executor4 Not tainted 4.19.0-rc3+ #134
[  555.463743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  555.473095] Call Trace:
[  555.475696]  dump_stack+0x1c4/0x2b4
[  555.479340]  ? dump_stack_print_info.cold.2+0x52/0x52
[  555.484765]  ? mark_held_locks+0x130/0x130
[  555.489021]  should_fail.cold.4+0xa/0x17
[  555.493106]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  555.498225]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  555.503769]  ? check_preemption_disabled+0x48/0x200
[  555.508805]  ? debug_smp_processor_id+0x1c/0x20
[  555.513502]  ? perf_trace_lock_acquire+0x15b/0x800
[  555.518453]  ? __lock_acquire+0x7ec/0x4ec0
[  555.518476]  ? perf_trace_lock+0x7a0/0x7a0
[  555.518497]  ? graph_lock+0x170/0x170
[  555.518515]  ? mark_held_locks+0x130/0x130
[  555.518540]  ? find_held_lock+0x36/0x1c0
[  555.518568]  __should_failslab+0x124/0x180
[  555.518587]  should_failslab+0x9/0x14
[  555.530858]  kmem_cache_alloc+0x47/0x730
[  555.530878]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  555.530893]  ? rcu_bh_qs+0xc0/0xc0
[  555.530917]  skb_clone+0x1bb/0x500
[  555.563640]  ? skb_split+0x11e0/0x11e0
[  555.567547]  ? run_filter+0x27c/0x420
[  555.571361]  ? packet_cached_dev_get+0x340/0x340
[  555.576177]  packet_rcv+0x727/0x1820
[  555.579958]  ? run_filter+0x420/0x420
[  555.583778]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  555.589324]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[  555.594801]  ? refcount_add_not_zero_checked+0x330/0x330
[  555.600283]  ? __lock_is_held+0xb5/0x140
[  555.604406]  __netif_receive_skb_core+0x1a6a/0x3b60
[  555.609439]  ? unwind_get_return_address+0x61/0xa0
[  555.614396]  ? netif_receive_skb+0x430/0x430
[  555.615522] QAT: Invalid ioctl
[  555.618847]  ? print_usage_bug+0xc0/0xc0
[  555.618861]  ? save_stack+0x43/0xd0
[  555.618872]  ? kasan_kmalloc+0xc7/0xe0
[  555.618885]  ? kasan_slab_alloc+0x12/0x20
[  555.618899]  ? kmem_cache_alloc+0x12e/0x730
[  555.618913]  ? __build_skb+0xab/0x430
[  555.618925]  ? build_skb+0x77/0x270
[  555.618945]  ? tun_get_user+0xc5c/0x42a0
[  555.653600]  ? tun_chr_write_iter+0xb9/0x154
[  555.657915] QAT: Invalid ioctl
[  555.658020]  ? do_iter_readv_writev+0x8b0/0xa80
[  555.665902]  ? mark_held_locks+0x130/0x130
[  555.670202]  ? __lock_acquire+0x7ec/0x4ec0
[  555.674460]  ? graph_lock+0x170/0x170
[  555.678264]  ? graph_lock+0x170/0x170
[  555.681057] QAT: Invalid ioctl
[  555.682071]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  555.682101]  ? check_preemption_disabled+0x48/0x200
[  555.682126]  ? __lock_is_held+0xb5/0x140
[  555.682154]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  555.689411] QAT: Invalid ioctl
[  555.690919]  ? check_preemption_disabled+0x48/0x200
[  555.690954]  ? debug_smp_processor_id+0x1c/0x20
[  555.690969]  ? perf_trace_lock_acquire+0x15b/0x800
[  555.690993]  ? perf_trace_lock+0x7a0/0x7a0
[  555.727541]  ? netif_receive_skb_internal+0x242/0x620
[  555.732752]  ? lock_downgrade+0x900/0x900
[  555.736920]  ? ktime_get_with_offset+0x38e/0x470
[  555.736944]  ? pvclock_read_flags+0x160/0x160
[  555.736960]  ? netif_receive_skb_internal+0x242/0x620
[  555.736977]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  555.736994]  ? __local_bh_enable_ip+0x160/0x260
[  555.737016]  ? lock_acquire+0x1ed/0x520
[  555.737057]  ? netif_receive_skb_internal+0xaa/0x620
[  555.746325]  __netif_receive_skb_one_core+0xd0/0x200
[  555.746361]  ? __netif_receive_skb_core+0x3b60/0x3b60
[  555.746379]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  555.746396]  ? rcu_bh_qs+0xc0/0xc0
[  555.746419]  __netif_receive_skb+0x2c/0x1e0
[  555.746438]  netif_receive_skb_internal+0x12c/0x620
[  555.799188]  ? check_preemption_disabled+0x48/0x200
[  555.804208]  ? dev_cpu_dead+0xa80/0xa80
[  555.808206]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[  555.813759]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  555.819085]  ? rcu_pm_notify+0xc0/0xc0
[  555.823046]  netif_receive_skb+0xe5/0x430
[  555.827201]  ? netif_receive_skb_internal+0x620/0x620
[  555.832452]  ? find_held_lock+0x36/0x1c0
[  555.836558]  ? tun_rx_batched.isra.55+0x494/0x8c0
[  555.841411]  tun_rx_batched.isra.55+0x4ba/0x8c0
[  555.846085]  ? lockdep_hardirqs_on+0x421/0x5c0
[  555.850675]  ? tun_sock_write_space+0x3a0/0x3a0
[  555.855373]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  555.860824]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  555.860847]  ? check_preemption_disabled+0x48/0x200
[  555.860862]  ? tun_get_user+0x3020/0x42a0
[  555.860892]  ? tun_get_user+0x3020/0x42a0
[  555.860928]  tun_get_user+0x2b13/0x42a0
[  555.860946]  ? check_preemption_disabled+0x48/0x200
[  555.860977]  ? tun_build_skb.isra.54+0x2230/0x2230
[  555.893708]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  555.899005]  ? rcu_bh_qs+0xc0/0xc0
[  555.902575]  ? aa_file_perm+0x490/0x1060
[  555.906674]  ? tun_get+0x206/0x370
[  555.910228]  ? lock_downgrade+0x900/0x900
[  555.914405]  ? check_preemption_disabled+0x48/0x200
[  555.919434]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[  555.925253]  ? kasan_check_read+0x11/0x20
[  555.929475]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  555.934778]  ? rcu_bh_qs+0xc0/0xc0
[  555.934824]  ? tun_get+0x22d/0x370
[  555.934856]  ? tun_chr_close+0x180/0x180
21:14:43 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB="00000000babc04b0"]], 0x0, 0x0, &(0x7f0000000300)})

21:14:43 executing program 1:
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)

21:14:43 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x2000, 0x0, &(0x7f0000000300)})

21:14:43 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x6000000, 0x0, &(0x7f0000000300)})

[  555.941939]  ? debug_lockdep_rcu_enabled+0x77/0x90
[  555.941954]  ? common_file_perm+0x236/0x7f0
[  555.941975]  tun_chr_write_iter+0xb9/0x154
[  555.941995]  do_iter_readv_writev+0x8b0/0xa80
[  555.964057]  ? vfs_dedupe_file_range+0x670/0x670
[  555.968819]  ? apparmor_file_permission+0x24/0x30
[  555.973725]  ? rw_verify_area+0x118/0x360
[  555.977884]  do_iter_write+0x185/0x5f0
[  555.981782]  ? iov_iter_get_pages+0x1210/0x1210
[  555.986459]  ? proc_cwd_link+0x1d0/0x1d0
[  555.990528]  ? graph_lock+0x170/0x170
[  555.994365]  compat_writev+0x233/0x410
[  555.998302]  ? do_pwritev+0x280/0x280
[  556.002117]  ? fget_raw+0x20/0x20
[  556.005593]  ? wait_for_completion+0x8a0/0x8a0
[  556.010247]  ? __lock_is_held+0xb5/0x140
[  556.014333]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  556.019905]  ? __fdget_pos+0xde/0x200
[  556.023718]  ? __fdget_raw+0x20/0x20
[  556.027442]  ? __sb_end_write+0xd9/0x110
[  556.031521]  do_compat_writev+0x119/0x250
[  556.035685]  ? compat_writev+0x410/0x410
[  556.039774]  ? __bpf_trace_preemptirq_template+0x30/0x30
21:14:44 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x6c00, 0x0, &(0x7f0000000300)})

[  556.045243]  ? mm_fault_error+0x380/0x380
[  556.049417]  __ia32_compat_sys_writev+0x74/0xb0
[  556.054114]  do_fast_syscall_32+0x34d/0xfb2
[  556.058480]  ? do_int80_syscall_32+0x890/0x890
[  556.063077]  ? entry_SYSENTER_compat+0x68/0x7f
[  556.067686]  ? trace_hardirqs_off_caller+0xbb/0x310
[  556.072712]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  556.077579]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  556.082432]  ? trace_hardirqs_on_caller+0x310/0x310
[  556.087467]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  556.092530]  ? prepare_exit_to_usermode+0x291/0x3b0
21:14:44 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00', @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f0000000240)=ANY=[@ANYBLOB="0000000000000000d4ef629675aa686717a086a370e6afb58fa330f46f25642fb740c2c1f365cd8fa787d77a82ddbbc1de9ca77c0fc1fb1d30253bc92f01f1532eb30160dc5b806978a6da50175d486355317debdd807f3748276d2ec64a6c1ba26407e75e4f7725dd3e918aae86d40d26267233b90086ea"]], 0x0, 0x0, &(0x7f0000000300)})

[  556.097569]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  556.102435]  entry_SYSENTER_compat+0x70/0x7f
[  556.106860] RIP: 0023:0xf7f1eca9
[  556.110237] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  556.129155] RSP: 002b:00000000f5f1a054 EFLAGS: 00000292 ORIG_RAX: 0000000000000092
[  556.136909] RAX: ffffffffffffffda RBX: 00000000000000f0 RCX: 00000000f5f1a0a4
21:14:44 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2, 0x12, r0, 0x0)
syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2)
mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x300000b, 0x8030, r0, 0x1)

[  556.144187] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000004
[  556.151462] RBP: 00000000f5f1a168 R08: 0000000000000000 R09: 0000000000000000
[  556.158748] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  556.166033] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
21:14:44 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x3c00000000000000, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:44 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x74000000, 0x0, &(0x7f0000000300)})

21:14:44 executing program 4 (fault-call:2 fault-nth:3):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:44 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x1200000000000000, 0x0, &(0x7f0000000300)})

21:14:44 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  556.278239] binder: binder_mmap: 7302 20fff000-21000000 bad vm_flags failed -1
[  556.296630] binder: binder_mmap: 7302 20fff000-21000000 bad vm_flags failed -1
[  556.384510] FAULT_INJECTION: forcing a failure.
[  556.384510] name failslab, interval 1, probability 0, space 0, times 0
[  556.395823] CPU: 1 PID: 7317 Comm: syz-executor4 Not tainted 4.19.0-rc3+ #134
[  556.403128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  556.412506] Call Trace:
[  556.415110]  dump_stack+0x1c4/0x2b4
[  556.418757]  ? dump_stack_print_info.cold.2+0x52/0x52
[  556.424086]  should_fail.cold.4+0xa/0x17
[  556.428158]  ? fault_create_debugfs_attr+0x1f0/0x1f0
21:14:44 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = dup3(r0, r0, 0x0)
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000000)={{0x202, 0x8, 0x1f, 0x7f, 0xed4, 0x63}, 0x200})
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000180)={<r3=>0x0, 0xfffffffffffffffb}, &(0x7f0000000200)=0x8)
setsockopt$inet_sctp_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000240)={r3, 0x20}, 0x8)
r4 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
write$P9_RLERROR(r2, &(0x7f0000000300)={0x16, 0x7, 0x2, {0xd, '/dev/binder#\x00'}}, 0x16)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r4, 0x0)
getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000280), &(0x7f00000002c0)=0x14)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00634040001b33b3c700000000000000000000000000000000000000000000000000000000000000000000000030100000000000e25a57b9a1e575e5e0f73f2aea4867d55e305e78283908e0c11ae23129fd3738e955dc82f78e0604e9451fdd4e34a4817aabe2ff478256c8f051e4c9c6d7615369718cc2f5f773b7f10ce0d3abe47f0a6ceea394030b44b2807baa9b58a1abaf706624726d2689b7b47f47b39c05eb1049a953028a1bf9ed53a7a55b16cbca27c45a95d873b3a4eb487cdf07520550c9718b20c154243546ea6e1ff1344066950a8c70bb5d6eb8dd6657c3a9a4432fc40a82722cde2767d08299d262c30083ebc970cc6ea9142e594fd15a05e90cb15c41098f246acc12667f852fc675932997493212244c164d426c72eb900e95d16386ce83d1013fe2e554282b354068be4f964efed9aafd4a0998c68fc9bfac50a8c997c1cd2e2ca80fb90c3938a509f74e12af84d64c01faec122a826a62dff0a8f8d4944d8c4a4c51bfd022ca3707e93589309000fbe2e37f0e000000000000000000000000", @ANYPTR64=&(0x7f0000000140)=ANY=[], @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f0000000300)})

21:14:44 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x7a, 0x0, &(0x7f0000000300)})

21:14:44 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x200000000000000, 0x0, &(0x7f0000000300)})

21:14:44 executing program 1 (fault-call:1 fault-nth:0):
r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x1)
ioctl$TIOCGPGRP(r0, 0x8108551b, &(0x7f0000000100))

[  556.433272]  ? sock_def_readable+0x2c7/0x710
[  556.437698]  ? perf_trace_lock+0x7a0/0x7a0
[  556.441955]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[  556.447778]  ? kasan_check_read+0x11/0x20
[  556.451938]  ? graph_lock+0x170/0x170
[  556.455769]  ? find_held_lock+0x36/0x1c0
[  556.459856]  ? lock_downgrade+0x900/0x900
[  556.464009]  ? check_preemption_disabled+0x48/0x200
[  556.469195]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[  556.475000]  ? kasan_check_read+0x11/0x20
[  556.479181]  __should_failslab+0x124/0x180
[  556.483427]  should_failslab+0x9/0x14
[  556.487259]  kmem_cache_alloc+0x47/0x730
[  556.487285]  ? __nf_conntrack_find_get.part.42+0x110b/0x1cf0
[  556.487306]  __nf_conntrack_alloc+0x1aa/0x7c0
[  556.487324]  ? early_drop+0xc00/0xc00
[  556.497182]  ? perf_trace_lock+0x7a0/0x7a0
[  556.497219]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  556.497236]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  556.497255]  init_conntrack+0xff2/0x1490
[  556.497275]  ? nf_conntrack_alloc+0x50/0x50
[  556.528880]  ? check_preemption_disabled+0x48/0x200
[  556.533945]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  556.539169]  ? generic_pkt_to_tuple+0xd/0x90
[  556.543594]  ? lock_acquire+0x1ed/0x520
[  556.547576]  ? nf_conntrack_in+0x571/0x1240
[  556.551908]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  556.557450]  ? check_preemption_disabled+0x48/0x200
[  556.562475]  ? kasan_check_read+0x11/0x20
[  556.566641]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  556.571927]  ? debug_smp_processor_id+0x1c/0x20
[  556.576619]  ? perf_trace_lock_acquire+0x15b/0x800
[  556.577302] FAULT_INJECTION: forcing a failure.
[  556.577302] name failslab, interval 1, probability 0, space 0, times 0
[  556.581564]  nf_conntrack_in+0xbf6/0x1240
[  556.581595]  ? nf_conntrack_update+0xb90/0xb90
[  556.581616]  ? __lock_is_held+0xb5/0x140
[  556.605558]  ? __do_replace+0xab0/0xab0
[  556.609574]  ? graph_lock+0x170/0x170
[  556.613385]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  556.618937]  ? check_preemption_disabled+0x48/0x200
[  556.623967]  ? ipv6_conntrack_local+0x30/0x30
[  556.628461]  ipv4_conntrack_in+0x61/0x90
21:14:44 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x600000000000000, 0x0, &(0x7f0000000300)})

21:14:44 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x700, 0x0, &(0x7f0000000300)})

[  556.632525]  nf_hook_slow+0xc2/0x1c0
[  556.636259]  ip_rcv+0x392/0x610
[  556.639559]  ? ip_local_deliver+0x750/0x750
[  556.643896]  ? pvclock_read_flags+0x160/0x160
[  556.648399]  ? ip_rcv_finish_core.isra.15+0x1f40/0x1f40
[  556.648422]  ? lock_acquire+0x1ed/0x520
[  556.648440]  ? netif_receive_skb_internal+0xaa/0x620
[  556.648459]  __netif_receive_skb_one_core+0x14d/0x200
[  556.657786]  ? __netif_receive_skb_core+0x3b60/0x3b60
[  556.657802]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  556.657817]  ? rcu_bh_qs+0xc0/0xc0
[  556.657878]  __netif_receive_skb+0x2c/0x1e0
[  556.657899]  netif_receive_skb_internal+0x12c/0x620
[  556.691540]  ? check_preemption_disabled+0x48/0x200
[  556.696574]  ? dev_cpu_dead+0xa80/0xa80
[  556.700566]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[  556.706110]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  556.711396]  ? rcu_pm_notify+0xc0/0xc0
[  556.715309]  netif_receive_skb+0xe5/0x430
[  556.719486]  ? netif_receive_skb_internal+0x620/0x620
[  556.724689]  ? find_held_lock+0x36/0x1c0
[  556.728767]  ? tun_rx_batched.isra.55+0x494/0x8c0
[  556.733639]  tun_rx_batched.isra.55+0x4ba/0x8c0
[  556.738361]  ? lockdep_hardirqs_on+0x421/0x5c0
[  556.742977]  ? tun_sock_write_space+0x3a0/0x3a0
[  556.747664]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  556.753117]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  556.758680]  ? check_preemption_disabled+0x48/0x200
[  556.763702]  ? tun_get_user+0x3020/0x42a0
[  556.767861]  ? tun_get_user+0x3020/0x42a0
[  556.772050]  tun_get_user+0x2b13/0x42a0
[  556.776066]  ? check_preemption_disabled+0x48/0x200
[  556.781144]  ? tun_build_skb.isra.54+0x2230/0x2230
[  556.786083]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  556.791370]  ? rcu_bh_qs+0xc0/0xc0
[  556.794929]  ? aa_file_perm+0x490/0x1060
[  556.799016]  ? tun_get+0x206/0x370
[  556.799034]  ? lock_downgrade+0x900/0x900
[  556.799064]  ? check_preemption_disabled+0x48/0x200
[  556.799105]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[  556.806786]  ? kasan_check_read+0x11/0x20
[  556.806803]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  556.806819]  ? rcu_bh_qs+0xc0/0xc0
[  556.806871]  ? tun_get+0x22d/0x370
[  556.806887]  ? tun_chr_close+0x180/0x180
[  556.838255]  ? debug_lockdep_rcu_enabled+0x77/0x90
[  556.843215]  ? common_file_perm+0x236/0x7f0
[  556.847581]  tun_chr_write_iter+0xb9/0x154
[  556.851870]  do_iter_readv_writev+0x8b0/0xa80
[  556.856398]  ? vfs_dedupe_file_range+0x670/0x670
[  556.861161]  ? apparmor_file_permission+0x24/0x30
[  556.866042]  ? rw_verify_area+0x118/0x360
[  556.870233]  do_iter_write+0x185/0x5f0
[  556.874134]  ? iov_iter_get_pages+0x1210/0x1210
[  556.878821]  ? proc_cwd_link+0x1d0/0x1d0
[  556.882917]  ? graph_lock+0x170/0x170
[  556.886731]  compat_writev+0x233/0x410
[  556.890633]  ? do_pwritev+0x280/0x280
[  556.894446]  ? fget_raw+0x20/0x20
[  556.897939]  ? wait_for_completion+0x8a0/0x8a0
[  556.902542]  ? __lock_is_held+0xb5/0x140
[  556.906622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  556.912253]  ? __fdget_pos+0xde/0x200
[  556.916096]  ? __fdget_raw+0x20/0x20
[  556.919828]  ? __sb_end_write+0xd9/0x110
[  556.923947]  do_compat_writev+0x119/0x250
[  556.928119]  ? compat_writev+0x410/0x410
[  556.932193]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  556.937664]  ? mm_fault_error+0x380/0x380
[  556.941879]  __ia32_compat_sys_writev+0x74/0xb0
[  556.946561]  do_fast_syscall_32+0x34d/0xfb2
[  556.950909]  ? do_int80_syscall_32+0x890/0x890
[  556.955500]  ? entry_SYSENTER_compat+0x68/0x7f
[  556.960136]  ? trace_hardirqs_off_caller+0xbb/0x310
[  556.965179]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  556.970036]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  556.974897]  ? trace_hardirqs_on_caller+0x310/0x310
[  556.979915]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  556.984953]  ? prepare_exit_to_usermode+0x291/0x3b0
[  556.989996]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  556.994863]  entry_SYSENTER_compat+0x70/0x7f
[  556.999272] RIP: 0023:0xf7f1eca9
[  557.002638] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  557.021564] RSP: 002b:00000000f5f1a054 EFLAGS: 00000292 ORIG_RAX: 0000000000000092
[  557.029306] RAX: ffffffffffffffda RBX: 00000000000000f0 RCX: 00000000f5f1a0a4
[  557.036586] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000004
[  557.043859] RBP: 00000000f5f1a168 R08: 0000000000000000 R09: 0000000000000000
[  557.051125] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  557.058396] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  557.065719] CPU: 0 PID: 7331 Comm: syz-executor1 Not tainted 4.19.0-rc3+ #134
[  557.073014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  557.082373] Call Trace:
21:14:45 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x100000000000000, 0x0, &(0x7f0000000300)})

[  557.084980]  dump_stack+0x1c4/0x2b4
[  557.088632]  ? dump_stack_print_info.cold.2+0x52/0x52
[  557.093866]  should_fail.cold.4+0xa/0x17
[  557.097950]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  557.100815] binder_transaction: 70 callbacks suppressed
[  557.100829] binder: 7343:7344 transaction failed 29189/-22, size 0-12288 line 2855
[  557.103067]  ? print_usage_bug+0xc0/0xc0
[  557.103086]  ? graph_lock+0x170/0x170
[  557.103104]  ? __lock_acquire+0x7ec/0x4ec0
[  557.128237]  ? print_usage_bug+0xc0/0xc0
[  557.132301]  ? graph_lock+0x170/0x170
[  557.136115]  ? find_held_lock+0x36/0x1c0
[  557.138994] binder: 7328:7346 got transaction to invalid handle
[  557.140185]  ? __lock_is_held+0xb5/0x140
[  557.140215]  ? ___might_sleep+0x1ed/0x300
[  557.140231]  ? arch_local_save_flags+0x40/0x40
[  557.140257]  ? mark_held_locks+0x130/0x130
[  557.150854] binder: 7328:7346 transaction failed 29201/-22, size 0-1060864 line 2855
[  557.154499]  __should_failslab+0x124/0x180
[  557.154519]  should_failslab+0x9/0x14
[  557.154535]  __kmalloc_track_caller+0x2d0/0x750
[  557.154548]  ? debug_smp_processor_id+0x1c/0x20
[  557.154563]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  557.154576]  ? check_preemption_disabled+0x48/0x200
[  557.154592]  ? kstrdup_const+0x66/0x80
[  557.154609]  kstrdup+0x39/0x70
[  557.179926] binder: 7328:7342 got transaction to invalid handle
[  557.183938]  kstrdup_const+0x66/0x80
[  557.183956]  __kernfs_new_node+0xe8/0x8d0
[  557.183975]  ? kernfs_dop_revalidate+0x3c0/0x3c0
[  557.183992]  ? graph_lock+0x170/0x170
[  557.189560] binder: 7328:7342 transaction failed 29201/-22, size 0-1060864 line 2855
[  557.194218]  ? blocking_notifier_call_chain+0x129/0x190
[  557.241908]  ? find_held_lock+0x36/0x1c0
[  557.245971]  ? find_held_lock+0x36/0x1c0
[  557.250042]  ? sysfs_do_create_link_sd.isra.2+0x82/0x130
[  557.255478]  ? lock_downgrade+0x900/0x900
[  557.259617]  kernfs_new_node+0x95/0x120
[  557.263575]  kernfs_create_link+0xdb/0x250
[  557.267801]  sysfs_do_create_link_sd.isra.2+0x90/0x130
[  557.273065]  sysfs_create_link+0x65/0xc0
[  557.277145]  driver_sysfs_add+0x109/0x350
[  557.281293]  device_bind_driver+0x19/0xd0
[  557.285478]  usb_driver_claim_interface+0x34d/0x3f0
[  557.290598]  claimintf+0x10e/0x170
[  557.294138]  proc_disconnect_claim+0x2cc/0x440
[  557.298703]  ? proc_ioctl+0x7e0/0x7e0
[  557.302516]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  557.308054]  usbdev_do_ioctl+0x17e3/0x3b50
[  557.312272]  ? processcompl_compat+0x680/0x680
[  557.316845]  ? perf_trace_lock+0x7a0/0x7a0
[  557.321060]  ? graph_lock+0x170/0x170
[  557.324844]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  557.330396]  ? _kstrtoull+0x188/0x250
[  557.334197]  ? graph_lock+0x170/0x170
[  557.337998]  ? _parse_integer+0x180/0x180
[  557.342177]  ? graph_lock+0x170/0x170
[  557.345962]  ? lock_release+0x970/0x970
[  557.349944]  ? find_held_lock+0x36/0x1c0
[  557.353997]  ? __fget+0x4aa/0x740
[  557.357445]  ? lock_downgrade+0x900/0x900
[  557.361575]  ? check_preemption_disabled+0x48/0x200
[  557.366595]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[  557.372389]  ? kasan_check_read+0x11/0x20
[  557.376522]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  557.381820]  ? rcu_bh_qs+0xc0/0xc0
[  557.385356]  ? __fget+0x4d1/0x740
[  557.388809]  ? ksys_dup3+0x680/0x680
[  557.392540]  ? kasan_check_write+0x14/0x20
[  557.396766]  ? __mutex_unlock_slowpath+0x197/0x8c0
[  557.401682]  ? wait_for_completion+0x8a0/0x8a0
[  557.406261]  ? __lock_is_held+0xb5/0x140
[  557.410307]  ? __fget_light+0x2e9/0x430
[  557.414262]  ? fget_raw+0x20/0x20
[  557.417706]  ? __sb_end_write+0xd9/0x110
[  557.421768]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  557.427302]  ? fput+0x130/0x1a0
[  557.430597]  ? do_fast_syscall_32+0x150/0xfb2
[  557.435074]  ? do_fast_syscall_32+0x150/0xfb2
[  557.439593]  ? lockdep_hardirqs_on+0x421/0x5c0
[  557.444158]  ? usbdev_do_ioctl+0x3b50/0x3b50
[  557.448549]  usbdev_compat_ioctl+0x24/0x30
[  557.452774]  __ia32_compat_sys_ioctl+0x20e/0x630
[  557.457536]  do_fast_syscall_32+0x34d/0xfb2
[  557.461850]  ? do_int80_syscall_32+0x890/0x890
[  557.466439]  ? entry_SYSENTER_compat+0x68/0x7f
[  557.471023]  ? trace_hardirqs_off_caller+0xbb/0x310
[  557.476047]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  557.481101]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  557.485947]  ? trace_hardirqs_on_caller+0x310/0x310
[  557.490949]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  557.495953]  ? prepare_exit_to_usermode+0x291/0x3b0
[  557.500954]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  557.505786]  entry_SYSENTER_compat+0x70/0x7f
[  557.510177] RIP: 0023:0xf7f12ca9
[  557.513547] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  557.532428] RSP: 002b:00000000f5f0e0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  557.540136] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000008108551b
[  557.547404] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000000000000
[  557.554652] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  557.561902] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  557.569168] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
21:14:45 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x2f000000, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

21:14:45 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x7a, 0x0, &(0x7f0000000300)})

21:14:45 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x4c00000000000000, 0x0, &(0x7f0000000300)})

21:14:45 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x80000, 0x0)
getrandom(&(0x7f0000000200)=""/233, 0xe9, 0x3)
ioctl$EVIOCSABS2F(r0, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

21:14:45 executing program 1:
r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x1)
ioctl$TIOCGPGRP(r0, 0x8108551b, &(0x7f0000000100))

21:14:45 executing program 4 (fault-call:2 fault-nth:4):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x3f, 0x4)
syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@broadcast, @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f0000000000))

[  557.675300] binder: 7351:7352 transaction failed 29189/-22, size 0-12288 line 2855
[  557.676128] ==================================================================
[  557.690422] BUG: KASAN: use-after-free in perf_trace_lock_acquire+0x66b/0x800
[  557.697728] Read of size 8 at addr ffff8801c157f2d0 by task syz-executor1/7354
[  557.705092] 
[  557.706725] CPU: 0 PID: 7354 Comm: syz-executor1 Not tainted 4.19.0-rc3+ #134
[  557.713997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  557.722474] binder: 7355:7360 transaction failed 29189/-22, size 0-12288 line 2855
[  557.723352] Call Trace:
[  557.723370]  dump_stack+0x1c4/0x2b4
[  557.723385]  ? dump_stack_print_info.cold.2+0x52/0x52
[  557.723400]  ? printk+0xa7/0xcf
[  557.723421]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[  557.745769]  print_address_description.cold.8+0x9/0x1ff
[  557.745784]  kasan_report.cold.9+0x242/0x309
[  557.745797]  ? perf_trace_lock_acquire+0x66b/0x800
[  557.745812]  __asan_report_load8_noabort+0x14/0x20
[  557.745826]  perf_trace_lock_acquire+0x66b/0x800
21:14:45 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x3f00000000000000, 0x0, &(0x7f0000000300)})

[  557.745853]  ? perf_trace_lock+0x7a0/0x7a0
[  557.755959]  ? perf_trace_lock+0x7a0/0x7a0
[  557.755973]  ? mark_held_locks+0x130/0x130
[  557.755986]  ? graph_lock+0x170/0x170
[  557.755998]  ? lock_acquire+0x1ed/0x520
[  557.756011]  ? graph_lock+0x170/0x170
[  557.756036]  lock_acquire+0x385/0x520
[  557.756055]  ? destroy_async_on_interface+0x155/0x560
[  557.756071]  ? lock_release+0x970/0x970
[  557.802827] binder: 7358:7362 transaction failed 29189/-22, size 0-12288 line 2855
[  557.803187]  ? trace_hardirqs_off+0xb8/0x310
21:14:45 executing program 0:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
openat$full(0xffffffffffffff9c, &(0x7f0000000280)='/dev/full\x00', 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x6})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x600040, 0x0)
getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={<r3=>0x0, 0x2, 0x5b3, 0x40}, &(0x7f0000000200)=0x10)
setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000240)={r3, 0xc9}, 0x8)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)})

[  557.803202]  ? _raw_spin_unlock_irq+0x27/0x80
[  557.803217]  ? destroy_async_on_interface+0x155/0x560
[  557.803245]  ? trace_hardirqs_on+0x310/0x310
[  557.803258]  ? trace_hardirqs_on+0xbd/0x310
[  557.803273]  ? kasan_check_read+0x11/0x20
[  557.803293]  ? usb_hcd_flush_endpoint+0x370/0x5c0
[  557.851901]  _raw_spin_lock_irqsave+0x99/0xd0
[  557.856419]  ? destroy_async_on_interface+0x155/0x560
[  557.861708]  destroy_async_on_interface+0x155/0x560
[  557.866746]  ? destroy_async+0x470/0x470
[  557.870811]  ? usb_hcd_unlink_urb+0x2f0/0x2f0
[  557.875333]  ? lockdep_hardirqs_on+0x421/0x5c0
[  557.879949]  ? trace_hardirqs_on+0xbd/0x310
[  557.879979]  ? kasan_check_read+0x11/0x20
[  557.879996]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  557.880015]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  557.880041]  ? usb_disable_endpoint+0x1c6/0x200
[  557.888517]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  557.888532]  driver_disconnect+0xea/0x150
[  557.888545]  ? usb_autoresume_device+0x60/0x60
[  557.888558]  usb_unbind_interface+0x25a/0xbe0
21:14:45 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x60, 0x0, &(0x7f0000000300)})

[  557.888575]  ? __pm_runtime_idle+0xcc/0x150
[  557.888598]  ? lockdep_hardirqs_on+0x421/0x5c0
[  557.927383] binder: 7369:7370 transaction failed 29189/-22, size 0-12288 line 2855
[  557.931370]  ? usb_autoresume_device+0x60/0x60
[  557.931385]  ? kasan_check_read+0x11/0x20
[  557.931400]  ? __pm_runtime_idle+0xcc/0x150
[  557.931429]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  557.931444]  ? kasan_check_write+0x14/0x20
[  557.931456]  ? do_raw_spin_lock+0xc1/0x200
[  557.931471]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  557.931491]  ? usb_autoresume_device+0x60/0x60
[  557.962337]  device_release_driver_internal+0x651/0x750
[  557.962353]  device_release_driver+0x19/0x20
[  557.962366]  usb_driver_release_interface+0x110/0x190
[  557.962385]  proc_disconnect_claim+0x297/0x440
[  557.976364]  ? proc_ioctl+0x7e0/0x7e0
[  557.976390]  usbdev_do_ioctl+0x17e3/0x3b50
[  557.976404]  ? processcompl_compat+0x680/0x680
[  557.976418]  ? perf_trace_lock+0x7a0/0x7a0
[  557.976449]  ? lock_downgrade+0x900/0x900
[  558.016950]  ? graph_lock+0x170/0x170
[  558.020417] binder: 7376:7378 transaction failed 29189/-22, size 0-12288 line 2855
[  558.020757]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  558.020772]  ? rcu_bh_qs+0xc0/0xc0
[  558.020784]  ? rcu_bh_qs+0xc0/0xc0
[  558.020802]  ? unwind_dump+0x190/0x190
[  558.044803]  ? find_held_lock+0x36/0x1c0
[  558.048878]  ? __fget+0x4aa/0x740
[  558.049289] binder: 7371:7377 transaction failed 29189/-22, size 0-12288 line 2855
[  558.052344]  ? lock_downgrade+0x900/0x900
[  558.052357]  ? check_preemption_disabled+0x48/0x200
[  558.052374]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
21:14:46 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x40010020, 0x0, &(0x7f0000000300)})

[  558.052388]  ? kasan_check_read+0x11/0x20
[  558.052403]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  558.052416]  ? rcu_bh_qs+0xc0/0xc0
[  558.052432]  ? __fget+0x4d1/0x740
[  558.052450]  ? ksys_dup3+0x680/0x680
[  558.088022]  ? kasan_check_write+0x14/0x20
[  558.088044]  ? trace_hardirqs_off+0xb8/0x310
[  558.088059]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  558.088070]  ? check_preemption_disabled+0x48/0x200
[  558.088088]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  558.088100]  ? rcu_pm_notify+0xc0/0xc0
21:14:46 executing program 5:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000380))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x700, 0x0, &(0x7f0000000300)})

[  558.088122]  ? __fget_light+0x2e9/0x430
[  558.088137]  ? fget_raw+0x20/0x20
[  558.095274]  ? putname+0xf2/0x130
[  558.095287]  ? rcu_read_lock_sched_held+0x108/0x120
[  558.095306]  ? do_fast_syscall_32+0x150/0xfb2
[  558.095324]  ? do_fast_syscall_32+0x150/0xfb2
[  558.131222] binder: 7383:7384 transaction failed 29189/-22, size 0-12288 line 2855
[  558.134537]  ? lockdep_hardirqs_on+0x421/0x5c0
[  558.134551]  ? usbdev_do_ioctl+0x3b50/0x3b50
[  558.134563]  usbdev_compat_ioctl+0x24/0x30
[  558.134580]  __ia32_compat_sys_ioctl+0x20e/0x630
[  558.134598]  do_fast_syscall_32+0x34d/0xfb2
[  558.134614]  ? do_int80_syscall_32+0x890/0x890
[  558.134629]  ? entry_SYSENTER_compat+0x68/0x7f
[  558.134647]  ? trace_hardirqs_off_caller+0xbb/0x310
[  558.178322] FAULT_INJECTION: forcing a failure.
[  558.178322] name failslab, interval 1, probability 0, space 0, times 0
[  558.178576]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  558.178590]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  558.178604]  ? trace_hardirqs_on_caller+0x310/0x310
[  558.178618]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  558.178631]  ? prepare_exit_to_usermode+0x291/0x3b0
[  558.178649]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  558.233569]  entry_SYSENTER_compat+0x70/0x7f
[  558.237965] RIP: 0023:0xf7f12ca9
[  558.241324] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  558.260289] RSP: 002b:00000000f5f0e0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  558.268009] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000008108551b
[  558.275280] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000000000000
[  558.282555] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  558.289815] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  558.297082] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  558.304357] 
[  558.304369] CPU: 1 PID: 7373 Comm: syz-executor4 Not tainted 4.19.0-rc3+ #134
[  558.304381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  558.305986] Allocated by task 7331:
[  558.306017]  save_stack+0x43/0xd0
[  558.313271] Call Trace:
[  558.322607]  kasan_kmalloc+0xc7/0xe0
[  558.322640]  kmem_cache_alloc_trace+0x152/0x750
[  558.326249]  dump_stack+0x1c4/0x2b4
[  558.329675]  usbdev_open+0xe4/0xa20
[  558.329692]  chrdev_open+0x25a/0x710
[  558.332258]  ? dump_stack_print_info.cold.2+0x52/0x52
[  558.335949]  do_dentry_open+0x499/0x1250
[  558.335967]  vfs_open+0xa0/0xd0
[  558.340636]  ? mark_held_locks+0x130/0x130
[  558.344258]  path_openat+0x12bf/0x5160
[  558.344273]  do_filp_open+0x255/0x380
[  558.347885]  ? kernel_text_address+0x79/0xf0
[  558.351859]  do_sys_open+0x568/0x700
[  558.351891]  __ia32_compat_sys_open+0x79/0xb0
[  558.357071]  should_fail.cold.4+0xa/0x17
[  558.361106]  do_fast_syscall_32+0x34d/0xfb2
[  558.361124]  entry_SYSENTER_compat+0x70/0x7f
[  558.364397]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[  558.368605] 
[  558.368615] Freed by task 7331:
[  558.372493]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  558.376266]  save_stack+0x43/0xd0
[  558.376280]  __kasan_slab_free+0x102/0x150
[  558.380800]  ? check_preemption_disabled+0x48/0x200
[  558.384508]  kasan_slab_free+0xe/0x10
[  558.384523]  kfree+0xcf/0x230
[  558.389006]  ? debug_smp_processor_id+0x1c/0x20
[  558.393059]  usbdev_release+0x413/0x560
[  558.393074]  __fput+0x385/0xa30
[  558.397400]  ? perf_trace_lock_acquire+0x15b/0x800
[  558.401784]  ____fput+0x15/0x20
[  558.401798]  task_work_run+0x1e8/0x2a0
[  558.406969]  ? save_stack+0xa9/0xd0
[  558.408857]  get_signal+0x155e/0x1980
[  558.408872]  do_signal+0x9c/0x21e0
[  558.412148]  ? save_stack+0x43/0xd0
[  558.417705]  exit_to_usermode_loop+0x2e5/0x380
[  558.417721]  do_fast_syscall_32+0xcd5/0xfb2
[  558.421274]  ? perf_trace_lock+0x7a0/0x7a0
[  558.425487]  entry_SYSENTER_compat+0x70/0x7f
[  558.425494] 
[  558.430501]  ? ip_rcv+0x392/0x610
[  558.434268] The buggy address belongs to the object at ffff8801c157f280
[  558.434268]  which belongs to the cache kmalloc-512 of size 512
[  558.434283] The buggy address is located 80 bytes inside of
[  558.434283]  512-byte region [ffff8801c157f280, ffff8801c157f480)
[  558.437385]  ? __netif_receive_skb+0x2c/0x1e0
[  558.442014] The buggy address belongs to the page:
[  558.442036] page:ffffea0007055fc0 count:1 mapcount:0 mapping:ffff8801da800940 index:0xffff8801c157fc80
[  558.446010]  ? netif_receive_skb_internal+0x12c/0x620
[  558.449262] flags: 0x2fffc0000000100(slab)
[  558.454189]  ? netif_receive_skb+0xe5/0x430
[  558.457443] raw: 02fffc0000000100 ffffea0006fada88 ffffea0006ff02c8 ffff8801da800940
[  558.461320]  ? tun_rx_batched.isra.55+0x4ba/0x8c0
[  558.464968] raw: ffff8801c157fc80 ffff8801c157f000 0000000100000005 0000000000000000
[  558.468822]  ? tun_get_user+0x2b13/0x42a0
[  558.472327] page dumped because: kasan: bad access detected
[  558.472335] 
[  558.475954]  ? tun_chr_write_iter+0xb9/0x154
[  558.480502] Memory state around the buggy address:
[  558.480513]  ffff8801c157f180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  558.484823]  ? graph_lock+0x170/0x170
[  558.489079]  ffff8801c157f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  558.493477]  ? do_compat_writev+0x119/0x250
[  558.495078] >ffff8801c157f280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  558.498541]  ? __ia32_compat_sys_writev+0x74/0xb0
[  558.511152]                                                  ^
[  558.511169]  ffff8801c157f300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  558.522951]  ? do_fast_syscall_32+0x34d/0xfb2
[  558.527420]  ffff8801c157f380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  558.532340]  ? entry_SYSENTER_compat+0x70/0x7f
[  558.541761] ==================================================================
[  558.541771] Disabling lock debugging due to kernel taint
[  558.546957]  ? find_held_lock+0x36/0x1c0
[  558.551163] Kernel panic - not syncing: panic_on_warn set ...
[  558.551163] 
[  558.555476]  __should_failslab+0x124/0x180
[  558.689819]  should_failslab+0x9/0x14
[  558.693626]  __kmalloc_track_caller+0x5f/0x750
[  558.698208]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  558.703493]  ? rcu_bh_qs+0xc0/0xc0
[  558.707055]  ? nf_ct_ext_add+0x369/0x7b0
[  558.711120]  __krealloc+0x6f/0xb0
[  558.714572]  nf_ct_ext_add+0x369/0x7b0
[  558.718459]  ? nf_ct_ext_destroy+0x370/0x370
[  558.722873]  ? perf_trace_lock+0x7a0/0x7a0
[  558.727122]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  558.732338]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  558.737886]  ? generic_pkt_to_tuple+0x90/0x90
[  558.742379]  init_conntrack+0x5ef/0x1490
[  558.746454]  ? nf_conntrack_alloc+0x50/0x50
[  558.750770]  ? check_preemption_disabled+0x48/0x200
[  558.755780]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  558.760965]  ? generic_pkt_to_tuple+0xd/0x90
[  558.765422]  ? lock_acquire+0x1ed/0x520
[  558.769420]  ? nf_conntrack_in+0x571/0x1240
[  558.773751]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  558.779299]  ? check_preemption_disabled+0x48/0x200
[  558.784314]  ? kasan_check_read+0x11/0x20
[  558.788460]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  558.793744]  ? debug_smp_processor_id+0x1c/0x20
[  558.798421]  ? perf_trace_lock_acquire+0x15b/0x800
[  558.803349]  nf_conntrack_in+0xbf6/0x1240
[  558.807523]  ? nf_conntrack_update+0xb90/0xb90
[  558.812121]  ? __lock_is_held+0xb5/0x140
[  558.816537]  ? __do_replace+0xab0/0xab0
[  558.820651]  ? graph_lock+0x170/0x170
[  558.825194]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  558.831405]  ? check_preemption_disabled+0x48/0x200
[  558.836628]  ? ipv6_conntrack_local+0x30/0x30
[  558.841134]  ipv4_conntrack_in+0x61/0x90
[  558.845189]  nf_hook_slow+0xc2/0x1c0
[  558.848961]  ip_rcv+0x392/0x610
[  558.852237]  ? ip_local_deliver+0x750/0x750
[  558.856561]  ? pvclock_read_flags+0x160/0x160
[  558.861063]  ? ip_rcv_finish_core.isra.15+0x1f40/0x1f40
[  558.866443]  ? lock_acquire+0x1ed/0x520
[  558.870447]  ? netif_receive_skb_internal+0xaa/0x620
[  558.875555]  __netif_receive_skb_one_core+0x14d/0x200
[  558.880741]  ? __netif_receive_skb_core+0x3b60/0x3b60
[  558.885929]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  558.891220]  ? rcu_bh_qs+0xc0/0xc0
[  558.894784]  __netif_receive_skb+0x2c/0x1e0
[  558.899108]  netif_receive_skb_internal+0x12c/0x620
[  558.904128]  ? check_preemption_disabled+0x48/0x200
[  558.909177]  ? dev_cpu_dead+0xa80/0xa80
[  558.913154]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[  558.918697]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  558.923971]  ? rcu_pm_notify+0xc0/0xc0
[  558.927869]  netif_receive_skb+0xe5/0x430
[  558.932046]  ? netif_receive_skb_internal+0x620/0x620
[  558.937233]  ? find_held_lock+0x36/0x1c0
[  558.941310]  ? tun_rx_batched.isra.55+0x494/0x8c0
[  558.946168]  tun_rx_batched.isra.55+0x4ba/0x8c0
[  558.950835]  ? lockdep_hardirqs_on+0x421/0x5c0
[  558.955425]  ? tun_sock_write_space+0x3a0/0x3a0
[  558.960106]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  558.965575]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  558.971141]  ? check_preemption_disabled+0x48/0x200
[  558.976194]  ? tun_get_user+0x3020/0x42a0
[  558.980343]  ? tun_get_user+0x3020/0x42a0
[  558.984507]  tun_get_user+0x2b13/0x42a0
[  558.988486]  ? check_preemption_disabled+0x48/0x200
[  558.993516]  ? tun_build_skb.isra.54+0x2230/0x2230
[  558.998448]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  559.003722]  ? rcu_bh_qs+0xc0/0xc0
[  559.007295]  ? aa_file_perm+0x490/0x1060
[  559.011364]  ? tun_get+0x206/0x370
[  559.014911]  ? lock_downgrade+0x900/0x900
[  559.019070]  ? check_preemption_disabled+0x48/0x200
[  559.024093]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[  559.029904]  ? kasan_check_read+0x11/0x20
[  559.034060]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  559.039337]  ? rcu_bh_qs+0xc0/0xc0
[  559.042897]  ? tun_get+0x22d/0x370
[  559.046435]  ? tun_chr_close+0x180/0x180
[  559.050492]  ? debug_lockdep_rcu_enabled+0x77/0x90
[  559.055418]  ? common_file_perm+0x236/0x7f0
[  559.059740]  tun_chr_write_iter+0xb9/0x154
[  559.063981]  do_iter_readv_writev+0x8b0/0xa80
[  559.068487]  ? vfs_dedupe_file_range+0x670/0x670
[  559.073244]  ? apparmor_file_permission+0x24/0x30
[  559.078092]  ? rw_verify_area+0x118/0x360
[  559.082253]  do_iter_write+0x185/0x5f0
[  559.086166]  ? iov_iter_get_pages+0x1210/0x1210
[  559.090829]  ? proc_cwd_link+0x1d0/0x1d0
[  559.094902]  ? graph_lock+0x170/0x170
[  559.098719]  compat_writev+0x233/0x410
[  559.102619]  ? do_pwritev+0x280/0x280
[  559.106428]  ? fget_raw+0x20/0x20
[  559.109883]  ? wait_for_completion+0x8a0/0x8a0
[  559.114466]  ? __lock_is_held+0xb5/0x140
[  559.118534]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  559.124100]  ? __fdget_pos+0xde/0x200
[  559.127901]  ? __fdget_raw+0x20/0x20
[  559.131609]  ? __sb_end_write+0xd9/0x110
[  559.135673]  do_compat_writev+0x119/0x250
[  559.139847]  ? compat_writev+0x410/0x410
[  559.143922]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  559.149373]  ? mm_fault_error+0x380/0x380
[  559.153538]  __ia32_compat_sys_writev+0x74/0xb0
[  559.158206]  do_fast_syscall_32+0x34d/0xfb2
[  559.162525]  ? do_int80_syscall_32+0x890/0x890
[  559.167111]  ? entry_SYSENTER_compat+0x68/0x7f
[  559.171710]  ? trace_hardirqs_off_caller+0xbb/0x310
[  559.176723]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  559.181578]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  559.186456]  ? trace_hardirqs_on_caller+0x310/0x310
[  559.191483]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  559.196498]  ? prepare_exit_to_usermode+0x291/0x3b0
[  559.201525]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  559.206382]  entry_SYSENTER_compat+0x70/0x7f
[  559.210783] RIP: 0023:0xf7f1eca9
[  559.214150] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  559.233062] RSP: 002b:00000000f5ed8054 EFLAGS: 00000292 ORIG_RAX: 0000000000000092
[  559.240777] RAX: ffffffffffffffda RBX: 00000000000000f0 RCX: 00000000f5ed80a4
[  559.248040] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000004
[  559.255313] RBP: 00000000f5ed8168 R08: 0000000000000000 R09: 0000000000000000
[  559.262579] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  559.269850] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  559.277168] CPU: 0 PID: 7354 Comm: syz-executor1 Tainted: G    B             4.19.0-rc3+ #134
[  559.285832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  559.295186] Call Trace:
[  559.297773]  dump_stack+0x1c4/0x2b4
[  559.301404]  ? dump_stack_print_info.cold.2+0x52/0x52
[  559.306643]  ? lock_downgrade+0x900/0x900
[  559.310794]  panic+0x238/0x4e7
[  559.313999]  ? add_taint.cold.5+0x16/0x16
[  559.318152]  ? add_taint.cold.5+0x5/0x16
[  559.322252]  ? trace_hardirqs_off+0xaf/0x310
[  559.326676]  kasan_end_report+0x47/0x4f
21:14:47 executing program 3:
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000001380)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x4c00000000000000, 0x0, &(0x7f0000000300)})

[  559.330648]  kasan_report.cold.9+0x76/0x309
[  559.334999]  ? perf_trace_lock_acquire+0x66b/0x800
[  559.340022]  __asan_report_load8_noabort+0x14/0x20
[  559.342269] kobject: 'loop3' (00000000b2e6177a): kobject_uevent_env
[  559.344960]  perf_trace_lock_acquire+0x66b/0x800
[  559.356107]  ? perf_trace_lock+0x7a0/0x7a0
[  559.360342]  ? perf_trace_lock+0x7a0/0x7a0
[  559.364586]  ? mark_held_locks+0x130/0x130
[  559.368486] kobject: 'loop3' (00000000b2e6177a): fill_kobj_path: path = '/devices/virtual/block/loop3'
[  559.368834]  ? graph_lock+0x170/0x170
[  559.368858]  ? lock_acquire+0x1ed/0x520
[  559.368876]  ? graph_lock+0x170/0x170
[  559.389866]  lock_acquire+0x385/0x520
[  559.393734]  ? destroy_async_on_interface+0x155/0x560
[  559.398939]  ? lock_release+0x970/0x970
[  559.400434] binder_release_work: 10 callbacks suppressed
[  559.400440] binder: undelivered TRANSACTION_ERROR: 29189
[  559.402924]  ? trace_hardirqs_off+0xb8/0x310
[  559.402938]  ? _raw_spin_unlock_irq+0x27/0x80
[  559.402953]  ? destroy_async_on_interface+0x155/0x560
[  559.402966]  ? trace_hardirqs_on+0x310/0x310
[  559.402983]  ? trace_hardirqs_on+0xbd/0x310
[  559.436707]  ? kasan_check_read+0x11/0x20
[  559.440867]  ? usb_hcd_flush_endpoint+0x370/0x5c0
[  559.445744]  _raw_spin_lock_irqsave+0x99/0xd0
[  559.450244]  ? destroy_async_on_interface+0x155/0x560
[  559.455436]  destroy_async_on_interface+0x155/0x560
[  559.455488] kobject: 'loop0' (00000000f93b02cb): kobject_uevent_env
[  559.460480]  ? destroy_async+0x470/0x470
[  559.460495]  ? usb_hcd_unlink_urb+0x2f0/0x2f0
[  559.460507]  ? lockdep_hardirqs_on+0x421/0x5c0
[  559.460523]  ? trace_hardirqs_on+0xbd/0x310
[  559.471832] kobject: 'loop0' (00000000f93b02cb): fill_kobj_path: path = '/devices/virtual/block/loop0'
[  559.475450]  ? kasan_check_read+0x11/0x20
[  559.475466]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  559.475481]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  559.475498]  ? usb_disable_endpoint+0x1c6/0x200
[  559.514039]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  559.519045]  driver_disconnect+0xea/0x150
[  559.523197]  ? usb_autoresume_device+0x60/0x60
[  559.527770]  usb_unbind_interface+0x25a/0xbe0
[  559.532250]  ? __pm_runtime_idle+0xcc/0x150
[  559.536570]  ? lockdep_hardirqs_on+0x421/0x5c0
[  559.541138]  ? usb_autoresume_device+0x60/0x60
[  559.545725]  ? kasan_check_read+0x11/0x20
[  559.549869]  ? __pm_runtime_idle+0xcc/0x150
[  559.554191]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  559.559654]  ? kasan_check_write+0x14/0x20
[  559.563890]  ? do_raw_spin_lock+0xc1/0x200
[  559.568132]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  559.573213]  ? usb_autoresume_device+0x60/0x60
[  559.577816]  device_release_driver_internal+0x651/0x750
[  559.583211]  device_release_driver+0x19/0x20
[  559.587609]  usb_driver_release_interface+0x110/0x190
[  559.592779]  proc_disconnect_claim+0x297/0x440
[  559.597343]  ? proc_ioctl+0x7e0/0x7e0
[  559.601153]  usbdev_do_ioctl+0x17e3/0x3b50
[  559.605397]  ? processcompl_compat+0x680/0x680
[  559.610000]  ? perf_trace_lock+0x7a0/0x7a0
[  559.614252]  ? lock_downgrade+0x900/0x900
[  559.618382]  ? graph_lock+0x170/0x170
[  559.622285]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  559.627573]  ? rcu_bh_qs+0xc0/0xc0
[  559.631094]  ? rcu_bh_qs+0xc0/0xc0
[  559.634621]  ? unwind_dump+0x190/0x190
[  559.638566]  ? find_held_lock+0x36/0x1c0
[  559.642609]  ? __fget+0x4aa/0x740
[  559.649793]  ? lock_downgrade+0x900/0x900
[  559.654085]  ? check_preemption_disabled+0x48/0x200
[  559.659088]  ? rcu_read_unlock_special.part.39+0x11f0/0x11f0
[  559.664880]  ? kasan_check_read+0x11/0x20
[  559.669055]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  559.674332]  ? rcu_bh_qs+0xc0/0xc0
[  559.677871]  ? __fget+0x4d1/0x740
[  559.681343]  ? ksys_dup3+0x680/0x680
[  559.685067]  ? kasan_check_write+0x14/0x20
[  559.689285]  ? trace_hardirqs_off+0xb8/0x310
[  559.693677]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  559.699196]  ? check_preemption_disabled+0x48/0x200
[  559.704202]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  559.709471]  ? rcu_pm_notify+0xc0/0xc0
[  559.713341]  ? __fget_light+0x2e9/0x430
[  559.717314]  ? fget_raw+0x20/0x20
[  559.720881]  ? putname+0xf2/0x130
[  559.724322]  ? rcu_read_lock_sched_held+0x108/0x120
[  559.729320]  ? do_fast_syscall_32+0x150/0xfb2
[  559.733794]  ? do_fast_syscall_32+0x150/0xfb2
[  559.738291]  ? lockdep_hardirqs_on+0x421/0x5c0
[  559.742869]  ? usbdev_do_ioctl+0x3b50/0x3b50
[  559.747274]  usbdev_compat_ioctl+0x24/0x30
[  559.751504]  __ia32_compat_sys_ioctl+0x20e/0x630
[  559.756255]  do_fast_syscall_32+0x34d/0xfb2
[  559.760563]  ? do_int80_syscall_32+0x890/0x890
[  559.765145]  ? entry_SYSENTER_compat+0x68/0x7f
[  559.769709]  ? trace_hardirqs_off_caller+0xbb/0x310
[  559.774710]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  559.779539]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  559.784364]  ? trace_hardirqs_on_caller+0x310/0x310
[  559.789385]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  559.794385]  ? prepare_exit_to_usermode+0x291/0x3b0
[  559.799400]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  559.804230]  entry_SYSENTER_compat+0x70/0x7f
[  559.808641] RIP: 0023:0xf7f12ca9
[  559.812000] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  559.830976] RSP: 002b:00000000f5f0e0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  559.838885] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000008108551b
[  559.846135] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000000000000
[  559.853516] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  559.860766] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  559.868015] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  559.875911] Dumping ftrace buffer:
[  559.879441]    (ftrace buffer empty)
[  559.883753] Kernel Offset: disabled
[  559.887374] Rebooting in 86400 seconds..