}, {@appraise_type='appraise_type=imasig'}]}})
sendfile(r1, r1, &(0x7f0000000000)=0x1fffc, 0x8000000000092dd)

23:25:32 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:32 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, 0x0, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:32 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0xffffffff, 0x8, 0x6, [], 0x4}, {0x7fff, 0x6, 0x0, [], 0x7fff}, {0x200, 0x20, 0x1000, [], 0x6}, {0x0, 0x400, 0xfffffffffffffffa, [], 0xfff}, {0x20, 0x9, 0x3, [], 0x8}, {0x5, 0x0, 0x100000001, [], 0x5}, {0x0, 0x0, 0x0, [], 0x7}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:33 executing program 0:
r0 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0xfffffffffffff54b, 0x84000)
ioctl$VIDIOC_SUBDEV_S_SELECTION(r0, 0xc040563e, &(0x7f0000000080)={0x1, 0x0, 0x2, 0x6, {0x1, 0x1, 0xfffffffffffffffd, 0x4}})
r1 = socket(0x11, 0x3, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r1, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:33 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, 0x0, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:33 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x3000000}}, 0xfffffefd)

23:25:33 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0xffffffff, 0x8, 0x6, [], 0x4}, {0x7fff, 0x6, 0x0, [], 0x7fff}, {0x200, 0x20, 0x1000, [], 0x6}, {0x0, 0x400, 0xfffffffffffffffa, [], 0xfff}, {0x20, 0x9, 0x3, [], 0x8}, {0x5, 0x0, 0x100000001, [], 0x5}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:33 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0), 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:33 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x1800}}, 0xfffffefd)

23:25:33 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0), 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:33 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0xffffffff, 0x8, 0x6, [], 0x4}, {0x7fff, 0x6, 0x0, [], 0x7fff}, {0x200, 0x20, 0x1000, [], 0x6}, {0x0, 0x400, 0xfffffffffffffffa, [], 0xfff}, {0x20, 0x9, 0x3, [], 0x8}, {0x0, 0x0, 0x100000001, [], 0x5}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:33 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x3, 0x8000, 0x21c})
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:33 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:33 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0), 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:33 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0xffffffff, 0x8, 0x6, [], 0x4}, {0x7fff, 0x6, 0x0, [], 0x7fff}, {0x200, 0x20, 0x1000, [], 0x6}, {0x0, 0x400, 0xfffffffffffffffa, [], 0xfff}, {0x20, 0x9, 0x3, [], 0x8}, {0x0, 0x0, 0x0, [], 0x5}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:33 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
accept$netrom(r0, &(0x7f0000000080)={{0x3, @null}, [@bcast, @netrom, @rose, @netrom, @rose, @rose, @rose, @null]}, &(0x7f0000000100)=0x48)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
write$P9_RLERRORu(r1, &(0x7f0000000040)={0xd, 0x7, 0x1, {{}, 0x1}}, 0xd)

23:25:33 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba40", 0x21)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:34 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x4000000}}, 0xfffffefd)

23:25:34 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba40", 0x21)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:34 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0xffffffff, 0x8, 0x6, [], 0x4}, {0x7fff, 0x6, 0x0, [], 0x7fff}, {0x200, 0x20, 0x1000, [], 0x6}, {0x0, 0x400, 0xfffffffffffffffa, [], 0xfff}, {0x20, 0x9, 0x3, [], 0x8}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:34 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba40", 0x21)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:34 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x1f40}}, 0xfffffefd)

23:25:34 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0xffffffff, 0x8, 0x6, [], 0x4}, {0x7fff, 0x6, 0x0, [], 0x7fff}, {0x200, 0x20, 0x1000, [], 0x6}, {0x0, 0x400, 0xfffffffffffffffa, [], 0xfff}, {0x0, 0x9, 0x3, [], 0x8}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:34 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x42, &(0x7f0000000040)={'NETMAP\x00'}, &(0x7f0000000080)=0x1e)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000100)='SEG6\x00')
sendmsg$SEG6_CMD_DUMPHMAC(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)={0x44, r2, 0x1, 0x70bd2e, 0x25dfdbfe, {}, [@SEG6_ATTR_SECRET={0x8, 0x4, [0x3]}, @SEG6_ATTR_ALGID={0x8, 0x6, 0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xffffffff}, @SEG6_ATTR_HMACKEYID={0x8}, @SEG6_ATTR_SECRETLEN={0x8, 0x5, 0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x81d}]}, 0x44}, 0x1, 0x0, 0x0, 0xec8d6885a747556a}, 0x20004000)

23:25:34 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:34 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b0000", 0x31)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:34 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0xffffffff, 0x8, 0x6, [], 0x4}, {0x7fff, 0x6, 0x0, [], 0x7fff}, {0x200, 0x20, 0x1000, [], 0x6}, {0x0, 0x400, 0xfffffffffffffffa, [], 0xfff}, {0x0, 0x0, 0x3, [], 0x8}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:34 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b0000", 0x31)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:34 executing program 0:
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x1000, 0xf8, &(0x7f0000000200)="c1e183de350b8a3f085efd5fdd45bbe98d86d0f381be4f5b244e8b6212ab2db4669d935525504a30d09be149c06a37528dc7c725612aa71fb43abae4fcd54f6ae3c3ac6fd98478f5080d316cf14d94083897f2f8529f4776be56498c4eca2adb2a37dbfc88dfaf669502321e857e0754d3b18856d2f2b8451d879001e0466ae4008ed4e569ff27cc33b1ac6b4ec59698d31876afe1d182a22dfd75ed07a1420a7af58694eb8ba934027651e08d065d9ee07b3176b9b0da57ff5bb8305629ace20098d0c82aef3413e6e2b7cf6831126b83e77bdfba5551c773c84aacf01506cbd69cc02da57d50d63447a58068da2bad9561d7b06cedb87724c4b65101911d08483bf0f592cdf3c209e0ac8f7155db8c59923bffda2fffebe430a75e6ea46ae8fd374d970673fcd6f9c71ddd6c1daaf323fea066921807e10447fb29c5d7bf9cd013e3453cab7761ed27ea92f69d4c6651d30cce3b96ceec3b4fab148c5e046442040faac08d89ad042303bab7dc2451dfe0478993cd1978f4c6d5047aba79d96bd4fdd7389aac02098a5dd15c1373d4e1f4227bf461a4ce04eef97aa326b9bf350cb6326e42b5d20d24982253d7a366e2527b4bb61e1655aa69c9997a90fed0fabf1d8da1ed21db259f06dbede3a44b0b0c203ded0313fd15538c8097ff8abcb7f11254580029f1eb5537d5d95a08e7e6733eb879793dd1dcd9d3917cf84b89b8857a7ef4752d560ec30c3eda20dea40b9f5a18d22e78ff6daab5857032ebe1b60b9173de645384221505a8da213ce8711d88fb4b132ad69dc8f183e519a95c07464167d64c8dce1ea7e9f409fae907c00d1304a712ed9337e00b636c4c4b0e47d5b242d9c5d6d64a39af8959484891eb12f7916910e9aefc8f861565e4918aef73356cdaddfeea14d610956fb20c07a133f95f01e0ba603dc36e5aa7ac7d56978d64fb006d57addb355aeac7372ef257270508d2b6b9732957b1e6ed7eb2cd9dbd4e032b6585ab57dd884e1781e4d1818316f07f59323f63b6a1e62258c7a4d9dff1893c15cf47aec2bfda452d985ed52ea0f325dba257ee60433f771b6583dd6c07294423ae40482eb96098d9962b05e9fc332fcfcd2cb1c6f363688703df3cdb67840707425ee1247a1db7829e6fc832eb4bc9302cc74d6cc2f5bee1ed1385314b2d789bea5e1e4348595e10c73fbddef7ad558ec3b292d5f9ea8526023242b002a6d19bd5f774e3707db947d8a5a083d48c71d9b1ba06f1981d2dc43045c939aafe0565e7e275196df33310d8b48890d9c885e1bf023110ffd56c2e4fdd1b8578350a7941a788275665f7f313cf2aa45c9f92cf5993fd874ae749cb9c71f666d2c5965b64bd972c1168c211d092ade447e2d144de7a712ce20208915b50a57e5a4e8a2c5c3ccac187fefa952ca899fc5ae6eae1e3d435a73c6200ffedce6a8b600f35dbaeb07b868396161a8147d558b8bd485a7958a911c734f096a991ea22769d2151abf3ccb8a2e1460dd20eeb5c1855871b0558b26da5111d413f5660db86444bf321181d85429b4fc7c9d386c3eac5a7b66cc638f1d5c551a99a7fc5375dec2382e4d1759e13d30a64ca0dd19cc8d5d54a9a42a12968e0b0a4298eb131f6b3f1c55dd3d00c9a723f69aca2625134f5112f3c85ab669c520cdc6cdffac9f8af1413b0deaa1a0409d056350fea2e8a1f48f70d7888948bc2b143015aa4dce6366469a5a4ccac10a42f915d8884eef73bd67f09604c1e42764d539cbf05e35121c0cf2ef25082c251b51599fd839fde5c2e458c9900391b2eab77ebc436fdf75b53418fbf0a909204992ff144f56f9432c5ee4fd7072c6d7015c9e81f05245ce423ce06d0363160deb6d5672b140012f6f653910ea96d9fc4390db2aceddce6556a5762b41b7148eb3fb59f158401ceac20ee4a107860c4bab7b54ba63f8ded2ee855f6b5f4f1516d9ee8d59f68c16b8cbbf0ae969869017c5b0d4307e83821d0dd17a97b671c471f634e13f2c19c7dc0e31d8dab40930158542d7d31d3ae7fad91fb8e5ac8f4c0fa63d31c2abdf2774d3ed8c642b4a3048a2fd28978c0edd45cba1def815cf91244098ae8a2dd7968580f1524ac9664ca3d6860d726c12fecfda0bd627f79b911758725082450dfabd7037fd25f024f572f8004f2b483fbd4e8d670ed15c1569f1322be471569939c8a2aadd48c465477dbd035a0e8abc8352a8e29ace60318952f81e55b96044c062e28014878fd1834697011250daa6f4f9d2253905bd0316b995966b64ba848c2d0374e2b985c58d349ea2d840aa0e5100487ce9ec596fbf7dbd439fd21fff84b368962aea0c7bc2542044879bfc1df5e8cdd66e37a4f3a4b47892d1b2e64018da9ebe3705ce90d2e6461a3a473cd47e1c8b30536aa30832f511f1d0003f5bd732763fec2c64b9db911a4fd52e1611ade9bcf23aa3be1c8770feefadf5a1588c2a9a6546090aac4d9c2e9321899d4d42c5a1d6de9f4b830d709a715023978f625fe2cdd420ee5150c1d52f30402ee488fbfeab35e7d7a07592885b513dde30d1b1ddfe3e876a94c1851562419ecf24fc901f3d051a13856f9a76d2dbd25d7a2040caa9889f805468fe2831da56079566ec6fd57f498fabf6ae97f090fa9ac88cc7ee2afec9095eb5f1611452bed489fa31612c60d3529ee5c6d78dc727a793418d6f3d7a5a5f2036b0da4bd5802455bdc6e048f32e4d1289bdb176b738ec0d4d655e06f758de8effe84553bd9090b4a57f8004e978bcd32f86e1a00b828759bf401b7fd15ae0bf53de6066ac44090e3ec5c7c5ab3b7b79d0b58fa799cbba2cda79a8b7eba42a5e344d21d3202c8933659a0c150d0c7adf1e43d10fc24da3551951078aa182a88ba892b362447d6e8f8a3b6faba370b02a5106ff16e1dc2f56696cd97b1f612207f9188fa0e2ed3cab869d53acf64446fbb9121db3ec6f7665ba7d817177de8050294610744547f54c4a0a5c90d1703b216bb16088b42f640252d7146d0b7f7e852efeaed72bd92a58170a2eed0c4ade634ff82d5595a9480e52acec3e752538aa1ca2ca319c51d42af5fa6ff9fbda8be8733edf2ff535d4f4c8905704c0730fd05910bed3d781dfe1071f8a871cb45be548957eb0c868151ce1a8f462be7f3e3a17be29b9e0a590d859f7ccf55c3acaa02d0121f038bc338dc1975be2bfa7a73dddf0fa073385e9b015a85006ff9097cf02bcd00396166ca21e0448331acbad5db5646e1b470f122171a4816ae5549aeb70ba84837273d945b1f07b4bc8183a8bcb7b46c44507fddd30165f041edd7da988e7f83da69435c8c62102a9b600f09497d7a54f4d89bcb93b5c545010c3618dd0c3b760a7ecd7579c2cc820c1bfd18be340e0a0d8e313fcfe41825a44d31fe417a74a0014fa1a0c09e5085d6466ef9fe8655a6ee454de449e61e9e15888baa8348385a613e9cc046bb093f8997c3ef4d6ab60a9860cdb3bd13875d65e502f068ef1114fde625a6ca8e54a8950160311e6b9b9c16facf21f5e42d55536110e2400ff4bf0d18848e265b935374fbb6b0160f74cf7806d11f154a1d05f110cba20fb9f67a1402f93271573bf476fce1f97b758009d9426db0221ae0931bbd7aeccd49704799dde68d1618d2462c5c603eeb9e11130c77b82080b79c6168733921b314b22d09fff34d846d8de4ab8492bb1e6aabb286a3fd7ab52d2360fb630d00ee868e7779ce0eec60a42d705e2b94f0a1084360bee066c51830bc87ba171da3292d257d28cf8397d59c7cc91bb76eb18fca7483cfd519590996d91fea1bb5298b2061946de5aba88b22fe361bfd8e8d3fe4507dafe0936060eb8516568c4ad9ab6473414d8fa0f2e12e5958155cce54df53dc83d2908ca6166d7d246c42e79530a040f4f7ab7bb54cc3a814a8a7ebb1ac6db20e842a5b34edcc5b32111db93ee303027423d5551da81bbb6a0d220ed1341aa634f332000aa46affacbfbcba3682d2608d905b943bcbb1600c7a0ea11b68afe50f51f2eb6b2d92e7270ad807630efdbe149fd0b09439f676c85be2e71600c3b42566689bf4a80a6efcddb40083e6ec6ae413ec6e1f5afab1550cb638e956346742e86bf02507a9badbc5a7da4cfb4a517a87fb74c2e520e479093ec0d95bdd9a69cda7ac56983b8dbeb7f391063f0f4e4fed1232a6bb19c1747ff924fea70675556d08b13e5d5168ff4252166b997a5b5afc7c560d232d6e913154a5080db96e80d07ece70d7fa53fea5475a10ce54f4ded273304d4467f2546ada3ce61b86472e3a458fc49b6a62bd9d33526ef9e5c8134c20eaa1eff70ce4cad40c07a99a0e9bd5f08812303078204f0f1276c0452fa41b18d8ca98f81294ae20edd8a11d6f77885f7d8a20f907b46e8bf1e22b5c6ff328d68111c7c0e55b23c1891d7383cd361a70efc5df56fb67d82785f6d0f73ec928609b0d4be3fee5f9bfae7bf866f54427819d90393b8ecc1386a30532c77b0120cef9073dd9f0e73826e5c5ea0d5e5ef1401bf57982814cec425f74ed0d0aa469c1f531c4261f384249aeb070ebc1d4f2ea8de7d3df7abdd78dfa1384357eef247bf512e38bc1c62bd742b874dcdb193b62426f3de0b428a94ff7ce363337964f5316a30d54c46fb614f8eadb43d8c3b3eccd3ae31d87dd6f2004c7077d1bb414e6ed1ae799a07ebb2cc191534a6277f4e0814b8d750e637114adb76b1cdc5b2a76e36a418a888d7d1e63f2ca9dc80234a7bfef37161d7fd796b51e79e11167220315c94ec80eaf5c593c9d4fdd6bf31d830a6ede22f3f679ddff6c2075f8f00c708d98e09bc10889e7f9ba10772c31fb286a3f774b90bea1b4f5304e59f485a0bbbc6941994809dbb4a20bb518d7cdf40b3a26992401fabf3f8af4c3a822fd2ea2d454ebef4add2fd4596037a233710c05b59d3b3222fded43cc949cdbd0d5c1600ae7e2853486730f765047ec78675a15a0fcbb9d66876d05233e03c6576215b025278f215abe66692952acd09c043efcaaafde9a127b63471a37f92992c5d6e5928854a59206d6941eacce7dd288bdc5254b6b4f99e3d0d2985b0caea55ef34aeda578fc0640b7171dbb71d99cacdaf9e6ba6494892ed4d72f3246be7b9b7664f404562a6a885a137cd1a5c0104cacb1c8b134b086ace3aec8368217f0b7130825fa65ea07bdca85e4a8062f11cde19582bec859bb11189c5ebaff401b474ad3f302388ae03ede8e8d964dbed07ce51e45dd62484eb694cc96cd68240bffa4751c01e77f8024bb485cfd7890df3c6d1e67b4abe6572305b5ca2957756c5bd1a81201813a181cbc9cbfc5fb9220f7565ef043237151470c1714a818c3ee9936541cddd6ab849ead53ca0d4b612449a330a59eaa106e4700c5dd1760b77506c5332e6ed5fed355c411f88b23bbfe85b063cd6667ce626993d0a7a3e24c6cf703b3d708d62d15c4bb138b0d38e7c8e0c135b92a862d24af8fafe653eea870ecfff09cf30f28043f42ccc20a761e822f88439fd822dd07daa85fdb844ec07524329accaf4bd52f42d8a5401b80e58ee4989553b270744d79d2783d4fc4e28b3c43c4ffc34851e6382f7c8e2857c8434fee0ac32b185609b8d493ad06785f26f380fae893a570f8aa0fd06ae6aad3172982afe4fa24da76fa02bbb57d737081ebadfbb6484f6cefe00afe6fdba084a767833be88a4d12f8b9d0b2cc0e1ef017c0b313c732dd6b7a2dfcae23cac1f091e2a4707bb602d7a644de37478eb66d5e53eb7785908ef5ee9e1b5a2614b99328820b7bd1", &(0x7f0000000080)=""/248, 0x5b}, 0x28)
r1 = socket(0x11, 0x3, 0x0)
r2 = getpgrp(0xffffffffffffffff)
r3 = syz_open_procfs(r2, &(0x7f00000012c0)='net/dev_mcast\x00')
sendfile(r1, r3, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:34 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b0000", 0x31)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:34 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0xffffffff, 0x8, 0x6, [], 0x4}, {0x7fff, 0x6, 0x0, [], 0x7fff}, {0x200, 0x20, 0x1000, [], 0x6}, {0x0, 0x400, 0xfffffffffffffffa, [], 0xfff}, {0x0, 0x0, 0x0, [], 0x8}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:34 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x5000000}}, 0xfffffefd)

23:25:34 executing program 0:
r0 = socket(0x12, 0x1, 0x7)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x4, 0x4)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000080)=0x20000, 0x4)
getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000040), 0x2)

23:25:35 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x2000}}, 0xfffffefd)

23:25:35 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000", 0x39)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:35 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0xffffffff, 0x8, 0x6, [], 0x4}, {0x7fff, 0x6, 0x0, [], 0x7fff}, {0x200, 0x20, 0x1000, [], 0x6}, {0x0, 0x400, 0xfffffffffffffffa, [], 0xfff}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:35 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:35 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
getsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000040), 0x4)
socket$kcm(0x29, 0x2, 0x0)
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:35 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000", 0x39)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:35 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0xffffffff, 0x8, 0x6, [], 0x4}, {0x7fff, 0x6, 0x0, [], 0x7fff}, {0x200, 0x20, 0x1000, [], 0x6}, {0x0, 0x0, 0xfffffffffffffffa, [], 0xfff}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:35 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000", 0x39)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:35 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8", 0x3d)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:35 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8", 0x3d)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:35 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x6000000}}, 0xfffffefd)

23:25:35 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8", 0x3d)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:35 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput\x00', 0x0, 0x0)
ioctl$UI_GET_SYSNAME(r2, 0x406855c9, &(0x7f0000000000))
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:36 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0xffffffff, 0x8, 0x6, [], 0x4}, {0x7fff, 0x6, 0x0, [], 0x7fff}, {0x200, 0x20, 0x1000, [], 0x6}, {0x0, 0x0, 0x0, [], 0xfff}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:36 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54", 0x3f)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:36 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x4000}}, 0xfffffefd)

23:25:36 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='autogroup\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
setsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000100)=0x3, 0x4)
getsockopt$IP_VS_SO_GET_DAEMON(r1, 0x0, 0x487, &(0x7f0000000080), &(0x7f00000000c0)=0x30)

23:25:36 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:36 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54", 0x3f)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:36 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0xffffffff, 0x8, 0x6, [], 0x4}, {0x7fff, 0x6, 0x0, [], 0x7fff}, {0x200, 0x20, 0x1000, [], 0x6}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:36 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54", 0x3f)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:36 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da", 0x40)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:36 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x7000000}}, 0xfffffefd)

23:25:36 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da", 0x40)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:36 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0xffffffff, 0x8, 0x6, [], 0x4}, {0x7fff, 0x6, 0x0, [], 0x7fff}, {0x0, 0x20, 0x1000, [], 0x6}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:36 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
getsockopt$TIPC_CONN_TIMEOUT(r1, 0x10f, 0x82, &(0x7f0000000040), &(0x7f0000000080)=0x4)
setsockopt$inet_int(r1, 0x0, 0x5, &(0x7f0000000100)=0xffffffffffffffe0, 0x4)

23:25:36 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da", 0x40)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:37 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x401f}}, 0xfffffefd)

23:25:37 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:37 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0xffffffff, 0x8, 0x6, [], 0x4}, {0x7fff, 0x6, 0x0, [], 0x7fff}, {0x0, 0x0, 0x1000, [], 0x6}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:37 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f0000000040)=0x10)
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r1, &(0x7f0000000080)={0x60000008})
connect(r0, &(0x7f00000000c0)=@generic={0x9, "2adc62d693ed9df0f7d8ed0e3685075aba27eb51f6cf6249999172e21718757a627768797fe72776328e94bce28134c2e11d78ae166aedf66d184de5c260bd6514a87413a07e3835930604b7e9b0c0f8d32643b476422256994d8e56d21d8e8c5c11c288d26925f36902ecfd53bc30f75e5d86c3a7d5b2133cadde6d71f7"}, 0x80)
r2 = syz_genetlink_get_family_id$team(&(0x7f0000000180)='team\x00')
accept4$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0}, &(0x7f0000000240)=0x14, 0x80800)
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000004680)={{{@in=@local, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6=@local}, 0x0, @in=@local}}, &(0x7f0000004780)=0xe8)
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000047c0)={{{@in6=@initdev, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in6}, 0x0, @in6=@mcast1}}, &(0x7f00000048c0)=0xe8)
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000004900)={{{@in, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in=@local}}}, &(0x7f0000004a00)=0xe8)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000004a40)={'dummy0\x00', <r7=>0x0})
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000004a80)={<r8=>0x0, @remote, @dev}, &(0x7f0000004ac0)=0xc)
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000004b00)={{{@in6=@ipv4={[], [], @local}, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}}, {{@in=@loopback}, 0x0, @in6=@ipv4={[], [], @multicast1}}}, &(0x7f0000004c00)=0xe8)
accept4$packet(r0, &(0x7f0000004c40)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000004c80)=0x14, 0x80800)
accept4$packet(r1, &(0x7f0000004cc0)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000004d00)=0x14, 0x80800)
getsockopt$inet6_mreq(r0, 0x29, 0x14, &(0x7f0000004d40)={@mcast2, <r12=>0x0}, &(0x7f0000004d80)=0x14)
accept$packet(r0, &(0x7f0000006100)={0x11, 0x0, <r13=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000006140)=0x14)
getpeername$packet(r0, &(0x7f0000006300)={0x11, 0x0, <r14=>0x0}, &(0x7f0000006340)=0x14)
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000006380)={{{@in=@empty, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r15=>0x0}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000006480)=0xe8)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000064c0)={{{@in6=@loopback, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r16=>0x0}}, {{@in=@empty}, 0x0, @in6}}, &(0x7f00000065c0)=0xe8)
sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000006c00)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000006bc0)={&(0x7f0000006600)={0x59c, r2, 0x200, 0x70bd2d, 0x25dfdbfe, {}, [{{0x8, 0x1, r3}, {0x40, 0x2, [{0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0xc, 0x4, 'hash\x00'}}}]}}, {{0x8, 0x1, r4}, {0x80, 0x2, [{0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r5}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r6}}}]}}, {{0x8, 0x1, r7}, {0xfc, 0x2, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r8}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r9}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x200000000000000}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r10}}}]}}, {{0x8, 0x1, r11}, {0x23c, 0x2, [{0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x44, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x14, 0x4, 'activebackup\x00'}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r12}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r13}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x1}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r14}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x5}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8}}}]}}, {{0x8, 0x1, r15}, {0x168, 0x2, [{0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x401}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0xfffffffffffffffb}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r16}}}]}}]}, 0x59c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000040)

23:25:37 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:37 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:37 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:37 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x7d00000}}, 0xfffffefd)

23:25:37 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x10, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:37 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0xffffffff, 0x8, 0x6, [], 0x4}, {0x7fff, 0x6, 0x0, [], 0x7fff}, {0x0, 0x0, 0x0, [], 0x6}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:37 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = fcntl$getown(r0, 0x9)
r2 = syz_open_procfs(r1, &(0x7f00000000c0)='mountinfo\x00')
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000200)={@mcast2, 0x4, 0x0, 0x3, 0xa, 0x4, 0x3}, 0x20)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f0000000100)={<r3=>0x0})
ioctl$DRM_IOCTL_NEW_CTX(r2, 0x40086425, &(0x7f0000000140)={r3, 0x2})
r4 = syz_open_procfs(r1, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r4, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
ioctl$SIOCGETLINKNAME(r0, 0x89e0, &(0x7f0000000040)={0x3, 0x2})
ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f0000000180)='nr0\x00')

23:25:37 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x10, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:38 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x5000}}, 0xfffffefd)

23:25:38 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x10, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:38 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
r2 = request_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x1}, &(0x7f0000000200)='net/ptype\x00', 0xfffffffffffffffb)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000480)={<r3=>0x0, 0x100000001}, &(0x7f00000004c0)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000500)={r3, @in6={{0xa, 0x4e20, 0x5, @local, 0xd23c}}, 0x4, 0x1000}, 0x90)
keyctl$KEYCTL_PKEY_VERIFY(0x1c, &(0x7f0000000240)={r2, 0x7239, 0x3}, &(0x7f0000000280)={'enc=', 'oaep', ' hash=', {'sha224-generic\x00'}}, &(0x7f0000000300)="346f196276e97d5ea4ec7bb6", &(0x7f0000000340)="843fe83f14a57de4ba95648af0957e1305c6d7a1c6cfc4ea063e138d202e2139a2a74ef0032b55b6443ad505db2e4afa7a081654c1ea4e789230bce14002d4c49d88e66b681dc489517c66d8d27e2f10bd34e01dd605f32f6298d1e4f57f5a6cb3a3e21f692bd6fbd27e07fb43a0849a79bc0cc6a22a4386ca5d0f0646cde3a612f9b5f17281230b421a74f7570d26feec2d7ebc0804fd3e6a5b4656df830e38ab98380eb9e3431823f818")
ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f0000000400)={<r4=>0x0})
clock_gettime(0x0, &(0x7f00000005c0)={<r5=>0x0, <r6=>0x0})
getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000640)={{{@in=@empty, @in6=@dev}}, {{@in=@multicast1}, 0x0, @in6=@local}}, &(0x7f0000000740)=0xe8)
write$sndseq(r1, &(0x7f0000000600)=[{0x29a, 0x6, 0x200, 0x9, @tick=0x1, {0x0, 0x44c}, {0x4, 0x82a}, @time=@time={r5, r6+10000000}}], 0x30)
ioctl$DRM_IOCTL_LOCK(r1, 0x4008642a, &(0x7f0000000440)={r4, 0x4})
getsockopt$IP_VS_SO_GET_SERVICE(r1, 0x0, 0x483, &(0x7f0000000780), &(0x7f0000000800)=0x68)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000080)={<r7=>0x0, 0x6}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000100)={r7, 0x2, 0x7ff, 0x100000000, 0x93be, 0x8}, 0x14)
ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x5)
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
fcntl$setlease(r0, 0x400, 0x2)

23:25:38 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0xffffffff, 0x8, 0x6, [], 0x4}, {0x7fff, 0x6, 0x0, [], 0x7fff}, {0x0, 0x0, 0x0, [], 0x6}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:38 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:38 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:38 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:38 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:38 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0xffffffff, 0x8, 0x6, [], 0x4}, {0x7fff, 0x6, 0x0, [], 0x7fff}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:38 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x8000000}}, 0xfffffefd)

23:25:38 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000040)={<r2=>0x0, 0x400, 0x57, 0x1, 0x431e, 0x2}, &(0x7f0000000080)=0x14)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000000c0)=ANY=[@ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00'], &(0x7f0000000100)=0x8)
ioctl$IOC_PR_CLEAR(r1, 0x401070cd, &(0x7f0000000140)={0x7ff})

23:25:38 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:39 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xa000}}, 0xfffffefd)

23:25:39 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:39 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0xffffffff, 0x8, 0x6, [], 0x4}, {0x0, 0x6, 0x0, [], 0x7fff}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:39 executing program 0:
r0 = syz_open_dev$vivid(&(0x7f0000000080)='/dev/video#\x00', 0x1, 0x2)
ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f00000000c0)={0x6, 0x7fffffff, 0x79, 0xfffffffeffffffff, 0x9})
r1 = socket(0x11, 0x3, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x0, 0x0)
sendfile(r1, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:39 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:39 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:39 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(0x0, 0x447d, 0x0)

23:25:39 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(0x0, 0x447d, 0x0)

23:25:39 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(0x0, 0x447d, 0x0)

23:25:39 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0xffffffff, 0x8, 0x6, [], 0x4}, {0x0, 0x0, 0x0, [], 0x7fff}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:39 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)

23:25:39 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xa000000}}, 0xfffffefd)

23:25:40 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xd007}}, 0xfffffefd)

23:25:40 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={'bond_slave_1\x00', {0x2, 0x4e21, @loopback}})

23:25:40 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)

23:25:40 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0xffffffff, 0x8, 0x6, [], 0x4}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:40 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:40 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)

23:25:40 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
getsockopt$TIPC_CONN_TIMEOUT(r1, 0x10f, 0x82, &(0x7f0000000040), &(0x7f0000000080)=0x4)
setsockopt$inet_int(r1, 0x0, 0x5, &(0x7f0000000100)=0xffffffffffffffe0, 0x4)

23:25:40 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
getsockopt$TIPC_CONN_TIMEOUT(r1, 0x10f, 0x82, &(0x7f0000000040), &(0x7f0000000080)=0x4)
setsockopt$inet_int(r1, 0x0, 0x5, &(0x7f0000000100)=0xffffffffffffffe0, 0x4)

23:25:40 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
getsockopt$TIPC_CONN_TIMEOUT(r1, 0x10f, 0x82, &(0x7f0000000040), &(0x7f0000000080)=0x4)
setsockopt$inet_int(r1, 0x0, 0x5, &(0x7f0000000100)=0xffffffffffffffe0, 0x4)

23:25:40 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0xffffffff, 0x8, 0x6, [], 0x4}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:40 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
getsockopt$TIPC_CONN_TIMEOUT(r1, 0x10f, 0x82, &(0x7f0000000040), &(0x7f0000000080)=0x4)

23:25:40 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xb000000}}, 0xfffffefd)

23:25:41 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x186a0}}, 0xfffffefd)

23:25:41 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
getsockopt(r0, 0x2, 0xfffffffffffffff9, &(0x7f0000000040)=""/173, &(0x7f0000000100)=0xad)
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
r2 = add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$invalidate(0x15, r2)
syz_open_dev$midi(&(0x7f0000000200)='/dev/midi#\x00', 0xed08, 0x40000)

23:25:41 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:41 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0x0, 0x8, 0x6, [], 0x4}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:41 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:41 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:41 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:41 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0x0, 0x0, 0x6, [], 0x4}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:41 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:41 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
getsockopt$inet6_buf(r1, 0x29, 0x2f, &(0x7f0000000040)=""/217, &(0x7f0000000140)=0xd9)
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:41 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:41 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xb000200}}, 0xfffffefd)

23:25:42 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:42 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}, {0x0, 0x0, 0x0, [], 0x4}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:42 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x2000b}}, 0xfffffefd)

23:25:42 executing program 0:
socket(0x11, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x20000, 0x0)
ioctl$EVIOCGBITSW(r0, 0x80404525, &(0x7f0000000080)=""/206)

23:25:42 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:42 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:42 executing program 1:
r0 = socket(0x0, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:42 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x40, 0x401, 0x2, [], 0x3ff}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:42 executing program 1:
r0 = socket(0x0, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:42 executing program 0:
r0 = socket(0x11, 0x1, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:42 executing program 1:
r0 = socket(0x0, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:42 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xd000000}}, 0xfffffefd)

23:25:42 executing program 1:
r0 = socket(0x11, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:42 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x0, 0x401, 0x2, [], 0x3ff}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:43 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x7d000}}, 0xfffffefd)

23:25:43 executing program 1:
r0 = socket(0x11, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:43 executing program 0:
r0 = socket(0x2000000010000003, 0x800, 0x8001)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:43 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x0, 0x0, 0x2, [], 0x3ff}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:43 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:43 executing program 1:
r0 = socket(0x11, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:43 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:43 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:43 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}, {0x0, 0x0, 0x0, [], 0x3ff}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:43 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xe000000}}, 0xfffffefd)

23:25:43 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
flock(r0, 0x1)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000040)=0x20000, 0x8000000000092dd)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
ioctl$sock_SIOCGIFCONF(r1, 0x8912, &(0x7f00000002c0)=@buf={0x3d, &(0x7f0000000280)="6e7c7dd9374b90c760559c12022ea640c80bf05e6349442eafdcfb14c035df5e39149ba5abfd408407672283c83e5768e7c4bddb96608b98867323da5f"})
sendmsg$IPVS_CMD_SET_CONFIG(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40002000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f4000000", @ANYRES16=r2, @ANYBLOB="010125bd7000fbdbdf250c000000080006000600000008000400040000000800040008000000080006000300000044000300140002006272696467655f736c6176655f300000080003000300000008000300010000000800040000010000140002006272696467655f736c6176655f31000020000300080001000200000014000600ff0200000000000000000000000000015c00030014000600fe800000000000000000000000000026140002006270713000000000000000000000000008000500ac1e01010800030001000000080007004e2300000800010003000000080004000200000008000500ac14141b"], 0xf4}}, 0x1)

23:25:43 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:44 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xc8000}}, 0xfffffefd)

23:25:44 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x8000, 0x3f, 0x8, [], 0x4}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:44 executing program 0:
r0 = socket(0x11, 0x2, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000040)={<r2=>0x0, @in={{0x2, 0x4e24, @broadcast}}, 0x2, 0x3, 0x2, 0x7, 0x60}, &(0x7f0000000100)=0x98)
prctl$PR_SVE_GET_VL(0x33, 0x1cc5d)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000140)={r2, 0x9}, &(0x7f0000000180)=0x8)
getsockname$unix(r0, &(0x7f0000000200), &(0x7f0000000280)=0x6e)

23:25:44 executing program 1:
socket(0x11, 0x3, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:44 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:44 executing program 1:
socket(0x11, 0x3, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:44 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x0, 0x3f, 0x8, [], 0x4}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:44 executing program 1:
socket(0x11, 0x3, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:44 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:44 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xf000000}}, 0xfffffefd)

23:25:44 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x0, 0x0, 0x8, [], 0x4}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:44 executing program 0:
r0 = dup(0xffffffffffffff9c)
r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x210, 0x70bd27, 0x25dfdbff, {}, [@FOU_ATTR_AF={0x8, 0x2, 0xa}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20048005}, 0x4000000)
connect$l2tp(r0, &(0x7f0000000180)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e22, @rand_addr=0x6}, 0x4, 0x4, 0x1, 0x2}}, 0x26)
r2 = socket(0x11, 0x3, 0x0)
getsockopt$nfc_llcp(r0, 0x118, 0x0, &(0x7f0000000200)=""/4096, 0x1000)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001280)='TIPCv2\x00')
sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f0000001340)={&(0x7f0000001240)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001300)={&(0x7f00000012c0)={0x14, r4, 0x0, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000)
sendfile(r2, r3, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
openat$vhci(0xffffffffffffff9c, &(0x7f0000001200)='/dev/vhci\x00', 0x100)

23:25:45 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xff000}}, 0xfffffefd)

23:25:45 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:45 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r0, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
ioctl$TIOCGPTPEER(r1, 0x5441, 0x4)
syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0xa357, 0x200000)

23:25:45 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}, {0x0, 0x0, 0x0, [], 0x4}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:45 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:45 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:45 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x3, 0x1, 0x9, [], 0x8}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:45 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, r1, 0x0, 0x8000000000092dd)

23:25:45 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, r1, 0x0, 0x8000000000092dd)

23:25:45 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x10000000}}, 0xfffffefd)

23:25:45 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x0, 0x1, 0x9, [], 0x8}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:45 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, r1, 0x0, 0x8000000000092dd)

23:25:46 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x100000}}, 0xfffffefd)

23:25:46 executing program 0:
r0 = socket(0x1a, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000040)={0xffffffffffff8000, <r2=>0x0, 0x0, 0x4})
ioctl$DRM_IOCTL_SG_FREE(r1, 0x40106439, &(0x7f0000000080)={0x5, r2})
setsockopt$nfc_llcp_NFC_LLCP_MIUX(r1, 0x118, 0x1, &(0x7f00000000c0)=0x7f, 0x4)
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
ioctl$UI_DEV_CREATE(r1, 0x5501)

23:25:46 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, r1, &(0x7f0000000000), 0x8000000000092dd)

23:25:46 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x0, 0x0, 0x9, [], 0x8}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:46 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:46 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, r1, &(0x7f0000000000), 0x8000000000092dd)

23:25:46 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, r1, &(0x7f0000000000), 0x8000000000092dd)

23:25:46 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}, {0x0, 0x0, 0x0, [], 0x8}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:46 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x0)

23:25:46 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x11000000}}, 0xfffffefd)

23:25:46 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
fcntl$getown(r0, 0x9)
getgroups(0x7, &(0x7f00000000c0)=[0xffffffffffffffff, 0x0, <r1=>0xee01, 0xffffffffffffffff, 0x0, 0xee01, 0xee00])
stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0})
getgroups(0x4, &(0x7f0000000200)=[0xee01, 0xffffffffffffffff, 0xffffffffffffffff, <r3=>0x0])
r4 = getegid()
r5 = getegid()
r6 = getgid()
r7 = getgid()
setgroups(0x7, &(0x7f0000000240)=[r1, r2, r3, r4, r5, r6, r7])
setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000080)=0x7, 0x4)
io_setup(0x5, &(0x7f0000000280)=<r8=>0x0)
r9 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm-control\x00', 0x0, 0x0)
io_submit(r8, 0x1, &(0x7f00000003c0)=[&(0x7f0000000380)={0x0, 0x0, 0x0, 0x5, 0xbbc8, r0, &(0x7f00000002c0)="5949fb9172b0c61c578b516e04e996e15ca4765ce02edd5f66371c3385ac55a357d9a968b2525a5bc459a5bd163dd2b37c0e9f8b81dfc64383bac416d41daa463ea4a43102e6771657201ba3554b06d5edc59e3e810bd491a00271445466a1a6b1ef8d68cc7c692fca1c21e4ec7d2451b5a8311bd17e57a4a338ff65622ac35c", 0x80, 0xc2a, 0x0, 0x2, r9}])
r10 = getpgrp(0x0)
r11 = syz_open_procfs(r10, &(0x7f00000001c0)='net/unix\x00')
setsockopt$bt_BT_SECURITY(r11, 0x112, 0x4, &(0x7f0000000040)={0x9, 0x7}, 0x2)
ioctl$SIOCX25GDTEFACILITIES(r9, 0x89ea, &(0x7f0000000400))
sendfile(r0, r11, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:46 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x0)

23:25:47 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x101000}}, 0xfffffefd)

23:25:47 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0xfffffffffffffffb, 0x800, 0x9, [], 0x40}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:47 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x0)

23:25:47 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x4000, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000001c00)={<r2=>0x0}, &(0x7f0000001c40)=0xc)
r3 = getuid()
getgroups(0x8, &(0x7f0000001c80)=[<r4=>0xee00, 0xee00, 0x0, 0xee00, 0xee01, 0x0, 0xee00, 0xee00])
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000001cc0)={<r5=>0x0}, &(0x7f0000001d00)=0xc)
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000001d40)={{{@in, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in6=@remote}, 0x0, @in6=@local}}, &(0x7f0000001e40)=0xe8)
fstat(r0, &(0x7f0000001e80)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001f40)={<r8=>0x0, r1, 0x0, 0x1, &(0x7f0000001f00)='\x00', 0xffffffffffffffff}, 0x30)
stat(&(0x7f0000001f80)='./file0\x00', &(0x7f0000001fc0)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
getresgid(&(0x7f0000002040), &(0x7f0000002080)=<r10=>0x0, &(0x7f00000020c0))
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000002100)=<r11=>0x0)
lstat(&(0x7f0000002140)='./file0\x00', &(0x7f0000002180)={0x0, 0x0, 0x0, 0x0, <r12=>0x0})
getgroups(0x5, &(0x7f0000002200)=[<r13=>0xffffffffffffffff, 0xee01, 0xffffffffffffffff, 0x0, 0x0])
sendmmsg$unix(r0, &(0x7f0000002380)=[{&(0x7f0000000200)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000003c0)=[{&(0x7f0000000280)="4583213cdc1331c0ab3d1f8470ec3658405dd7c9e5c5c0385c029630886e6b28a549619a8639c875926a89b21da011ee8c46e2c687c4", 0x36}, {&(0x7f00000002c0)="1501e5c74c45e374b67bbcb842200ba92f8f6ea8b9f1c84ff34a42f881695c020466771a4f63ccac462d5e3dfe94c56fdf17313d6bd4b63becc59d14f0", 0x3d}, {&(0x7f0000000300)="e1f5cd6bc2422ba3d65f6a68a6918c86ace91111c6c585dad3dd12c22bae917fc4cf71e8fe3f191f619eec7c8bc3ad5661d2e910ead4a4569c8d4e6bd98c5ee5c5b8ca91ad2e8a5ab5f6c6da921c664dc65d214fa6ae8eaeb8c639bb529fe0f00c81168c78a69b320eac9976b7127206d539b08d35119036cc7e6f3c788f85022913f1a01cd54dd65579358f3edade1532a6be416e22bc9cf427b660ad231512b81e5614af146a230f1d9796d1340849409c50848da1", 0xb6}], 0x3}, {&(0x7f0000000400)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000018c0)=[{&(0x7f0000000480)="ab1a91ea01690ee578e5529841c00315b622f4b06180cb34e56ba28fe856e192e787715d017be845d36914101917b4822bd6568f1ae81bc62534542076d93f54e32e151bb3d0094d437b1415b58e7bf690a2fbb7ca8fe77c633ab0e0a0f03fa3e3511ec701163fe72852146cedc95399c39560b177055904be14491008fb57b436365040fd277f0663a3e014536f7c80217a1ae7779a07c1b445754e613e1f886e18a8adf2cfaab615b7f203", 0xac}, {&(0x7f0000000540)="0986c639c8e071633e37441c07ac1c9f722af3376f269dd8e040782cf30a6320adc4433be4d60d29fbc598abbb18f41d98ce50b57690f24dbd19564c298eb6d4c29b65f0f17a38900eda5250a62c34aec17894f7dad93aefe8505abf01559cf1dbf12f3ccdc6149ace91b505d7082df75c5613f9be9626400390e701d31756c2093730e80be33b435dd73df2c62dba28a30e72b91d17dfc8fa033a363ae7c31e23c89aa9d1d3f5f015f673", 0xab}, {&(0x7f0000000600)="6f80434583ed3eb04bf9447f67a128faef530c4f2a7e7d0400aa0457086945a9599d0ad4b05bfdc6683cc8bba009177bca3e82570d95baa9a4b80c8d108cf1261935025bf4572da9a24999417814e636607e38a8d0b7942a7e93580d7689db136ee1506022538733b9fdc224fcfde6985a4a2acde0eafd4ab9b93e2e06d54e43b012af5b7d0a74a029ad09ecd119c247919bb9cbddfd4fec4804bfc4ef90fdb7c3c764f967e35f2df2c7151003654247490afb97cd0d2c691815cefe83", 0xbd}, {&(0x7f00000006c0)="c4bead77e656f32e7338b0e049d45bebb842628065319154685b494dd0845258a5f7c3b3b7d4309c8ff5651d653aee291178911dec28a1cd3585057db8ad174e8c6f", 0x42}, {&(0x7f0000000740)="84ab3be2db68fa490b4c44c18536653a344fbe7b80deaf21f7897fdb813a93c1877ff8ec457d6d6b18835c5edcc9e12b4075e6e12e61fd10c080f0bb1e21b16d29488ab3f1fc87a2254280a110c5a456ab21bd901facd4f258", 0x59}, {&(0x7f00000007c0)="036189c798b8ab6966bcaa21e277a46707a4e6c0d4cb8c8cbebcd76d0c06e2ef0e81601d20e724cac01de10e1a29bec03133297664820fa8ea614e61207b0066190ad1748bf01e97ff1976b6f2140a63cd4d2a3230c4d19131ff5a2d0a115ee7bb35eece3d34ca41f855472b760be2627283f0b3ca2c", 0x76}, {&(0x7f0000000840)="fd498c04ed50085111b235dcc284a12574a09afa12082c689329a3a84e692c9ecfb76e0c6623d7d2f02614c602dbbd1dd5603db903b43f6760f97b274bbfd6b06d1eff20147a3b1ddb4a5ff8ca75ff7e10c6b1f50ee041e5b96b7bcc6bbb3c4a1dbb6032453d8501ea3c9a495755ae", 0x6f}, {&(0x7f00000008c0)="334aa8440fdee6bb5b3ffd3e7bc8e86f9226e3b201e5564992955b6cb6d49e14761a53a52982538b08449db9556dbec414668cd14271dc5541be9a33c955795ce08588d02172668ff5d7ca8cddd64e2d6eff4142f4c28c2880a30d2558412bda634757db7f9fc2da8909b56eb2ef0c9000910683ebb32d707eba637dcf5455fb5814a36ba9118915d9cc88ed8380275b1d7ababbf412cd00fb276b55ae615cce624e4c7eebc11ceeaf84c90a8860e9643097b1d6d09161fb0d03d6413142afd21cb054af2dd26abd3341301af08c1c5861bcfbc772ecdf47506e56bef78691b6f25b0bccbc9d9d417bf14d32d149cbe14a034eb4d80599703fab69fbb0a16882f54f5c56b5161ed7643b178cdab459ea4a4b9834b3da1d4040067adf1ae4c3317bdf6ba437384b907de153d7ed9584bf0bff992f2764151413883c8afed3db29dc97c2eaad0c520795b7a47c622b538a1d617544ef4223d3b83e627d7dd95ef053b180e353b967e3d3a2609e4405161e33191ecddee129897342b41ed56e992d7378366d8a909aee444946f03c8b2bc3085ef692792b72a636c0f052ada162357646397aed283b43647d36133f0fb0bdefde4fb398f59391799fa3600aa2d7a05645a214a41dbc932bd1d56773309cdcdd2e0e3b6b62c138fb670b721345d348cf6c9e5e39f6dd93117c6fae2ef4d01dbbdfab131dce50d31d3d75ee5846e966dc5d0b7a1c6b2f3c188d1595997f58d68f5c733329a63c339d6617d4aaaf1497a44dffd79c14d498678bc5508f8702c3518f59a6c11382ab8948575355fe5b35b51ae0db15e0cf90e17f4378d51b8e3c5c22d548eb9848ed51ec0c525894c886d4c5a58522d6fe7f13b67cde466549f117366381c9a903f9782f0f1672e21a8c3886bf4850326d31cd10fb0a8c9332ad93ff4979de66e5dbacdf7c1045b6e80c48912f1804dfba687e004ccd28fbcfd135b8892d3c7950bce772a28f546be9140546b9cf525ad01d9a2f0e564f1633d8315cc88ec8d18d3a4d8f4fa4bbc82cf4f0809ab84df4779a0583558ff23aa1f0c28928927107f6d8ba7cd11d108ac3336c085d96d53abcff58e648fd4f42aa1afd8d34db0c7d673c40efcf47d749527587e30ba00693637075cd810761c60775549f1572c47c5b2406be4abdd7203ef51e5c5c15445f55fd9cd67a289c21dfa63803ceb8e1ae500f3c4a7af31a3d9e848bb8798b5f0a6fad286879e607b27f12d26dfa595f40173f858d9596c20a97c4d082db9bb9143a80dacc06fcacf7a2258cd2b6e6ac654780b90a9af9de67bd0e4556eaf785316e7a92505bdf3c9940056dbed51e5a28b373a6e17ecaa787ec2282b59bdce7a45c245e4710e7946b891d2e241498b07be3435f4f4de3c4e943a65068ca521e62c0d283947f8b2fe68c3453e71314e3bf9bad5bf5d60330556f1836fc0315baad4b5a56f190112cc148b211bcbbf58b69cb369ffb4652a027e2015f9fa2d8f9c811920d15564277732530a4961f7703c8cc5fd8803f944d340fd6e2f2fe4e68a10f6da0756c79b1a73ef9d4ca707ae39432723b11c5d26e8588bc03447eeb2411eb699c52e0147272142ee0ffeca2319b3e0d143f3d23951b492360d245966e33d87fca4bde251ec5cde85429299dae3cbfc3c8311f5cfa072c57406caecbc67cf628fffc8370156da419311a9ed68fce1ebf679fa3b374051f14cb1343f8f559a7c62a23bfc530f0780459e5376486ea9dd5536e5e83c9aef7c2a3ed6c64ca1dadb1535b59d976f697d7a69ae1a9b9043d6db100a5c54117f2d4c582ff17f49e271aaea8c3feff0026a4d0bf29408f0b6932ccf980e47d16d64ef9ca8b0e505c866665ad529669d3ff145e282d6aaa87025f225db9120aa46816b13e4e6c6c7b63d1e32d0f32ceef25d25f0b856f565f79caea72927c0475daab02326046b5a0948a59840f1515189f854938208a698b4d2b586c99b75dc5e89c11ec9ff235950cb3db95479eea9d919dc375450913ca57df3d1508b5465cbbec45b03e6dfc04395b9a435abb7edaad645a0f248f79178b33737aef9dadb4f130d1aaa5fee0fe7c4728e085aa66f317f282c56da3380c992d54c0b982cfc7b548863580f179c06a78a15a6a0a7a6bd4839459d419ca119e67bcee5537413305dc2e919167da287ed0be0de0e25e811d60939aa05a3fa712cefc2c736b86eb22a9596c9c11e4eb2fc87adde01550073304720d623c8a349fe6b5b3911680ad7a4f7c287b4ccd6a5986f4a2e8e9f997d9bbfec452322c0729bec7b93040883d075cce6321401ca1b9cfbb7a83bf3e4c28eb67bd28ecaf80d633869fd6b03cf719ff25ec1019527a1e5b41afae112b83f58c323163a3bb02f4e4331a2995d3f9737490c1c3aeaa2238f855a98eba5d855690b6b62a22022e76756d5f16c8410696b1a8d8fa48a064812886538e6210c2e2d22fbd4dd79a1f0c908765041bc6b01777c4c75bdcd6118b637932e5d7489db00971afd22f2d388333a9c1b76512a6c315f043259b95c13a9e63405e6ba5e54d36f7cd672035f9e8e67062c154e77e96e873d69395b4e76e3cf1bbf2a35bfef07c8e91d122fb81c18336d960a9c447c9d7f2df712c5a37e6f3420e8d080c188420e95ed134500bd80b8799672901ec6c9e3efddc46d05422d7678ab82f40afe2d81cf8a3b04b86d486c83c5f01d6149a21b6f3cb784836e63ce1d8363f833b0b77275357bba055da40b8fac2b9b59499a6ca809dd01e1ed3d712434df884f8ccd37f15311a0d24ec236ae8269230383058c217fcdfc296b8cff97d742be1e18ce0eac96364d4ee90da941f0beb27f85ef4bfcfb0836ca6d2e726cf03eeb8574edaed09d06ea62ef0c87882e82c340389f5b9b01dce3367941e77047d363fc00b1e2415d29eb220f4ad1853de0c1f97161ee19dcb481fb24110c7f60c2748ff7118ade179cba14d15c2fcab3ec16b114776b20f824ae266f962dea1e3da1598cb5e31c6f83b3df89ea2e29746ce3c12f5b3b17bc5ac5dcfdc9619677bc6ab1e4cff39de581ceee2221e04daf53e1b63583c45b809879c7a4f4e63a952af080a180d2e183056ace81d9bef73eeb7ecfd8b88a0a29f2426fadccee2a1e4bb508e50986b1db2cad747dd9a904284d5368c559a36a1554ebbc7f4a89deea764df58249815eb04ac6099ca3f6fd02db023fbe0b2cdfbe2b5def24ad18a4230366e1d84912523726b85618b06015064d6e82ccbde9cb1b87b91df274671073c45b18a9340abe4d31ffdaadc027d8dccbe3dd672b4f71f5e730334487a01a6b6efcf016945dc2e7465672b42c875cb11d3d75f7736e009bd50dc2db18ef4e283865e1b1ab826843fb083669aa3249506f681d8adbca156618efd779602e34002ecb48949ec80199bfba645b54cf8dabc63454207c0d6cc740c035d1f13daf67d513c0be0e7cd16db04095dfe8527c35216f7d2e10aeca0458a8d92db5faa7c7bfbcf711e75e772d7f02ffe0663684acbe5a7bc2d8e954764831efa1e44254872c48418647192d951a0d4904dbde5fdf07e787a7ada8be1634ce347d5ac17a610b0ec2f73080524b6830bb93303cc4cfbe6ca08c44f12c3f3908a58389d4a4f48e9cfb4ff4bf3cdcbc5a07e02912e979a6d7de2e25657a8c496b6b67ad67ff2b9ae9fc9b75c7d5a833262930edd9a0c92dee72ef529148cb1e10b3a12689879baca2b253a6440b178647fcdf52a10dd0eb78ae810d46944537317178411a7a1cb46b68cf6d2d174f514aef125ae56c14d2183caa82a8a4c61baade7567c4205020462b65bb5a14f98165a181f1bbf19b8e962838292f65060be6b02c0dc260b9e68aec33113d1e4dc83822c35bdf6f14bb80dc424d0f0ad1e34c00b941fcbe3117704f4bb676cee6353664119231e1b878d28dd54a92a9c61ed1b23deb16637adf8889087a9f3bc38103500e3c51f055dfcae77b713aba548dc7de78716a5b0084b741aa02f6cc58dcbd767f2c9dfce257e75244f36ec491b878c9427a080d6fc79c5a17af8415c55242f81f5eaa6ada3dcaa807b845760106225ad64981fcb4201fb6cbf1b4c86f83642974014b8fc4fa2f6f604d715f82c0943a61366314d22c0411e28bcb83d64511df41a029f745f081c2941eef12fe8f848f76c26550cb01c23ed108458feb1c8e6f0b0cb4854d8da64d9ec3bbe5ea075430ba614fe42a016047d3ca9173500e42405a6e4722d011f405c80d26a3272d9fb192f18fef9ddff4156b0a5e98ca8c47a76588dfa874756b90bb49134e1fb66b08555f4199c6cc39908c421c005a06a4b1aa90674b84ea5cb6a9b74493846c6a3105f8e429b012c6ecded9f85829578da844bef607096b008a1a83676d148acc5f6ab18125193aa96da96e2103eeaf017d9510c9d705474f3407c06daa5a9386c052d0c90b65e8f0b1d8980a80de31b1b58b031e51ab10d09bfbbd1de4016828f7a348a6301e51f57f642f8a4e0bdcd88453841fecbbaa0a2247480657dd31a0798ca99f45823ffd2d385be4874624a8c56d40733e7ea984a191624110adfbd03f8594844021e03ff9e3d2cec36c31f423835b7f10cfa2afe1551a6ed6ba918fba9164e853e73b8ac372e51475f4621cb21c785da4c1b61caea813bf14b4756acd1f39a92fc8ba90d14c056e1ccf8557fcfa1140dd185cf471c9bba7121c30b6d0bf6d0111320fc69fc7d6c5926bcc9f2d9ce567f8d530ef0939ddd4ca4b756846fa316d371e79aa5c4091525d924aeeddf19c93399dfbb87eb84c07e712c0614f58ab7444b69dd057be96fc212b6de384fca4d12eeb30c07c3313426f1ea6103a36e55e2ee662628aaee28966c0beeea81441358887f5b44a62d2f41c0674961afe6b918fb4580421c1cb6dcbaa2029bfc8271479835cd804d58dd1f58d687f7f1eff4d276e8e5040a3463ab09412154430c114494a515fa03755324194006c6569f670414cc3b4827d20ae351bcc70c16acb5c3e5478fe1ee251f812f588e1938471d918b683e4eda6eda39a3142d465c9c3bef6bd6ef83f9507fb582413b6126e39f57ade8894d83c5b2f07205e81114ef68fd13336159e9cfe89fccffb7e222f2cc4f5d8d9565a1388769f56932ccdcfc9d9e1bc7a0a65a563df72040d43442d333669f5d78c44b0c44c51fdb7720bdfcff7092f03448a1f033a808d859ee97de0ce9131b21daf462b7b7bc6ac4e54e93cfc6789f6ec8d1e165f9df18d1e595995765ec331635da883d6d2cb17e23b3bc84296c6f39c0be22f65b85f20e08c9091327a52741eb09ce01eb0273f2e0a822d50e8483f2a5c0db13a3c28cd09c88ce70132ab3fc0c3dfc1a33e2e6c84cfe989e32bfb46f5fbca73787b66cc35fd7b0a10ee6e4196367ad6e94e37ae4e5ee3f7b047c23b35864ff7fe419601726a0a4e13d0d6fd68ec1263cb678a2847496ddd5ac51d7e79f9e29b31e9a8a0191276275a670cce099873a1647e5eecbd8aaa7cc186abe587fe7dc2ad2b04b1503bf778e9a29c4d5b566b03709ef76bfa3d556e005eb6fa49560067e65892b4983178d0e13918f5930c60e495964d1cb33bded5e9a3c220cb577d2af5b6e12ef3388656740ad124433d1e7063e1d8e05b0fe5fcdf144a7ba01ba9a07ae9932c574ae6a01cf934a75b4a92ee40911632a5ed3171b02dab22f041c3ef5f3d56377954efe05c475aaac9d94e9727faeb07651e19c27f99285f7a3396c3ddb9b2b487732b7b099773ff78b7c7283f129b808c0e248f73944b46567bb44cc", 0x1000}], 0x8, &(0x7f0000001940)=[@rights={0x28, 0x1, 0x1, [r1, r0, r1, r0, 0xffffffffffffffff, r0]}], 0x28, 0x1}, {&(0x7f0000001980)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001bc0)=[{&(0x7f0000001a00)="f67f68da14fee2e9798d200e71a90c05da6197173edd255aee00aecebfa7bb45a074070320c7395881a90d32eec116cde6de9271a0fa66fa701948ce05e566ba4b2bd7e58775ae8eed75bc275a12f7f06b713c5d737f", 0x56}, {&(0x7f0000001a80)="f3e842ffaead15591cb4ee25893cbb27d287aeeeff3ca4c5a1decb30260382084eb99e890ede267ef2c2488432c56d4ebd6c050eff60268a10538371aedb93c0c79216a4ddd6", 0x46}, {&(0x7f0000001b00)="52c23ce0002f1dfc8c2367d4f5b15d9a49c6281ec47d63e4727d7ef9e352987f950ceb3801132ca9bbd22c76d9698c1a4ffb34b6e11d09b000b5ae73ce09e438c1d1caf6709c60859f6e36bd30ce3a5d4b1af9abf19675df07e999a06b6c16f5d73d28a3c5132adf2fa7d6", 0x6b}, {&(0x7f0000001b80)="3dbfcb6772b331a19ee8ecddb5a831c3719dc16fc7dfec0c3f0764157b2d3c9fc0855af6439bccb57c35017132", 0x2d}], 0x4, &(0x7f0000002240)=[@rights={0x20, 0x1, 0x1, [r1, r1, r1, r1]}, @rights={0x18, 0x1, 0x1, [r1]}, @cred={0x20, 0x1, 0x2, r2, r3, r4}, @cred={0x20, 0x1, 0x2, r5, r6, r7}, @rights={0x28, 0x1, 0x1, [r1, r1, r1, r0, r0]}, @rights={0x30, 0x1, 0x1, [r1, r0, r0, r1, r1, r1, r0, r1]}, @cred={0x20, 0x1, 0x2, r8, r9, r10}, @rights={0x20, 0x1, 0x1, [r0, r0, r0, r0]}, @cred={0x20, 0x1, 0x2, r11, r12, r13}], 0x130, 0x40800}], 0x3, 0x40000)
r14 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r14, &(0x7f0000000040)=0x20, 0x8000000000092dd)
setsockopt$inet6_group_source_req(r14, 0x29, 0x2e, &(0x7f0000000080)={0x4, {{0xa, 0x4e22, 0x0, @local, 0x400}}, {{0xa, 0x4e22, 0x6, @loopback, 0x9}}}, 0x108)

23:25:47 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:47 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:47 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:47 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x447d, 0x0)

23:25:47 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0x0, 0x800, 0x9, [], 0x40}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:47 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
r1 = memfd_create(&(0x7f00000000c0), 0x0)
write(r1, &(0x7f00000001c0)="6963e64243ea48010000003deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)

23:25:47 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0x0, 0x0, 0x9, [], 0x40}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:47 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x20000000}}, 0xfffffefd)

23:25:48 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
memfd_create(&(0x7f00000000c0), 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)

23:25:48 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000100)={0x3}, 0x4)
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
accept$unix(r1, &(0x7f0000000140), &(0x7f0000000200)=0x6e)
getsockopt$XDP_MMAP_OFFSETS(r1, 0x11b, 0x1, &(0x7f0000000040), &(0x7f00000000c0)=0x60)

23:25:48 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}, {0x0, 0x0, 0x0, [], 0x40}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:48 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x180000}}, 0xfffffefd)

23:25:48 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:48 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)

23:25:48 executing program 1:
syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)

23:25:48 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:48 executing program 1:
syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)

23:25:48 executing program 1:
syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)

23:25:48 executing program 1:
fchdir(0xffffffffffffffff)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)

23:25:48 executing program 1:
fchdir(0xffffffffffffffff)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)

23:25:48 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000080)=0x20000, 0x8000000000093dd)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x6685)

23:25:48 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x40000000}}, 0xfffffefd)

23:25:48 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0xcf40000, 0xd758, 0x2, [], 0x4bf2}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:49 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x200000}}, 0xfffffefd)

23:25:49 executing program 1:
fchdir(0xffffffffffffffff)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)

23:25:49 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0x0, 0xd758, 0x2, [], 0x4bf2}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:49 executing program 0:
creat(&(0x7f0000000080)='./file0\x00', 0x4)
r0 = socket(0x11, 0x3, 0x0)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_open_procfs(r1, &(0x7f0000000040)='fd\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:49 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:49 executing program 1:
r0 = syz_open_procfs(0x0, 0x0)
fchdir(r0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)

23:25:49 executing program 1:
r0 = syz_open_procfs(0x0, 0x0)
fchdir(r0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)

23:25:49 executing program 1:
r0 = syz_open_procfs(0x0, 0x0)
fchdir(r0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)

23:25:49 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0x0, 0x0, 0x2, [], 0x4bf2}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:49 executing program 1:
syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(0xffffffffffffffff)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)

23:25:49 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x401f0000}}, 0xfffffefd)

23:25:49 executing program 1:
syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(0xffffffffffffffff)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)

23:25:50 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}, {0x0, 0x0, 0x0, [], 0x4bf2}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:50 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x400000}}, 0xfffffefd)

23:25:50 executing program 1:
syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(0xffffffffffffffff)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)

23:25:50 executing program 0:
r0 = accept4(0xffffffffffffff9c, &(0x7f0000000280)=@nfc, &(0x7f00000001c0)=0x80, 0x800)
ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000380)={'bond_slave_0\x00', {0x2, 0x4e21, @broadcast}})
r1 = socket(0x11, 0x3, 0x0)
fcntl$getownex(r1, 0x10, &(0x7f0000000200))
ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000240)=<r2=>0x0)
r3 = syz_open_procfs(r2, &(0x7f0000000300)='h\x83t/ptype\x00\'[y\xb5_\x13\xa5\xdd\x8a\x16/\x05UMT\xdc\xca\xeb\x02\x98\x1f\x8e\x8c/\xa4I\f\xc1C!\x80\xda\xaa\x13#\xfa\xc8{\xf7\xcaeo\xd6Q)-\x1dh\x9dG\xe4\x83yc\x98.6!\x84\xa9\xb3\x81J!-\xf2\x82\x1ca\xb1qzT\xd8\x1c\x1bb\x01k\xb1\xf2\x84\xc7YR\xf9\xe4\xad\xd6')
ioctl$PIO_UNISCRNMAP(r3, 0x4b6a, &(0x7f0000000040)="d8d89f0332bbf505a218fdf82f1267")
sendfile(r1, r3, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={<r4=>0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x4e21, @rand_addr=0x2}]}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000140)={r4, 0x2, 0x4, 0x673, 0x1, 0x154d}, &(0x7f0000000180)=0x14)

23:25:50 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:50 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)

23:25:50 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)

23:25:50 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)

23:25:50 executing program 1:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:50 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x7, 0xfffffffffffffff9, 0x800, [], 0x2}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:50 executing program 0:
r0 = socket(0x5, 0x800000003, 0x6)
r1 = syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0x3, 0x2)
ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f00000000c0))
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
finit_module(r0, &(0x7f0000000040)=':posix_acl_accesseth0eth1\xf8+\x00', 0x3)
sendfile(r0, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:50 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x0, 0xfffffffffffffff9, 0x800, [], 0x2}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:50 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xa0860100}}, 0xfffffefd)

23:25:51 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x800c00}}, 0xfffffefd)

23:25:51 executing program 0:
r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x440200, 0x0)
write$P9_RCREATE(r0, &(0x7f00000000c0)={0x18, 0x73, 0x1, {{0x0, 0x0, 0x7}, 0x100}}, 0x18)
r1 = socket(0x11, 0x3, 0x81)
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x8080, 0x0)
write$P9_RMKNOD(r2, &(0x7f0000000080)={0x14, 0x13, 0x1, {0x80, 0x4, 0x7}}, 0x14)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r0, 0xc08c5334, &(0x7f0000000200)={0x2, 0x9, 0xffffffffffff8663, 'queue0\x00'})
sendfile(r1, r3, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:51 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:51 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x0, 0x0, 0x800, [], 0x2}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:51 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000040)=[@mss={0x2, 0x4}], 0x1)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0xfd40)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000002440)='/dev/vsock\x00', 0x400840, 0x0)
ioctl$sock_ifreq(r0, 0x8930, &(0x7f00000000c0)={'sit0\x00', @ifru_data=&(0x7f0000000080)="f9c42e8a22c27fdca7342dcfec5c53a9f668f4e9fcc3defd8bd0b25cefbea55c"})
sendmsg$key(r1, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000002480)={0x2, 0x11, 0x8, 0x899c176a087a63f0, 0x220, 0x0, 0x70bd2a, 0x25dfdbfd, [@sadb_key={0x201, 0x9, 0x8000, 0x0, "bf03f2e9a735fa9dcd1a7e3938f85f38a9befccbfa42eccfbd2bff323ca3bc99c4a0f7c2d23130af97e346a5a86e71ef0dbc34f40680c9c40d4be4f3560fc43c953aefca9851a366f75ca757e2a971c0acd6057ddbec6340cc79e165485e869019c62f66d1ffe4757ca1c07834b03a87a1b491b784234262a7d1c2370e4932a44e8b27ced89ad4c31504dcf641740f74f69de00f0d46cd6225215cd187c44d84f087b5b650be5b3c70a4a9be05ae3d8cc35d76b17361634918ce027207692b6af0551c0fd99139755bfa8a8d48546b82d1d5ff91088f475ebde526a63f17bc24ae34a278d3a747f9e1fcf92e6884620f920cb999c278dee88ecec08f19d09944758deb7262c8432965c9fa0a041dbc369114ec9ca651bb8813a7fe5de1dd791fea73f5bdad0a98a73f9a2b2750ed71b84d37d0211b7f6686bb39befac3a9ff1a8a165faa712b8d2f099d918970e59c6e729f3fa432ed2bdede6bc3eaae74c3ee4dd8e60873fe86607cf7f800d9b8b0cfeb1773e11ade29f32cb9c967cfef42f3a5b74b05c732c3d8c4ea6fec18d751f3d529a1a81216e5037c0d25d6db54245f8c23c74fc998235d2472539db854a07e274dc01c99dd6b0619e11f9545711fd43c45b174a9861c634b64840a79f7a82ffee69ba3bc099d6065986b91dfcaff32fc0af9040da098e473d385e2374bfbf3b3ca9f9bab27fe54d4c61dcabf41d211704160cf6aa1c51ecebeef0b6ec421a7e427962b9a47b085cb23dc66675060ca7c6d84741ea2108b0f77be11b557f6ae56214d7a524bb58ac34cfcfbde9c25006dd29afb7b142c1ef0b65dc2cb4803dab615780771983808a9e36cb354be5a5b726488e6d92c8bf9f95da5fbe20dac6dac49a4e04b60ce438b7c2934a39551746fe3da45134a8dc0d6725f72d540df50afd9ab518591f6d024a8ddc6fbdd13e62ec5f43af9b67ddd602464077f4d14d03692a1a33c2dd8efd706d79cfc3ee5b94556b3911c7e53e7a8da5a54467ff8c188cdfd3697ebe9c3350e9c9253ac9cf7bb26b5733e90ccb364418fac06ee3ef6cfdc19074bdb02bd05cfa40ca785d0ec7b6880f05a07636ef87e852278fcce956fe6f2d430ceebddecd130f6749a2f11fd013770bcd4bc0c8056b125bad2d2319f7bff8c036500cd70361efd29727ba5e3f99a202299449786bd7b658040abb70c276c5c7359fdbbecb0467693648c7968a288dacfb4c19dd1a3ed71d010f5eb705e012f3895b49ea0f8bb86d95b2d96e0a10751ebe3080dddb7a47a22154e9fab4005f5c579d049fa956d221bd55a69660f831d7d13c0006eb6314dac974c85856d6a272725945b49230e127b433b62a91c9b14a2c28e55e7cf06b155ac0dd1d1b838cd70457180a17242294388729d78d4d3c4685ac4aeada5fab569a49f71215dcec78a249449c08a186b012a4ecb19972be39f6f38272f596d5d614704f7393b851acec50e7c501813cb9397d10ada205a9c5b4c32374270dbaaee1dc92df798a4f4795a3422a5ebe790efba04cf3c99800c2c9b4a74a0f618564925662e708294454720ee195ea4873ba752511cf86df6d7fe3878cb79dbbbb43ab50c70a1ffcd23227f3a8dc1ae0a54c131db7159f4d21fd14820c4165f0971ddd00a83b72d1c599ca16ecc5adab382174715bb72463b8009f298c0ff5758386a1fb0117fdf16f5b5b51b69e3db6a860c06f3bfea0e544354b21f8eb9ee1ff12027b0e7ac4dfde67570051ad11104aa46a6207db4abfe4b18fd0648f200e4186923d92276242659555e2be8568b6bf5937c8bcd371597c87e0701f56e249298b815fb845eba3a6711775e0f2d07f66a9b46004a4eeccda19821adb657aa6d594a8c5959d8d756f28845106746df032e568a148554ac0ce384460d99643498ee7f2eb0d4ab56a0cbe82f584f444502bfdc1911e297f073ee4dab8ee697e3c6ff3875e7c002eb4126a5ea16649ca9d2304e69c60a71d96f8af7df8bbbe372d3c42794637aed5980d685d21691fa345c33e45975ed7c524e3ef3e138f489d64033c2c2fe22e2dea3aeda06ad847145ceeb9df79819b307b9e5aa7753ed0dd14c3a9601f2641eec3d8cd90850bf867575f84d4dbe9189b39ee9ca7e7de3d2758b26bf9546ccbdbaa0c3c5e94601dd602300edc48c3f32fa41a36c155e999f88d9178de002113ba13dbeee13634b197c370edbf377a4a1f9cfdc2aa0cc46df33b84b16a917d20286ba3de60aa14e2999d3b1e2bd29d12dab9bbf4d4cf3be0d40956cd3f6fc35e223749607198fcd237da09918cdf9ca6bd73a403a215688a9b2a26407e0114a1d1d0a41b45b28deffaaae5a970980c1e15d879d73d72159d47854c04e1897bea216cde8e42b0231a6cb03c27f2c639f146d66ad71d047b687138aa6584a88e5701197955ee1fa96981011e78514def78fd9b6a1e752d226602dfa09a0aa683918802adc65e504159b17260d6b71734c58f10c0fd5facd671e90e653c957d076bfa50c3b8a384ad8bd85f7a26dd550b913f83baab55daa465935998e1f9dd50c1e48eff659887f4274090ee51e819fec208fe591710da11c39386e57358cdb23f29fdf454d2fba9e57e3defff23726cc7d00d1d33bed52944f0eb13dd4bbe09ff65404f11d78354949783628e95ec4344b79ecf29d090efdf2b61658ae14525884a53f4cb89930838f9f1d3daa072a5f37ebbea36261127f896d04f9e6f0635899384f0fe2843f6738d7a6aa4b629dec6baff9512ff1c467653eb982f02f000ff6b5394edcc91f8bfb8ad367c06a2d20d6e400e440edc8927a5f104a5d6dd5e1e2d1005b8bfeb76fd0325d497367b4da12870a21bbf1a0e8886edc4da2cfec60a5d9c791e1eb8bc89b7bc3cbac3e454dc80de3001dc22dd3aefdb9ba656cf73398b6a716b163e21b8b27213685b8b78814d82e9a6eac768d14c043a5e710e5bdd85e1bbe9ac2cd2792ae31bba4f41d64d79188aac3cb128d13e3099e943804e4871ec496bd82ee30f4720f9f0161fb129a37f770077c11d4d22390c409eb70ffd58838db060154277a2ac4f24c26b9f351548269ed85df0fb748ea34e7c2da2de5f229a5ad03af3b195c1ee6b710c2910435f79c5bd5424ca8ce4479a047987f0fe046016bbebfe8e405d8d250eaf96ce731f5746f3251c93e9eeeda47d1b44b3de125b44068cbc83d29baa854de2fb63f6a6e7333ad578ce725f3ab610b2557f0e070ef4dbe2246b38b315b7a066e01ce0b86386228a213db26221c163424b65e60a242e11859c5e4c0e53fcf4463870c4e588e68838a42488531c2e1eef2cf093fb5937f73c112a43aceaf175b5d3eaee56df1b86729ecb77901fa13756adc0ae4cd12e20ea3d0130b857773e5f218ddc2c87af367c847668d012e3dd66e195b8a2e50f986bf86dde109af45a8d8908ebb1aa9e9a71d8e60e981f97e274aab92319ad099a82336f39547dc6c0e8f572eb6c66492ff97ff4aca99f2a298b0b8e508261414911f8cc5def72dd8657be4f9fcd3e30a79bcb29ffa5e86e6a2427e12277dad0da0b6e1695bdb99e27230ec36fb84871552e854354123a198b737c8ee8e7950f8721590648dcf3e0efff79006ea329fe0122588856d0e228b7a1665b6085a620281b49e9eaf8de2864355fb9a5f45e32fa9aad425f40a42aca42646580ca9e48d20f35b75a6cea42996c80557136170841f5b4a808188717f03bc021775774edc4430c4687a44ae3959c333e9eee4ead50fe252cdccc6ebe36b188acf84d87addd583546f87c486e7f45f82f289249cfd6f14d3472186f0c02b66b1eeaa79b46bb6ceb03d91a426ee9c8c213c1adb5d9bab353619fd34db1570f21676f24c83e681308c71596a9a549daa4aefdd792e912665f1af56a300194864516d32d7d9e45fa137dc63ecaaad9f9694d294906a32edb06e29548fc35cbc9f16de5fa1318bc58e01b15328dab15b493bfee52bd5263bbfbd5ea8077086a77e07714cec9d5ea0fb098d5d3f5e0d84e6fd96ab7cc995534bf23c8d89d5b43a8e92dcbf13854cfb71e8fddf9c5e21dc5a65b0c780dd91e4acda80685230af4fedb9e5c702ae2fa6660fd5b2dd0278ed048a0e9daed9777f580beb8b965ae35e0f21938c30c5032ed5c612b30c952f47f325d8271341fd6718cbd9a04aa675d9c368c1a71da30fbf81b90d16d19d4b1d6914965b9b321c94a385293e8cb89b59789605092dbd6c3f7b48429f74a8c00888d0d93f6d40eaafc996197288a771c2b706d41e2e73b550ad43d2b905e8a8f1d8f20c87dcc08002ed01205d5d6bd2f74b28c56c6529125524a3047030fbd1eb13cdcca4c3343123c5d8cb4a46ca7261132e4425fa406645c8859c55d6e0d5028b78034430f6171a529a04ece426005003f82414598a694c35b44e17276b47e427c48e614729d73450a7292080351658a548f32a18794fa67410684fa7612fa7e0f4a41767e3c1542eeb7ce3d5687d8e53bb9368ffb05b2b1df7ba796d1d9e3859a980d970606fae03fabb1df6b939558e4c31820ca061f0c28d72a845743c3ddf1a7c2318a2c26b09023a968750a10720808a0daa78774c590c006eedc6115e8c6284e9f402cd4e914915088b5813d9925755b1b94b166d03381edef96f9cd045a990f8bb2be2c924f46559a9c5140fa2c79d863c47774eb32a93c5844b075e188843a0ca00d5488c3ea0384c466cc4018ac01927aab562af363136e59b671dac030bbd538b67cc3677db3f56f0293953f8aadb1d1556b8522ffdf19691c696e4d68db57f8b781aba5e08dedb8327e7fb06243093d3ef653501fa51fb32905f93a32e1fff3eb40f64d3b970c02e08aeae514090b4c584bc5ebc49bb41e2ed648be96610329504a61e5984444e22582dcb3669945ebc5be19600da587b179593ba3e13b25f9d850ecb43f6c5d9f5c329f6c4e27fd14749287adfb51798003ea6922e1d38e621f7d058459797c9d024208020efb5aff831a215a3fc219dba9f07fe6a7f69f3b7b22e39ddd968846f495f390750ae9ccbeb6482320b36f7f5e27d24392239b958dc1bd4dc691f7d1fa480f41e92715e373f5090cfde14e00d4ff594dac92d59125a7ff8c9a9badd575d1e2481213a3108dc14100931e128ffe1022c607f869b9d1843b9728d5a5c698911bfaa43f2df91e19dbdbecf39daac6e3bb5c7aae864c5f6b43e014c411c6d94a48ed8c9285f66837c9400298f5096309426b2957187cbe0d75662a92ee14233f05db0febf9b9ce1395b6d71abb096077ff15a97b0be35f0ab88c0215b8d926f3adcae682b2baf44fa1e33929e26099ca41e9adc4962929b7814f6c28a80168e916126971de8414d14c713be05b467097dca01f95f151ea6349dd0c1f2dad7102d5330ec8b0a55a775bbac861edcc1ac297ab52a69505e36f567bcc8938798fd03feae46cdb130a53627d54a56e68e7e31e3790786732c85d19aa5d7696cf4e6e14de98c8279707f5db716a8a32a7928a2c8b479dd6513d100097563daa63c0e84c9cae6bbce12eccb6d4d3711a664c7a299034b0df3b4d96ddb5ef61c80467170c675e1d2931a27a6eb703732dc848b40a89a961db4c633b9f4703f7f7f7ad0848cd18db287dd843206545440bfa7d918c6ea657d4b13b69b98634b4c2fd87d0285168a2a84ad9b25ad83121c8d1ef103de0bcd6869e0bea9cdd8a453cc2fb74bf55f2b910fe74ff9345eb2046d6d7a1a7bc736cab3ede86b6d4b570d270c94d5b43396581b71003c3577283c0a6f6acb6c66"}, @sadb_ident={0x2, 0xb, 0x4, 0x0, 0x7}, @sadb_x_nat_t_port={0x1, 0x17, 0x4e23}, @sadb_x_filter={0x5, 0x1a, @in=@empty, @in6=@empty, 0x11, 0x14, 0x10}, @sadb_x_filter={0x5, 0x1a, @in6=@empty, @in=@dev={0xac, 0x14, 0x14, 0xc}, 0x1, 0x14, 0x14}, @sadb_x_filter={0x5, 0x1a, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@local, 0x0, 0x14, 0x10}, @sadb_x_filter={0x5, 0x1a, @in=@broadcast, @in=@local, 0x0, 0x14, 0x10}, @sadb_x_filter={0x5, 0x1a, @in6=@loopback, @in=@broadcast, 0x0, 0x14, 0x10}, @sadb_x_nat_t_port={0x1, 0x16, 0x4e23}]}, 0x1100}}, 0x4000080)

23:25:51 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}, {0x0, 0x0, 0x0, [], 0x2}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:51 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x7}}, 0xfffffefd)

23:25:51 executing program 0:
r0 = socket(0x11, 0x3, 0xffffffffffffffff)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current\x00', 0x2, 0x0)

23:25:51 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x19b, 0x9cd, 0x40}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:51 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xfeffffff}}, 0xfffffefd)

23:25:51 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x0, 0x9cd, 0x40}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:51 executing program 0:
r0 = socket(0x11, 0x5, 0x2)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000040)={<r1=>0x0, 0x59}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000000c0)={r1, 0x37d, 0x10001, 0x80000001}, &(0x7f0000000100)=0x10)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:52 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xd00700}}, 0xfffffefd)

23:25:52 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:52 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x0, 0x0, 0x40}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:52 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0xfd40)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x10000200000, 0x0)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000100)={0x1000000000000000, 0x0, &(0x7f00008feff0)={&(0x7f0000000040)=ANY=[@ANYBLOB="020d0000100000000000000000000000030006000310000002002000e00400015e5ec6a9df3fc38508001200020002000000000004220b001800000003030000403fff00000000000000000000040000160000000301000000000000000000000000000026000000030005000000000002000100000000000000000000000000"], 0x80}}, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f00000005c0)={@remote}, 0x14)

23:25:52 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
ioctl$VIDIOC_EXPBUF(0xffffffffffffff9c, 0xc0405610, &(0x7f0000000040)={0xb, 0xffffffff00000001, 0x7f, 0x800, <r1=>0xffffffffffffff9c})
r2 = getpid()
fcntl$setown(r1, 0x8, r2)
r3 = syz_open_procfs(r2, &(0x7f00000000c0)='uid_map\x00')
sendfile(r0, r3, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:52 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0xfd40)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x10000200000, 0x0)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000100)={0x1000000000000000, 0x0, &(0x7f00008feff0)={&(0x7f0000000040)=ANY=[@ANYBLOB="020d0000100000000000000000000000030006000310000002002000e00400015e5ec6a9df3fc38508001200020002000000000004220b001800000003030000403fff00000000000000000000040000160000000301000000000000000000000000000026000000030005000000000002000100000000000000000000000000"], 0x80}}, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f00000005c0)={@remote}, 0x14)

23:25:52 executing program 1:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:52 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}, {0x0, 0x0, 0x40}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:52 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x9, 0x0, 0x1, [], 0x9}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:52 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xffffff7f}}, 0xfffffefd)

23:25:52 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040))
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
ioctl$EVIOCSREP(r1, 0x40084503, &(0x7f0000000040)=[0x9, 0x5])
socket$inet6(0xa, 0x7, 0x0)

23:25:53 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:53 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x0, 0x0, 0x1, [], 0x9}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:53 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xf00f00}}, 0xfffffefd)

23:25:53 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000040)={<r2=>0x0, @in6={{0xa, 0x4e22, 0x4, @mcast2, 0xfffffffffffffe00}}, [0x6, 0x8, 0x4, 0xfffffffffffffffd, 0x0, 0x86ae, 0x10001, 0x3, 0x1000, 0x2, 0x40, 0x7, 0x1, 0x2, 0x3]}, &(0x7f0000000140)=0x100)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000180)={r2, 0x0, 0x7c4}, 0x8)
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:53 executing program 1:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:53 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}, {0x0, 0x0, 0x0, [], 0x9}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:53 executing program 0:
r0 = socket(0x8, 0x2, 0x4)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r1, 0xc0305710, &(0x7f0000000040)={0x1, 0x80000001, 0x7fff, 0xc6a})
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:53 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x8, 0x6, [], 0x6}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:53 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net\x00')
r1 = accept$ax25(0xffffffffffffffff, 0x0, &(0x7f0000000080))
tee(r0, r1, 0x2, 0x0)
r2 = socket(0x13, 0x3, 0x8)
gettid()
gettid()
ioctl$KDSKBMODE(r0, 0x4b45, &(0x7f0000000340)=0x385)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000180)={<r3=>0x0}, &(0x7f0000000300)=0xc)
write$FUSE_WRITE(r0, &(0x7f0000000380)={0x18, 0x0, 0x3, {0xfffffffffffffff9}}, 0x18)
r4 = syz_open_procfs(r3, &(0x7f0000000140)='n/\xf6Eet/pobpe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r0, 0x800443d3, &(0x7f00000000c0)={{0x0, 0x2, 0x440c, 0xffff, 0x3, 0xffffffff}, 0x3ff, 0x7, 0x80000000})
ioctl$CAPI_NCCI_OPENCOUNT(r4, 0x80044326, &(0x7f00000001c0)=0x7f2)
getsockopt$IP_VS_SO_GET_SERVICES(r2, 0x0, 0x482, &(0x7f0000000200)=""/237, &(0x7f0000000100)=0xed)
sendfile(r2, r4, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:53 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xfffffffe}}, 0xfffffefd)

23:25:53 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x6, [], 0x6}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:53 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:53 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:54 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000040))
r1 = getpgrp(0x0)
r2 = syz_open_procfs(r1, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:54 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:54 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:54 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x1000000}}, 0xfffffefd)

23:25:54 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:54 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:54 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:54 executing program 0:
r0 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffffff)
ioctl$SG_GET_SCSI_ID(r0, 0x2276, &(0x7f0000000040))
r1 = socket(0x11, 0x3, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r1, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f00000000c0)=0x2, 0x4)
syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x864, 0x800)

23:25:54 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:54 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:54 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:54 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x100000000000}}, 0xfffffefd)

23:25:54 executing program 0:
r0 = socket(0x11, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:54 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:54 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:55 executing program 1:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:55 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x0, 0xaff9, 0x2, [], 0x3}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:55 executing program 0:
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0)
stat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000180)={0xf, 0x0, 0x4, {0x7, 0x3, 0x41fd, 0x8000}})
getgroups(0x3, &(0x7f0000000140)=[0xffffffffffffffff, <r2=>0xee01, 0xee00])
write$FUSE_CREATE_OPEN(r0, &(0x7f0000000200)={0xa0, 0xffffffffffffffda, 0x6, {{0x4, 0x0, 0x36bb, 0x6, 0x1, 0x1, {0x1, 0x10000, 0x1, 0x7, 0x1f, 0x5, 0x5, 0x7, 0x5, 0x50c2, 0x7fff, r1, r2, 0xffffffff80000000}}, {0x0, 0x2}}}, 0xa0)
r3 = socket(0x11, 0x3, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r3, r4, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:55 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x2000000}}, 0xfffffefd)

23:25:55 executing program 1:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:55 executing program 1:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:55 executing program 1:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:55 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:55 executing program 1:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:55 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x0, 0xaff9, 0x2, [], 0x3}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:55 executing program 0:
r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000040)='syz1\x00', 0x200002, 0x0)
fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000080)='trusted.overlay.upper\x00', &(0x7f00000000c0)={0x0, 0xfb, 0xe3, 0x2, 0x10, "1d1c0f58a9ce7c80bbae8130348fe21b", "7dc1d28d21a2af10d96403ba9615345f028467c83ac1ba7a3c6c4ad85f05ffd998ddc44899b9c1bb7f49496b03c318dd18a84e4d6dd12fcded38f15a7daa116e79e8b8a518ceddf48c0bd508bb2d28b3563daaff494c028b45281246d36d16ce43da9bb41d1c49895ace66af8698f4dbadaa06221cdbb52ef7ab59f7e2b8869860aca4166f0c2eaaa1e7a40a391d65deef5bb31f8c4127c4663a8deefe48a953c881f8cb12b0feb58ebdba6caf5c251417067a181106ccf1a9247274db12aa95d09cb1ae5d4bba33dfba55088006"}, 0xe3, 0x2)
r1 = socket(0x11, 0x3, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r1, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:55 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x200000000000}}, 0xfffffefd)

23:25:55 executing program 1:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:55 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:55 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:56 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x3000000}}, 0xfffffefd)

23:25:56 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:56 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
recvmsg$kcm(r0, &(0x7f0000000180)={&(0x7f0000000040)=@sco, 0x80, &(0x7f00000004c0)=[{&(0x7f00000000c0)=""/155, 0x9b}, {&(0x7f0000000200)=""/191, 0xbf}, {&(0x7f00000002c0)=""/133, 0x85}, {&(0x7f0000000380)=""/125, 0x7d}, {&(0x7f0000000400)=""/145, 0x91}], 0x5, &(0x7f0000000540)=""/114, 0x72}, 0x40)
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:56 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x0, 0x0, 0x2, [], 0x3}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:56 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:56 executing program 1:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:56 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xd00700000000}}, 0xfffffefd)

23:25:56 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x0, 0x0, 0x0, [], 0x3}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:56 executing program 0:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x802, 0x0)
sendmmsg$alg(r0, &(0x7f0000002900)=[{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000200)="98a9651d411f91000cb7ffcb5536133cc4d32f0b8d744634664bb2a07466a3f0d6c1638fd5afb08a450e506856653891710504c27321223dfe33c8978be5175fe73ed1985a2bcec898653371150490451efdda58c380e2db3b3e8172a6e4fd124a965ccad758a817a68c0fb5bc753b8e694abeafd86ac8a95356846cb99d676d019f294269360c66a02c2fa1adedc7fce777598667e8ac6aeecce7d8ad67b5a24a3cd2357e28b1e883e0463d70eb49f86f2649cb77af780ec91d332f9a8853cb14c772dc32aecef603f4c4889ac3dce6d71094084761c7f1722544f4a8b31b5593ec15aedf0fd7d91e826e86c0c2f516fd6b597ce838829fa9edc66e40c8e7790cf990bbcc0416a298ebb8fa0d79ea10b726fef3103a0f5312e3f4f8d9cdbef44bc6f9f0bf75461c629a68cfb0cd10716c567c111106e43f6c61d71ee61838c6b214b5149bd725ddd4136827990f4ce09aa8f94cd5c776a6289d640c0af3c8d9ded8bf95d70dca4ddfff565f8a4e324b7f1bc52ab810490394509d7e2ea42de1a73828b33ce340d165807f38c2f74766b64ea2b4889148523a0e42fde488897b1903c0e3e0364f5bf187c1c285586dd8bf25f2002c2a81a9ca3b66df9d1d8f60677c55f36d5e548247e783121ef63b725855ee36436c3cbdf44c9e17501bbba8f9880e4996041b33a1cf4a580baf2d34669ab9065704824bb4302c04565d73a37449258c5ba38d8a1fafa663a7cbe3cb28a3664108cd18339494a9b364c4c10bacd629bdecf2bf7ec28fa6c489326caa661e4742291dec0df3b0334466932ca09ddca293bf7a9db5cad3a5189b37672154aa3882e75c429b873fba531a7772e48a00c63a6c66c8825e2869b9431d2f8dac0ee34d0a1e413098929fcbc62e3f090ce3ab9bd9689a8f11e4b9f4e366369fe7abfb9bd55f213e042d180a1dda562fa588e6fde05659e1b76d80570175cda879f45c8464c2128a9973f967a6836ab86e1cf0c959d5412735daf12254d9acf9aa262c2d5e3508a7d9cc543daf86633d128198576d4fd3dce923ed4b041817a31f530e7632426f0a0088a7f8c0c151777139cf372e09ed052bfb6d9defa056e3cabd149c3bd4b157a852df41ecfa97f8929b8098f0d7c31b28581d437641ab981b40de711eb4e332a307834f77a58700977bcc275100f60a906237f4065baa2a0bf6588acb421946a39142e6e182b0741ae4660486fefedb863f3ac8cd05882a0b88f3d7747bbada655320428702127a54a5fea3c3513aa3cb01614f98d69fab6088f5bca2bea707f1e9039f0d1b2ce9b39cc09673fa3cf5526d55b21a6abbf1d79ed4bcc456fc827f1c7a8a4aca4eac80398a34912e10f189f0d284b6d9ceead33446a8daa3d8d578d3581fc782ba5331d3d968119f066d2858041735f7ed1a8bb43620e8b5a10deb2b21d2d48e9331a7df36eeac819e6091c14b2d512e99119d6339fb62b0b2b84092da0bba7f00be5f20b182fb8f57f83f2c65fd38286cf04e81d1c3052c94b767c6706e5f32e9a4202a8a74753ae78502ee5f8ffea5d9ee9a5081242cd34baa3bbd668e527aff1f733183b42d59cd38f54af5e9b2c54ed81881266fd19e32937030f39e8c8e1034003545e0c934fa7c690b17a974f3ac78999be727c0af5e2e54ff45c7e3c4763d87021cb4363f7472da97029fd6753d8193eb1ea7f2b695c3350dc06f298c4f45f19dd840228cd85baae8d6bea87a57fbba64869552d25ea98329bc99b2f6e2dbce7fd020117432eaba32c83b86fd22a1ff2c6fafc732dd0b9b406222f18c2692a372b117764296597b6b832248a1360d2503649bb1be0b38d38b29f2b0bce6082d8d2d93d0a3d8e89231b52fe46678abe48b4e10b7033730c5936914849b657f72e6d93e12d9087edb5512758677d608f72ea0bcb7e544e80da9e62050501c4a276a88b02d19d877a5a95a562ea85ecadc88cebe88dfb1758bd48be1e34abee174981a164794ba5aec8d7369e037262c75dfa66494ad679d83ed5a8f4efcf344f366c33927b6baef918bf44c238eee8234e08de8f7508617041c7ee42187e95865faf0a5a6f1911c036fd58d74b2b65bcee4744dbcdc673eaeca2b5dc0baf5aca1b80749e68d762aaae578546f51a14364c33c72deb97c24d3bed1d557b3e6d53dc0c3e2a903283078f0f37c8cac7dfe31772e766d73c51575f6f6ceec964db746b038f5c9c1b09528a60fe0cb7fa6ba3c74360736a97951bcea517cb29ebaaa7ebef45fafbe705f88c9ab9e0c72b6f133a806c1f4b3e7f4a9fc27e6031aa87de82e1d4d3e5645d6a958d7374eea61b9ae6165ea61e0d1190980b415d52f66beea8e0ac94edfd8f0a2f0d2c309503a0c62455c1f43dc4c21215cfcd39ccadb475600541c9e7c32698be37c583428eb8e94758aef0c7361f6acf71a46c622ad62b3b794bb41c4897b61f90530a96f6002d98c6ac243d884014cf60e611b85e7b79014c53e82b659d049c5749f506c328e4889dfc7f945bcca29f0ac5c19e58f2945807872b2522b56bbd55da84a94347ac15c68b6983fc75d3d39601d09dcf26e9b0ab8510246ce6ffe4bb49e484492081bcd458ac8286a34bee43fc1d6ae5b74390c94477c699334838526d87ad440bad7ed6dbb928cca0ba0eaec9c2a33055964e5bf7c048b0d62602d1f6f883a27ce814dc9ce0c498e1962d34a88f434f28f47dbf4368e39c9634abfaf997b4eda4a4a389ec2cd85109d840b05575f6fcfacf23b846ef84c5a287734d1824a72d3d376f7bc0b02e36440137203cda8507313f81d26b709e4ea069f064d48ee25ec8aea82751d9af33a1550eddbe97a6750d49bf3a3b157fd33708ec060ee9942b15c96377859ebe954ddbea455c39c44b126f40bc2077eb4344d561d3cd0ea0868c30ad3686fc3386a307339b97e2f34ec9a75b2010ea82a5bcbcd12c7d5cfbf37c0531057742e6a847c3a29a974593df033c023172b183e52151a3739ae1378f1bf38757f7300f88d66f2545b7d8b61a97e7a9bd016bfbabc43fc93677949a73136d1935b2df0c9a1825956fb0c06d6f16d7eb9429290bddfb7bf71b416079aee2f047de32bdf088a854e9c3b613836f959093e974d813de598672faa12c916610355f8fd7922e04004249e1bd59cf2f0bb019444fa6247ba0e98eaaa52b80a0a21755e078798dafdf486541c237855e3d718f54cc4fd73e4dc0623b1e539b574b31af713e68da31f55cd8b93fdb9748a085dea5417d61e52dfc13bfc89eb87d3469c7efbce7adfaae044706403f3986b1c7a9e8eaa344cb4cc29786a63ee9037c627df7444e72c2ba7c2db74e35bb677c7d4184fda2a873bce42aec9f9e18ccc38bda0eb1071d4087c05c6935394a2a2373fb0e831c62c4f483b4ffda612c0dc6bdae25169558718fa7c5db070553c16cd4189e45e74be39a0ce0ef4435199de0d3ac4440bbbfbf29d9cfe338ac5620f283c98c56094733c0d0b7474b63578f0d14776fa2ada4b49858353ccd446ce6fc5e8157502053043a031440ea30fc4c17109cb625144f0601ce2e3739e86aa9a51fd6a9596c1613e48b336ed977253a02d0fb7b7194a0d1068e80b7a1054096266ef9f660c32e8cc96899e0ddd6f8c4800001af656fa3b5e6652c508a5da5e9bcb63c33604b365e64ae792b95228e022569ef0bc289e6e6105ba0562e4cb3f64d2baca90cb421b9dba6823ca0d250d130dff4d723ac37e64f9729771653e93b2c0447fa769c5a5215e9a42977e5cfd66ac0aa81fab6a315cc282f5ce2ddbff5b511ddbf1f993b152e50c43337f308cfc69de98fd12c8f83b73c977834e8141cd9f3051f05c490e100cd4d6ad4603b622479ebb0cc55921d92f6267f1ff18dff66b6c178db9e5978e4619eacc167c77054059434365cca6b29cf62c50147a0131402b4b5ef30e23a81f8d96fa7b3975da9ecfe195759e4be78ce4ef9726ce6caca96ba70438562fa57898921e4426b60cb85eec1889ec72ecf135a574aad060484a954515589eb44af651fc17c0b0e580102a6b4acedfb0596c9e03b631a80bb73b4beab5b99c824b67296bea9b9a3ff37ec9cdb01e6f62706a45fb208381b01570f854644958165e25346f215ded11d94f3f404d22496f8666cffe458a16c719e04b985253f81efd863bec59bdbd12c68230921fd826bf5914c180268f36a754d1822d73289a03c77d21927164da4d7a8a3f1b626131528b16d3672a42e9a5ee61f886edd2f1a86a157e5f0d04c0f44bd04dbe81e240fd910ba4c95b2152934546c93ea1b724054681aaeb70a1ae590e6c046f5619ee00c1441ec021bfde499e1637944129e8da59f20058a6cd9ebf3df31f65d1df84a0b528cb64676412967bf4ced4ef1db92f131d354349836e91d15115f7965949fed02cdac49a9e6b4b367d7ac0010b301df90da38c9b29844839c7f20303ffc6acea3373a47b3fa5fca5e21d30dae2063bf8fa0953d9900fcab1158aefaa5f84b77db0ea3d15fbbb89dd3c12764400872fb96df988516e6a391eb8d107c1f0c25a24b78b9dd124fc21e4804cc15e62f3c479c1378b8d4c9c49b5531ef46836a7fffd3a1493f8b0f78c0dbf09e785270653b025586ae6863f4f52f909173258034e6aed0b4d8ce8041b4668ac3fb7149492e39e4fd8498bae4ffd24dfc75069b05f7810f92d39f1e37bf83fbef4cca028ff0c951bcc07247600913cd2435a9b4bc109bb59f258bead952aaa0bac1fb77613e7ce12987be4dc17d6d538113abbc46ccc094a8658c385a0d1fd9d73eba57df11e5ec2d43fd31445ea065f0f359f5717a9ddfd3ab26a9531f1a56ef73c5a2f6b2583c591e8a2f5b1b504cf36b9c655f32d2ea07efda9f05714465a9f474813ceadceac02fec6e03b9908a75d4423b1e19c5771b0baf97a227469a286c15d730dc24d2275386b63efa0ae4efddfcdc4642fbfbd570e0ffdb1b9aea7823dc14d062531aa35f0e6c2d1dc4dff560ace978db980249ef4fd4e59309d925c6b2b7701d4a5d9640a4afbca9e77fbcb17ded3eda7a41e76677f3302207f5252f0eb6d77dc9aa36a92133e5e05385a2155fdf2b315dffd450ef0ca646189c3bf164c43b6d7881b67f619b3f86678688c8f5fb5081e8b986ebace77225da013d9c95ec00bed76f5ba28061d930cd56df38dd9a53e363d1fe3931d1cb25c219aa0391d7ab00aa936a3085029d325110b40d6c0fbe494f0e82cf6fb3871a683d9be5472f668116271e9026c3ac2a8293ef1f99147e4fb889247a06a1117b914c8a8687541aaef3fe40dda3e41b3e9676ca686870a5d4036f19eb5dd6809d2bede28e0e609bd5f391296e71ed9aec7449d52e1c278cab6106fbf31ac6f9f0deec3445792fe51fab308750c5f366c1102a5544d2d859bb85f42aa88076bdf4aeb38592e0ba24daede30acc303c9e9563f73bb8997ea6ab2f12e9c1a8aa04c1d0e20df495c50a3d86e4ae3cb4e401c5d6ba0f517199aaea3e2d6a850fa34f96112b71fa123f298a66d63e2f9681d74463c68644379be391be6a42fab0b8115d2cbca3994b5d9b2d4510926080a1dadee2e65f43c85df846c649c8f61b5e6547d31bd2af74dd4e2b3a7896311d2120f46de94137918dfc2725be8caad870c0bbf469d299677826543be5dd11bb4b0fb1d1823fd48c08cea88ec7a967770703358575fa901b5f32fe106c8d941aa8f1e0ea1f498ef35da36ebffb7103fd876eef522e4e59bf590269863126d8612e809a8b54b086709749aa96c64c26f8681abd6b3", 0x1000}, {&(0x7f00000000c0)="c03b47e8dbd57b16ecf70c8e98e81826f270d20c6b363fbcc0b58398fec1b17dd69d0f9c5c271f83dc5c7c991d652aaee0e90a23fd0d3fe01aa771baf0c70c208e1a6e547d46e0f24bc4d3705cdecffe7511993dc5e4ca622d6a3ef3998f584fb1f19bd4bf513743ea6a864e2dec20378668ee92d1961717d26e7f36b1ee7b407f3cb70d87cb92a814ad4ccce5bd4d8aac56f26d4b15433188f470b059b85d723a23cc39681510d0ca1b19e12c392a033b", 0xb1}, {&(0x7f0000001200)="62a2f1ef38670c1db8b95d1bc2709694be8f82e6a043964464983669fc9a8720c933bed4791b36a1e75f480be59deb995de8b97c799a1f173313dd76e2da8caf2babb3d79729a11d705eb47da8b363da8d793e01b1396a13425a0feebc1e7c7dda7a8a597ff5c9ca6dc1c8ff30b0cf0b1f011e5d966f7dc73550a373f6a1541f0b1c59cbf37c696b5c61bdbcac31e4be2c72199e1787b8746044153aa629d3ce9628", 0xa2}, {&(0x7f00000012c0)="2b0fbea9b50cdaa0c2bf786e72a7ce2b17c07d675418f03a1ba38c025b6cc2e43687956e0d357c8829415ddcb5626558eeccead7a70595db2ddf99e3301b8ddd0e0f5e84055f717c45fc60d02e0fab4ffd3bad18befcd730733fb3de97c1", 0x5e}], 0x4, &(0x7f0000001340)=[@assoc={0x18, 0x117, 0x4, 0x70000000000}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18}, @op={0x18, 0x117, 0x3, 0x1}, @iv={0x68, 0x117, 0x2, 0x4d, "f137cdf5c1c7028e8f833dde4e2ea92c4490e789621536fad961eaa810468127964189855965b55caa55f8471d4a0dfcc667879347b9416ea67409933c505423f1ae72e492c272ec5bc5e1ecff"}], 0xc8, 0x4004050}, {0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000001440)="679ccfc22f41f6d384649fab1aec98041d39b83279a26bb3fc241fb765c8c63047da5122efe29f20c25d6cfdc6f6d575ee12afa4123ebbdf6ab9a8a6c2dcff4a73cf2bafad2e6783aeafbf3f18d2ee8e4ab8ffb422de481e61d0a4fa99bb1666924c3e6a1b967d0ccaa8bcb2e4c894b04a825ddfc4226752b07f6b3d5304d5821682c2449b903d158df1d43c710dadc8cb48ff0416daab86d82e1bd1cc9d5448cb805ba0c3a17c6a8b1c0728feee741fb25464c6c3f606e519c1a78550183cd9304b9a43ed5ecd855839bccd946c1384b7e2785c92f8605ca2", 0xd9}, {&(0x7f0000001540)="e05fe50bb1ea80ecfeebfece94b000729f8969e5a027fbdfd60a92f20829f65aa8565760680dc8b5048835511f3eebca0711969bc400f9b87cabbb91f29c97b38991ce7390cd6563e5503a95541a957d6be2717a942167ca61f193d98bd6a0c60db5b2f4f16cec2a2f6bbeb1a83426696fc10daf1a7eee2dcd0bc4d60075e510e28bc88fe36ac31c0dedd1c588cc2d05b85668474a5179b184baad04c53e09", 0x9f}], 0x2, &(0x7f0000001640)=[@iv={0x98, 0x117, 0x2, 0x83, "181885afac8192616e2921492ea598428ff134eb6abb54d60b5829546248c96b584b5a70d8bee20e6e9d280749257e8a285c100329f96b3676f4af2e94c9a2ff4b3795e150d314f47846ade4c19581d6911cc85398adcbc105527aca6b9d87c46ac00f1eaf4a404a8713ec6dc03bd495bb950a97f9f8e424cf33ae688285b0c19a5849"}, @iv={0x1018, 0x117, 0x2, 0x1000, "87b3cf2b85ea2c9335ae96b7f5fa9570bfb33475e6a468fb3fac0b82214ebd3440ea5751f45dde891590dbda622a4dd8cddc0e5b0323e0ec05b6e4758abc1063776c4d488c21d3969ff373b2a0e564545bb513f32c196c9b744be9411d6ec4df483aa02100fc7b8fe6c99b9c3cbf78a1ceeaa78492ce7e87af229c74689323da7061313bcff79d935dd033bd2bc36a8beb4b0915ebfe487918676e3e9e6253ed6904964a71fb43f092816b0c6d39b9f71fb2b26936e41dafb8cac89378a68036c314f328d878c24414245c2bfbb849a3839360b599b1b944ac0498d5b85890ae3abc9542c488783468cfc36fd6eac935236e6559df8ac1090654f05c59ab146383012cf8319cdda2370426611b3fd6f4f1495b557b9d2606c48148daa453c81bc8f970020952b8edb3212467151aae1ad7a871f6315443e93b0011c8d84e291c6c7ddd81fa8c8cc58c2db1c44c944e026ca163a8f1e27933feacbc29b6291bb5749aa0defa3db0085f7545a2bdc92955d1e4d253ab91caee20b32eff818df90df6e87f25ef7540f81bd18967d55926fd654601f74984a99184c9bd5dec97821c331f727384ad0bf89496569c0ba92729eedfe9a62cfcc4d2d3fc45881a5a0b7f7fecdfb8218c4d65fa09437917325484fb021df4f0f7e781c82c3de1dba739db05f2bc82ffc85652873bf5cdc12213e4854614bf9626d042a0c11a1ee0afa9ac43920b8e6028af3f932fb1015f82a57f9afaf6dc26c56680a1833cbc426c12ebe8698f08393d33a7dd559e112d3d0093dcce4ceacc74ef3fb11ee13485c465ee645fbb5e64f190177ef7961c5fd2460d413bb08be97d123d872785fa945a6cd6b63bcce8931d76afe29563b1244b9ada69a81086826239efb46af767f07bfe6a402936c6b1891be07ffb8d902acf65c6ea04448248d06145afff461423e5bc9e69b38f8d191c1b4885f87c5e4350ecded146129e8cf14880437dd7740bd08870648e01e9a2a88caa9c6e98824792fbd96927707187a013fd87967eac0d3b0cc5e52c3eedeb8d8a4552fbe969a5453224270e07a88048416eb9f679932f14107de81b9086bada1663c40bcd87579aa6c95ef6fb42737dd8680a5cc32aa8dfb869938d22cf54e90a7aa5feaf38748c0f957f491f29b9f382dfab752b5669bdeb3b4f7211107345a8580f758db81e4ffa895dc9b89be825fa976c6f53efc77336ca0f6d34e228c71f4941ae88a1396b4e5d1f11904886b9243a312b700705ec6663d3d9aa19d93a4fec10d9d20d819e95d613b120671af47356e090c365de53ebd244c8863e0fd595ee7360c492a972e8283fcc5c806f925019f5422232885e06607972250ddb3df9a8f5891f953d35255a5436e2ac7b6d96ad5dcb6e1a0f41a0f2c1e94c60e7c7982fce11fd54053439720be7238772951f0f0f1058d6002861664399818b558c40d6041092853d573efe5dd2c2bd837facea5f0994e8e2621a26b53eaf1ccec0e3d2714ed6db5cfc64b46bb18213c63c6ad2a7e2df8adfad6714873ccb1ef20f46091aa142ed797ca271816431a7374487481929946e67c8fb3e1b685818c497658ec61e70b2726df3d0c4054a5ba88e47c1cd7d6acb0d4c5737c6af1aca85b9610190cf3c9d44057f43311fc4778ec97a010af10d57d1e78df935ce0f8459aa0bf24d76ad233725612c0ef55370bc21121c16f85b58ec15489f640cb5ef9de64232af58f4467e22396f0889f9a76f142cae13edf010103ca065848bfd9336964d15a9ea5c98ea75078bf6056c9530480d482f1426213ac1d2a2269a753da48ddda5078b6e9b26ec0633ad56380e7c9e0c8454dc849d55c6c7a38d5ebc65650f294959f88bdc7ade3c844d26b036bce2bd6b69f0fae31669c14ae0aa9e6da05081bccd914c85d012d18e238fe44c66347effff9434720289fa8b8c12eaec824ea74b54e7b1eb090d915a3516abcb969cff70ea8a4818922ad6875ee7d49e44b209ecbf7db5de571de2d680e6d8d3be08990c77bc26a55b3041cfb5423038bc3722897798aa2ca7cc70eac3ed6af7aa54417861a16674966def719a42d87b37db6b54ca9f9994c43b7268b1f5543ba8c221735e1f60f933e5850d49b3a3d2e2bf003c87e5fa72afa612b317a5f21787a9ec2ea66c4f3becd5474c547d447b6bc63780a8f3a7d09322ea126f821ae5d0f4a7d2e72abef7fa2d4d7fa5d263134b7647020d7471c2d27b201cd96f0b37d2fcbd8615c7129a1d1bd0fe6d9a8797fd55128c7c664400174fdccd3104311102c06091cc26674cad32791528a51a3ad8a70a8210911a72c94188575d4fd06d6b2e380655e9cf944e23344798e433798c796f71bfc065a515f7de4238e0fa9bdbaf85b0cf9f07958bbf316a124c04cae30411b4aebaaa9f22fea1c333e6ea677c44803bb30b0611f4a20a8b531c062f8f10e20896d253d8e28a3eb476e49d800a7e9c38d2356ba7e11b723917cbc0daf409c4b1429abda5ffb328b72c0d2a319c5cc00b2e953dcc593ca04782272a4bc2939c3aa5539087604e025641a8ed019d7de24d79044c94e5dcc14f1f2471b8cb1227562bdb713c1a339d55099e79d32878245beffd8482fe72e1a5a7d60341cd1f1166707160fc1025a7c703d92fb7df0b9d41a0a3877ec2eaf20268a641d69ee065681c3bc18e39b465266c60b496d9e52b5e5f942f703891e415b61ab4367d947891ffe1c54a728ba7816d481aef5c49e5d861b9a47b0fd641bfecd74e9beb5d6c52411b24d8a85d4e55f9f7986bfe61041148e22dac281d892ed51ed36cb5248fd52365f60f1f86fd3fa1fee79ccc8f80cd92dfebe603b8119c9b4b83e233136b5bb58813c3c4c3f2f31ff09f7fe28d163b6e684018d54082ddfa5d46e669bee638a3d8c1e498c9276335ec1fd5a0040cfddb0bc827f550bf9c991a2325dc08d2aded139910cf58447245745f1a7bec8585768bd5a522a040e609ac715c9329b4ac41ea6f33281025f84a9aee8aeaba4eb8d3c0ac4dd25871fc4448559a7d178b463448731ba0acfd6284828b11ca46b34d92da33bcbb86330bf8d074000d20e738d2d15602eb59adbd85c15186323a1a8d59117ce2664389141bf4df18456ed5613fa5babbcbeba472c41ee8505b4bee3978a968d20a227276fb1331711209e414a36255f7edb075e77da68b3e9bee2be5bef2f9453253cd9523d47873163b003f8ef78400dde2fb497d95e65f92b8c33afbbd1e9f82f62d043f24bb8284f441c4f6180863167704b6c4e5c4c22ae9f99943a9eab687a2547b803b1baee5820da2d02fe3aab133043581379a2ea47941a4e258ba7a2c42915c3e054e54243f9ec8203331d4584a586df433dd0db85434e3417eb6c970c858a82075e5b11e87f5f30c63470c9bd4aeb3a43249f2186065044b81dc59f762fc1c86f63b5624f29dde2904174eef58dc3ca972a39c78317bd73656535574ccfe559488021fa644a08bfeba0e8c070e0a8dee4bacbf23e3af7605c7247ca6beee0c1905f48730c1b40b753a37a2866f48dfd7afaa0b573d6744a9d2d28d88d2c62b0131dc09d2147f2ac6843d6cd1dad43bde3ec4d5bdfb1462f9327394d71fa1e821cb30d2bcfe0b05561f95c7fcd14b26fbd890bae488058aa723c53181a0a6dad497527ae7babf1dff3ab9093c84e1f67a67d8e73d66509f82bb16e763c2d09f810519ce410fd5f72df51b7f3d1e35b14ddd8431e23a7b0c31614c0615db2852cb3a1946cb9e8cd8bc03634e92982c8d943f4a85b52a84d0ffd48a3d5d5a7147cdc85826fbea0d5217e492acb13cd54190e611b742aa78136afea939ee303fe5e81ace36c62dddbcc1a68a7c659ac549ef8213eddaf4fd734bab07e1e4790a4fd643e62ad6ae2ae4bf78e2c429a320738ea417bfcde30f46e6a8f6f328ba7b41af4bafb72b3e763915ffd4bee7368f4bed53b80f43eda2d93c4266a3af5aeff030be560a43935d5408b4ee3e807b916506091b8c1eab3784aebef2a0e96f48473a2d4aa2c3c99da8edfc1ab3e2f687238060d6ee6812a07d0ff880ec5c0a1a05cbf3dbef233ea6de9707bcf4c95f0c4e356764ab87054ad0b54b959e756a2375d60960082624ff712539c5637e1a91ed3890fd4430c538cf81a6b9ebf0e714acc8b0ee2f08c3cd5500e27f3b706190f37e68f6fca03c8ff0aad25ebeee43991346df3b35f6e17298479bd30184469e3319c628878afb101f3b776ffa45bd42e6bed5343174d0e809d693b8a2b6922cae821f36fe8a3bb375659bd1da2725bfa769cafb3cb26bc2384afef6e64b05f724b353e827e9a716ac906854498be58b24d3f0735e54e479a1934bce6eb1b9e7dd3cdc7d79eef30a621b2c3094fc6e87ab6bfb914c4ed2b6adbfe6607910314e1ff6e438a1e02b0e467bbf8aa385a82289555d69a902e83c66024c6451c63145f94390c899eb38a1a0110a9b93136a472d19653920aa930ba0f04a12916fc1901f4e66c445912baea695ea6b460324f466848a0ae4ffefe237093baff66fd2dd8e14a0982c965963501116c9e3fd410111f89837370b7534bce6c6529bdd24f4e6f1cb111d6f71eda4fa93a1e9ddad996a6d330df32616d3cc229fc50192714ad725095bea5cf9a0e7de61d015fd27dafa76da4631e9988ecb59f7488316fd664f8e7b813ee62a7e2c37f438e5178aebdf3f8289af54c764d8521ae5bae4502f7aa7e6dd4e535257c54c9a2cb2e7bc09bd212206542818d8c9dbfef159371de1164f83bb5f305d199d56b6d989338b72fe6ba69c64e0566423464f7e71d915f30fdd0e6dad96a4c179a968f013abb52276b7999a0c2c488ca95400491b0ea5d04e3635f258cbe218b95fe2eafb01b709ca4c9909880f2fd49ba3b09e4d3c8b4875c75a7873f69f6df23089270b018ad8a982f08fbc6a3c38fa57cd0a9343098f36785c44be3d5545e9087b64c806019acbf051d437416fe312debff620036e9ad1fa6b773eb85ee65572dc8ab6e8a61e1388133963ad2a4fa1ca5e9c41778d1a59626dd6e66e7988399eb8b636c6af10ad2fc9b0781f59c2c5c70bf5bc2bb6be04a6670a14aa65e69f50c1152a782736ee4fdb18521e3b5b2e58043de245146b8bdd57219190db8e3d65acd9187ff7c44be14bbf6ecaf296649b4c9c248f2aaf265153ce850cf603f58c9b9909576439c7ff506cc291104555c477d7a2cd93935e523513890037aba8d58495468a95503c4ac881402a828fd7a0bf5bfa2c4fd7ffaf853ae9b31d754f5b2e5323f55e149ed231037b5c33066f3f94daee3c47831b394b897af40bdd4a05f3601efe8a36a89cb27cee5248f636341a0cd48a9620e931b4966662f01678fd4905fa45f7d51e5c054f772e9b96ef9021d3fa89c63533b4213fcfbd107a60b794429a82789e12f299a4e25ba3366ffff054945bbb96017940e620e90dfdbc5969f5d269c5202c37b35b302b7e31093f16c3a89cc3fe5cf7aac5754cbf233a8f291a3a0a200ee16524890a2a1fa6e835ad2fef15e64652c6628aa698481ece58d332b4af7a0aefa9db03234c70cf550f71557d5987dfe0aedd9ec014e9d592f0f02abe5ed651b480598a3ba1d80187a6c6decc636caca0bf0627b29e431fe58d79498f859f4e42a54be91a401841bc9ed99f2d38e96df1ac40de9a201eacafd82fa886a45ebd3ab5d457b6c380b5314a4f0e6ec3ced96dde8e0b48d16a0255181f150e8c93616d823a3ca595378bb9299c9641858d6d9c79d57846169b8dc778b82dd484616fb7"}], 0x10b0, 0x20008000}, {0x0, 0x0, &(0x7f0000002800)=[{&(0x7f0000002700)="2785a412ae176f3658e238a18c3eea64b85a95f68686534d77288fcd20db7c5089f84104971a97aff2138f11d3a4e5c9ccac4fbad6876f300e729f9b60ed992c6a91c72579714e3b0af784b25845a0ece4f69f2693751b76daa9ff5b0ee5d94d905e6b6e7fb057b3f0ad8832101f17249ccda490752ebbc62fbdfb70182e972ed370d2c9612f0ca2eb1a162f16663380df5dc328b78deb7f74f1a435a7bb322a9ed8ba35c69f9674d1f511430dcd5738e2f79272b16d42180270ab65737126afd276", 0xc2}], 0x1, &(0x7f0000002840)=[@op={0x18, 0x117, 0x3, 0x1}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18}, @op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x2}], 0x90}], 0x3, 0x20000000)
openat$dsp(0xffffffffffffff9c, &(0x7f0000002a00)='/dev/dsp\x00', 0x501040, 0x0)
r1 = socket(0x11, 0x3, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r1, 0x114, 0xa, &(0x7f0000000040)={0x3, "6f4b17"}, 0x4)
sendfile(r1, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
write$FUSE_GETXATTR(r2, &(0x7f00000029c0)={0x18, 0x0, 0x6, {0x800}}, 0x18)

23:25:56 executing program 1:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:56 executing program 1:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:56 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:57 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x4000000}}, 0xfffffefd)

23:25:57 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:57 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
dup2(r0, r0)

23:25:57 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:57 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:57 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:57 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x0, 0x1, [], 0x2}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:57 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x10000000000000}}, 0xfffffefd)

23:25:57 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x2)
sendfile(r0, r1, &(0x7f0000000080), 0x8000000000092dd)

23:25:57 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:57 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:57 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:58 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, 0x0)

23:25:58 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x0, 0x0, [], 0x2}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:58 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x5000000}}, 0xfffffefd)

23:25:58 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x80, 0x0)
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:58 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:58 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, 0x0)

23:25:58 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:58 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x10100000000000}}, 0xfffffefd)

23:25:58 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, 0x0)

23:25:58 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0x0, 0x1, 0x5, [], 0x49}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:58 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000040)={<r1=>0x0, @in6={{0xa, 0x4e21, 0x6, @loopback, 0x1}}, 0x9, 0x1000, 0x0, 0x80000001, 0x40}, &(0x7f0000000100)=0x98)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000140)={0x3, 0x2, 0x2, 0x7ff, r1}, &(0x7f0000000180)=0x10)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:58 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x0, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:58 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x0, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:58 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x0, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}, {0x0, 0x0, 0x0, [], 0x6}]}})

23:25:59 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x6000000}}, 0xfffffefd)

23:25:59 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0x0, 0x0, 0x5, [], 0x49}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:59 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:25:59 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x2, 0xaff9, 0x2, [], 0x3}]}})

23:25:59 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000100))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000140)='net/ptype\x00'}, 0x30)
getpgrp(0x0)
rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00')
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000200)=<r1=>0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc)
r2 = syz_open_procfs(r1, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
ioctl$GIO_FONTX(r2, 0x4b6b, &(0x7f0000000040)=""/81)
ioctl$sock_SIOCOUTQ(r2, 0x5411, &(0x7f00000000c0))
ioctl$sock_bt_cmtp_CMTPCONNDEL(r2, 0x400443c9, &(0x7f0000000340)={{0x7, 0x757, 0xa, 0xdd, 0xff, 0x7fffffff}, 0x44ad})

23:25:59 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x18000000000000}}, 0xfffffefd)

23:25:59 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x0, 0xaff9, 0x2, [], 0x3}]}})

23:25:59 executing program 0:
remap_file_pages(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2000000, 0x6, 0x110102)
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:25:59 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0x0, 0x0, 0x0, [], 0x49}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:25:59 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x0, 0x0, 0x2, [], 0x3}]}})

23:25:59 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}, {0x0, 0x0, 0x0, [], 0x3}]}})

23:25:59 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:26:00 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x7000000}}, 0xfffffefd)

23:26:00 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x100, 0x1, [], 0x2}]}})

23:26:00 executing program 0:
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)=<r0=>0x0)
r1 = syz_open_procfs(r0, &(0x7f00000000c0)='ne\x02\x88\xactype\x00')
sendfile(0xffffffffffffffff, r1, &(0x7f0000000040)=0x20000, 0x8000000000092dd)

23:26:00 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0x0, 0x6, 0x40, [], 0x6f}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:26:00 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:00 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x40000000000000}}, 0xfffffefd)

23:26:00 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x0, 0x1, [], 0x2}]}})

23:26:00 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0x0, 0x0, 0x40, [], 0x6f}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:26:00 executing program 0:
r0 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x200, 0x40)
ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000080)={0x3, 0x27, 0xb, 0x1b, 0x9, 0x9, 0x4, 0x125, 0x1})
r1 = socket(0x11, 0x3, 0x0)
ioctl$KVM_ARM_SET_DEVICE_ADDR(r0, 0x4010aeab, &(0x7f00000000c0)={0x1f, 0x6001})
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r2, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b)

23:26:00 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}, {0x0, 0x0, 0x0, [], 0x2}]}})

23:26:00 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}]}})

23:26:00 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0x0, 0x1, 0x5, [], 0x49}]}})

23:26:01 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x7d00000}}, 0xfffffefd)

23:26:01 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0x0, 0x0, 0x5, [], 0x49}]}})

23:26:01 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:01 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0x0, 0x0, 0x40, [], 0x6f}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:26:01 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000040)=0x27, 0x4)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:01 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x800c0000000000}}, 0xfffffefd)

23:26:01 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0x0, 0x0, 0x0, [], 0x49}]}})

23:26:01 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0x0, 0x0, 0x40, [], 0x6f}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:26:01 executing program 0:
r0 = memfd_create(&(0x7f0000000080)=':2\xfd', 0x0)
r1 = socket(0x4000000000012, 0x4000000000004, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ptype\x00')
ioctl$RTC_PIE_ON(r2, 0x7005)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x2, 0x910, r0, 0x0)
sendfile(r1, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
fcntl$dupfd(r1, 0x406, r1)

23:26:01 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}]}})

23:26:01 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0x0, 0x6, 0x40, [], 0x6f}]}})

23:26:01 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0x0, 0x0, 0x40, [], 0x6f}]}})

23:26:02 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x8000000}}, 0xfffffefd)

23:26:02 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0x0, 0x0, 0x0, [], 0x6f}]}})

23:26:02 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
ioctl$sock_netrom_SIOCDELRT(r1, 0x890c, &(0x7f0000000040)={0x1, @default, @bpq0='bpq0\x00', 0x1000, 'syz0\x00', @default, 0x10000, 0x7, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @null, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:02 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:02 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0x0, 0x0, 0x0, [], 0x6f}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:26:02 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xd0070000000000}}, 0xfffffefd)

23:26:02 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
userfaultfd(0x80800)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:02 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}]}})

23:26:02 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:26:02 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x3ff, 0x7, [], 0x100000000}]}})

23:26:02 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x0, 0x7, [], 0x100000000}]}})

23:26:02 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x0, 0x0, [], 0x100000000}]}})

23:26:03 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xa000000}}, 0xfffffefd)

23:26:03 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic})

23:26:03 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:26:03 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:03 executing program 0:
sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil)
mmap(&(0x7f00008da000/0x1000)=nil, 0x1000, 0x0, 0xb4972, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x44000)
ioctl$KVM_PPC_GET_PVINFO(r0, 0x4080aea1, &(0x7f0000000140)=""/37)
io_setup(0x40000000004ed4, &(0x7f0000000100)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}])
r2 = socket(0x11, 0x3, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r2, r3, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:03 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000001c0)=ANY=[@ANYBLOB="050000000000000701000080"])
ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000140)={0x78, 0x0, [0xc0010140]})

23:26:03 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:26:03 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xf00f0000000000}}, 0xfffffefd)

23:26:03 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:03 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070")
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'bridge_slave_0\x00', <r3=>0x0})
ioctl$TUNSETIFINDEX(r2, 0x400454da, &(0x7f0000000040)=r3)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000400)={'rose0\x00', 0x2})

23:26:03 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000001380)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x820000, 0x0, 0x0, [0x0, 0x0, 0x3f000000]}, 0x2c)

23:26:04 executing program 1:

23:26:04 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xb000000}}, 0xfffffefd)

23:26:04 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:04 executing program 1:

23:26:04 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
getpid()
getpgid(0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000200)=<r1=>0x0)
r2 = syz_open_procfs(r1, &(0x7f0000000240)='\x8e\xff\x01\x00\x00\x00\x00\x00\x00\xad\x05\x14\xe2\x19\xc2\xc4w\xcdO\xe3\xf6\xa7&\xfd\xcfnD\x03\xbf?c\xc4\xb3!\xad\xfc\x14i\xd0r\xd0\x18\xa0}\x89\xee1\xf5{\xb4r8\xae\xde6\x12)\x16\xfe`\x83=\f\xf8\x00v\xef\xc8\x83,\x16]u\xa0wM\x1c\xbe2\xe1\xd9\x00\xcbb\xe8\xd0C\x0e\xfb21\xf85\x96\x13\xd3#\x83nU\xa0#\xc4\\\xf9x=1\x1ec\x9d\xaf\xca\xf1s\xeeEm\xac\xf1O\xcb\xac>N\x9f \xeb\xf2^]0\x06B\xf9u\xf9i\xa5\xa7\xc1\x19\t(\x98\x12\x9c{Z\x86\x10/\xef\n\x14\xd7+\xc2\xba\xa5\x93\x17\x1e\xa6/)p=[\fM\xef\xc3\xdf\"\x84*9\x1a\xf0N\xd3\xdc\xe6\xea\xc4P\x9fK\xf5a\xc8e\x17>\xd4\xc8\x9a\x92')
sendfile(r0, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:04 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x3ff, 0x7, [], 0x100000000}, {0x0, 0x0, 0x0, [], 0x6f}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:26:04 executing program 1:

23:26:04 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x100000000000000}}, 0xfffffefd)

23:26:04 executing program 1:

23:26:04 executing program 0:
r0 = socket(0x3, 0x23, 0x10000)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
fremovexattr(r0, &(0x7f0000000040)=@known='system.sockprotoname\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:04 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x0, 0x7, [], 0x100000000}, {0x0, 0x0, 0x0, [], 0x6f}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:26:04 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0\x00', 0x0, 0x0)
ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000000))

23:26:04 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x8912, &(0x7f00000000c0)="0adc1f123c12a43d88b070")
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

23:26:05 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xb000200}}, 0xfffffefd)

23:26:05 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x0, 0x0, [], 0x100000000}, {0x0, 0x0, 0x0, [], 0x6f}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:26:05 executing program 1:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x4)
recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000600)="4c000000120081ae08060c04000f006b10007f03400100000000000000ca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82afb9bbc7a461eb886a5e54e8ff53144612ad5d0", 0x4c}], 0x1}, 0x0)

23:26:05 executing program 0:
socket(0xa, 0x3, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r0, &(0x7f0000000100)=0xfffffffffffffff6, 0x200)
openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0)
signalfd(r0, &(0x7f0000000080)={0xffff000000000000}, 0x8)

23:26:05 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:05 executing program 1:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x4)
recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000600)="4c000000120081ae08060c04000f006b10007f03400100000000000000ca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82afb9bbc7a461eb886a5e54e8ff53144612ad5d0", 0x4c}], 0x1}, 0x0)

23:26:05 executing program 1:
syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0)

23:26:05 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000040)=0x7)

23:26:05 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x0, 0x0, [], 0x100000000}, {0x0, 0x0, 0x0, [], 0x6f}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:26:05 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x200000000000000}}, 0xfffffefd)

23:26:05 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd(0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000000c0)={r2})
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0x2, r2})

23:26:05 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x2, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0x325)

23:26:06 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xd000000}}, 0xfffffefd)

23:26:06 executing program 1:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="a43d6a2ac233b8082e0beb1448c2a0ac02ec9e439f4c403d942559cf488188efe76d85133df4966ddf3be1f6933164ad895da6d8de3176d2fd55ba0f451da9551ccb976ec5688e1a851529bfce10de6630e6c4ec9e2f205686ebb86a5bdd43ad725411a4194f8077137684142b1b331a1c21b7e7b560c175c99edb50a52ed255677c2eecec3de19f95824197f9e4d87f076914ad547aacfb177f1fa3e2ed708ce14edac9348221c2dc903c6687cf9a41143a98621833634dfd51005a46b0354b99b4e9aa3833fcfffc3b94d84e46af89ce5b59c0ef00271fe583d069c9d17f29619f6d04c3ddfe6d7847fe23b95962d97ca45adca24bfee92f6597beb3a3d9ffc3c56c7ad275bbbaf55d1dcfab846a1d366a11fffeb3495783e844ed9c56ed6fd837dc35ce1bece12cee360e468003d40616bcba6d63bdcf", 0x138)

23:26:06 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:06 executing program 0:
r0 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0xeae8, 0x42000)
getsockopt$netrom_NETROM_T2(r0, 0x103, 0x2, &(0x7f00000000c0)=0x6, &(0x7f0000000100)=0x4)
r1 = socket(0x11, 0x3, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r1, 0x400c6615, &(0x7f0000000040))
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r1, r1, &(0x7f0000000000), 0x101)

23:26:06 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x0, 0x0, [], 0x100000000}, {0x0, 0x0, 0x0, [], 0x6f}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:26:06 executing program 1:
syz_open_dev$mouse(&(0x7f0000000200)='/dev/input/mouse#\x00', 0x1, 0x0)

23:26:06 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x300000000000000}}, 0xfffffefd)

23:26:06 executing program 1:
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$can_bcm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0)

23:26:06 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/fib_trie\x00')
ioctl$GIO_FONTX(r1, 0x4b6b, &(0x7f0000000080)=""/250)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:06 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [], 0x6f}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:26:06 executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x55}}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48)

23:26:06 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
r0 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x0, 0x10000)
ioctl$VIDIOC_PREPARE_BUF(r0, 0xc058565d, 0x0)
perf_event_open(&(0x7f0000001380)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x820000, 0x0, 0x0, [0x0, 0x0, 0x0, 0x20ef000000000000]}, 0x2c)

23:26:07 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xe000000}}, 0xfffffefd)

23:26:07 executing program 1:
clone(0x200, 0x0, 0x0, 0x0, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x1043, 0x0)
execve(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000580)='io\x00[\xfcW\x16\x9b\xab\xeeT\xed\x16\xe3\x9ez\x8f\xe4\xb9\x00\x06\xf2f\xe3\xf6<D;?\xc5\x04\x00\x06\xbb\\\xd4\xbd|ss\xb3\xd4\xd4p\xa0\xcbV\x17\xaa\xdb\xfbd\xc5\xf9\x98<%\xd0$\xa9\xf3\xc4\x89\xccC\x8f\x9em\xe1c_g+\xf7\n\xd3\xbc\'\xc9$8_U\x86\xd4\xa5\x1cd \xa4\xe3V\xe4\xe5\xff~(\x10M&/\x88\x9f9\x01\x01\xcc\xaf\xf8\x05\x81f\x03\xf6[\xa3\xdfU[l5,\xd7\xd8Jrg\xa046\xba')
read$FUSE(r0, 0x0, 0x0)
open$dir(&(0x7f0000296ff8)='./file0\x00', 0x27e, 0x0)

23:26:07 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:07 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [], 0x6f}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:26:07 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000040)={<r2=>0x0, 0x60cb}, &(0x7f0000000080)=0xc)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f00000000c0)={r2}, 0x8)
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:07 executing program 1:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0)
fchdir(r0)
creat(&(0x7f0000000080)='./bus\x00', 0x0)
r1 = open(&(0x7f00000000c0)='./bus\x00', 0x141042, 0x0)
write$P9_RREMOVE(r1, &(0x7f0000000040)={0xfffffffffffffff6}, 0x7)

23:26:07 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x400000000000000}}, 0xfffffefd)

23:26:07 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [], 0x6f}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:26:07 executing program 1:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0)
fchdir(r0)
creat(0x0, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = open(&(0x7f00000000c0)='./bus\x00', 0x141042, 0x0)
r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
write$P9_RREMOVE(r2, &(0x7f0000000280)={0x7}, 0xff7f)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0x0, r2, 0xffffffffffffffff})

23:26:07 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
recvfrom$rose(r0, &(0x7f0000000040), 0x0, 0x10020, &(0x7f0000000080)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, 0x3, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x40)

23:26:07 executing program 1:
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x2, 0x0)
write$UHID_DESTROY(r0, &(0x7f0000000180)={0xe}, 0x20f)

23:26:07 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [], 0x6f}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f00000067c0))

23:26:08 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xf000000}}, 0xfffffefd)

23:26:08 executing program 1:
pipe(0x0)
openat$ion(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ion\x00', 0x0, 0x0)

23:26:08 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:08 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x442, 0x0)
ioctl$PIO_CMAP(r1, 0x4b71, &(0x7f0000000080)={0x1, 0x7, 0x0, 0x20, 0x101, 0x6})
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:08 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [], 0x6f}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)

23:26:08 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80')
openat$cgroup_ro(r0, &(0x7f00000003c0)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed<?\xc7\xb6s\xca\xff\x96\x9a}+Q\xd2\xd9{\xca\x86Vw\xde\xb3\x86\x91\xfd\xb5p\xdb$ j\xfb\xf8\xedw\xf4\x161a.\xc7\n\xe0X?\xc4\xf4BW\x01\x1f-\xcc\x01\xd0W\xc8\xf09\fV\x1b|A)\xb8\xda#NP\x1c\x9d\x93#V\x9f\"v\x19n{\x96\xaa\xbd0\x8ef\x9d\xb88CP(}w\x8c\xbb\xdc%\ax \x10\xd1\n(\xa8=\xf54\xa9\xcb\xe9\x97T\xcf\xcf\x87t', 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/4\x00')
write$P9_RXATTRWALK(r1, &(0x7f0000000480)={0x135}, 0x53bf75)

23:26:08 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x500000000000000}}, 0xfffffefd)

23:26:08 executing program 1:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu\x00', 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000040)='cpuset.mems\x00', 0x2, 0x0)
write$cgroup_int(r1, 0x0, 0x0)

23:26:08 executing program 5:

23:26:08 executing program 0:
r0 = socket(0x11, 0x805, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:08 executing program 1:

23:26:08 executing program 5:

23:26:09 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x10000000}}, 0xfffffefd)

23:26:09 executing program 1:

23:26:09 executing program 5:

23:26:09 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
ioctl$VIDIOC_OVERLAY(r1, 0x4004560e, &(0x7f0000000040)=0x5)

23:26:09 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:09 executing program 1:

23:26:09 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x600000000000000}}, 0xfffffefd)

23:26:09 executing program 1:

23:26:09 executing program 5:

23:26:09 executing program 0:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
ioctl$PPPIOCSNPMODE(r1, 0x4008744b, &(0x7f0000000040)={0xc03f})
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x40000, 0x0)
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
setsockopt$sock_int(r2, 0x1, 0x4, &(0x7f0000000100)=0x3, 0x4)

23:26:09 executing program 1:

23:26:09 executing program 1:

23:26:10 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x11000000}}, 0xfffffefd)

23:26:10 executing program 5:

23:26:10 executing program 1:

23:26:10 executing program 0:

23:26:10 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:10 executing program 1:

23:26:10 executing program 1:

23:26:10 executing program 5:

23:26:10 executing program 0:

23:26:10 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x700000000000000}}, 0xfffffefd)

23:26:10 executing program 1:

23:26:10 executing program 1:

23:26:10 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x20000000}}, 0xfffffefd)

23:26:10 executing program 5:

23:26:10 executing program 1:

23:26:10 executing program 0:

23:26:10 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:11 executing program 1:

23:26:11 executing program 5:

23:26:11 executing program 1:

23:26:11 executing program 1:

23:26:11 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x800000000000000}}, 0xfffffefd)

23:26:11 executing program 1:

23:26:11 executing program 0:

23:26:11 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x40000000}}, 0xfffffefd)

23:26:11 executing program 5:

23:26:11 executing program 1:

23:26:11 executing program 0:

23:26:11 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:12 executing program 1:

23:26:12 executing program 1:

23:26:12 executing program 0:

23:26:12 executing program 5:

23:26:12 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xa00000000000000}}, 0xfffffefd)

23:26:12 executing program 1:

23:26:12 executing program 5:

23:26:12 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x401f0000}}, 0xfffffefd)

23:26:12 executing program 0:

23:26:12 executing program 1:

23:26:12 executing program 5:

23:26:12 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:12 executing program 1:

23:26:13 executing program 1:

23:26:13 executing program 5:

23:26:13 executing program 0:

23:26:13 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xb00000000000000}}, 0xfffffefd)

23:26:13 executing program 1:

23:26:13 executing program 0:

23:26:13 executing program 1:

23:26:13 executing program 5:

23:26:13 executing program 0:

23:26:13 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:13 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x50000000}}, 0xfffffefd)

23:26:13 executing program 1:

23:26:13 executing program 1:

23:26:13 executing program 5:

23:26:14 executing program 1:

23:26:14 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xb00020000000000}}, 0xfffffefd)

23:26:14 executing program 0:

23:26:14 executing program 1:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c)
connect$inet6(0xffffffffffffffff, &(0x7f0000000800)={0xa, 0x0, 0x0, @remote}, 0x1c)
sendmmsg(r0, &(0x7f0000007e00), 0x26e, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000007c0)='ip6tnl0\x00', 0x10)

23:26:14 executing program 5:
clone(0x13102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x40000008, 0x0)
socket$packet(0x11, 0x3, 0x300)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x11)
ptrace$cont(0x18, r0, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x37})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x21, r0, 0x0, 0x0)

23:26:14 executing program 0:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
write$binfmt_aout(r1, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00'], 0x1)
fallocate(r1, 0x0, 0x0, 0x2000002)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fallocate(r0, 0x0, 0x0, 0x110001)
getsockopt$sock_linger(r0, 0x1, 0xd, 0x0, &(0x7f0000000100))
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1, 0x0, 0x8})

23:26:14 executing program 1:
creat(&(0x7f0000000080)='./file0\x00', 0x0)
mount(&(0x7f0000000280)=ANY=[], &(0x7f0000000280)='./file0\x00', 0x0, 0x1001000, 0x0)
unlink(&(0x7f0000000200)='./file0\x00')

23:26:14 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:14 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xa0000000}}, 0xfffffefd)

23:26:14 executing program 1:
socket$inet(0x10, 0x3, 0x0)
ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x82)
r2 = memfd_create(&(0x7f0000000100)='t\bnu\x00\x00\x00\x00\x85nG\x13g\xa6\x05', 0x0)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x81805)
prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c)
ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
sendfile(r1, r1, 0x0, 0x20002000005)
listxattr(0x0, &(0x7f00000013c0)=""/21, 0x15)
ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01)
ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
r3 = openat$pfkey(0xffffffffffffff9c, 0x0, 0xbfffe, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, 0x0)
bind$unix(r3, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
bind(0xffffffffffffffff, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x6946)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x0)
write(0xffffffffffffffff, &(0x7f00000001c0), 0x7ba27d3a)

23:26:14 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = memfd_create(&(0x7f0000000700)='/7\x02\xe8\xa4\xef\x9e\xc8e\xd5n\x89\xeb[<\x18-\x14\x8d8\xbf\xfe\x83\x19\xf3(\xd7y\x14h\xcf(f\x06I:\xa4\xea\xcb\b\x81C\xdd\xcc\x00\x00\x00\x00\xf9\b1h\xbam\xa4x\xb1:\xcf\a\x94Z\x7f\xc8\vy\xf2F\xf4\x9d\n3\xd4\x9a[\xee\xaa\t\xbe\x90\xabU3\xd3[y\xd1d^We\xa9\xcb\x86a\"\xba\xb7\xcd\xcf\x88\x9eqO|\x9f\xcf\r\x86\xf4\x15@\x82w\xa8\\\x8c^a\xbe\x991l\\\x16\xd4\xd53\xdd\x9e\x00\x01:\xac\x14^\xf6\xb6\xb1^\xaa\xfa\x02x\x8aV\x87\xe3\xfb\xef\xd0\xb7({,\xf4\xa2cl`\xdc\xf7\xe2f\xad\xaa>\xd4Ts\x10\xb9V!\x91uGTy\xde$X\xff\xb1\xf3={\xb7\xe65\xb6\x1a\x99q^\xc2\xfc\xb0\xc09\x85\x03\xf1]\xc54;\x8d\x01\xec3#\x8f%5\xef\xfe\xc5\xdb\xd5\xb7\xe0\xdd\xec,rV\x82!\xa0', 0x0)
pwritev(r2, &(0x7f0000000200)=[{&(0x7f0000000280)=',', 0x1}], 0x1, 0x4081806)
sendfile(r0, r2, 0x0, 0x20020102000007)
recvfrom$unix(r1, &(0x7f0000000040)=""/4, 0xebc3276d6d4b1cd2, 0x100100, &(0x7f0000000100)=@abs, 0x930212)

23:26:15 executing program 1:
clone(0x4000003102041ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="052fc73c7f0000000000e0d0337c43deff35d812518a4a4c3a0200000000ef3bc477800225cdb6b960b17495908c89f99a8c076bcff6a23838"], 0x39)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f00000000c0))
ptrace$cont(0x7, r0, 0x0, 0x0)

23:26:15 executing program 5:
open(0x0, 0x0, 0x0)
r0 = creat(&(0x7f0000000080)='./file1\x00', 0x0)
ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040))
write$P9_RSTATu(r0, &(0x7f0000000040)=ANY=[], 0x445144e9)
io_cancel(0x0, 0x0, 0x0)
fdatasync(r0)
ioctl$EXT4_IOC_MIGRATE(r0, 0x6609)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000240)='TIPC\x00')
ioctl$sock_inet_SIOCRTMSG(0xffffffffffffffff, 0x890d, 0x0)

23:26:15 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xd00000000000000}}, 0xfffffefd)

23:26:15 executing program 1:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x100000, 0x0)
mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0)
mount(&(0x7f0000000000), &(0x7f00000000c0)='.', 0x0, 0x23080, 0x0)
mount(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x80000, 0x0)
mount(&(0x7f0000000080), &(0x7f0000000180)='.', 0x0, 0x5010, 0x0)

23:26:15 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x1000000000000010)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000000)=0x2, 0x4)

23:26:15 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r0, 0x0, 0xffffffe3, 0x20000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe(0x0)
close(r1)
ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0)
recvfrom(r0, 0x0, 0xfffffffffffffd3f, 0x0, 0x0, 0x2e2)

23:26:17 executing program 0:
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil)
shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x4000)
shmctl$SHM_LOCK(r0, 0xb)
sigaltstack(&(0x7f0000ffe000/0x2000)=nil, 0x0)
shmctl$SHM_UNLOCK(r0, 0xc)

23:26:17 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:17 executing program 1:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
bind$inet6(r0, &(0x7f0000000600)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, 0x0, 0x1a7, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendmmsg(r1, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000100)="be242f9dcae4b0efc66d3c6fe5bd320e09b085629d3682ae9d91d144a72fa0be3a227789dbde476ef9e48d27375b9e2638727dc27e5381fe4a5d5956ef", 0x3d}], 0x1}, 0x80000000}, {{0x0, 0x0, 0x0}}], 0x2, 0x1)
ioctl$FIONREAD(r1, 0x541b, &(0x7f00000000c0))

23:26:17 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000001000)={{0xa, 0x0, 0x0, @local}, {0xa, 0x0, 0x800000203ffd, @empty}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x5c)
setsockopt$inet_int(r0, 0x0, 0x40, &(0x7f0000000ffc), 0x4)

23:26:17 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xa0860100}}, 0xfffffefd)

23:26:17 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xe00000000000000}}, 0xfffffefd)

23:26:17 executing program 1:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80004000000002, &(0x7f0000000000)=0x79, 0x4)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x2, 0x0, "a77760f5a7645bc43c241d69912dda0c63c2a66726f8cfafd6c8fe2c98de7ba44947a79015f0fe57917cb62a93987a938fdedfce7bbba4fec2d8a09c41fb233245f2604b9e07b8ab79ec15ef2818a179"}, 0xd8)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4)
write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd)

23:26:17 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000001000)={{0xa, 0x0, 0x0, @local}, {0xa, 0x0, 0x800000203ffd, @empty}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x5c)
setsockopt$inet_int(r0, 0x0, 0x40, &(0x7f0000000ffc), 0x4)

23:26:17 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f0000000140), 0x1c)

23:26:17 executing program 5:
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@random="7187dcc3cdd5", @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @broadcast}, @icmp=@parameter_prob={0x21, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}, @multicast1}}}}}}, 0x0)

23:26:17 executing program 5:
r0 = socket$inet(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x8084, &(0x7f0000319ff0)={0x2, 0x4e20}, 0x10)
write$binfmt_elf32(r0, 0x0, 0x0)

23:26:18 executing program 5:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_dev$evdev(&(0x7f0000000240)='/dev/input/event#\x00', 0xc000000000, 0x40001)
r3 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffa)
fadvise64(r0, 0x0, 0xae2, 0x5)
keyctl$revoke(0x3, r3)
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000340)='/dev/rtc0\x00', 0x400, 0x0)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000740)={<r5=>0x0, @empty}, &(0x7f0000000780)=0xc)
accept4(r0, &(0x7f0000000400)=@pppol2tpv3in6={0x18, 0x1, {0x0, <r6=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, &(0x7f00000002c0)=0x80, 0x0)
setsockopt$inet6_mreq(r6, 0x29, 0x0, &(0x7f00000007c0)={@loopback, r5}, 0x14)
write$P9_RREADLINK(r4, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1600090017249e25ba7d33db7e516ee1757401000d002e2f668a6c65302f66696c65303949d8eea49b46caead7b4c14e23c70bd7b99585d7b6928a4241ff43d87c14913eb95db87f980f424dca060422da6302c6dadb76909f12f6c7553bd3ff6ad0bcd6365a304be416e967cb39ea127542ee070000000000000b3596bce47f7668347f5b1f5f409544000019048d48be6788d8715692c7b8541e671207e09c7a3f1e4e17689876069d593dfeb01652484dd1b732c7ecbed93ceb243166e044327a77d05b316d2b09905a6c77c877e45a219f45e4749b5cb038d2261e40d322af406897a72d7aaed45b6d8bb3ea6c44065b0d0e7cb1eec3063fd96c1dcc52d1fca190bae9b5c968d8c992a7febb9a9e4ab3dcea7af74b89dcd1e2501866f39354596b2c4e81cc917505eaf7f709c05222b28ff96d79d50ebcab60e34733950f749f570044449eaa20f05bbc64df4a8188735342675ff31ea38a1de30b8e65c16477646d42a3f2cb628a507ba3c82540e4575702b5d6ab8e5b2e75695bdbd351771c17d63ba72b7a8735985bf614aa01e4f24268b09cf74254b62f6ee4d0550eb8984896457dd50ca4499b9c3704d43134978331817b1a0100000080bf3ba62c0abe422f538c9da1abb23dd241ab9e397ab436a59a37f980ef9bea951450a21fbc8b0e686f9cc4a56fd85b00082dab5d47b200e09d6ea88530673959c6d476e45637f20ee7e11aa95886186792e7b5edc22f32a3471b20af40d9ad4eff3ae691c8ef42b022a596bdccfeaef8181b95d5d441be0a6a61e4fe970072ed8dc9530b5c80f997f51a3ccf2673f60503cc8226b03037a23cdd5b750366b2d26ef216d95749f16d1bca3750c4ac8fbc93e9d48f82381889e8257b74cb4ee20161bd7aec025608650ac08b7b6a416e3bee91d9f4aa0a9da3ba89cae5768d77ee4089c2d55cd03e621f17b09cf239bd99f29c123b1c214c645bc6821be8e4dc28d566f24c54c30e0f379cae1439ce1511000000000000d437ed00000000ffffffffdc09d37db797536eeb52bf0000008ff4f698ba8c38a5be5872edafe3619bbb52a9574925e0875d14697c7d219700abb7e5ac32a5735fd47ffb355ca7083e0d0bc81006472852a959e53090eae5184b33f2ab4dc99896fbd67c0ab5d00d427f7c67e20a326550eacf29238fae2dc6559739a7bc7f6487c76f15de41e457b898f323c2dd69ce4f35dc16d57a0067dbca27890d61632d570da4713b4b6c47e5e0edc794c9ee13ffa2cfd03e893359a7eb58339fcb64cf376add8549f90d1b156a969b313c6841cb60caa7e93580fd35df585e83c10245bcb5836a8e53e22b16"], 0x3bb)
ioctl$RNDZAPENTCNT(r4, 0x5204, &(0x7f0000000380)=0x5)
clone(0x6102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$random(0xffffffffffffff9c, &(0x7f0000000200)='/dev/urandom\x00', 0x100, 0x0)
writev(r2, &(0x7f0000000700)=[{&(0x7f0000000640)="66272eaa06a51a7d7226b96c2afb", 0xe}], 0x1)
ioctl$EVIOCSKEYCODE_V2(r2, 0x40284504, &(0x7f00000003c0)={0x29, 0x1f, 0x7f, 0x0, "0000e1d1ea0000000000000000afa68a69da0000000000000000000800"})
ioctl$EVIOCGSW(r2, 0x8040451b, 0x0)
socketpair$unix(0x1, 0x40000005, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
mmap(&(0x7f0000320000/0x3000)=nil, 0x3000, 0x0, 0x8031, r0, 0x3)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000180), 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000001c0)='syz_tun\x00', 0x10)
r8 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r8, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070")
r9 = dup2(r0, r0)
sendmsg$NBD_CMD_RECONFIGURE(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=ANY=[@ANYRESOCT=0x0], 0x1}}, 0x0)
write$cgroup_type(r9, &(0x7f0000000140)='threaded\x00', 0xfffffebd)

23:26:18 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:18 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xb0d58c7167e3d39d)

23:26:18 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xfeffffff}}, 0xfffffefd)

23:26:18 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xf00000000000000}}, 0xfffffefd)

23:26:18 executing program 1:
r0 = socket$unix(0x1, 0x1, 0x0)
pipe2$9p(0x0, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
pwritev(0xffffffffffffffff, 0x0, 0xfffffffffffffcb6, 0x0)
bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)
listen(r1, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0)
r2 = accept4$inet(r1, 0x0, 0x0, 0x0)
connect$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
stat(0x0, 0x0)
socket$unix(0x1, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_EDITDEST(r2, 0x0, 0x489, &(0x7f0000000000)={{0x3c, @remote, 0x4e22, 0x1, 'rr\x00', 0x36, 0x2, 0x2c}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e22, 0x27062e04c8eed4c8, 0x8001, 0x1, 0xffffffffffffffff}}, 0x44)

23:26:18 executing program 5:
socket$inet_tcp(0x2, 0x1, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='romfs\x00', 0x0, 0x0)
pause()

23:26:18 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0)
read(r0, &(0x7f0000000000)=""/11, 0x8)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200))
clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socket$inet(0x2, 0x0, 0x0)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, 0x0)

23:26:18 executing program 1:
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000540)='/dev/null\x00', 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151)
connect$inet6(r1, &(0x7f0000000080), 0x1c)
r2 = dup2(r1, r0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64)
syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f")
clone(0x2102001ff7, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvfrom$inet(r0, 0x0, 0x151, 0x0, 0x0, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0)

23:26:18 executing program 0:
r0 = socket$inet(0x2, 0x80a, 0x0)
ioctl$SIOCGSTAMP(r0, 0x8906, 0x0)

23:26:18 executing program 1:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000340)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
write$binfmt_misc(r1, &(0x7f0000000040)=ANY=[@ANYRES64], 0xffffff7c)
r3 = socket$inet(0x2, 0x3, 0x7f)
bind$inet(r2, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast1}, 0x10)
splice(r0, 0x0, r3, 0x0, 0x2110008, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)

23:26:19 executing program 0:
syz_genetlink_get_family_id$nbd(0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
sched_setscheduler(0x0, 0x5, &(0x7f0000000200))
seccomp(0x1, 0x0, &(0x7f0000001980)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0x9}, {0x6}]})

23:26:19 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:19 executing program 5:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0)
fchdir(r0)
r1 = creat(&(0x7f0000000240)='./bus\x00', 0x0)
write$FUSE_IOCTL(r1, &(0x7f0000000000)={0xfffffffffffffee5}, 0xfffffeba)
fcntl$setstatus(r1, 0x4, 0x4002)
io_setup(0xb, &(0x7f0000000100)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x10000}])

23:26:19 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x2a, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000026c000)=ANY=[]], 0x0, 0x800020, 0x0})

[ 1517.881992][T20425] binder: 20354:20425 transaction failed 29189/-22, size 8230-0 line 2994
[ 1517.909902][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
23:26:19 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xffffff7f}}, 0xfffffefd)

23:26:19 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x1000000000000000}}, 0xfffffefd)

23:26:19 executing program 0:
mkdir(&(0x7f0000001b40)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000000)='./file0\x00')
r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0)
fstat(r0, 0x0)

23:26:19 executing program 1:
r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x34, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000aec4583d81015640600b62127f5a537a76fb"], 0x0, 0x800020, 0x0})

23:26:19 executing program 1:
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFBR(0xffffffffffffffff, 0x8941, 0x0)
read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3)
getpeername$packet(r1, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000008c0)='./cgroup.cpu\x00', 0x200002, 0x0)
fchdir(r2)
r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$cgroup_int(r0, 0x0, 0x4)
ioctl$FS_IOC_RESVSP(r3, 0x402c5828, &(0x7f0000000080)={0x0, 0x0, 0x100000000000000a})
write$P9_RFLUSH(r3, &(0x7f0000000680)={0x7}, 0xffffff50)
execveat(0xffffffffffffffff, 0x0, &(0x7f0000000640), &(0x7f0000000780)=[&(0x7f00000006c0)='/selinux/context\x00'], 0x0)
request_key(&(0x7f0000000180)='logon\x00', 0x0, &(0x7f0000000740)='\xe5&\x00', 0xfffffffffffffffc)
getresuid(&(0x7f0000000140), &(0x7f0000000340), &(0x7f0000000380))
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, 0x0, 0x0, &(0x7f00000002c0)=""/81)
fcntl$getflags(0xffffffffffffffff, 0x0)
fsetxattr(r0, &(0x7f0000000000)=@known='system.posix_acl_access\x00', &(0x7f00000001c0)='/dev/input/mice\x00', 0x10, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000300)={0x2})
fdatasync(r3)
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x48)
syz_genetlink_get_family_id$team(&(0x7f0000000800)='team\x00')
fsetxattr$trusted_overlay_upper(0xffffffffffffffff, &(0x7f0000000440)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000500)={'syz1'}, 0x4)

23:26:19 executing program 5:
r0 = open(&(0x7f0000000200)='./file0\x00', 0x14104a, 0x0)
write$evdev(r0, &(0x7f0000000000)=[{{}, 0x1, 0x74, 0x2}], 0x10)
sendfile(0xffffffffffffffff, r0, 0x0, 0x0)
r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000140)='/dev/input/event#\x00', 0x0, 0x101002)
sendfile(r2, r1, 0x0, 0xfff)

[ 1518.032487][T20481] binder: 20479:20481 transaction failed 29189/-22, size 819725870318042456--326939424518630814 line 2994
[ 1518.055363][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
23:26:19 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1518.238350][T20620] binder: release 20604:20620 transaction 7 out, still active
[ 1518.247174][T20620] binder: unexpected work type, 4, not freed
[ 1518.254133][T20620] binder: undelivered TRANSACTION_COMPLETE
[ 1518.261465][T20620] binder: invalid inc weak node for 8
[ 1518.268073][T20620] binder: 20604:20620 IncRefs 0 refcount change on invalid ref 1 ret -22
23:26:19 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1518.341999][ T5246] binder: send failed reply for transaction 7, target dead
[ 1518.397697][T20858] binder: release 20845:20858 transaction 11 out, still active
[ 1518.405832][T20858] binder: unexpected work type, 4, not freed
[ 1518.412761][T20858] binder: undelivered TRANSACTION_COMPLETE
[ 1518.424503][T20858] binder: invalid inc weak node for 12
[ 1518.430405][T20858] binder: 20845:20858 IncRefs 0 refcount change on invalid ref 1 ret -22
23:26:19 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1518.462540][T24362] binder: send failed reply for transaction 11, target dead
23:26:20 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:20 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:20 executing program 0:
futex(0x0, 0x61efbc5b032cc7ec, 0x0, 0x0, 0x0, 0x0)

[ 1518.542301][T21002] binder: release 20917:21002 transaction 15 out, still active
[ 1518.550235][T21002] binder: unexpected work type, 4, not freed
[ 1518.556469][T21002] binder: undelivered TRANSACTION_COMPLETE
[ 1518.573483][T21002] binder: invalid inc weak node for 16
[ 1518.580438][T21002] binder: 20917:21002 IncRefs 0 refcount change on invalid ref 1 ret -22
[ 1518.613483][ T5246] binder: send failed reply for transaction 15, target dead
[ 1518.698848][T21009] binder: release 21007:21009 transaction 19 out, still active
[ 1518.752227][T21009] binder: unexpected work type, 4, not freed
[ 1518.782508][T21009] binder: undelivered TRANSACTION_COMPLETE
[ 1518.945760][ T5246] binder: send failed reply for transaction 19, target dead
23:26:20 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xfffffffe}}, 0xfffffefd)

23:26:20 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x1100000000000000}}, 0xfffffefd)

23:26:20 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:20 executing program 0:
socket(0xb, 0x0, 0x0)

23:26:20 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1519.176867][T21123] binder: release 21121:21123 transaction 23 out, still active
[ 1519.185103][T21123] binder: unexpected work type, 4, not freed
[ 1519.194061][T21123] binder: undelivered TRANSACTION_COMPLETE
[ 1519.206010][T21123] binder: invalid inc weak node for 24
[ 1519.212388][T21123] binder: 21121:21123 IncRefs 0 refcount change on invalid ref 1 ret -22
23:26:20 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1519.245457][T24362] binder: send failed reply for transaction 23, target dead
23:26:20 executing program 0:

23:26:20 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1519.309589][T24362] binder: release 21127:21129 transaction 27 out, still active
[ 1519.317783][T24362] binder: unexpected work type, 4, not freed
[ 1519.365956][T24362] binder: undelivered TRANSACTION_COMPLETE
[ 1519.371971][T21130] binder: BINDER_SET_CONTEXT_MGR already set
[ 1519.372019][T21130] binder: 21124:21130 ioctl 40046207 0 returned -16
[ 1519.389875][T21140] binder: BINDER_SET_CONTEXT_MGR already set
[ 1519.395962][T21140] binder: 21133:21140 ioctl 40046207 0 returned -16
[ 1519.406204][T21140] binder_alloc: 21127: binder_alloc_buf, no vma
23:26:20 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:20 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1519.413609][T21140] binder: 21133:21140 transaction failed 29189/-3, size 24-8 line 3147
[ 1519.436369][T21140] binder: 21133:21140 IncRefs 0 refcount change on invalid ref 1 ret -22
[ 1519.520268][T21247] binder: BINDER_SET_CONTEXT_MGR already set
[ 1519.526501][T21247] binder: 21244:21247 ioctl 40046207 0 returned -16
[ 1519.534633][T21247] binder_alloc: 21127: binder_alloc_buf, no vma
[ 1519.541463][T21247] binder: 21244:21247 transaction failed 29189/-3, size 24-8 line 3147
[ 1519.551177][T21247] binder: 21244:21247 IncRefs 0 refcount change on invalid ref 1 ret -22
[ 1519.560463][T24362] binder: undelivered TRANSACTION_ERROR: 29189
23:26:21 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:21 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1519.583912][T24362] binder: undelivered TRANSACTION_ERROR: 29189
[ 1519.596122][T24362] binder: send failed reply for transaction 27, target dead
[ 1519.623061][T21288] binder: 21283:21288 IncRefs 0 refcount change on invalid ref 1 ret -22
[ 1519.694609][T21329] binder: 21309:21329 IncRefs 0 refcount change on invalid ref 1 ret -22
23:26:21 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x100000000000}}, 0xfffffefd)

23:26:21 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x2000000000000000}}, 0xfffffefd)

23:26:21 executing program 0:

23:26:21 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:21 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:21 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:21 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1520.326730][T21437] binder: 21360:21437 IncRefs 0 refcount change on invalid ref 1 ret -22
23:26:21 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1520.414724][T21470] binder: 21467:21470 transaction failed 29189/-22, size 24-8 line 2994
[ 1520.425722][T21470] binder: undelivered TRANSACTION_ERROR: 29189
[ 1520.433130][T21470] binder: 21467:21470 IncRefs 0 refcount change on invalid ref 1 ret -22
23:26:22 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x9}, 0x20)
socket$kcm(0x11, 0xa, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x0, 0x0, 0x0, 0x0, 0x5c0, 0x1000, &(0x7f0000002800)=""/4096}, 0x48)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1f', 0x2761, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)}, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, &(0x7f0000000000))
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

[ 1520.457926][T21469] binder: release 21383:21469 transaction 37 out, still active
[ 1520.484948][T21469] binder: unexpected work type, 4, not freed
[ 1520.491229][T21469] binder: undelivered TRANSACTION_COMPLETE
23:26:22 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1520.520084][T21474] binder: release 21473:21474 transaction 40 out, still active
[ 1520.534867][T21474] binder: unexpected work type, 4, not freed
[ 1520.542335][T21474] binder: undelivered TRANSACTION_COMPLETE
[ 1520.559282][T21469] binder: invalid inc weak node for 38
23:26:22 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1520.605726][T21480] binder: release 21479:21480 transaction 43 out, still active
[ 1520.613748][T21480] binder: unexpected work type, 4, not freed
[ 1520.621534][T21480] binder: undelivered TRANSACTION_COMPLETE
23:26:22 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1520.683114][T21510] binder: BINDER_SET_CONTEXT_MGR already set
[ 1520.690216][T21510] binder: 21494:21510 ioctl 40046207 0 returned -16
[ 1520.698383][T21510] binder: release 21494:21510 transaction 46 out, still active
[ 1520.708499][T21510] binder: unexpected work type, 4, not freed
[ 1520.715157][T24362] binder: send failed reply for transaction 37, target dead
[ 1520.715592][T21510] binder: undelivered TRANSACTION_COMPLETE
[ 1520.748647][T24362] binder: send failed reply for transaction 40, target dead
[ 1520.783320][T24362] binder: send failed reply for transaction 43, target dead
[ 1520.814688][T24362] binder: send failed reply for transaction 46, target dead
[ 1520.865547][T21588] binder: unexpected work type, 4, not freed
23:26:22 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x200000000000}}, 0xfffffefd)

23:26:22 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x4000000000000000}}, 0xfffffefd)

23:26:22 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:22 executing program 0:
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg(r0, &(0x7f0000000080)={&(0x7f0000000000)=@in={0x2, 0x0, @loopback}, 0x80, 0x0}, 0x20000000)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x3, &(0x7f0000346fc8)=@framed, &(0x7f0000f6bffb)='GPL\x00', 0x1, 0xfb, &(0x7f00000002c0)=""/251}, 0x48)
r2 = socket$kcm(0x29, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000180)={r0, r1})
sendmsg$kcm(r2, &(0x7f0000000a80)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f00000003c0)="ed", 0x1}], 0x1}, 0x200000d0)

23:26:22 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:22 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:22 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1521.320485][T21702] binder_alloc: 21700: binder_alloc_buf, no vma
[ 1521.327476][T21702] binder: 21700:21702 transaction failed 29189/-3, size 24-8 line 3147
[ 1521.340797][T21702] binder: undelivered TRANSACTION_ERROR: 29189
23:26:22 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:22 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1521.419223][T21712] binder_alloc: 21711: binder_alloc_buf, no vma
[ 1521.426307][T21712] binder: 21711:21712 transaction failed 29189/-3, size 24-8 line 3147
[ 1521.436315][T21712] binder: undelivered TRANSACTION_ERROR: 29189
23:26:23 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1521.515735][T21771] binder: 21763:21771 transaction failed 29189/-22, size 24-8 line 2994
[ 1521.525121][T21771] binder: undelivered TRANSACTION_ERROR: 29189
23:26:23 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$kcm(0x10, 0x800000000002, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001600)="2e000000130081c5e4050cecdb4cb9040a485e431d00000000fffffff08ef9000600b0ebb06ac40006001400f9ff", 0x2e}], 0x1}, 0x0)

23:26:23 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1521.601376][T21823] binder_alloc: 21788: binder_alloc_buf failed to map pages in userspace, no vma
[ 1521.611119][T21823] binder: 21820:21823 transaction failed 29189/-3, size 24-8 line 3147
[ 1521.622634][T21823] binder: undelivered TRANSACTION_ERROR: 29189
[ 1521.700657][T21828] binder: 21827:21828 transaction failed 29189/-22, size 24-8 line 2994
[ 1521.710403][T21828] binder: undelivered TRANSACTION_ERROR: 29189
23:26:23 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:23 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x401f000000000000}}, 0xfffffefd)

23:26:23 executing program 1:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:23 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$kcm(0x10, 0x800000000002, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001600)="2e000000130081c5e4050cecdb4cb9040a485e431d00000000fffffff08ef9000600b0ebb06ac40006001400f9ff", 0x2e}], 0x1}, 0x0)

23:26:23 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xd00700000000}}, 0xfffffefd)

23:26:23 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:23 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:23 executing program 1:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:23 executing program 1:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:23 executing program 0:
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
close(r0)
r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uhid\x00', 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0))
epoll_wait(r1, &(0x7f0000000100)=[{}], 0x1, 0x9cc0)
write$UHID_CREATE(r2, &(0x7f00000002c0)={0x0, 'syz1\x00', 'syz1\x00i\x00\x00\x00\x00\x00\x00\x00\f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00', 'syz0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', &(0x7f0000000000)=""/11, 0xb}, 0x11c)
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)={0x1})

23:26:23 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:23 executing program 1:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:23 executing program 1:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:24 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xa086010000000000}}, 0xfffffefd)

23:26:24 executing program 1:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:24 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:24 executing program 0:

23:26:24 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:24 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x10000000000000}}, 0xfffffefd)

23:26:24 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1523.287810][T22279] binder_transaction: 2 callbacks suppressed
[ 1523.287828][T22279] binder: 22275:22279 transaction failed 29189/-22, size 24-8 line 2994
23:26:24 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1523.335398][T22285] binder_alloc: 22283: binder_alloc_buf, no vma
[ 1523.341871][T22285] binder: 22283:22285 transaction failed 29189/-3, size 24-8 line 3147
[ 1523.352008][T22285] binder_release_work: 2 callbacks suppressed
[ 1523.352016][T22285] binder: undelivered TRANSACTION_ERROR: 29189
[ 1523.367178][T22285] binder_thread_write: 6 callbacks suppressed
[ 1523.367193][T22285] binder: 22283:22285 IncRefs 0 refcount change on invalid ref 1 ret -22
23:26:24 executing program 0:

23:26:25 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1523.473143][T22298] binder_alloc: 22292: binder_alloc_buf, no vma
[ 1523.485386][T22298] binder: 22292:22298 transaction failed 29189/-3, size 24-8 line 3147
[ 1523.495190][T22298] binder: undelivered TRANSACTION_ERROR: 29189
[ 1523.502574][T22298] binder: 22292:22298 IncRefs 0 refcount change on invalid ref 1 ret -22
23:26:25 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1523.594122][T22351] binder_alloc: 22335: binder_alloc_buf, no vma
[ 1523.602070][T22351] binder: 22335:22351 transaction failed 29189/-3, size 24-8 line 3147
[ 1523.612679][T22351] binder: undelivered TRANSACTION_ERROR: 29189
[ 1523.621560][T22351] binder: 22335:22351 IncRefs 0 refcount change on invalid ref 1 ret -22
23:26:25 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1523.678570][T24362] binder: undelivered TRANSACTION_ERROR: 29189
[ 1523.699655][T22396] binder_alloc: 22395: binder_alloc_buf, no vma
[ 1523.706168][T22396] binder: 22395:22396 transaction failed 29189/-3, size 24-8 line 3147
[ 1523.721807][T22396] binder: undelivered TRANSACTION_ERROR: 29189
[ 1523.729746][T22396] binder: 22395:22396 IncRefs 0 refcount change on invalid ref 1 ret -22
[ 1523.810704][T22401] binder_alloc: 22399: binder_alloc_buf, no vma
[ 1523.845388][T22401] binder: 22399:22401 transaction failed 29189/-3, size 24-8 line 3147
[ 1523.856553][T22401] binder: undelivered TRANSACTION_ERROR: 29189
23:26:25 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xfeffffff00000000}}, 0xfffffefd)

23:26:25 executing program 0:

23:26:25 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:25 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:25 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:25 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x10100000000000}}, 0xfffffefd)

[ 1524.277849][T22509] binder_alloc: 22506: binder_alloc_buf, no vma
[ 1524.284873][T22509] binder: 22506:22509 transaction failed 29189/-3, size 24-8 line 3147
[ 1524.294255][T22509] binder: undelivered TRANSACTION_ERROR: 29189
[ 1524.301263][T22509] binder: 22506:22509 IncRefs 0 refcount change on invalid ref 1 ret -22
23:26:25 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1524.331336][T22513] binder: 22508:22513 transaction failed 29189/-3, size 24-8 line 3147
23:26:25 executing program 0:

23:26:25 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1524.380498][T22519] binder: BINDER_SET_CONTEXT_MGR already set
[ 1524.386983][T22519] binder: 22517:22519 ioctl 40046207 0 returned -16
[ 1524.395107][T22519] binder: 22517:22519 transaction failed 29189/-3, size 24-8 line 3147
[ 1524.404521][T22519] binder: undelivered TRANSACTION_ERROR: 29189
[ 1524.411643][T22519] binder: 22517:22519 IncRefs 0 refcount change on invalid ref 1 ret -22
23:26:26 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1524.473664][T22569] binder_alloc_new_buf_locked: 2 callbacks suppressed
[ 1524.473700][T22569] binder_alloc: 22508: binder_alloc_buf, no vma
[ 1524.487572][T22569] binder: 22552:22569 transaction failed 29189/-3, size 24-8 line 3147
[ 1524.498214][T22569] binder: undelivered TRANSACTION_ERROR: 29189
[ 1524.505969][T22569] binder: 22552:22569 IncRefs 0 refcount change on invalid ref 1 ret -22
23:26:26 executing program 0:

23:26:26 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1524.576840][T22616] binder_alloc: 22508: binder_alloc_buf, no vma
[ 1524.584207][T22616] binder: undelivered TRANSACTION_ERROR: 29189
[ 1524.591596][T22616] binder: 22600:22616 IncRefs 0 refcount change on invalid ref 1 ret -22
[ 1524.663324][T22631] binder_alloc: 22508: binder_alloc_buf, no vma
[ 1524.670941][T22631] binder: 22629:22631 IncRefs 0 refcount change on invalid ref 1 ret -22
23:26:26 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xffffff7f00000000}}, 0xfffffefd)

23:26:26 executing program 0:

23:26:26 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:26 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:26 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x18000000000000}}, 0xfffffefd)

23:26:26 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:26 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1525.276290][T22747] binder: 22741:22747 IncRefs 0 refcount change on invalid ref 1 ret -22
23:26:26 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:26 executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x4d}}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48)

[ 1525.327700][T22752] binder_alloc: 22743: binder_alloc_buf, no vma
[ 1525.348305][T22754] binder: BINDER_SET_CONTEXT_MGR already set
[ 1525.355162][T22754] binder: 22751:22754 ioctl 40046207 0 returned -16
23:26:26 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1525.428565][T22780] binder: BINDER_SET_CONTEXT_MGR already set
[ 1525.435518][T22780] binder: 22773:22780 ioctl 40046207 0 returned -16
23:26:27 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1525.506432][T22814] binder: BINDER_SET_CONTEXT_MGR already set
[ 1525.513039][T22814] binder: 22804:22814 ioctl 40046207 0 returned -16
[ 1525.521063][T22814] binder: 22804:22814 ioctl c0306201 0 returned -14
23:26:27 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1525.587973][T22847] binder: BINDER_SET_CONTEXT_MGR already set
[ 1525.594454][T22847] binder: 22843:22847 ioctl 40046207 0 returned -16
[ 1525.602324][T22847] binder: 22843:22847 ioctl c0306201 0 returned -14
[ 1525.675212][T22868] binder: BINDER_SET_CONTEXT_MGR already set
[ 1525.681764][T22868] binder: 22866:22868 ioctl 40046207 0 returned -16
[ 1525.690891][T22868] binder: 22866:22868 ioctl c0306201 0 returned -14
23:26:27 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xffffffff00000000}}, 0xfffffefd)

23:26:27 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
prctl$PR_GET_SECCOMP(0x22)

23:26:27 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:27 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:27 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:27 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x40000000000000}}, 0xfffffefd)

23:26:27 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:27 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1526.377894][T22986] binder_alloc: 22983: binder_alloc_buf failed to map pages in userspace, no vma
23:26:27 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:28 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:28 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:28 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:28 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xffffffffffffffff}}, 0xfffffefd)

23:26:28 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:28 executing program 0:
r0 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x65, 0x0)
readv(r0, &(0x7f0000000400)=[{&(0x7f0000000300)=""/208, 0xd0}], 0x113)

23:26:28 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:28 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:28 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x800c0000000000}}, 0xfffffefd)

23:26:28 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1527.282863][T23312] binder: 23309:23312 got transaction with invalid offset (0, min 0 max 0) or object.
23:26:28 executing program 5:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)

23:26:28 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1527.351947][T23321] binder: 23319:23321 got transaction with invalid offset (0, min 0 max 0) or object.
23:26:28 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:28 executing program 0:
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
write$sndseq(r0, &(0x7f0000000100)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32={[0x0, 0x0, 0x4]}}, {0x0, 0x0, 0x0, 0x0, @time={0x77359400}, {0x2}, {0x6}, @addr={0x8}}], 0x60)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
write$sndseq(r0, &(0x7f0000000080)=[{0x0, 0x0, 0x0, 0x0, @tick, {0x405, 0x80ffffff}, {}, @quote}], 0x28c)

[ 1527.439974][T23328] binder: 23326:23328 got transaction with invalid offset (0, min 0 max 0) or object.
23:26:29 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1527.511484][T23332] binder: 23331:23332 got transaction with invalid offset (0, min 0 max 0) or object.
[ 1527.587069][T23336] binder: 23335:23336 got transaction with invalid offset (0, min 0 max 0) or object.
23:26:29 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:29 executing program 5:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)

23:26:29 executing program 0:
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
write$sndseq(r0, &(0x7f0000000100)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32={[0x0, 0x0, 0x4]}}, {0x0, 0x0, 0x0, 0x0, @time={0x77359400}, {0x2}, {0x6}, @addr={0x8}}], 0x60)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
write$sndseq(r0, &(0x7f0000000080)=[{0x0, 0x0, 0x0, 0x0, @tick, {0x405, 0x80ffffff}, {}, @quote}], 0x28c)

23:26:29 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:29 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xd0070000000000}}, 0xfffffefd)

23:26:29 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x2}}, 0xfffffefd)

23:26:29 executing program 0:
r0 = timerfd_create(0x0, 0x0)
timerfd_settime(r0, 0x0, 0x0, &(0x7f0000000080))

23:26:29 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1528.285758][T23555] binder: 23548:23555 got transaction with invalid offset (0, min 0 max 0) or object.
[ 1528.295505][T23555] binder_transaction: 11 callbacks suppressed
[ 1528.295523][T23555] binder: 23548:23555 transaction failed 29201/-22, size 0-8 line 3241
23:26:29 executing program 5:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)

[ 1528.373824][T23561] binder: 23558:23561 got transaction with invalid offset (0, min 0 max 24) or object.
[ 1528.384414][T23561] binder: 23558:23561 transaction failed 29201/-22, size 24-8 line 3241
[ 1528.397390][T23561] binder_release_work: 12 callbacks suppressed
[ 1528.397400][T23561] binder: undelivered TRANSACTION_ERROR: 29201
[ 1528.412678][T23561] binder_thread_write: 17 callbacks suppressed
23:26:29 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1528.412692][T23561] binder: 23558:23561 IncRefs 0 refcount change on invalid ref 1 ret -22
23:26:30 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:30 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1528.484493][T23568] binder: 23567:23568 got transaction with invalid offset (0, min 0 max 24) or object.
[ 1528.495487][T23568] binder: 23567:23568 transaction failed 29201/-22, size 24-8 line 3241
[ 1528.506846][T23568] binder: undelivered TRANSACTION_ERROR: 29201
[ 1528.514545][T23568] binder: 23567:23568 IncRefs 0 refcount change on invalid ref 1 ret -22
[ 1528.594869][T23572] binder: 23571:23572 got transaction with invalid offset (0, min 0 max 24) or object.
[ 1528.605599][T23572] binder: 23571:23572 transaction failed 29201/-22, size 24-8 line 3241
[ 1528.615762][T23572] binder: undelivered TRANSACTION_ERROR: 29201
[ 1528.623712][T23572] binder: 23571:23572 IncRefs 0 refcount change on invalid ref 1 ret -22
23:26:30 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1528.648675][T23575] binder: BINDER_SET_CONTEXT_MGR already set
[ 1528.659807][T23575] binder: 23573:23575 ioctl 40046207 0 returned -16
[ 1528.691390][T23575] binder: 23573:23575 transaction failed 29189/-22, size 24-8 line 2994
[ 1528.706980][T23575] binder: undelivered TRANSACTION_ERROR: 29189
[ 1528.715452][T23579] binder_thread_release: 1 callbacks suppressed
[ 1528.715534][T23579] binder: release 23577:23579 transaction 116 out, still active
[ 1528.730655][T23579] binder_release_work: 1 callbacks suppressed
23:26:30 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:30 executing program 5:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1528.730662][T23579] binder: undelivered TRANSACTION_COMPLETE
[ 1528.742429][T23575] binder: 23573:23575 IncRefs 0 refcount change on invalid ref 1 ret -22
[ 1528.752533][T23579] binder: 23577:23579 IncRefs 0 refcount change on invalid ref 1 ret -22
[ 1528.772390][T24362] binder_send_failed_reply: 1 callbacks suppressed
[ 1528.772398][T24362] binder: send failed reply for transaction 116, target dead
[ 1528.826465][T23582] binder: release 23581:23582 transaction 118 out, still active
[ 1528.835309][T23582] binder: undelivered TRANSACTION_COMPLETE
[ 1528.844957][T23582] binder: 23581:23582 IncRefs 0 refcount change on invalid ref 1 ret -22
[ 1528.882673][ T5246] binder: send failed reply for transaction 118, target dead
23:26:30 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:30 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xf00f0000000000}}, 0xfffffefd)

23:26:30 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:30 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:30 executing program 5:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:30 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x3}}, 0xfffffefd)

[ 1529.314321][T23698] binder: release 23695:23698 transaction 120 out, still active
[ 1529.322507][T23698] binder: undelivered TRANSACTION_COMPLETE
[ 1529.329678][T23698] binder: 23695:23698 IncRefs 0 refcount change on invalid ref 1 ret -22
23:26:30 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:30 executing program 5:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1529.355387][ T5246] binder: send failed reply for transaction 120, target dead
[ 1529.374374][T23701] binder: 23697:23701 got transaction with invalid offset (0, min 0 max 24) or object.
23:26:30 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1529.424312][T23706] binder: BINDER_SET_CONTEXT_MGR already set
[ 1529.430869][T23706] binder: 23703:23706 ioctl 40046207 0 returned -16
[ 1529.438881][T23706] binder: release 23703:23706 transaction 123 out, still active
[ 1529.447068][T23706] binder: undelivered TRANSACTION_COMPLETE
[ 1529.454284][T23706] binder: 23703:23706 IncRefs 0 refcount change on invalid ref 1 ret -22
[ 1529.465814][T23701] binder: 23697:23701 transaction failed 29201/-22, size 24-8 line 3241
23:26:31 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1529.515648][T23719] binder: BINDER_SET_CONTEXT_MGR already set
[ 1529.522741][T23719] binder: 23708:23719 ioctl 40046207 0 returned -16
[ 1529.531174][T23719] binder: release 23708:23719 transaction 124 out, still active
[ 1529.539053][T23719] binder: undelivered TRANSACTION_COMPLETE
[ 1529.546512][T23719] binder: 23708:23719 IncRefs 0 refcount change on invalid ref 1 ret -22
23:26:31 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1529.625924][T23785] binder: BINDER_SET_CONTEXT_MGR already set
[ 1529.633192][T23785] binder: 23765:23785 ioctl 40046207 0 returned -16
[ 1529.642556][T23785] binder: release 23765:23785 transaction 125 out, still active
[ 1529.650992][T23785] binder: undelivered TRANSACTION_COMPLETE
[ 1529.657166][T24362] binder: send failed reply for transaction 123, target dead
[ 1529.665444][T23785] binder: 23765:23785 IncRefs 0 refcount change on invalid ref 1 ret -22
23:26:31 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1529.665766][T24362] binder: send failed reply for transaction 124, target dead
[ 1529.683469][T24362] binder: send failed reply for transaction 125, target dead
[ 1529.691318][T24362] binder: undelivered TRANSACTION_ERROR: 29201
[ 1529.748227][T23821] binder_alloc: 23820: binder_alloc_buf, no vma
[ 1529.759344][T23821] binder: 23820:23821 transaction failed 29189/-3, size 24-8 line 3147
[ 1529.794300][T23823] binder: BINDER_SET_CONTEXT_MGR already set
[ 1529.804040][T23823] binder: 23822:23823 ioctl 40046207 0 returned -16
[ 1529.843378][T23823] binder_alloc: 23820: binder_alloc_buf, no vma
[ 1529.856246][T23823] binder: 23822:23823 transaction failed 29189/-3, size 24-8 line 3147
[ 1529.901651][T23823] binder: undelivered TRANSACTION_ERROR: 29189
[ 1529.908107][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
23:26:31 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:31 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x100000000000000}}, 0xfffffefd)

23:26:31 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x4}}, 0xfffffefd)

23:26:31 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:31 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:31 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1530.278025][T24036] binder_alloc: 24034: binder_alloc_buf, no vma
[ 1530.281754][T24037] binder: BINDER_SET_CONTEXT_MGR already set
[ 1530.291818][T24037] binder: 24033:24037 ioctl 40046207 0 returned -16
[ 1530.305919][T24036] binder: 24034:24036 transaction failed 29189/-3, size 24-8 line 3147
[ 1530.305944][T24037] binder_alloc: 24034: binder_alloc_buf, no vma
23:26:31 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1530.321943][T24037] binder: 24033:24037 transaction failed 29189/-3, size 24-8 line 3147
[ 1530.333559][T24362] binder: undelivered TRANSACTION_ERROR: 29189
[ 1530.342945][T24038] binder: BINDER_SET_CONTEXT_MGR already set
[ 1530.357791][T24038] binder: 24035:24038 ioctl 40046207 0 returned -16
23:26:31 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1530.399132][T24048] binder: BINDER_SET_CONTEXT_MGR already set
[ 1530.405563][T24048] binder: 24045:24048 ioctl 40046207 0 returned -16
[ 1530.413850][T24048] binder_alloc: 24034: binder_alloc_buf, no vma
[ 1530.422663][T24362] binder: undelivered TRANSACTION_ERROR: 29189
23:26:32 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1530.484616][T24099] binder: BINDER_SET_CONTEXT_MGR already set
[ 1530.491573][T24099] binder: 24064:24099 ioctl 40046207 0 returned -16
[ 1530.499061][T24099] binder_alloc: 24034: binder_alloc_buf, no vma
[ 1530.509612][T24362] binder: undelivered TRANSACTION_ERROR: 29189
23:26:32 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:32 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:32 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1530.583763][T24235] binder: BINDER_SET_CONTEXT_MGR already set
[ 1530.590634][T24235] binder: 24209:24235 ioctl 40046207 0 returned -16
[ 1530.598294][T24235] binder_alloc: 24034: binder_alloc_buf, no vma
[ 1530.675122][T24250] binder: release 24249:24250 transaction 136 out, still active
[ 1530.684652][T24250] binder: unexpected work type, 4, not freed
[ 1530.694810][T24250] binder: undelivered TRANSACTION_COMPLETE
[ 1530.724072][ T5246] binder: send failed reply for transaction 136, target dead
[ 1530.742085][T24253] binder: release 24251:24253 transaction 140 out, still active
[ 1530.762016][T24259] binder: BINDER_SET_CONTEXT_MGR already set
[ 1530.783385][T24259] binder: 24258:24259 ioctl 40046207 0 returned -16
[ 1530.784815][T24253] binder: undelivered TRANSACTION_COMPLETE
[ 1530.792089][T24259] binder: release 24258:24259 transaction 141 out, still active
[ 1530.812862][T24259] binder: unexpected work type, 4, not freed
[ 1530.819914][T24259] binder: undelivered TRANSACTION_COMPLETE
23:26:32 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1530.935935][T24362] binder: send failed reply for transaction 140, target dead
[ 1530.948126][T24362] binder: send failed reply for transaction 141, target dead
23:26:32 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x200000000000000}}, 0xfffffefd)

23:26:32 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:32 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:32 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

23:26:32 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x5}}, 0xfffffefd)

23:26:32 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)

[ 1531.216463][T24472] binder: release 24470:24472 transaction 145 out, still active
[ 1531.224439][T24472] binder: unexpected work type, 4, not freed
[ 1531.231167][T24472] binder: undelivered TRANSACTION_COMPLETE
[ 1531.245129][T24475] binder: BINDER_SET_CONTEXT_MGR already set
[ 1531.277395][T24475] binder: 24471:24475 ioctl 40046207 0 returned -16
[ 1531.278764][ T5246] binder: send failed reply for transaction 145, target dead
[ 1531.293303][T24474] binder_alloc: 24473: binder_alloc_buf, no vma
23:26:32 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)

[ 1531.332056][T24541] binder: BINDER_SET_CONTEXT_MGR already set
[ 1531.338330][T24541] binder: 24513:24541 ioctl 40046207 0 returned -16
[ 1531.348246][T24541] binder: 24513:24541 ioctl c0306201 0 returned -14
23:26:32 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:32 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:32 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)

[ 1531.413352][T24589] binder: unexpected work type, 4, not freed
[ 1531.421463][T24589] binder: 24588:24589 ioctl c0306201 0 returned -14
23:26:33 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[ 1531.478998][T24593] binder: unexpected work type, 4, not freed
[ 1531.487440][T24593] binder: 24592:24593 ioctl c0306201 0 returned -14
[ 1531.553519][T24599] binder_alloc: 24597: binder_alloc_buf, no vma
[ 1531.564218][T24600] binder: BINDER_SET_CONTEXT_MGR already set
[ 1531.570954][T24600] binder: 24598:24600 ioctl 40046207 0 returned -16
[ 1531.590372][T24600] binder_alloc: 24597: binder_alloc_buf, no vma
23:26:33 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:33 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

23:26:33 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x300000000000000}}, 0xfffffefd)

23:26:33 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:33 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1531.898180][T24711] binder: unexpected work type, 4, not freed
[ 1531.923143][T24712] binder: BINDER_SET_CONTEXT_MGR already set
[ 1531.947662][T24712] binder: 24708:24712 ioctl 40046207 0 returned -16
23:26:33 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x6}}, 0xfffffefd)

23:26:33 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:33 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:33 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

23:26:33 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0, 0x0})

[ 1532.193736][T24822] binder: unexpected work type, 4, not freed
23:26:33 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0, 0x0})

23:26:33 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1532.255579][T24830] binder: unexpected work type, 4, not freed
[ 1532.272426][T24825] binder: unexpected work type, 4, not freed
[ 1532.331877][T24834] binder: unexpected work type, 4, not freed
23:26:34 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:34 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0, 0x0})

[ 1532.680751][T24942] binder: unexpected work type, 4, not freed
23:26:34 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:34 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:34 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x400000000000000}}, 0xfffffefd)

23:26:34 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x7}}, 0xfffffefd)

23:26:34 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:34 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:34 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:34 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1533.167562][T24960] binder: unexpected work type, 4, not freed
[ 1533.175799][T24961] binder: BINDER_SET_CONTEXT_MGR already set
[ 1533.182878][T24961] binder: 24958:24961 ioctl 40046207 0 returned -16
23:26:34 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:34 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1533.234092][T24966] binder: unexpected work type, 4, not freed
[ 1533.300425][T24969] binder: unexpected work type, 4, not freed
23:26:35 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:35 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:35 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:35 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1533.577407][T25080] binder: unexpected work type, 4, not freed
23:26:35 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1533.725268][T25090] binder_thread_release: 12 callbacks suppressed
[ 1533.725281][T25090] binder: release 25089:25090 transaction 213 out, still active
[ 1533.743765][T25090] binder: unexpected work type, 4, not freed
[ 1533.750355][T25090] binder_release_work: 12 callbacks suppressed
[ 1533.750362][T25090] binder: undelivered TRANSACTION_COMPLETE
[ 1533.781522][ T1512] binder_send_failed_reply: 12 callbacks suppressed
[ 1533.781531][ T1512] binder: send failed reply for transaction 213, target dead
23:26:35 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x8}}, 0xfffffefd)

23:26:35 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:35 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:35 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x500000000000000}}, 0xfffffefd)

23:26:35 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1534.198543][T25099] binder: release 25094:25099 transaction 218 out, still active
[ 1534.204594][T25100] binder: BINDER_SET_CONTEXT_MGR already set
[ 1534.206458][T25099] binder: unexpected work type, 4, not freed
[ 1534.216109][T25101] binder: release 25096:25101 transaction 221 out, still active
[ 1534.224387][T25099] binder: undelivered TRANSACTION_COMPLETE
[ 1534.227327][T25100] binder: 25097:25100 ioctl 40046207 0 returned -16
23:26:35 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1534.277323][ T5246] binder: send failed reply for transaction 218, target dead
[ 1534.289079][T25101] binder: undelivered TRANSACTION_COMPLETE
[ 1534.299672][ T5246] binder: send failed reply for transaction 221, target dead
[ 1534.347461][T25146] binder: release 25137:25146 transaction 226 out, still active
[ 1534.355554][T25146] binder: unexpected work type, 4, not freed
[ 1534.362143][T25146] binder: undelivered TRANSACTION_COMPLETE
23:26:35 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:35 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:35 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1534.416328][ T5246] binder: send failed reply for transaction 226, target dead
23:26:35 executing program 1:
syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1534.477679][ T1512] binder: release 25309:25310 transaction 231 out, still active
23:26:36 executing program 1:
syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1534.520595][ T1512] binder: unexpected work type, 4, not freed
[ 1534.530064][ T1512] binder: undelivered TRANSACTION_COMPLETE
[ 1534.542727][T25315] binder: BINDER_SET_CONTEXT_MGR already set
[ 1534.548779][T25315] binder: 25313:25315 ioctl 40046207 0 returned -16
23:26:36 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1534.596310][ T1512] binder: send failed reply for transaction 231, target dead
[ 1534.600939][T25318] binder_transaction: 12 callbacks suppressed
[ 1534.600957][T25318] binder: 25316:25318 transaction failed 29189/-22, size 24-8 line 2994
[ 1534.635066][T25318] binder_release_work: 11 callbacks suppressed
[ 1534.635075][T25318] binder: undelivered TRANSACTION_ERROR: 29189
[ 1534.708242][T25323] binder: 25321:25323 ioctl c0306201 0 returned -14
23:26:36 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xa}}, 0xfffffefd)

23:26:36 executing program 1:
syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:36 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:36 executing program 0:
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)

23:26:36 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x600000000000000}}, 0xfffffefd)

23:26:36 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1535.204312][T25337] binder: 25334:25337 ioctl c0306201 0 returned -14
23:26:36 executing program 0:
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)

[ 1535.247340][T25341] binder_alloc: 25334: binder_alloc_buf, no vma
[ 1535.257540][T25341] binder: 25339:25341 transaction failed 29189/-3, size 24-8 line 3147
[ 1535.281366][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
23:26:36 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:36 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:36 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1535.395240][T25495] binder_alloc: 25334: binder_alloc_buf, no vma
[ 1535.402177][T25495] binder: 25482:25495 transaction failed 29189/-3, size 24-8 line 3147
[ 1535.429927][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
23:26:37 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:37 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1535.482391][T25550] binder_alloc: 25334: binder_alloc_buf, no vma
[ 1535.488967][T25550] binder: 25542:25550 transaction failed 29189/-3, size 24-8 line 3147
[ 1535.500394][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
[ 1535.593881][T25558] binder_alloc: 25557: binder_alloc_buf, no vma
[ 1535.600694][T25558] binder: 25557:25558 transaction failed 29189/-3, size 24-8 line 3147
[ 1535.619261][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
23:26:37 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xb}}, 0xfffffefd)

23:26:37 executing program 0:
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)

23:26:37 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:37 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x700000000000000}}, 0xfffffefd)

23:26:37 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:37 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1536.113343][T25568] binder_alloc: 25565: binder_alloc_buf, no vma
[ 1536.119946][T25568] binder: 25565:25568 transaction failed 29189/-3, size 24-8 line 3147
[ 1536.139522][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
[ 1536.182771][T25576] binder: BINDER_SET_CONTEXT_MGR already set
[ 1536.188972][T25576] binder: 25572:25576 ioctl 40046207 0 returned -16
[ 1536.197693][T25576] binder: 25572:25576 transaction failed 29189/-22, size 24-8 line 2994
[ 1536.208184][T25576] binder_thread_write: 5 callbacks suppressed
[ 1536.208199][T25576] binder: 25572:25576 IncRefs 0 refcount change on invalid ref 0 ret -22
23:26:37 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:37 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1536.234510][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
23:26:37 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:37 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:37 executing program 0:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1536.302241][T25681] binder: 25680:25681 transaction failed 29189/-22, size 24-8 line 2994
[ 1536.319823][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
23:26:37 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1536.369170][T25685] binder: 25684:25685 transaction failed 29189/-22, size 24-8 line 2994
[ 1536.381619][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
[ 1536.441064][T25688] binder: 25687:25688 transaction failed 29189/-22, size 24-8 line 2994
[ 1536.467702][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
23:26:38 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xd}}, 0xfffffefd)

23:26:38 executing program 1:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:38 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:38 executing program 0:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:38 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x800000000000000}}, 0xfffffefd)

23:26:38 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:38 executing program 1:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:38 executing program 1:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:38 executing program 0:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:38 executing program 1:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:38 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:38 executing program 1:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:39 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xe}}, 0xfffffefd)

23:26:39 executing program 1:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:39 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:39 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:39 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:39 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xa00000000000000}}, 0xfffffefd)

23:26:39 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:39 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:39 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:39 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1538.174156][T25945] binder_alloc: 25944: binder_alloc_buf, no vma
23:26:39 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1538.240681][T25949] binder_alloc: 25948: binder_alloc_buf, no vma
23:26:39 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1538.318626][T25954] binder_alloc: 25953: binder_alloc_buf, no vma
[ 1538.391607][T25959] binder_alloc: 25958: binder_alloc_buf, no vma
[ 1538.407427][T25960] binder: BINDER_SET_CONTEXT_MGR already set
[ 1538.437319][T25960] binder: 25957:25960 ioctl 40046207 0 returned -16
23:26:40 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xf}}, 0xfffffefd)

23:26:40 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:40 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:40 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:40 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:40 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xb00000000000000}}, 0xfffffefd)

23:26:40 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1539.061479][T26170] binder_alloc: 26167: binder_alloc_buf, no vma
23:26:40 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:40 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:40 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1539.194706][T26183] binder: 26182:26183 IncRefs 0 refcount change on invalid ref 0 ret -22
23:26:40 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:40 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1539.262446][T26187] binder: 26186:26187 IncRefs 0 refcount change on invalid ref 0 ret -22
[ 1539.306475][T26189] binder: 26188:26189 ioctl c0306201 0 returned -14
[ 1539.351050][T26191] binder: 26190:26191 IncRefs 0 refcount change on invalid ref 0 ret -22
23:26:41 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x10}}, 0xfffffefd)

23:26:41 executing program 1:
syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:41 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:41 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:41 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:41 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xb00020000000000}}, 0xfffffefd)

23:26:41 executing program 1:
syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:41 executing program 1:
syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1540.131817][T26315] binder: 26305:26315 ioctl c0306201 0 returned -14
[ 1540.141541][T26314] binder: BINDER_SET_CONTEXT_MGR already set
23:26:41 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1540.178598][T26314] binder: 26307:26314 ioctl 40046207 0 returned -16
23:26:41 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1540.274825][T26440] binder: 26409:26440 ioctl c0306201 0 returned -14
23:26:41 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1540.341206][T26509] binder: 26486:26509 ioctl c0306201 0 returned -14
23:26:41 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1540.414730][T26526] binder: 26525:26526 ioctl c0306201 0 returned -14
[ 1540.484058][T26530] binder_alloc_new_buf_locked: 3 callbacks suppressed
[ 1540.484067][T26530] binder_alloc: 26527: binder_alloc_buf, no vma
[ 1540.507754][T26530] binder_transaction: 11 callbacks suppressed
[ 1540.507772][T26530] binder: 26527:26530 transaction failed 29189/-3, size 0-8 line 3147
[ 1540.669887][ T5246] binder_release_work: 11 callbacks suppressed
[ 1540.669896][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
23:26:42 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x11}}, 0xfffffefd)

23:26:42 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:42 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:42 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:42 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:42 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xd00000000000000}}, 0xfffffefd)

23:26:42 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1541.065356][T26741] binder: 26738:26741 ioctl c0306201 0 returned -14
23:26:42 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:42 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1541.107876][T26748] binder: BINDER_SET_CONTEXT_MGR already set
[ 1541.138163][T26748] binder: 26742:26748 ioctl 40046207 0 returned -16
23:26:42 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:42 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:42 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:43 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x18}}, 0xfffffefd)

23:26:43 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:43 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:43 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:43 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:43 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xe00000000000000}}, 0xfffffefd)

23:26:43 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1541.991946][T26978] binder: 26973:26978 got transaction with invalid offset (0, min 0 max 0) or object.
[ 1542.001931][T26978] binder: 26973:26978 transaction failed 29201/-22, size 0-8 line 3241
[ 1542.019540][ T5246] binder: undelivered TRANSACTION_ERROR: 29201
[ 1542.047432][T26980] binder_alloc: 26975: binder_alloc_buf, no vma
[ 1542.080792][T26987] binder: BINDER_SET_CONTEXT_MGR already set
23:26:43 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:43 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1542.088158][T26987] binder: 26984:26987 ioctl 40046207 0 returned -16
[ 1542.100481][T26980] binder: 26975:26980 transaction failed 29189/-3, size 24-8 line 3147
[ 1542.111726][T26987] binder_alloc: 26975: binder_alloc_buf, no vma
[ 1542.124610][T26987] binder: 26984:26987 transaction failed 29189/-3, size 0-8 line 3147
[ 1542.136569][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
[ 1542.163175][T26980] binder: undelivered TRANSACTION_ERROR: 29189
23:26:43 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1542.213612][T26992] binder: 26991:26992 got transaction with invalid offset (0, min 0 max 0) or object.
[ 1542.224009][T26992] binder: 26991:26992 transaction failed 29201/-22, size 0-8 line 3241
[ 1542.241024][ T5246] binder: undelivered TRANSACTION_ERROR: 29201
23:26:43 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:43 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1542.321451][T26996] binder: 26995:26996 got transaction with invalid offset (0, min 0 max 0) or object.
[ 1542.335927][T26996] binder: 26995:26996 transaction failed 29201/-22, size 0-8 line 3241
[ 1542.351184][ T1512] binder: undelivered TRANSACTION_ERROR: 29201
[ 1542.434563][T27001] binder: 27000:27001 got transaction with invalid offset (0, min 0 max 0) or object.
[ 1542.445354][T27001] binder: 27000:27001 transaction failed 29201/-22, size 0-8 line 3241
[ 1542.476812][ T1512] binder: undelivered TRANSACTION_ERROR: 29201
[ 1542.540240][T27005] binder_alloc: 27004: binder_alloc_buf, no vma
[ 1542.547075][T27005] binder: 27004:27005 transaction failed 29189/-3, size 24-8 line 3147
[ 1542.557885][T27005] binder: undelivered TRANSACTION_ERROR: 29189
23:26:44 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x300}}, 0xfffffefd)

23:26:44 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:44 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:44 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:44 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:44 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xf00000000000000}}, 0xfffffefd)

23:26:44 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1542.986200][T27117] binder: 27114:27117 got transaction with invalid offset (0, min 0 max 0) or object.
[ 1542.996390][T27117] binder: 27114:27117 transaction failed 29201/-22, size 0-8 line 3241
[ 1543.017075][ T1512] binder: undelivered TRANSACTION_ERROR: 29201
[ 1543.037550][T27121] binder_alloc: 27118: binder_alloc_buf, no vma
[ 1543.054456][T27121] binder: 27118:27121 transaction failed 29189/-3, size 24-8 line 3147
[ 1543.074027][T27124] binder: BINDER_SET_CONTEXT_MGR already set
[ 1543.076491][T27121] binder: undelivered TRANSACTION_ERROR: 29189
23:26:44 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1543.081156][T27124] binder: 27122:27124 ioctl 40046207 0 returned -16
[ 1543.097634][T27124] binder: 27122:27124 IncRefs 0 refcount change on invalid ref 0 ret -22
23:26:44 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:44 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:44 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1543.167243][T27128] binder: 27126:27128 got transaction with invalid offset (0, min 0 max 24) or object.
23:26:44 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1543.232636][T27133] binder: 27131:27133 got transaction with invalid offset (0, min 0 max 24) or object.
[ 1543.332330][T27137] binder: BINDER_SET_CONTEXT_MGR already set
[ 1543.386813][T27137] binder: 27132:27137 ioctl 40046207 0 returned -16
[ 1543.386822][ T1512] binder: release 27136:27138 transaction 347 out, still active
[ 1543.433561][ T1512] binder: undelivered TRANSACTION_COMPLETE
[ 1543.481822][ T1512] binder: send failed reply for transaction 347, target dead
23:26:45 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x500}}, 0xfffffefd)

23:26:45 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:45 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:45 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:45 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:45 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x1000000000000000}}, 0xfffffefd)

23:26:45 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1544.013704][ T1512] binder: release 27347:27352 transaction 350 out, still active
[ 1544.024559][T27353] binder: BINDER_SET_CONTEXT_MGR already set
[ 1544.044074][ T1512] binder: undelivered TRANSACTION_COMPLETE
23:26:45 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1544.065759][T27353] binder: 27350:27353 ioctl 40046207 0 returned -16
[ 1544.068984][ T1512] binder: send failed reply for transaction 350, target dead
[ 1544.102754][ T1512] binder: send failed reply for transaction 353 to 27357:27359
[ 1544.111832][ T1512] binder: undelivered TRANSACTION_COMPLETE
23:26:45 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:45 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1544.149731][ T5246] binder: release 27361:27363 transaction 357 out, still active
[ 1544.157512][ T5246] binder: undelivered TRANSACTION_COMPLETE
[ 1544.214809][T27367] binder: BINDER_SET_CONTEXT_MGR already set
[ 1544.221201][T27367] binder: 27366:27367 ioctl 40046207 0 returned -16
[ 1544.229278][T27367] binder_alloc: 27361: binder_alloc_buf, no vma
23:26:45 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:45 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1544.255296][ T5246] binder: send failed reply for transaction 357, target dead
[ 1544.316717][ T5246] binder: release 27370:27371 transaction 362 out, still active
[ 1544.356373][ T5246] binder: undelivered TRANSACTION_COMPLETE
[ 1544.364545][T27373] binder: BINDER_SET_CONTEXT_MGR already set
[ 1544.380276][ T5246] binder: send failed reply for transaction 362, target dead
[ 1544.388276][T27373] binder: 27372:27373 ioctl 40046207 0 returned -16
23:26:46 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x600}}, 0xfffffefd)

23:26:46 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:46 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:46 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:46 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:46 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x1100000000000000}}, 0xfffffefd)

23:26:46 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

[ 1545.035783][ T5246] binder: release 27481:27485 transaction 367 out, still active
[ 1545.055982][ T5246] binder: unexpected work type, 4, not freed
[ 1545.066867][ T5246] binder: undelivered TRANSACTION_COMPLETE
[ 1545.075760][T27488] binder: BINDER_SET_CONTEXT_MGR already set
23:26:46 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs], 0x0, 0x0, 0x0})

23:26:46 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)

[ 1545.113526][T27488] binder: 27483:27488 ioctl 40046207 0 returned -16
[ 1545.113706][ T5246] binder: send failed reply for transaction 367, target dead
[ 1545.149154][ T5246] binder: send failed reply for transaction 372 to 27492:27495
23:26:46 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)

[ 1545.199602][ T5246] binder: release 27497:27503 transaction 376 out, still active
[ 1545.219839][ T5246] binder: unexpected work type, 4, not freed
[ 1545.226647][ T5246] binder: undelivered TRANSACTION_COMPLETE
[ 1545.234136][ T5246] binder: send failed reply for transaction 376, target dead
23:26:46 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)

[ 1545.281794][T27538] binder: 27532:27538 ioctl c0306201 0 returned -14
[ 1545.285297][ T5246] binder: undelivered TRANSACTION_COMPLETE
23:26:46 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)

[ 1545.328636][T27562] binder_alloc: 27532: binder_alloc_buf, no vma
[ 1545.352587][ T5246] binder: send failed reply for transaction 380 to 27532:27538
[ 1545.366004][T27569] binder: 27565:27569 ioctl c0306201 0 returned -14
[ 1545.405288][ T5246] binder: send failed reply for transaction 385 to 27565:27569
[ 1545.446296][T27636] binder: 27631:27636 ioctl c0306201 0 returned -14
[ 1545.478643][ T5246] binder: send failed reply for transaction 389 to 27631:27636
[ 1545.530729][ T5246] binder: undelivered TRANSACTION_COMPLETE
[ 1545.546747][ T5246] binder: undelivered TRANSACTION_COMPLETE
23:26:47 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

23:26:47 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)

23:26:47 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:47 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:47 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x2000000000000000}}, 0xfffffefd)

23:26:47 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x700}}, 0xfffffefd)

23:26:47 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[ 1546.028570][T27823] binder: BINDER_SET_CONTEXT_MGR already set
[ 1546.036758][T27823] binder: 27818:27823 ioctl 40046207 0 returned -16
[ 1546.048072][T27823] binder_alloc: 27816: binder_alloc_buf, no vma
[ 1546.048343][ T5246] binder: release 27816:27822 transaction 393 out, still active
[ 1546.060522][T27823] binder_transaction: 9 callbacks suppressed
[ 1546.060543][T27823] binder: 27818:27823 transaction failed 29189/-3, size 24-0 line 3147
[ 1546.067276][ T5246] binder: unexpected work type, 4, not freed
[ 1546.078451][T27823] binder_release_work: 14 callbacks suppressed
[ 1546.078460][T27823] binder: undelivered TRANSACTION_ERROR: 29189
[ 1546.087173][ T5246] binder: send failed reply for transaction 393, target dead
[ 1546.096499][T27824] binder: 27820:27824 transaction failed 29189/-22, size 0-0 line 2994
[ 1546.120212][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
23:26:47 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)

23:26:47 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[ 1546.179896][ T1512] binder: release 27827:27830 transaction 399 out, still active
[ 1546.188066][ T1512] binder: unexpected work type, 4, not freed
23:26:47 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:47 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0, 0x0})

[ 1546.239781][ T1512] binder: send failed reply for transaction 399, target dead
[ 1546.276480][ T1512] binder: release 27832:27834 transaction 403 out, still active
[ 1546.323861][T27837] binder: BINDER_SET_CONTEXT_MGR already set
[ 1546.334090][T27837] binder: 27835:27837 ioctl 40046207 0 returned -16
[ 1546.344641][T27837] binder_alloc: 27832: binder_alloc_buf, no vma
[ 1546.351283][T27837] binder: 27835:27837 transaction failed 29189/-3, size 24-8 line 3147
23:26:47 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0, 0x0})

[ 1546.369523][ T1512] binder: unexpected work type, 4, not freed
[ 1546.397775][T27841] binder_alloc: 27832: binder_alloc_buf, no vma
[ 1546.402282][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
[ 1546.420358][ T1512] binder: send failed reply for transaction 403, target dead
[ 1546.431565][T27841] binder: 27838:27841 transaction failed 29189/-3, size 0-0 line 3147
[ 1546.445245][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
[ 1546.447193][T27842] binder_alloc: 27839: binder_alloc_buf, no vma
[ 1546.460055][T27842] binder: 27839:27842 transaction failed 29189/-3, size 24-0 line 3147
[ 1546.470158][T27844] binder: BINDER_SET_CONTEXT_MGR already set
[ 1546.476539][T27844] binder: 27843:27844 ioctl 40046207 0 returned -16
[ 1546.484209][T27844] binder_alloc: 27839: binder_alloc_buf, no vma
23:26:48 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0, 0x0})

[ 1546.491380][T27844] binder: 27843:27844 transaction failed 29189/-3, size 24-8 line 3147
[ 1546.491851][T27842] binder: undelivered TRANSACTION_ERROR: 29189
[ 1546.519550][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
23:26:48 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)

23:26:48 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1546.579973][ T1512] binder: release 27846:27847 transaction 412 out, still active
[ 1546.612345][ T1512] binder: unexpected work type, 4, not freed
[ 1546.641350][ T1512] binder: send failed reply for transaction 412, target dead
[ 1546.642637][T27849] binder: 27848:27849 transaction failed 29189/-22, size 0-0 line 2994
[ 1546.666244][T27849] binder: undelivered TRANSACTION_ERROR: 29189
[ 1546.788402][T27854] binder: 27853:27854 transaction failed 29189/-22, size 0-0 line 2994
[ 1546.821432][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
23:26:48 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:48 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)

23:26:48 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x4000000000000000}}, 0xfffffefd)

23:26:48 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1546.987261][T27960] binder_alloc: 27959: binder_alloc_buf, no vma
[ 1547.010850][T27960] binder: 27959:27960 transaction failed 29189/-3, size 24-8 line 3147
[ 1547.022683][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
23:26:48 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:48 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xa00}}, 0xfffffefd)

23:26:48 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)

23:26:48 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1547.091606][T27966] binder_alloc: 27963: binder_alloc_buf, no vma
[ 1547.099159][T27966] binder: 27963:27966 transaction failed 29189/-3, size 24-0 line 3147
[ 1547.113233][T27966] binder: undelivered TRANSACTION_ERROR: 29189
23:26:48 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1547.180804][T27974] binder_alloc: 27971: binder_alloc_buf, no vma
23:26:48 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1547.242359][T27976] binder_alloc: 27967: binder_alloc_buf, no vma
23:26:48 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1547.271187][T27978] binder_alloc: 27967: binder_alloc_buf, no vma
23:26:48 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)

[ 1547.341470][T27983] binder: 27982:27983 IncRefs 0 refcount change on invalid ref 1 ret -22
[ 1547.440015][T27987] binder: unexpected work type, 4, not freed
[ 1547.455014][T27988] binder: BINDER_SET_CONTEXT_MGR already set
[ 1547.473805][T27988] binder: 27986:27988 ioctl 40046207 0 returned -16
23:26:49 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:49 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1547.771925][T28192] binder: 28191:28192 IncRefs 0 refcount change on invalid ref 1 ret -22
23:26:49 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x401f000000000000}}, 0xfffffefd)

23:26:49 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:49 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000000c0)=[@increfs={0x40046304, 0x1}], 0x0, 0x0, 0x0})

[ 1548.003152][T28199] binder: unexpected work type, 4, not freed
[ 1548.024710][T28200] binder: unexpected work type, 4, not freed
[ 1548.048318][T28200] binder: 28197:28200 IncRefs 0 refcount change on invalid ref 1 ret -22
23:26:49 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xb00}}, 0xfffffefd)

23:26:49 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x50000000}}, 0xfffffefd)

23:26:49 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:49 executing program 5:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x300000000000000}}, 0xfffffefd)

[ 1548.217794][T28210] binder: unexpected work type, 4, not freed
23:26:49 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:49 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:50 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:50 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:50 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:50 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x5000000000000000}}, 0xfffffefd)

23:26:50 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:50 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x0, 0x7, [], 0x100000000}, {0x0, 0x0, 0x0, [], 0x6f}]}})
getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000006780), &(0x7f00000067c0)=0x10)

23:26:50 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xd00}}, 0xfffffefd)

23:26:50 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x7d00000}}, 0xfffffefd)

23:26:50 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:50 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0xcdd9, 0x3ff, 0x7, [], 0x100000000}, {0xffffffffffffdb62, 0x6, 0x40, [], 0x6f}, {0xffffffff, 0x1, 0x5, [], 0x49}]}})

23:26:50 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:51 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:51 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:51 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000100))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000140)='net/ptype\x00'}, 0x30)
getpgrp(0x0)
rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00')
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000200)=<r1=>0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc)
r2 = syz_open_procfs(r1, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
ioctl$GIO_FONTX(r2, 0x4b6b, &(0x7f0000000040)=""/81)
ioctl$sock_SIOCOUTQ(r2, 0x5411, &(0x7f00000000c0))
ioctl$sock_bt_cmtp_CMTPCONNDEL(r2, 0x400443c9, &(0x7f0000000340)={{0x7, 0x757, 0xa, 0xdd, 0xff, 0x7fffffff}, 0x44ad})

23:26:51 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:51 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xa000000000000000}}, 0xfffffefd)

23:26:51 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000100))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000140)='net/ptype\x00'}, 0x30)
getpgrp(0x0)
rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00')
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000200)=<r1=>0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc)
r2 = syz_open_procfs(r1, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
ioctl$GIO_FONTX(r2, 0x4b6b, &(0x7f0000000040)=""/81)
ioctl$sock_SIOCOUTQ(r2, 0x5411, &(0x7f00000000c0))
ioctl$sock_bt_cmtp_CMTPCONNDEL(r2, 0x400443c9, &(0x7f0000000340)={{0x7, 0x757, 0xa, 0xdd, 0xff, 0x7fffffff}, 0x44ad})

23:26:51 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:51 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xe00}}, 0xfffffefd)

23:26:51 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:51 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000100))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000140)='net/ptype\x00'}, 0x30)
getpgrp(0x0)
rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00')
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000200)=<r1=>0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc)
r2 = syz_open_procfs(r1, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
ioctl$GIO_FONTX(r2, 0x4b6b, &(0x7f0000000040)=""/81)
ioctl$sock_SIOCOUTQ(r2, 0x5411, &(0x7f00000000c0))
ioctl$sock_bt_cmtp_CMTPCONNDEL(r2, 0x400443c9, &(0x7f0000000340)={{0x7, 0x757, 0xa, 0xdd, 0xff, 0x7fffffff}, 0x44ad})

23:26:51 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x5000000000000000}}, 0xfffffefd)

23:26:51 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:51 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:51 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000100))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000140)='net/ptype\x00'}, 0x30)
getpgrp(0x0)
rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00')
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000200)=<r1=>0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc)
r2 = syz_open_procfs(r1, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
ioctl$GIO_FONTX(r2, 0x4b6b, &(0x7f0000000040)=""/81)
ioctl$sock_SIOCOUTQ(r2, 0x5411, &(0x7f00000000c0))

23:26:51 executing program 0:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)

23:26:52 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000100))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000140)='net/ptype\x00'}, 0x30)
getpgrp(0x0)
rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00')
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000200)=<r1=>0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc)
r2 = syz_open_procfs(r1, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
ioctl$GIO_FONTX(r2, 0x4b6b, &(0x7f0000000040)=""/81)

23:26:52 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xa086010000000000}}, 0xfffffefd)

23:26:52 executing program 0:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)

23:26:52 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000100))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000140)='net/ptype\x00'}, 0x30)
getpgrp(0x0)
rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00')
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000200)=<r1=>0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc)
r2 = syz_open_procfs(r1, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:52 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xf00}}, 0xfffffefd)

23:26:52 executing program 0:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)

23:26:52 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000100))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000140)='net/ptype\x00'}, 0x30)
getpgrp(0x0)
rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00')
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000200))
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc)
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:52 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x2000000}}, 0xfffffefd)

23:26:52 executing program 0:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:52 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:52 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000100))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000140)='net/ptype\x00'}, 0x30)
getpgrp(0x0)
rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00')
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000200))
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc)
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:52 executing program 0:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:52 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000100))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000140)='net/ptype\x00'}, 0x30)
getpgrp(0x0)
rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00')
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000200))
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc)
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:53 executing program 0:
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:53 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000100))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000140)='net/ptype\x00'}, 0x30)
getpgrp(0x0)
rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00')
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000200)=<r1=>0x0)
r2 = syz_open_procfs(r1, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:53 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xfeffffff00000000}}, 0xfffffefd)

23:26:53 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x1100}}, 0xfffffefd)

23:26:53 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:53 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000100))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000140)='net/ptype\x00'}, 0x30)
getpgrp(0x0)
rename(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00')
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:53 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:26:53 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1552.095696][T28764] binder_alloc_new_buf_locked: 3 callbacks suppressed
[ 1552.095706][T28764] binder_alloc: 28761: binder_alloc_buf, no vma
23:26:53 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:53 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000100))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000140)='net/ptype\x00'}, 0x30)
getpgrp(0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

[ 1552.152816][T28764] binder_transaction: 15 callbacks suppressed
[ 1552.153021][T28764] binder: 28761:28764 transaction failed 29189/-3, size 24-8 line 3147
23:26:53 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:26:53 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000100))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000140)='net/ptype\x00'}, 0x30)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:53 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:26:53 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1552.407122][ T1512] binder_release_work: 15 callbacks suppressed
[ 1552.407131][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
[ 1552.493087][T29000] binder_alloc: 28999: binder_alloc_buf, no vma
[ 1552.516530][T29000] binder: 28999:29000 transaction failed 29189/-3, size 24-8 line 3147
23:26:54 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xffffff7f00000000}}, 0xfffffefd)

[ 1552.656974][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
23:26:54 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x1800}}, 0xfffffefd)

23:26:54 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:26:54 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:54 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000100))
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:54 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:54 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1553.112388][T29238] binder_alloc: 29235: binder_alloc_buf, no vma
[ 1553.133692][T29238] binder: 29235:29238 transaction failed 29189/-3, size 24-8 line 3147
23:26:54 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:26:54 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:54 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:26:54 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:26:54 executing program 1:
r0 = socket(0x0, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1553.384903][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
23:26:55 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0xffffffff00000000}}, 0xfffffefd)

23:26:55 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:55 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:55 executing program 1:
r0 = socket(0x0, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:26:55 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:55 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x1f40}}, 0xfffffefd)

23:26:55 executing program 1:
r0 = socket(0x0, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:26:55 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

[ 1554.016253][T29577] binder_alloc: 29574: binder_alloc_buf, no vma
[ 1554.055368][T29577] binder: 29574:29577 transaction failed 29189/-3, size 24-8 line 3147
23:26:55 executing program 1:
r0 = socket(0x11, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:26:55 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:55 executing program 1:
r0 = socket(0x11, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:26:55 executing program 1:
r0 = socket(0x11, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1554.315626][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
23:26:55 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:55 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:26:55 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x2}}, 0xfffffefd)

23:26:55 executing program 5:
r0 = socket(0x0, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

[ 1554.521998][T29806] binder_alloc: 29805: binder_alloc_buf, no vma
[ 1554.547482][T29806] binder: 29805:29806 transaction failed 29189/-3, size 24-8 line 3147
[ 1554.696034][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
23:26:56 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:56 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x2000}}, 0xfffffefd)

23:26:56 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:26:56 executing program 5:
r0 = socket(0x0, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:56 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:56 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1554.923501][T30123] binder_alloc: 30119: binder_alloc_buf, no vma
[ 1554.930666][T30123] binder: 30119:30123 transaction failed 29189/-3, size 24-8 line 3147
[ 1554.952898][T30123] binder: undelivered TRANSACTION_ERROR: 29189
23:26:56 executing program 1:
socket(0x11, 0x3, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:26:56 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:56 executing program 5:
r0 = socket(0x0, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:56 executing program 1:
socket(0x11, 0x3, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1555.262079][T30239] binder: 30237:30239 transaction failed 29189/-22, size 24-8 line 2994
23:26:56 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x3}}, 0xfffffefd)

23:26:56 executing program 1:
socket(0x11, 0x3, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1555.514480][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
23:26:57 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:57 executing program 5:
r0 = socket(0x11, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:57 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:26:57 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:57 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x4000}}, 0xfffffefd)

23:26:57 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1555.859867][T30460] binder: 30457:30460 transaction failed 29189/-22, size 24-8 line 2994
[ 1555.870944][T30460] binder: undelivered TRANSACTION_ERROR: 29189
23:26:57 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:57 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:26:57 executing program 5:
r0 = socket(0x11, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:57 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, 0x0, 0x8000000000092dd)

[ 1556.042215][T30472] binder: 30467:30472 transaction failed 29189/-22, size 24-8 line 2994
[ 1556.079595][T30472] binder: undelivered TRANSACTION_ERROR: 29189
23:26:57 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x4}}, 0xfffffefd)

23:26:57 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:58 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:58 executing program 5:
r0 = socket(0x11, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:58 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, 0x0, 0x8000000000092dd)

23:26:58 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:58 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x401f}}, 0xfffffefd)

23:26:58 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:58 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:58 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, 0x0, 0x8000000000092dd)

23:26:58 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000), 0x8000000000092dd)

23:26:58 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1557.003264][T30618] binder: 30617:30618 ioctl c0306201 0 returned -14
23:26:58 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x5}}, 0xfffffefd)

23:26:58 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:58 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:58 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000), 0x8000000000092dd)

23:26:58 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:58 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

[ 1557.474364][T30735] binder: 30728:30735 ioctl c0306201 0 returned -14
23:26:59 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000), 0x8000000000092dd)

23:26:59 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:59 executing program 5:
socket(0x11, 0x3, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:59 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xd007}}, 0xfffffefd)

23:26:59 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x0)

[ 1557.777374][T30746] binder: 30741:30746 ioctl c0306201 0 returned -14
23:26:59 executing program 5:
socket(0x11, 0x3, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:59 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:59 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x0)

23:26:59 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:26:59 executing program 5:
socket(0x11, 0x3, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:26:59 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x6}}, 0xfffffefd)

23:26:59 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:59 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x0)

23:26:59 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:26:59 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0xfd40)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f00000005c0)={@remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xf5ffffff]}}, 0x14)

23:27:00 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:27:00 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0xfd40)
setsockopt$inet6_mreq(r0, 0x29, 0x49, &(0x7f00000005c0)={@remote}, 0x14)

23:27:00 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:27:00 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x186a0}}, 0xfffffefd)

23:27:00 executing program 1:
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x3, 0x2)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x6001, 0x0)

23:27:00 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:00 executing program 1 (fault-call:2 fault-nth:0):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:00 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x7}}, 0xfffffefd)

23:27:00 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:27:00 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1559.199188][T31003] FAULT_INJECTION: forcing a failure.
[ 1559.199188][T31003] name failslab, interval 1, probability 0, space 0, times 0
[ 1559.213288][T31003] CPU: 1 PID: 31003 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
[ 1559.221249][T31003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1559.231353][T31003] Call Trace:
[ 1559.234781][T31003]  dump_stack+0x172/0x1f0
[ 1559.240488][T31003]  should_fail.cold+0xa/0x15
[ 1559.245131][T31003]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1559.251148][T31003]  ? ___might_sleep+0x163/0x280
[ 1559.257122][T31003]  __should_failslab+0x121/0x190
[ 1559.262108][T31003]  should_failslab+0x9/0x14
[ 1559.267267][T31003]  kmem_cache_alloc_trace+0x2d1/0x760
[ 1559.272675][T31003]  ? _parse_integer+0x139/0x190
[ 1559.277611][T31003]  alloc_pipe_info+0xb9/0x430
[ 1559.282319][T31003]  splice_direct_to_actor+0x775/0x970
[ 1559.287917][T31003]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1559.293507][T31003]  ? lock_downgrade+0x880/0x880
[ 1559.298415][T31003]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1559.304683][T31003]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1559.310962][T31003]  ? do_splice_to+0x190/0x190
[ 1559.315692][T31003]  ? rw_verify_area+0x118/0x360
[ 1559.320627][T31003]  do_splice_direct+0x1da/0x2a0
[ 1559.325500][T31003]  ? splice_direct_to_actor+0x970/0x970
[ 1559.331084][T31003]  ? rw_verify_area+0x118/0x360
[ 1559.335978][T31003]  do_sendfile+0x597/0xd00
[ 1559.340447][T31003]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1559.345776][T31003]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1559.352051][T31003]  ? _copy_from_user+0xdd/0x150
[ 1559.357048][T31003]  __x64_sys_sendfile64+0x15a/0x220
[ 1559.363840][T31003]  ? __ia32_sys_sendfile+0x230/0x230
[ 1559.369256][T31003]  ? do_syscall_64+0x26/0x610
[ 1559.373979][T31003]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1559.379312][T31003]  ? trace_hardirqs_on+0x67/0x230
[ 1559.384467][T31003]  do_syscall_64+0x103/0x610
[ 1559.389078][T31003]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1559.394976][T31003] RIP: 0033:0x458209
[ 1559.398872][T31003] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1559.418472][T31003] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1559.427068][T31003] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
[ 1559.435085][T31003] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1559.443067][T31003] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1559.451073][T31003] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
[ 1559.459068][T31003] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
23:27:01 executing program 1 (fault-call:2 fault-nth:1):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:01 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:27:01 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

[ 1559.583858][T31016] FAULT_INJECTION: forcing a failure.
[ 1559.583858][T31016] name failslab, interval 1, probability 0, space 0, times 0
[ 1559.605627][T31016] CPU: 1 PID: 31016 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
[ 1559.613578][T31016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1559.623691][T31016] Call Trace:
[ 1559.627197][T31016]  dump_stack+0x172/0x1f0
[ 1559.631575][T31016]  should_fail.cold+0xa/0x15
[ 1559.636215][T31016]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1559.642065][T31016]  ? ___might_sleep+0x163/0x280
[ 1559.646960][T31016]  __should_failslab+0x121/0x190
[ 1559.651949][T31016]  should_failslab+0x9/0x14
[ 1559.656509][T31016]  __kmalloc+0x2dc/0x740
[ 1559.660789][T31016]  ? kmem_cache_alloc_trace+0x354/0x760
[ 1559.666366][T31016]  ? _parse_integer+0x139/0x190
[ 1559.671265][T31016]  ? alloc_pipe_info+0x199/0x430
[ 1559.676244][T31016]  alloc_pipe_info+0x199/0x430
[ 1559.681056][T31016]  splice_direct_to_actor+0x775/0x970
[ 1559.686464][T31016]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1559.692049][T31016]  ? lock_downgrade+0x880/0x880
[ 1559.696943][T31016]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1559.703217][T31016]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1559.709494][T31016]  ? do_splice_to+0x190/0x190
[ 1559.714220][T31016]  ? rw_verify_area+0x118/0x360
[ 1559.719163][T31016]  do_splice_direct+0x1da/0x2a0
[ 1559.724050][T31016]  ? splice_direct_to_actor+0x970/0x970
[ 1559.729639][T31016]  ? rw_verify_area+0x118/0x360
23:27:01 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x2000b}}, 0xfffffefd)

[ 1559.734540][T31016]  do_sendfile+0x597/0xd00
[ 1559.739007][T31016]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1559.744333][T31016]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1559.750615][T31016]  ? _copy_from_user+0xdd/0x150
[ 1559.755538][T31016]  __x64_sys_sendfile64+0x15a/0x220
[ 1559.760781][T31016]  ? __ia32_sys_sendfile+0x230/0x230
[ 1559.766121][T31016]  ? do_syscall_64+0x26/0x610
[ 1559.770833][T31016]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1559.776151][T31016]  ? trace_hardirqs_on+0x67/0x230
[ 1559.781229][T31016]  do_syscall_64+0x103/0x610
[ 1559.785865][T31016]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1559.791796][T31016] RIP: 0033:0x458209
[ 1559.795808][T31016] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1559.815545][T31016] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1559.823985][T31016] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
[ 1559.832124][T31016] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1559.840113][T31016] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1559.848109][T31016] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
[ 1559.856105][T31016] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
23:27:01 executing program 1 (fault-call:2 fault-nth:2):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:01 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1559.966716][T31028] FAULT_INJECTION: forcing a failure.
[ 1559.966716][T31028] name failslab, interval 1, probability 0, space 0, times 0
[ 1559.981193][T31028] CPU: 0 PID: 31028 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
[ 1559.989108][T31028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1559.999216][T31028] Call Trace:
[ 1560.002553][T31028]  dump_stack+0x172/0x1f0
[ 1560.006934][T31028]  should_fail.cold+0xa/0x15
[ 1560.011573][T31028]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1560.017423][T31028]  ? ___might_sleep+0x163/0x280
[ 1560.022317][T31028]  __should_failslab+0x121/0x190
[ 1560.027389][T31028]  should_failslab+0x9/0x14
[ 1560.031935][T31028]  kmem_cache_alloc_node_trace+0x270/0x720
[ 1560.037778][T31028]  ? lock_downgrade+0x880/0x880
[ 1560.042661][T31028]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1560.048944][T31028]  __kmalloc_node+0x3d/0x70
[ 1560.053571][T31028]  kvmalloc_node+0x68/0x100
[ 1560.056869][T31030] binder: 31029:31030 got transaction with invalid offset (0, min 0 max 0) or object.
[ 1560.058119][T31028]  iov_iter_get_pages_alloc+0x862/0x1350
[ 1560.058139][T31028]  ? unwind_get_return_address+0x61/0xa0
[ 1560.058155][T31028]  ? __save_stack_trace+0x99/0x100
[ 1560.058173][T31028]  ? iov_iter_revert+0xaa0/0xaa0
[ 1560.058199][T31028]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1560.085119][T31030] binder: 31029:31030 transaction failed 29201/-22, size 0-8 line 3241
[ 1560.089128][T31028]  ? iov_iter_pipe+0xba/0x2f0
[ 1560.089151][T31028]  default_file_splice_read+0x199/0x890
[ 1560.089172][T31028]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1560.089186][T31028]  ? kasan_kmalloc+0x9/0x10
[ 1560.089199][T31028]  ? __kmalloc+0x15c/0x740
[ 1560.089215][T31028]  ? alloc_pipe_info+0x199/0x430
[ 1560.089231][T31028]  ? do_sendfile+0x597/0xd00
[ 1560.089256][T31028]  ? do_syscall_64+0x103/0x610
[ 1560.142589][T31028]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1560.148783][T31028]  ? __lock_acquire+0x548/0x3fb0
[ 1560.153766][T31028]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1560.159358][T31028]  ? percpu_ref_put_many+0x94/0x190
[ 1560.164597][T31028]  ? percpu_ref_put_many+0x94/0x190
[ 1560.169835][T31028]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1560.176115][T31028]  ? fsnotify+0x811/0xbc0
[ 1560.180494][T31028]  ? fsnotify+0xbc0/0xbc0
[ 1560.184861][T31028]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1560.191140][T31028]  ? fsnotify_first_mark+0x210/0x210
[ 1560.196456][T31028]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1560.202745][T31028]  ? security_file_permission+0x94/0x380
[ 1560.208536][T31028]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1560.214123][T31028]  do_splice_to+0x12a/0x190
[ 1560.218675][T31028]  splice_direct_to_actor+0x2d2/0x970
[ 1560.224089][T31028]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1560.224113][ T5246] binder: undelivered TRANSACTION_ERROR: 29201
[ 1560.229678][T31028]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1560.229696][T31028]  ? do_splice_to+0x190/0x190
[ 1560.229714][T31028]  ? rw_verify_area+0x118/0x360
[ 1560.229732][T31028]  do_splice_direct+0x1da/0x2a0
[ 1560.229751][T31028]  ? splice_direct_to_actor+0x970/0x970
[ 1560.229774][T31028]  ? rw_verify_area+0x118/0x360
[ 1560.229790][T31028]  do_sendfile+0x597/0xd00
[ 1560.229812][T31028]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1560.229836][T31028]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1560.283187][T31028]  ? _copy_from_user+0xdd/0x150
[ 1560.288090][T31028]  __x64_sys_sendfile64+0x15a/0x220
[ 1560.293419][T31028]  ? __ia32_sys_sendfile+0x230/0x230
[ 1560.298742][T31028]  ? do_syscall_64+0x26/0x610
[ 1560.303488][T31028]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1560.308825][T31028]  ? trace_hardirqs_on+0x67/0x230
[ 1560.313893][T31028]  do_syscall_64+0x103/0x610
[ 1560.318523][T31028]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1560.324464][T31028] RIP: 0033:0x458209
[ 1560.328387][T31028] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1560.348017][T31028] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1560.356467][T31028] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
23:27:01 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:27:01 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1560.360046][T31233] binder: 31186:31233 got transaction with invalid offset (0, min 0 max 0) or object.
[ 1560.364472][T31028] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1560.364482][T31028] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1560.364490][T31028] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
[ 1560.364497][T31028] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
23:27:01 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1560.493956][T31233] binder: 31186:31233 transaction failed 29201/-22, size 0-8 line 3241
23:27:02 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x8}}, 0xfffffefd)

23:27:02 executing program 1 (fault-call:2 fault-nth:3):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:02 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, 0x0, 0x8000000000092dd)

[ 1560.595237][T31415] FAULT_INJECTION: forcing a failure.
[ 1560.595237][T31415] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1560.609080][T31415] CPU: 0 PID: 31415 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
[ 1560.617096][T31415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1560.627247][T31415] Call Trace:
[ 1560.630578][T31415]  dump_stack+0x172/0x1f0
[ 1560.634949][T31415]  should_fail.cold+0xa/0x15
[ 1560.639573][T31415]  ? fault_create_debugfs_attr+0x1e0/0x1e0
23:27:02 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1560.645403][T31415]  ? ___might_sleep+0x163/0x280
[ 1560.650290][T31415]  should_fail_alloc_page+0x50/0x60
[ 1560.655514][T31415]  __alloc_pages_nodemask+0x1a1/0x7e0
[ 1560.661009][T31415]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1560.666859][T31415]  ? __alloc_pages_slowpath+0x28b0/0x28b0
[ 1560.672606][T31415]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1560.678880][T31415]  ? __kmalloc_node+0x3d/0x70
[ 1560.679704][ T5246] binder: undelivered TRANSACTION_ERROR: 29201
[ 1560.683586][T31415]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1560.683605][T31415]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1560.683625][T31415]  alloc_pages_current+0x107/0x210
[ 1560.683648][T31415]  push_pipe+0x3fc/0x7a0
[ 1560.711246][T31415]  iov_iter_get_pages_alloc+0x8c2/0x1350
[ 1560.717077][T31415]  ? __save_stack_trace+0x99/0x100
[ 1560.717110][T31415]  ? iov_iter_revert+0xaa0/0xaa0
[ 1560.727180][T31415]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1560.732921][T31415]  ? iov_iter_pipe+0xba/0x2f0
[ 1560.737616][T31415]  default_file_splice_read+0x199/0x890
[ 1560.737636][T31415]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1560.737649][T31415]  ? kasan_kmalloc+0x9/0x10
[ 1560.737661][T31415]  ? __kmalloc+0x15c/0x740
[ 1560.737676][T31415]  ? alloc_pipe_info+0x199/0x430
[ 1560.737692][T31415]  ? do_sendfile+0x597/0xd00
[ 1560.737708][T31415]  ? do_syscall_64+0x103/0x610
[ 1560.737722][T31415]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1560.737737][T31415]  ? __lock_acquire+0x548/0x3fb0
[ 1560.737759][T31415]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1560.773704][T31451] binder: 31450:31451 got transaction with invalid offset (0, min 0 max 0) or object.
[ 1560.778447][T31415]  ? percpu_ref_put_many+0x94/0x190
[ 1560.778467][T31415]  ? percpu_ref_put_many+0x94/0x190
[ 1560.778482][T31415]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1560.778498][T31415]  ? fsnotify+0x811/0xbc0
[ 1560.778517][T31415]  ? fsnotify+0xbc0/0xbc0
[ 1560.778530][T31415]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1560.778547][T31415]  ? fsnotify_first_mark+0x210/0x210
[ 1560.778560][T31415]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1560.778592][T31415]  ? security_file_permission+0x94/0x380
[ 1560.806522][T31451] binder: 31450:31451 transaction failed 29201/-22, size 0-8 line 3241
[ 1560.809434][T31415]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1560.809451][T31415]  do_splice_to+0x12a/0x190
[ 1560.809470][T31415]  splice_direct_to_actor+0x2d2/0x970
[ 1560.809488][T31415]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1560.809510][T31415]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1560.884108][T31415]  ? do_splice_to+0x190/0x190
[ 1560.888820][T31415]  ? rw_verify_area+0x118/0x360
23:27:02 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1560.893714][T31415]  do_splice_direct+0x1da/0x2a0
[ 1560.898606][T31415]  ? splice_direct_to_actor+0x970/0x970
[ 1560.904287][T31415]  ? rw_verify_area+0x118/0x360
[ 1560.909204][T31415]  do_sendfile+0x597/0xd00
[ 1560.913666][T31415]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1560.914806][ T5246] binder: undelivered TRANSACTION_ERROR: 29201
[ 1560.918984][T31415]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1560.919003][T31415]  ? _copy_from_user+0xdd/0x150
[ 1560.919033][T31415]  __x64_sys_sendfile64+0x15a/0x220
[ 1560.919054][T31415]  ? __ia32_sys_sendfile+0x230/0x230
[ 1560.919070][T31415]  ? do_syscall_64+0x26/0x610
[ 1560.919095][T31415]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1560.951640][T31415]  ? trace_hardirqs_on+0x67/0x230
[ 1560.951662][T31415]  do_syscall_64+0x103/0x610
[ 1560.951682][T31415]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1560.951694][T31415] RIP: 0033:0x458209
[ 1560.951710][T31415] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1560.951717][T31415] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1560.951729][T31415] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
[ 1560.951737][T31415] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1560.951744][T31415] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1560.951752][T31415] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
[ 1560.951759][T31415] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
23:27:02 executing program 1 (fault-call:2 fault-nth:4):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:02 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x7d000}}, 0xfffffefd)

23:27:02 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, 0x0, 0x8000000000092dd)

[ 1561.062062][T31555] binder: 31554:31555 got transaction with invalid offset (0, min 0 max 0) or object.
[ 1561.092221][T31555] binder: 31554:31555 transaction failed 29201/-22, size 0-8 line 3241
[ 1561.102718][T31555] binder: undelivered TRANSACTION_ERROR: 29201
[ 1561.137064][T31557] FAULT_INJECTION: forcing a failure.
[ 1561.137064][T31557] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1561.152110][T31557] CPU: 1 PID: 31557 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
[ 1561.160039][T31557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1561.170117][T31557] Call Trace:
[ 1561.173465][T31557]  dump_stack+0x172/0x1f0
[ 1561.177846][T31557]  should_fail.cold+0xa/0x15
[ 1561.182480][T31557]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1561.188497][T31557]  ? ___might_sleep+0x163/0x280
[ 1561.193409][T31557]  should_fail_alloc_page+0x50/0x60
[ 1561.198641][T31557]  __alloc_pages_nodemask+0x1a1/0x7e0
[ 1561.204049][T31557]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1561.209895][T31557]  ? __alloc_pages_slowpath+0x28b0/0x28b0
[ 1561.215653][T31557]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1561.221940][T31557]  ? __kmalloc_node+0x3d/0x70
[ 1561.226651][T31557]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1561.232405][T31557]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1561.240447][T31557]  alloc_pages_current+0x107/0x210
[ 1561.245608][T31557]  push_pipe+0x3fc/0x7a0
[ 1561.250077][T31557]  iov_iter_get_pages_alloc+0x8c2/0x1350
[ 1561.256734][T31557]  ? __save_stack_trace+0x99/0x100
[ 1561.261890][T31557]  ? iov_iter_revert+0xaa0/0xaa0
[ 1561.266850][T31557]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1561.266868][T31557]  ? iov_iter_pipe+0xba/0x2f0
[ 1561.266893][T31557]  default_file_splice_read+0x199/0x890
[ 1561.282929][T31557]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1561.288977][T31557]  ? kasan_kmalloc+0x9/0x10
[ 1561.293519][T31557]  ? __kmalloc+0x15c/0x740
[ 1561.293543][T31557]  ? alloc_pipe_info+0x199/0x430
[ 1561.293562][T31557]  ? do_sendfile+0x597/0xd00
[ 1561.293579][T31557]  ? do_syscall_64+0x103/0x610
[ 1561.293595][T31557]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1561.293612][T31557]  ? __lock_acquire+0x548/0x3fb0
[ 1561.293629][T31557]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1561.293650][T31557]  ? percpu_ref_put_many+0x94/0x190
[ 1561.293664][T31557]  ? percpu_ref_put_many+0x94/0x190
[ 1561.293680][T31557]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1561.293694][T31557]  ? fsnotify+0x811/0xbc0
[ 1561.293711][T31557]  ? fsnotify+0xbc0/0xbc0
[ 1561.293724][T31557]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1561.293740][T31557]  ? fsnotify_first_mark+0x210/0x210
[ 1561.293754][T31557]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1561.293784][T31557]  ? security_file_permission+0x94/0x380
[ 1561.293807][T31557]  ? iter_file_splice_write+0xbe0/0xbe0
23:27:02 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:27:02 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1561.334534][T31557]  do_splice_to+0x12a/0x190
[ 1561.334558][T31557]  splice_direct_to_actor+0x2d2/0x970
[ 1561.334577][T31557]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1561.334598][T31557]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1561.334613][T31557]  ? do_splice_to+0x190/0x190
[ 1561.334633][T31557]  ? rw_verify_area+0x118/0x360
[ 1561.334658][T31557]  do_splice_direct+0x1da/0x2a0
[ 1561.380542][T31557]  ? splice_direct_to_actor+0x970/0x970
[ 1561.380570][T31557]  ? rw_verify_area+0x118/0x360
[ 1561.380588][T31557]  do_sendfile+0x597/0xd00
[ 1561.380614][T31557]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1561.380634][T31557]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1561.380651][T31557]  ? _copy_from_user+0xdd/0x150
[ 1561.380671][T31557]  __x64_sys_sendfile64+0x15a/0x220
[ 1561.380687][T31557]  ? __ia32_sys_sendfile+0x230/0x230
[ 1561.380701][T31557]  ? do_syscall_64+0x26/0x610
[ 1561.380717][T31557]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1561.380734][T31557]  ? trace_hardirqs_on+0x67/0x230
[ 1561.380753][T31557]  do_syscall_64+0x103/0x610
[ 1561.380783][T31557]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1561.401879][T31557] RIP: 0033:0x458209
[ 1561.401898][T31557] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1561.401905][T31557] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1561.401918][T31557] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
[ 1561.401926][T31557] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1561.401933][T31557] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1561.401940][T31557] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
[ 1561.401948][T31557] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
[ 1561.576563][T31666] binder: 31664:31666 got transaction with invalid offset (0, min 0 max 0) or object.
23:27:03 executing program 1 (fault-call:2 fault-nth:5):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:03 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xa}}, 0xfffffefd)

[ 1561.587499][T31666] binder: 31664:31666 transaction failed 29201/-22, size 0-8 line 3241
[ 1561.660272][T31672] FAULT_INJECTION: forcing a failure.
[ 1561.660272][T31672] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1561.674462][T31672] CPU: 1 PID: 31672 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
[ 1561.682692][T31672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1561.692767][T31672] Call Trace:
[ 1561.696101][T31672]  dump_stack+0x172/0x1f0
[ 1561.700473][T31672]  should_fail.cold+0xa/0x15
[ 1561.705110][T31672]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1561.710966][T31672]  ? ___might_sleep+0x163/0x280
[ 1561.715860][T31672]  should_fail_alloc_page+0x50/0x60
[ 1561.721106][T31672]  __alloc_pages_nodemask+0x1a1/0x7e0
[ 1561.726516][T31672]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1561.732373][T31672]  ? __alloc_pages_slowpath+0x28b0/0x28b0
[ 1561.738328][T31672]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1561.744717][T31672]  ? __kmalloc_node+0x3d/0x70
[ 1561.749454][T31672]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1561.755212][T31672]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1561.761587][T31672]  alloc_pages_current+0x107/0x210
[ 1561.766917][T31672]  push_pipe+0x3fc/0x7a0
[ 1561.771228][T31672]  iov_iter_get_pages_alloc+0x8c2/0x1350
[ 1561.776912][T31672]  ? __save_stack_trace+0x99/0x100
[ 1561.782067][T31672]  ? iov_iter_revert+0xaa0/0xaa0
[ 1561.787060][T31672]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1561.792814][T31672]  ? iov_iter_pipe+0xba/0x2f0
[ 1561.797542][T31672]  default_file_splice_read+0x199/0x890
[ 1561.803132][T31672]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1561.808997][T31672]  ? kasan_kmalloc+0x9/0x10
[ 1561.813549][T31672]  ? __kmalloc+0x15c/0x740
[ 1561.818017][T31672]  ? alloc_pipe_info+0x199/0x430
[ 1561.823083][T31672]  ? do_sendfile+0x597/0xd00
[ 1561.827710][T31672]  ? do_syscall_64+0x103/0x610
[ 1561.832510][T31672]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1561.838617][T31672]  ? __lock_acquire+0x548/0x3fb0
[ 1561.843620][T31672]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1561.849208][T31672]  ? percpu_ref_put_many+0x94/0x190
[ 1561.854543][T31672]  ? percpu_ref_put_many+0x94/0x190
[ 1561.859781][T31672]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1561.866075][T31672]  ? fsnotify+0x811/0xbc0
[ 1561.870535][T31672]  ? fsnotify+0xbc0/0xbc0
[ 1561.874994][T31672]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1561.881920][T31672]  ? fsnotify_first_mark+0x210/0x210
[ 1561.887422][T31672]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1561.893718][T31672]  ? security_file_permission+0x94/0x380
[ 1561.899388][T31672]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1561.905064][T31672]  do_splice_to+0x12a/0x190
[ 1561.909611][T31672]  splice_direct_to_actor+0x2d2/0x970
[ 1561.915025][T31672]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1561.915903][ T1512] binder: undelivered TRANSACTION_ERROR: 29201
[ 1561.920609][T31672]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1561.920627][T31672]  ? do_splice_to+0x190/0x190
[ 1561.920648][T31672]  ? rw_verify_area+0x118/0x360
[ 1561.920665][T31672]  do_splice_direct+0x1da/0x2a0
[ 1561.920681][T31672]  ? splice_direct_to_actor+0x970/0x970
[ 1561.920702][T31672]  ? rw_verify_area+0x118/0x360
23:27:03 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, 0x0, 0x8000000000092dd)

23:27:03 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1561.920718][T31672]  do_sendfile+0x597/0xd00
[ 1561.920741][T31672]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1561.920761][T31672]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1561.920777][T31672]  ? _copy_from_user+0xdd/0x150
[ 1561.920794][T31672]  __x64_sys_sendfile64+0x15a/0x220
[ 1561.920810][T31672]  ? __ia32_sys_sendfile+0x230/0x230
[ 1561.920835][T31672]  ? do_syscall_64+0x26/0x610
[ 1561.994263][T31672]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1561.999596][T31672]  ? trace_hardirqs_on+0x67/0x230
[ 1562.004677][T31672]  do_syscall_64+0x103/0x610
[ 1562.009401][T31672]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1562.015321][T31672] RIP: 0033:0x458209
[ 1562.019319][T31672] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1562.038936][T31672] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1562.047346][T31672] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
[ 1562.055316][T31672] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1562.063293][T31672] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1562.071292][T31672] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
[ 1562.079455][T31672] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
23:27:03 executing program 1 (fault-call:2 fault-nth:6):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1562.197218][T31782] FAULT_INJECTION: forcing a failure.
[ 1562.197218][T31782] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1562.211672][T31782] CPU: 1 PID: 31782 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
[ 1562.219772][T31782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1562.229852][T31782] Call Trace:
[ 1562.233198][T31782]  dump_stack+0x172/0x1f0
[ 1562.237573][T31782]  should_fail.cold+0xa/0x15
[ 1562.242211][T31782]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1562.248053][T31782]  ? ___might_sleep+0x163/0x280
[ 1562.252958][T31782]  should_fail_alloc_page+0x50/0x60
[ 1562.258190][T31782]  __alloc_pages_nodemask+0x1a1/0x7e0
[ 1562.263596][T31782]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1562.269439][T31782]  ? __alloc_pages_slowpath+0x28b0/0x28b0
[ 1562.275194][T31782]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1562.281476][T31782]  ? __kmalloc_node+0x3d/0x70
[ 1562.286185][T31782]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1562.291932][T31782]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1562.298216][T31782]  alloc_pages_current+0x107/0x210
[ 1562.303382][T31782]  push_pipe+0x3fc/0x7a0
[ 1562.307666][T31782]  iov_iter_get_pages_alloc+0x8c2/0x1350
[ 1562.313335][T31782]  ? __save_stack_trace+0x99/0x100
[ 1562.318482][T31782]  ? iov_iter_revert+0xaa0/0xaa0
[ 1562.323437][T31782]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1562.329168][T31782]  ? iov_iter_pipe+0xba/0x2f0
[ 1562.333868][T31782]  default_file_splice_read+0x199/0x890
[ 1562.340224][T31782]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1562.346067][T31782]  ? kasan_kmalloc+0x9/0x10
[ 1562.350609][T31782]  ? __kmalloc+0x15c/0x740
[ 1562.355064][T31782]  ? alloc_pipe_info+0x199/0x430
[ 1562.362650][T31782]  ? do_sendfile+0x597/0xd00
[ 1562.367581][T31782]  ? do_syscall_64+0x103/0x610
[ 1562.372392][T31782]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1562.378956][T31782]  ? __lock_acquire+0x548/0x3fb0
[ 1562.384028][T31782]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1562.389627][T31782]  ? percpu_ref_put_many+0x94/0x190
[ 1562.394961][T31782]  ? percpu_ref_put_many+0x94/0x190
[ 1562.400199][T31782]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1562.406487][T31782]  ? fsnotify+0x811/0xbc0
[ 1562.410866][T31782]  ? fsnotify+0xbc0/0xbc0
[ 1562.415266][T31782]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1562.421685][T31782]  ? fsnotify_first_mark+0x210/0x210
[ 1562.427099][T31782]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1562.433661][T31782]  ? security_file_permission+0x94/0x380
[ 1562.439506][T31782]  ? iter_file_splice_write+0xbe0/0xbe0
23:27:03 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:27:03 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xc8000}}, 0xfffffefd)

[ 1562.445187][T31782]  do_splice_to+0x12a/0x190
[ 1562.449831][T31782]  splice_direct_to_actor+0x2d2/0x970
[ 1562.455265][T31782]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1562.460853][T31782]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1562.467221][T31782]  ? do_splice_to+0x190/0x190
[ 1562.471973][T31782]  ? rw_verify_area+0x118/0x360
[ 1562.476869][T31782]  do_splice_direct+0x1da/0x2a0
[ 1562.481774][T31782]  ? splice_direct_to_actor+0x970/0x970
[ 1562.487360][T31782]  ? rw_verify_area+0x118/0x360
[ 1562.492249][T31782]  do_sendfile+0x597/0xd00
[ 1562.496807][T31782]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1562.502131][T31782]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1562.508407][T31782]  ? _copy_from_user+0xdd/0x150
[ 1562.513317][T31782]  __x64_sys_sendfile64+0x15a/0x220
[ 1562.518582][T31782]  ? __ia32_sys_sendfile+0x230/0x230
[ 1562.523895][T31782]  ? do_syscall_64+0x26/0x610
[ 1562.528701][T31782]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1562.534020][T31782]  ? trace_hardirqs_on+0x67/0x230
[ 1562.539088][T31782]  do_syscall_64+0x103/0x610
[ 1562.543722][T31782]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1562.549644][T31782] RIP: 0033:0x458209
[ 1562.553570][T31782] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1562.573406][T31782] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1562.581846][T31782] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
[ 1562.589842][T31782] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
23:27:04 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000), 0x8000000000092dd)

[ 1562.597838][T31782] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1562.605944][T31782] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
[ 1562.613956][T31782] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
23:27:04 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:04 executing program 1 (fault-call:2 fault-nth:7):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1562.756693][T32099] FAULT_INJECTION: forcing a failure.
[ 1562.756693][T32099] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1562.770669][T32099] CPU: 0 PID: 32099 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
[ 1562.778637][T32099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1562.788752][T32099] Call Trace:
[ 1562.792089][T32099]  dump_stack+0x172/0x1f0
[ 1562.796479][T32099]  should_fail.cold+0xa/0x15
[ 1562.801211][T32099]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1562.807064][T32099]  ? ___might_sleep+0x163/0x280
[ 1562.811961][T32099]  should_fail_alloc_page+0x50/0x60
[ 1562.817203][T32099]  __alloc_pages_nodemask+0x1a1/0x7e0
[ 1562.822617][T32099]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1562.828465][T32099]  ? __alloc_pages_slowpath+0x28b0/0x28b0
[ 1562.834222][T32099]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1562.840516][T32099]  ? __kmalloc_node+0x3d/0x70
[ 1562.845235][T32099]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1562.851000][T32099]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1562.857289][T32099]  alloc_pages_current+0x107/0x210
[ 1562.862708][T32099]  push_pipe+0x3fc/0x7a0
[ 1562.867001][T32099]  iov_iter_get_pages_alloc+0x8c2/0x1350
[ 1562.872700][T32099]  ? __save_stack_trace+0x99/0x100
[ 1562.877861][T32099]  ? iov_iter_revert+0xaa0/0xaa0
[ 1562.883032][T32099]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1562.888790][T32099]  ? iov_iter_pipe+0xba/0x2f0
[ 1562.893541][T32099]  default_file_splice_read+0x199/0x890
[ 1562.899127][T32099]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1562.905059][T32099]  ? kasan_kmalloc+0x9/0x10
[ 1562.909603][T32099]  ? __kmalloc+0x15c/0x740
[ 1562.914492][T32099]  ? alloc_pipe_info+0x199/0x430
[ 1562.919581][T32099]  ? do_sendfile+0x597/0xd00
[ 1562.924764][T32099]  ? do_syscall_64+0x103/0x610
[ 1562.930118][T32099]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1562.936488][T32099]  ? __lock_acquire+0x548/0x3fb0
[ 1562.941561][T32099]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1562.947243][T32099]  ? percpu_ref_put_many+0x94/0x190
[ 1562.952764][T32099]  ? percpu_ref_put_many+0x94/0x190
[ 1562.958269][T32099]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1562.964996][T32099]  ? fsnotify+0x811/0xbc0
[ 1562.969378][T32099]  ? fsnotify+0xbc0/0xbc0
[ 1562.973771][T32099]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1562.980747][T32099]  ? fsnotify_first_mark+0x210/0x210
[ 1562.986074][T32099]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1562.992601][T32099]  ? security_file_permission+0x94/0x380
[ 1562.998275][T32099]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1563.004051][T32099]  do_splice_to+0x12a/0x190
[ 1563.008590][T32099]  splice_direct_to_actor+0x2d2/0x970
[ 1563.014010][T32099]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1563.019598][T32099]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1563.025870][T32099]  ? do_splice_to+0x190/0x190
[ 1563.030582][T32099]  ? rw_verify_area+0x118/0x360
[ 1563.035471][T32099]  do_splice_direct+0x1da/0x2a0
[ 1563.040369][T32099]  ? splice_direct_to_actor+0x970/0x970
[ 1563.045957][T32099]  ? rw_verify_area+0x118/0x360
[ 1563.050860][T32099]  do_sendfile+0x597/0xd00
23:27:04 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xb}}, 0xfffffefd)

[ 1563.055489][T32099]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1563.060804][T32099]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1563.067258][T32099]  ? _copy_from_user+0xdd/0x150
[ 1563.072142][T32099]  __x64_sys_sendfile64+0x15a/0x220
[ 1563.077551][T32099]  ? __ia32_sys_sendfile+0x230/0x230
[ 1563.081443][T32098] binder: 32095:32098 got transaction with invalid offset (0, min 0 max 24) or object.
[ 1563.082890][T32099]  ? do_syscall_64+0x26/0x610
[ 1563.082909][T32099]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1563.082928][T32099]  ? trace_hardirqs_on+0x67/0x230
[ 1563.082948][T32099]  do_syscall_64+0x103/0x610
[ 1563.082980][T32099]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1563.093707][T32098] binder: 32095:32098 transaction failed 29201/-22, size 24-8 line 3241
[ 1563.097396][T32099] RIP: 0033:0x458209
[ 1563.097412][T32099] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1563.097419][T32099] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1563.097434][T32099] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
[ 1563.097442][T32099] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1563.097451][T32099] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1563.097460][T32099] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
[ 1563.097468][T32099] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
23:27:04 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:27:04 executing program 1 (fault-call:2 fault-nth:8):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:04 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000), 0x8000000000092dd)

[ 1563.235941][ T5246] binder: undelivered TRANSACTION_ERROR: 29201
[ 1563.295703][T32208] FAULT_INJECTION: forcing a failure.
[ 1563.295703][T32208] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1563.311927][T32208] CPU: 1 PID: 32208 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
[ 1563.320264][T32208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1563.330641][T32208] Call Trace:
[ 1563.334156][T32208]  dump_stack+0x172/0x1f0
[ 1563.338622][T32208]  should_fail.cold+0xa/0x15
[ 1563.343263][T32208]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1563.349108][T32208]  ? ___might_sleep+0x163/0x280
[ 1563.354222][T32208]  should_fail_alloc_page+0x50/0x60
[ 1563.360201][T32208]  __alloc_pages_nodemask+0x1a1/0x7e0
[ 1563.367148][T32208]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1563.372994][T32208]  ? __alloc_pages_slowpath+0x28b0/0x28b0
[ 1563.378839][T32208]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1563.385125][T32208]  ? __kmalloc_node+0x3d/0x70
[ 1563.390461][T32208]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1563.396777][T32208]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1563.403495][T32208]  alloc_pages_current+0x107/0x210
[ 1563.408750][T32208]  push_pipe+0x3fc/0x7a0
[ 1563.413146][T32208]  iov_iter_get_pages_alloc+0x8c2/0x1350
[ 1563.418847][T32208]  ? __save_stack_trace+0x99/0x100
[ 1563.424040][T32208]  ? iov_iter_revert+0xaa0/0xaa0
[ 1563.429196][T32208]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1563.435929][T32208]  ? iov_iter_pipe+0xba/0x2f0
[ 1563.442261][T32208]  default_file_splice_read+0x199/0x890
[ 1563.447869][T32208]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1563.453721][T32208]  ? kasan_kmalloc+0x9/0x10
[ 1563.458261][T32208]  ? __kmalloc+0x15c/0x740
[ 1563.462714][T32208]  ? alloc_pipe_info+0x199/0x430
[ 1563.467688][T32208]  ? do_sendfile+0x597/0xd00
[ 1563.472488][T32208]  ? do_syscall_64+0x103/0x610
[ 1563.477286][T32208]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1563.483475][T32208]  ? __lock_acquire+0x548/0x3fb0
[ 1563.488453][T32208]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1563.494046][T32208]  ? percpu_ref_put_many+0x94/0x190
[ 1563.499388][T32208]  ? percpu_ref_put_many+0x94/0x190
[ 1563.504622][T32208]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1563.510983][T32208]  ? fsnotify+0x811/0xbc0
[ 1563.515357][T32208]  ? fsnotify+0xbc0/0xbc0
[ 1563.519727][T32208]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1563.526033][T32208]  ? fsnotify_first_mark+0x210/0x210
[ 1563.531379][T32208]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1563.537719][T32208]  ? security_file_permission+0x94/0x380
23:27:05 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1563.543401][T32208]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1563.548993][T32208]  do_splice_to+0x12a/0x190
[ 1563.553624][T32208]  splice_direct_to_actor+0x2d2/0x970
[ 1563.559502][T32208]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1563.565362][T32208]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1563.571819][T32208]  ? do_splice_to+0x190/0x190
[ 1563.576545][T32208]  ? rw_verify_area+0x118/0x360
[ 1563.581524][T32208]  do_splice_direct+0x1da/0x2a0
[ 1563.586950][T32208]  ? splice_direct_to_actor+0x970/0x970
[ 1563.593349][T32208]  ? rw_verify_area+0x118/0x360
[ 1563.598328][T32208]  do_sendfile+0x597/0xd00
[ 1563.603325][T32208]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1563.608759][T32208]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1563.615228][T32208]  ? _copy_from_user+0xdd/0x150
[ 1563.620137][T32208]  __x64_sys_sendfile64+0x15a/0x220
[ 1563.625895][T32208]  ? __ia32_sys_sendfile+0x230/0x230
[ 1563.631319][T32208]  ? do_syscall_64+0x26/0x610
[ 1563.636314][T32208]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1563.641654][T32208]  ? trace_hardirqs_on+0x67/0x230
23:27:05 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xff000}}, 0xfffffefd)

[ 1563.646736][T32208]  do_syscall_64+0x103/0x610
[ 1563.651374][T32208]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1563.657296][T32208] RIP: 0033:0x458209
[ 1563.661311][T32208] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1563.681990][T32208] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
23:27:05 executing program 1 (fault-call:2 fault-nth:9):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1563.690871][T32208] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
[ 1563.698886][T32208] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1563.706893][T32208] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1563.714917][T32208] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
[ 1563.722922][T32208] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
[ 1563.803884][T32313] binder: 32210:32313 got transaction with invalid offset (0, min 0 max 24) or object.
[ 1563.815057][T32313] binder: 32210:32313 transaction failed 29201/-22, size 24-8 line 3241
[ 1563.827645][T32313] binder: undelivered TRANSACTION_ERROR: 29201
[ 1563.827861][T32319] FAULT_INJECTION: forcing a failure.
[ 1563.827861][T32319] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1563.848230][T32319] CPU: 1 PID: 32319 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
[ 1563.856168][T32319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1563.866334][T32319] Call Trace:
[ 1563.866369][T32319]  dump_stack+0x172/0x1f0
[ 1563.866389][T32319]  should_fail.cold+0xa/0x15
[ 1563.866408][T32319]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1563.866426][T32319]  ? ___might_sleep+0x163/0x280
[ 1563.866448][T32319]  should_fail_alloc_page+0x50/0x60
[ 1563.866471][T32319]  __alloc_pages_nodemask+0x1a1/0x7e0
[ 1563.901034][T32319]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1563.906997][T32319]  ? __alloc_pages_slowpath+0x28b0/0x28b0
[ 1563.912850][T32319]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1563.919139][T32319]  ? __kmalloc_node+0x3d/0x70
[ 1563.923860][T32319]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1563.931110][T32319]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1563.937490][T32319]  alloc_pages_current+0x107/0x210
[ 1563.942751][T32319]  push_pipe+0x3fc/0x7a0
[ 1563.947314][T32319]  iov_iter_get_pages_alloc+0x8c2/0x1350
[ 1563.953272][T32319]  ? __save_stack_trace+0x99/0x100
[ 1563.958430][T32319]  ? iov_iter_revert+0xaa0/0xaa0
[ 1563.963441][T32319]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1563.969203][T32319]  ? iov_iter_pipe+0xba/0x2f0
[ 1563.973937][T32319]  default_file_splice_read+0x199/0x890
[ 1563.979536][T32319]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1563.985429][T32319]  ? kasan_kmalloc+0x9/0x10
[ 1563.990291][T32319]  ? __kmalloc+0x15c/0x740
[ 1563.994836][T32319]  ? alloc_pipe_info+0x199/0x430
[ 1564.000415][T32319]  ? do_sendfile+0x597/0xd00
[ 1564.005047][T32319]  ? do_syscall_64+0x103/0x610
[ 1564.010055][T32319]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1564.016150][T32319]  ? __lock_acquire+0x548/0x3fb0
[ 1564.021130][T32319]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1564.026833][T32319]  ? percpu_ref_put_many+0x94/0x190
[ 1564.032154][T32319]  ? percpu_ref_put_many+0x94/0x190
[ 1564.037373][T32319]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1564.043765][T32319]  ? fsnotify+0x811/0xbc0
[ 1564.048157][T32319]  ? fsnotify+0xbc0/0xbc0
[ 1564.052697][T32319]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1564.059063][T32319]  ? fsnotify_first_mark+0x210/0x210
[ 1564.064386][T32319]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1564.070843][T32319]  ? security_file_permission+0x94/0x380
[ 1564.076660][T32319]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1564.082462][T32319]  do_splice_to+0x12a/0x190
[ 1564.087121][T32319]  splice_direct_to_actor+0x2d2/0x970
[ 1564.092548][T32319]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1564.098150][T32319]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
23:27:05 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xd}}, 0xfffffefd)

[ 1564.104437][T32319]  ? do_splice_to+0x190/0x190
[ 1564.109280][T32319]  ? rw_verify_area+0x118/0x360
[ 1564.114184][T32319]  do_splice_direct+0x1da/0x2a0
[ 1564.119693][T32319]  ? splice_direct_to_actor+0x970/0x970
[ 1564.125482][T32319]  ? rw_verify_area+0x118/0x360
[ 1564.130505][T32319]  do_sendfile+0x597/0xd00
[ 1564.135711][T32319]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1564.141038][T32319]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1564.147455][T32319]  ? _copy_from_user+0xdd/0x150
[ 1564.152495][T32319]  __x64_sys_sendfile64+0x15a/0x220
[ 1564.157731][T32319]  ? __ia32_sys_sendfile+0x230/0x230
[ 1564.163655][T32319]  ? do_syscall_64+0x26/0x610
[ 1564.168359][T32319]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1564.173854][T32319]  ? trace_hardirqs_on+0x67/0x230
[ 1564.178917][T32319]  do_syscall_64+0x103/0x610
[ 1564.183568][T32319]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1564.189704][T32319] RIP: 0033:0x458209
[ 1564.194095][T32319] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1564.213728][T32319] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1564.222156][T32319] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
[ 1564.230414][T32319] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1564.238651][T32319] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1564.246654][T32319] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
23:27:05 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1564.254738][T32319] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
23:27:05 executing program 1 (fault-call:2 fault-nth:10):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1564.365497][T32331] FAULT_INJECTION: forcing a failure.
[ 1564.365497][T32331] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1564.379974][T32331] CPU: 0 PID: 32331 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
[ 1564.387959][T32331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1564.395361][T32332] binder: 32327:32332 got transaction with invalid offset (0, min 0 max 24) or object.
[ 1564.398134][T32331] Call Trace:
[ 1564.398172][T32331]  dump_stack+0x172/0x1f0
[ 1564.398196][T32331]  should_fail.cold+0xa/0x15
[ 1564.398218][T32331]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1564.398236][T32331]  ? ___might_sleep+0x163/0x280
[ 1564.398260][T32331]  should_fail_alloc_page+0x50/0x60
[ 1564.398275][T32331]  __alloc_pages_nodemask+0x1a1/0x7e0
[ 1564.398293][T32331]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1564.398310][T32331]  ? __alloc_pages_slowpath+0x28b0/0x28b0
[ 1564.398326][T32331]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1564.398349][T32331]  ? __kmalloc_node+0x3d/0x70
[ 1564.398375][T32331]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1564.452166][T32332] binder: 32327:32332 transaction failed 29201/-22, size 24-8 line 3241
[ 1564.456504][T32331]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1564.456524][T32331]  alloc_pages_current+0x107/0x210
[ 1564.456545][T32331]  push_pipe+0x3fc/0x7a0
[ 1564.456568][T32331]  iov_iter_get_pages_alloc+0x8c2/0x1350
[ 1564.456584][T32331]  ? __save_stack_trace+0x99/0x100
[ 1564.456602][T32331]  ? iov_iter_revert+0xaa0/0xaa0
[ 1564.456625][T32331]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1564.520644][T32331]  ? iov_iter_pipe+0xba/0x2f0
[ 1564.525449][T32331]  default_file_splice_read+0x199/0x890
[ 1564.531041][T32331]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1564.537245][T32331]  ? kasan_kmalloc+0x9/0x10
[ 1564.542990][T32331]  ? __kmalloc+0x15c/0x740
[ 1564.547451][T32331]  ? alloc_pipe_info+0x199/0x430
[ 1564.552510][T32331]  ? do_sendfile+0x597/0xd00
[ 1564.557226][T32331]  ? do_syscall_64+0x103/0x610
[ 1564.563006][T32331]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1564.570193][T32331]  ? __lock_acquire+0x548/0x3fb0
[ 1564.577554][T32331]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1564.583319][T32331]  ? percpu_ref_put_many+0x94/0x190
[ 1564.589432][T32331]  ? percpu_ref_put_many+0x94/0x190
[ 1564.595530][T32331]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1564.601828][T32331]  ? fsnotify+0x811/0xbc0
[ 1564.606190][T32331]  ? fsnotify+0xbc0/0xbc0
[ 1564.608214][ T5246] binder: undelivered TRANSACTION_ERROR: 29201
[ 1564.610542][T32331]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1564.610563][T32331]  ? fsnotify_first_mark+0x210/0x210
[ 1564.610577][T32331]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1564.610607][T32331]  ? security_file_permission+0x94/0x380
[ 1564.610628][T32331]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1564.610649][T32331]  do_splice_to+0x12a/0x190
[ 1564.645765][T32331]  splice_direct_to_actor+0x2d2/0x970
[ 1564.645787][T32331]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1564.645812][T32331]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1564.661336][T32331]  ? do_splice_to+0x190/0x190
[ 1564.661360][T32331]  ? rw_verify_area+0x118/0x360
[ 1564.661378][T32331]  do_splice_direct+0x1da/0x2a0
[ 1564.661407][T32331]  ? splice_direct_to_actor+0x970/0x970
[ 1564.689213][T32331]  ? rw_verify_area+0x118/0x360
[ 1564.694187][T32331]  do_sendfile+0x597/0xd00
[ 1564.698649][T32331]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1564.707625][T32331]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1564.708906][T32538] binder_thread_release: 4 callbacks suppressed
[ 1564.708919][T32538] binder: release 32537:32538 transaction 503 out, still active
[ 1564.718178][T32331]  ? _copy_from_user+0xdd/0x150
[ 1564.718201][T32331]  __x64_sys_sendfile64+0x15a/0x220
[ 1564.718220][T32331]  ? __ia32_sys_sendfile+0x230/0x230
[ 1564.718234][T32331]  ? do_syscall_64+0x26/0x610
[ 1564.718251][T32331]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1564.718267][T32331]  ? trace_hardirqs_on+0x67/0x230
[ 1564.718285][T32331]  do_syscall_64+0x103/0x610
23:27:06 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1564.718305][T32331]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1564.718317][T32331] RIP: 0033:0x458209
[ 1564.718341][T32331] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1564.761307][T32538] binder_release_work: 9 callbacks suppressed
[ 1564.761315][T32538] binder: undelivered TRANSACTION_COMPLETE
23:27:06 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:06 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000), 0x8000000000092dd)

[ 1564.763067][T32331] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1564.763084][T32331] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
[ 1564.763091][T32331] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1564.763099][T32331] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1564.763108][T32331] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
[ 1564.763116][T32331] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
23:27:06 executing program 1 (fault-call:2 fault-nth:11):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1564.951994][ T1512] binder_send_failed_reply: 4 callbacks suppressed
[ 1564.952003][ T1512] binder: send failed reply for transaction 503, target dead
[ 1564.969099][T32545] FAULT_INJECTION: forcing a failure.
[ 1564.969099][T32545] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1564.982863][T32545] CPU: 0 PID: 32545 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
[ 1564.990806][T32545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1565.001012][T32545] Call Trace:
[ 1565.004355][T32545]  dump_stack+0x172/0x1f0
[ 1565.008736][T32545]  should_fail.cold+0xa/0x15
[ 1565.013460][T32545]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1565.019312][T32545]  ? ___might_sleep+0x163/0x280
[ 1565.024214][T32545]  should_fail_alloc_page+0x50/0x60
[ 1565.029453][T32545]  __alloc_pages_nodemask+0x1a1/0x7e0
[ 1565.034867][T32545]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1565.040724][T32545]  ? __alloc_pages_slowpath+0x28b0/0x28b0
[ 1565.046653][T32545]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1565.052954][T32545]  ? __kmalloc_node+0x3d/0x70
[ 1565.057840][T32545]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1565.063781][T32545]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1565.070066][T32545]  alloc_pages_current+0x107/0x210
[ 1565.075224][T32545]  push_pipe+0x3fc/0x7a0
[ 1565.079780][T32545]  iov_iter_get_pages_alloc+0x8c2/0x1350
[ 1565.085593][T32545]  ? __save_stack_trace+0x99/0x100
[ 1565.090751][T32545]  ? iov_iter_revert+0xaa0/0xaa0
[ 1565.095729][T32545]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1565.102725][T32545]  ? iov_iter_pipe+0xba/0x2f0
[ 1565.108546][T32545]  default_file_splice_read+0x199/0x890
[ 1565.115266][T32545]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1565.124428][T32545]  ? kasan_kmalloc+0x9/0x10
[ 1565.131644][T32545]  ? __kmalloc+0x15c/0x740
[ 1565.136183][T32545]  ? alloc_pipe_info+0x199/0x430
[ 1565.142145][T32545]  ? do_sendfile+0x597/0xd00
[ 1565.152339][T32545]  ? do_syscall_64+0x103/0x610
[ 1565.152357][T32545]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1565.152372][T32545]  ? __lock_acquire+0x548/0x3fb0
[ 1565.152390][T32545]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1565.152414][T32545]  ? percpu_ref_put_many+0x94/0x190
[ 1565.152436][T32545]  ? percpu_ref_put_many+0x94/0x190
[ 1565.163966][T32545]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1565.163986][T32545]  ? fsnotify+0x811/0xbc0
[ 1565.164003][T32545]  ? fsnotify+0xbc0/0xbc0
[ 1565.164017][T32545]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1565.164039][T32545]  ? fsnotify_first_mark+0x210/0x210
[ 1565.164051][T32545]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1565.164080][T32545]  ? security_file_permission+0x94/0x380
[ 1565.164100][T32545]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1565.164123][T32545]  do_splice_to+0x12a/0x190
[ 1565.235828][T32545]  splice_direct_to_actor+0x2d2/0x970
[ 1565.241316][T32545]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1565.248401][T32545]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1565.256145][T32545]  ? do_splice_to+0x190/0x190
[ 1565.261667][T32545]  ? rw_verify_area+0x118/0x360
[ 1565.266645][T32545]  do_splice_direct+0x1da/0x2a0
[ 1565.271710][T32545]  ? splice_direct_to_actor+0x970/0x970
[ 1565.278358][T32545]  ? rw_verify_area+0x118/0x360
[ 1565.283345][T32545]  do_sendfile+0x597/0xd00
[ 1565.290294][T32545]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1565.297974][T32545]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1565.304251][T32545]  ? _copy_from_user+0xdd/0x150
[ 1565.309151][T32545]  __x64_sys_sendfile64+0x15a/0x220
[ 1565.314573][T32545]  ? __ia32_sys_sendfile+0x230/0x230
[ 1565.320407][T32545]  ? do_syscall_64+0x26/0x610
[ 1565.325140][T32545]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1565.330461][T32545]  ? trace_hardirqs_on+0x67/0x230
[ 1565.335529][T32545]  do_syscall_64+0x103/0x610
[ 1565.340158][T32545]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1565.346089][T32545] RIP: 0033:0x458209
[ 1565.350010][T32545] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1565.371149][T32545] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1565.379605][T32545] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
[ 1565.387600][T32545] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1565.395754][T32545] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
23:27:06 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x100000}}, 0xfffffefd)

23:27:06 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1565.403749][T32545] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
[ 1565.411744][T32545] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
23:27:06 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x0)

23:27:06 executing program 1 (fault-call:2 fault-nth:12):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:07 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xe}}, 0xfffffefd)

[ 1565.503957][T32553] binder: release 32552:32553 transaction 505 out, still active
[ 1565.533422][T32556] FAULT_INJECTION: forcing a failure.
[ 1565.533422][T32556] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1565.547797][T32556] CPU: 1 PID: 32556 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
[ 1565.555728][T32556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1565.565806][T32556] Call Trace:
[ 1565.569117][T32556]  dump_stack+0x172/0x1f0
[ 1565.573470][T32556]  should_fail.cold+0xa/0x15
[ 1565.578134][T32556]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1565.583993][T32556]  ? ___might_sleep+0x163/0x280
[ 1565.588861][T32556]  should_fail_alloc_page+0x50/0x60
[ 1565.594082][T32556]  __alloc_pages_nodemask+0x1a1/0x7e0
[ 1565.599562][T32556]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1565.604652][T32553] binder: undelivered TRANSACTION_COMPLETE
[ 1565.605474][T32556]  ? __alloc_pages_slowpath+0x28b0/0x28b0
[ 1565.605493][T32556]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1565.605520][T32556]  ? __kmalloc_node+0x3d/0x70
[ 1565.628689][T32556]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1565.634544][T32556]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1565.640947][T32556]  alloc_pages_current+0x107/0x210
[ 1565.646108][T32556]  push_pipe+0x3fc/0x7a0
[ 1565.650443][T32556]  iov_iter_get_pages_alloc+0x8c2/0x1350
[ 1565.656287][T32556]  ? __save_stack_trace+0x99/0x100
[ 1565.661440][T32556]  ? iov_iter_revert+0xaa0/0xaa0
[ 1565.666414][T32556]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1565.672169][T32556]  ? iov_iter_pipe+0xba/0x2f0
[ 1565.677005][T32556]  default_file_splice_read+0x199/0x890
[ 1565.682593][T32556]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1565.688438][T32556]  ? kasan_kmalloc+0x9/0x10
[ 1565.693145][T32556]  ? __kmalloc+0x15c/0x740
[ 1565.697605][T32556]  ? alloc_pipe_info+0x199/0x430
[ 1565.702759][T32556]  ? do_sendfile+0x597/0xd00
[ 1565.707387][T32556]  ? do_syscall_64+0x103/0x610
[ 1565.708677][ T1512] binder: send failed reply for transaction 505, target dead
[ 1565.712187][T32556]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1565.712206][T32556]  ? __lock_acquire+0x548/0x3fb0
[ 1565.712223][T32556]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1565.712247][T32556]  ? percpu_ref_put_many+0x94/0x190
[ 1565.712263][T32556]  ? percpu_ref_put_many+0x94/0x190
[ 1565.712276][T32556]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1565.712291][T32556]  ? fsnotify+0x811/0xbc0
[ 1565.712309][T32556]  ? fsnotify+0xbc0/0xbc0
[ 1565.712321][T32556]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1565.712335][T32556]  ? fsnotify_first_mark+0x210/0x210
[ 1565.712348][T32556]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1565.712377][T32556]  ? security_file_permission+0x94/0x380
[ 1565.787104][T32556]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1565.792810][T32556]  do_splice_to+0x12a/0x190
[ 1565.797706][T32556]  splice_direct_to_actor+0x2d2/0x970
[ 1565.803732][T32556]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1565.809635][T32556]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1565.816785][T32556]  ? do_splice_to+0x190/0x190
[ 1565.821504][T32556]  ? rw_verify_area+0x118/0x360
[ 1565.826591][T32556]  do_splice_direct+0x1da/0x2a0
[ 1565.831828][T32556]  ? splice_direct_to_actor+0x970/0x970
[ 1565.837777][T32556]  ? rw_verify_area+0x118/0x360
[ 1565.842774][T32556]  do_sendfile+0x597/0xd00
[ 1565.848636][T32556]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1565.853978][T32556]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1565.860463][T32556]  ? _copy_from_user+0xdd/0x150
[ 1565.865354][T32556]  __x64_sys_sendfile64+0x15a/0x220
[ 1565.871229][T32556]  ? __ia32_sys_sendfile+0x230/0x230
[ 1565.877002][T32556]  ? do_syscall_64+0x26/0x610
[ 1565.881718][T32556]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1565.888432][T32556]  ? trace_hardirqs_on+0x67/0x230
[ 1565.894202][T32556]  do_syscall_64+0x103/0x610
[ 1565.898855][T32556]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1565.905132][T32556] RIP: 0033:0x458209
[ 1565.909425][T32556] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1565.936839][T32556] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1565.946058][T32556] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
23:27:07 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1565.954080][T32556] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1565.962070][T32556] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1565.970342][T32556] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
[ 1565.978817][T32556] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
23:27:07 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:07 executing program 1 (fault-call:2 fault-nth:13):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1566.105863][T32669] FAULT_INJECTION: forcing a failure.
[ 1566.105863][T32669] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1566.122067][T32669] CPU: 1 PID: 32669 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
[ 1566.122745][T32670] binder: release 32664:32670 transaction 507 out, still active
[ 1566.130205][T32669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1566.130214][T32669] Call Trace:
[ 1566.130249][T32669]  dump_stack+0x172/0x1f0
[ 1566.130273][T32669]  should_fail.cold+0xa/0x15
[ 1566.130293][T32669]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1566.130312][T32669]  ? ___might_sleep+0x163/0x280
[ 1566.130336][T32669]  should_fail_alloc_page+0x50/0x60
[ 1566.130352][T32669]  __alloc_pages_nodemask+0x1a1/0x7e0
[ 1566.130369][T32669]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1566.130388][T32669]  ? __alloc_pages_slowpath+0x28b0/0x28b0
23:27:07 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1566.130406][T32669]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1566.130425][T32669]  ? __kmalloc_node+0x3d/0x70
[ 1566.130443][T32669]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1566.130460][T32669]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1566.130479][T32669]  alloc_pages_current+0x107/0x210
[ 1566.130499][T32669]  push_pipe+0x3fc/0x7a0
[ 1566.130524][T32669]  iov_iter_get_pages_alloc+0x8c2/0x1350
[ 1566.130556][T32669]  ? __save_stack_trace+0x99/0x100
[ 1566.130582][T32669]  ? iov_iter_revert+0xaa0/0xaa0
[ 1566.152474][T32670] binder: undelivered TRANSACTION_COMPLETE
[ 1566.156818][T32669]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1566.156835][T32669]  ? iov_iter_pipe+0xba/0x2f0
[ 1566.156857][T32669]  default_file_splice_read+0x199/0x890
[ 1566.156877][T32669]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1566.156889][T32669]  ? kasan_kmalloc+0x9/0x10
[ 1566.156923][T32669]  ? __kmalloc+0x15c/0x740
[ 1566.213207][ T1512] binder: send failed reply for transaction 507, target dead
[ 1566.219082][T32669]  ? alloc_pipe_info+0x199/0x430
[ 1566.219103][T32669]  ? do_sendfile+0x597/0xd00
[ 1566.219119][T32669]  ? do_syscall_64+0x103/0x610
[ 1566.219134][T32669]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1566.219150][T32669]  ? __lock_acquire+0x548/0x3fb0
[ 1566.219168][T32669]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1566.219191][T32669]  ? percpu_ref_put_many+0x94/0x190
[ 1566.219213][T32669]  ? percpu_ref_put_many+0x94/0x190
[ 1566.344617][T32669]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1566.352056][T32669]  ? fsnotify+0x811/0xbc0
[ 1566.357909][T32669]  ? fsnotify+0xbc0/0xbc0
[ 1566.363067][T32669]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1566.371736][T32669]  ? fsnotify_first_mark+0x210/0x210
[ 1566.378017][T32669]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1566.384323][T32669]  ? security_file_permission+0x94/0x380
[ 1566.390003][T32669]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1566.395583][T32669]  do_splice_to+0x12a/0x190
[ 1566.400294][T32669]  splice_direct_to_actor+0x2d2/0x970
[ 1566.405708][T32669]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1566.412808][T32669]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1566.419960][T32669]  ? do_splice_to+0x190/0x190
[ 1566.425190][T32669]  ? rw_verify_area+0x118/0x360
[ 1566.430084][T32669]  do_splice_direct+0x1da/0x2a0
[ 1566.435234][T32669]  ? splice_direct_to_actor+0x970/0x970
[ 1566.440831][T32669]  ? rw_verify_area+0x118/0x360
[ 1566.445731][T32669]  do_sendfile+0x597/0xd00
[ 1566.450198][T32669]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1566.455572][T32669]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1566.462405][T32669]  ? _copy_from_user+0xdd/0x150
[ 1566.467382][T32669]  __x64_sys_sendfile64+0x15a/0x220
[ 1566.472709][T32669]  ? __ia32_sys_sendfile+0x230/0x230
[ 1566.478468][T32669]  ? do_syscall_64+0x26/0x610
[ 1566.485703][T32669]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1566.491465][T32669]  ? trace_hardirqs_on+0x67/0x230
[ 1566.496548][T32669]  do_syscall_64+0x103/0x610
[ 1566.502340][T32669]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1566.509396][T32669] RIP: 0033:0x458209
[ 1566.520340][T32669] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1566.542171][T32669] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1566.561102][T32669] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
[ 1566.569193][T32669] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1566.583190][T32669] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1566.593053][T32669] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
23:27:08 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x101000}}, 0xfffffefd)

23:27:08 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x0)

[ 1566.601055][T32669] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
23:27:08 executing program 1 (fault-call:2 fault-nth:14):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1566.725194][T32682] FAULT_INJECTION: forcing a failure.
[ 1566.725194][T32682] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1566.742085][T32682] CPU: 0 PID: 32682 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
[ 1566.750272][T32682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1566.765480][T32682] Call Trace:
[ 1566.769101][T32682]  dump_stack+0x172/0x1f0
[ 1566.774787][T32682]  should_fail.cold+0xa/0x15
[ 1566.780048][T32682]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1566.786541][T32682]  ? ___might_sleep+0x163/0x280
[ 1566.791654][T32682]  should_fail_alloc_page+0x50/0x60
[ 1566.797534][T32682]  __alloc_pages_nodemask+0x1a1/0x7e0
[ 1566.803041][T32682]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1566.808897][T32682]  ? __alloc_pages_slowpath+0x28b0/0x28b0
[ 1566.814662][T32682]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1566.820946][T32682]  ? __kmalloc_node+0x3d/0x70
[ 1566.825676][T32682]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1566.831477][T32682]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1566.837760][T32682]  alloc_pages_current+0x107/0x210
[ 1566.842912][T32682]  push_pipe+0x3fc/0x7a0
[ 1566.847295][T32682]  iov_iter_get_pages_alloc+0x8c2/0x1350
[ 1566.852971][T32682]  ? __save_stack_trace+0x99/0x100
[ 1566.858135][T32682]  ? iov_iter_revert+0xaa0/0xaa0
[ 1566.863462][T32682]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1566.869216][T32682]  ? iov_iter_pipe+0xba/0x2f0
[ 1566.873946][T32682]  default_file_splice_read+0x199/0x890
[ 1566.880532][T32682]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1566.886467][T32682]  ? kasan_kmalloc+0x9/0x10
[ 1566.891024][T32682]  ? __kmalloc+0x15c/0x740
[ 1566.895536][T32682]  ? alloc_pipe_info+0x199/0x430
[ 1566.905828][T32682]  ? do_sendfile+0x597/0xd00
[ 1566.911514][T32682]  ? do_syscall_64+0x103/0x610
[ 1566.917138][T32682]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1566.924899][T32682]  ? __lock_acquire+0x548/0x3fb0
[ 1566.931677][T32682]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1566.939458][T32682]  ? percpu_ref_put_many+0x94/0x190
[ 1566.944822][T32682]  ? percpu_ref_put_many+0x94/0x190
[ 1566.950313][T32682]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1566.957153][T32682]  ? fsnotify+0x811/0xbc0
[ 1566.962137][T32682]  ? fsnotify+0xbc0/0xbc0
[ 1566.966951][T32682]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1566.975181][T32682]  ? fsnotify_first_mark+0x210/0x210
[ 1566.984422][T32682]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1566.990823][T32682]  ? security_file_permission+0x94/0x380
[ 1566.996587][T32682]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1567.002348][T32682]  do_splice_to+0x12a/0x190
[ 1567.007156][T32682]  splice_direct_to_actor+0x2d2/0x970
[ 1567.012931][T32682]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1567.020355][T32682]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1567.027290][T32682]  ? do_splice_to+0x190/0x190
[ 1567.032117][T32682]  ? rw_verify_area+0x118/0x360
[ 1567.037308][T32682]  do_splice_direct+0x1da/0x2a0
[ 1567.042278][T32682]  ? splice_direct_to_actor+0x970/0x970
[ 1567.047977][T32682]  ? rw_verify_area+0x118/0x360
[ 1567.053231][T32682]  do_sendfile+0x597/0xd00
[ 1567.058409][T32682]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1567.063742][T32682]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1567.070039][T32682]  ? _copy_from_user+0xdd/0x150
[ 1567.075020][T32682]  __x64_sys_sendfile64+0x15a/0x220
[ 1567.080283][T32682]  ? __ia32_sys_sendfile+0x230/0x230
[ 1567.085607][T32682]  ? do_syscall_64+0x26/0x610
[ 1567.090322][T32682]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1567.095829][T32682]  ? trace_hardirqs_on+0x67/0x230
[ 1567.101668][T32682]  do_syscall_64+0x103/0x610
[ 1567.107725][T32682]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1567.113749][T32682] RIP: 0033:0x458209
23:27:08 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x0)

23:27:08 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1567.117941][T32682] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1567.140632][T32682] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1567.150970][T32682] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
[ 1567.159019][T32682] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1567.167096][T32682] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
23:27:08 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1567.167106][T32682] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
[ 1567.167114][T32682] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
23:27:08 executing program 1 (fault-call:2 fault-nth:15):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1567.224964][  T421] binder: release 419:421 transaction 509 out, still active
[ 1567.238595][  T421] binder: undelivered TRANSACTION_COMPLETE
[ 1567.301212][  T426] FAULT_INJECTION: forcing a failure.
[ 1567.301212][  T426] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1567.317896][  T426] CPU: 0 PID: 426 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
[ 1567.326480][  T426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1567.337337][  T426] Call Trace:
[ 1567.341147][  T426]  dump_stack+0x172/0x1f0
[ 1567.347975][  T426]  should_fail.cold+0xa/0x15
[ 1567.354034][  T426]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1567.370871][  T426]  ? ___might_sleep+0x163/0x280
[ 1567.370895][  T426]  should_fail_alloc_page+0x50/0x60
[ 1567.370912][  T426]  __alloc_pages_nodemask+0x1a1/0x7e0
[ 1567.370929][  T426]  ? fault_create_debugfs_attr+0x1e0/0x1e0
23:27:08 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xf}}, 0xfffffefd)

[ 1567.370945][  T426]  ? __alloc_pages_slowpath+0x28b0/0x28b0
[ 1567.370961][  T426]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1567.370983][  T426]  ? __kmalloc_node+0x3d/0x70
[ 1567.371000][  T426]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1567.371015][  T426]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1567.371040][  T426]  alloc_pages_current+0x107/0x210
[ 1567.371058][  T426]  push_pipe+0x3fc/0x7a0
[ 1567.371078][  T426]  iov_iter_get_pages_alloc+0x8c2/0x1350
[ 1567.371094][  T426]  ? __save_stack_trace+0x99/0x100
[ 1567.371111][  T426]  ? iov_iter_revert+0xaa0/0xaa0
[ 1567.371126][  T426]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1567.371138][  T426]  ? iov_iter_pipe+0xba/0x2f0
[ 1567.371165][  T426]  default_file_splice_read+0x199/0x890
[ 1567.390468][  T426]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1567.390484][  T426]  ? kasan_kmalloc+0x9/0x10
[ 1567.390496][  T426]  ? __kmalloc+0x15c/0x740
[ 1567.390512][  T426]  ? alloc_pipe_info+0x199/0x430
[ 1567.390531][  T426]  ? do_sendfile+0x597/0xd00
[ 1567.390549][  T426]  ? do_syscall_64+0x103/0x610
[ 1567.390566][  T426]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1567.390583][  T426]  ? __lock_acquire+0x548/0x3fb0
[ 1567.390599][  T426]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1567.390622][  T426]  ? percpu_ref_put_many+0x94/0x190
[ 1567.390637][  T426]  ? percpu_ref_put_many+0x94/0x190
[ 1567.390652][  T426]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1567.390677][  T426]  ? fsnotify+0x811/0xbc0
[ 1567.390694][  T426]  ? fsnotify+0xbc0/0xbc0
[ 1567.390705][  T426]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1567.390719][  T426]  ? fsnotify_first_mark+0x210/0x210
[ 1567.390731][  T426]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1567.390759][  T426]  ? security_file_permission+0x94/0x380
[ 1567.390777][  T426]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1567.390790][  T426]  do_splice_to+0x12a/0x190
[ 1567.390817][  T426]  splice_direct_to_actor+0x2d2/0x970
[ 1567.425443][  T426]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1567.425467][  T426]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1567.425482][  T426]  ? do_splice_to+0x190/0x190
[ 1567.425504][  T426]  ? rw_verify_area+0x118/0x360
[ 1567.425520][  T426]  do_splice_direct+0x1da/0x2a0
[ 1567.425552][  T426]  ? splice_direct_to_actor+0x970/0x970
[ 1567.447523][  T426]  ? rw_verify_area+0x118/0x360
[ 1567.657467][  T426]  do_sendfile+0x597/0xd00
[ 1567.662471][  T426]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1567.668319][  T426]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1567.674859][  T426]  ? _copy_from_user+0xdd/0x150
[ 1567.679929][  T426]  __x64_sys_sendfile64+0x15a/0x220
[ 1567.685179][  T426]  ? __ia32_sys_sendfile+0x230/0x230
[ 1567.690595][  T426]  ? do_syscall_64+0x26/0x610
[ 1567.695503][  T426]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1567.701001][  T426]  ? trace_hardirqs_on+0x67/0x230
[ 1567.706752][  T426]  do_syscall_64+0x103/0x610
[ 1567.712361][  T426]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1567.720770][  T426] RIP: 0033:0x458209
[ 1567.724884][  T426] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1567.744043][ T5246] binder: send failed reply for transaction 509, target dead
23:27:09 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:27:09 executing program 5:
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffbd}, [@ldst={0x7, 0x5, 0x0, 0xa0c91}]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48)

[ 1567.745137][  T426] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1567.761134][  T426] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
[ 1567.769311][  T426] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1567.777596][  T426] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1567.777607][  T426] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
[ 1567.777614][  T426] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
23:27:09 executing program 1 (fault-call:2 fault-nth:16):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1567.893026][  T436] binder: release 435:436 transaction 511 out, still active
[ 1567.926084][  T439] FAULT_INJECTION: forcing a failure.
[ 1567.926084][  T439] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1567.940683][  T439] CPU: 1 PID: 439 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
[ 1567.948869][  T439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1567.960354][  T439] Call Trace:
[ 1567.963689][  T439]  dump_stack+0x172/0x1f0
[ 1567.968073][  T439]  should_fail.cold+0xa/0x15
[ 1567.969305][  T436] binder: undelivered TRANSACTION_COMPLETE
[ 1567.972716][  T439]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1567.972736][  T439]  ? ___might_sleep+0x163/0x280
23:27:09 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x180000}}, 0xfffffefd)

23:27:09 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x27, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0})

[ 1567.972756][  T439]  should_fail_alloc_page+0x50/0x60
[ 1567.972770][  T439]  __alloc_pages_nodemask+0x1a1/0x7e0
[ 1567.972782][  T439]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1567.972800][  T439]  ? __alloc_pages_slowpath+0x28b0/0x28b0
[ 1567.972815][  T439]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1567.972835][  T439]  ? __kmalloc_node+0x3d/0x70
[ 1567.972851][  T439]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1567.972865][  T439]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1567.972888][  T439]  alloc_pages_current+0x107/0x210
[ 1568.015825][ T1512] binder: send failed reply for transaction 511, target dead
[ 1568.020782][  T439]  push_pipe+0x3fc/0x7a0
[ 1568.020805][  T439]  iov_iter_get_pages_alloc+0x8c2/0x1350
[ 1568.020822][  T439]  ? __save_stack_trace+0x99/0x100
[ 1568.020838][  T439]  ? iov_iter_revert+0xaa0/0xaa0
[ 1568.020855][  T439]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1568.020867][  T439]  ? iov_iter_pipe+0xba/0x2f0
[ 1568.020886][  T439]  default_file_splice_read+0x199/0x890
[ 1568.020916][  T439]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1568.020931][  T439]  ? kasan_kmalloc+0x9/0x10
[ 1568.020944][  T439]  ? __kmalloc+0x15c/0x740
[ 1568.020960][  T439]  ? alloc_pipe_info+0x199/0x430
[ 1568.020986][  T439]  ? do_sendfile+0x597/0xd00
[ 1568.111692][  T439]  ? do_syscall_64+0x103/0x610
[ 1568.116499][  T439]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1568.122660][  T439]  ? __lock_acquire+0x548/0x3fb0
[ 1568.130096][  T439]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1568.135861][  T439]  ? percpu_ref_put_many+0x94/0x190
[ 1568.141441][  T439]  ? percpu_ref_put_many+0x94/0x190
[ 1568.147777][  T439]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1568.154047][  T439]  ? fsnotify+0x811/0xbc0
[ 1568.158562][  T439]  ? fsnotify+0xbc0/0xbc0
[ 1568.163006][  T439]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1568.169297][  T439]  ? fsnotify_first_mark+0x210/0x210
[ 1568.175061][  T439]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1568.181343][  T439]  ? security_file_permission+0x94/0x380
[ 1568.187006][  T439]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1568.192578][  T439]  do_splice_to+0x12a/0x190
[ 1568.197144][  T439]  splice_direct_to_actor+0x2d2/0x970
[ 1568.202813][  T439]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1568.208507][  T439]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1568.217461][  T439]  ? do_splice_to+0x190/0x190
[ 1568.222166][  T439]  ? rw_verify_area+0x118/0x360
[ 1568.227209][  T439]  do_splice_direct+0x1da/0x2a0
[ 1568.234032][  T439]  ? splice_direct_to_actor+0x970/0x970
[ 1568.239722][  T439]  ? rw_verify_area+0x118/0x360
[ 1568.244774][  T439]  do_sendfile+0x597/0xd00
[ 1568.249258][  T439]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1568.254620][  T439]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1568.260916][  T439]  ? _copy_from_user+0xdd/0x150
[ 1568.265996][  T439]  __x64_sys_sendfile64+0x15a/0x220
[ 1568.271453][  T439]  ? __ia32_sys_sendfile+0x230/0x230
[ 1568.278048][  T439]  ? do_syscall_64+0x26/0x610
[ 1568.282750][  T439]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1568.288055][  T439]  ? trace_hardirqs_on+0x67/0x230
[ 1568.293128][  T439]  do_syscall_64+0x103/0x610
[ 1568.297740][  T439]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1568.303647][  T439] RIP: 0033:0x458209
[ 1568.307579][  T439] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1568.327216][  T439] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1568.335656][  T439] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
23:27:09 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)

[ 1568.343630][  T439] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1568.351614][  T439] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1568.359817][  T439] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
[ 1568.368205][  T439] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
23:27:09 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1568.455596][ T5246] binder: release 542:543 transaction 513 out, still active
23:27:10 executing program 1 (fault-call:2 fault-nth:17):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1568.498080][ T5246] binder: unexpected work type, 4, not freed
[ 1568.534469][  T551] binder_alloc: 542: binder_alloc_buf size 2097328 failed, no address space
23:27:10 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x10}}, 0xfffffefd)

[ 1568.546279][  T554] FAULT_INJECTION: forcing a failure.
[ 1568.546279][  T554] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1568.560180][  T554] CPU: 1 PID: 554 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
[ 1568.567961][  T554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1568.578215][  T554] Call Trace:
[ 1568.579878][  T551] binder_alloc: allocated: 32 (num: 1 largest: 32), free: 12256 (num: 1 largest: 12256)
[ 1568.581715][  T554]  dump_stack+0x172/0x1f0
23:27:10 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)

[ 1568.581743][  T554]  should_fail.cold+0xa/0x15
[ 1568.581770][  T554]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1568.606774][  T554]  ? ___might_sleep+0x163/0x280
[ 1568.611679][  T554]  should_fail_alloc_page+0x50/0x60
[ 1568.617103][  T554]  __alloc_pages_nodemask+0x1a1/0x7e0
[ 1568.622507][  T554]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1568.628472][  T554]  ? __alloc_pages_slowpath+0x28b0/0x28b0
[ 1568.634946][  T554]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1568.637748][  T551] binder: 546:551 transaction failed 29201/-28, size 2097327-0 line 3147
[ 1568.641401][  T554]  ? __kmalloc_node+0x3d/0x70
[ 1568.641419][  T554]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1568.641436][  T554]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1568.641453][  T554]  alloc_pages_current+0x107/0x210
[ 1568.641473][  T554]  push_pipe+0x3fc/0x7a0
[ 1568.641494][  T554]  iov_iter_get_pages_alloc+0x8c2/0x1350
[ 1568.641510][  T554]  ? __save_stack_trace+0x99/0x100
[ 1568.641526][  T554]  ? iov_iter_revert+0xaa0/0xaa0
[ 1568.641550][  T554]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
23:27:10 executing program 5:
r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x27, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[]], 0x0, 0x800020, 0x0})

[ 1568.641563][  T554]  ? iov_iter_pipe+0xba/0x2f0
[ 1568.641588][  T554]  default_file_splice_read+0x199/0x890
[ 1568.710258][  T554]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1568.716192][  T554]  ? kasan_kmalloc+0x9/0x10
[ 1568.720815][  T554]  ? __kmalloc+0x15c/0x740
[ 1568.725542][  T554]  ? alloc_pipe_info+0x199/0x430
[ 1568.730536][  T554]  ? do_sendfile+0x597/0xd00
[ 1568.735165][  T554]  ? do_syscall_64+0x103/0x610
[ 1568.739965][  T554]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1568.746069][  T554]  ? __lock_acquire+0x548/0x3fb0
[ 1568.751076][  T554]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1568.756666][  T554]  ? percpu_ref_put_many+0x94/0x190
[ 1568.763158][  T554]  ? percpu_ref_put_many+0x94/0x190
[ 1568.768401][  T554]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1568.775427][  T554]  ? fsnotify+0x811/0xbc0
[ 1568.779887][  T554]  ? fsnotify+0xbc0/0xbc0
[ 1568.784270][  T554]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1568.790559][  T554]  ? fsnotify_first_mark+0x210/0x210
[ 1568.796142][  T554]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1568.802639][  T554]  ? security_file_permission+0x94/0x380
[ 1568.809021][  T554]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1568.814605][  T554]  do_splice_to+0x12a/0x190
[ 1568.819183][  T554]  splice_direct_to_actor+0x2d2/0x970
[ 1568.824960][  T554]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1568.831181][  T554]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1568.838175][  T554]  ? do_splice_to+0x190/0x190
[ 1568.843341][  T554]  ? rw_verify_area+0x118/0x360
[ 1568.848887][  T554]  do_splice_direct+0x1da/0x2a0
[ 1568.854413][  T554]  ? splice_direct_to_actor+0x970/0x970
[ 1568.860276][  T554]  ? rw_verify_area+0x118/0x360
[ 1568.865196][  T554]  do_sendfile+0x597/0xd00
[ 1568.869944][  T554]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1568.877277][  T554]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1568.883976][  T554]  ? _copy_from_user+0xdd/0x150
[ 1568.889657][  T554]  __x64_sys_sendfile64+0x15a/0x220
[ 1568.894993][  T554]  ? __ia32_sys_sendfile+0x230/0x230
[ 1568.904199][  T554]  ? do_syscall_64+0x26/0x610
[ 1568.911872][  T554]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1568.918347][  T554]  ? trace_hardirqs_on+0x67/0x230
[ 1568.924252][  T554]  do_syscall_64+0x103/0x610
[ 1568.928983][  T554]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1568.934999][  T554] RIP: 0033:0x458209
[ 1568.938933][  T554] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1568.960583][  T554] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1568.969894][  T554] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
[ 1568.979482][  T554] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1568.987548][  T554] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1568.995907][  T554] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
[ 1569.007938][  T554] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
[ 1569.017824][ T5246] binder: undelivered TRANSACTION_COMPLETE
[ 1569.025243][ T5246] binder: undelivered TRANSACTION_ERROR: 29201
[ 1569.032946][ T5246] binder: send failed reply for transaction 513, target dead
23:27:10 executing program 1 (fault-call:2 fault-nth:18):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1569.126611][  T564] FAULT_INJECTION: forcing a failure.
[ 1569.126611][  T564] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1569.140525][  T564] CPU: 0 PID: 564 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
[ 1569.148729][  T564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1569.155008][ T5246] binder: release 562:565 transaction 518 out, still active
[ 1569.159438][  T564] Call Trace:
[ 1569.159479][  T564]  dump_stack+0x172/0x1f0
[ 1569.159502][  T564]  should_fail.cold+0xa/0x15
[ 1569.159522][  T564]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1569.159542][  T564]  ? ___might_sleep+0x163/0x280
[ 1569.159566][  T564]  should_fail_alloc_page+0x50/0x60
[ 1569.159592][  T564]  __alloc_pages_nodemask+0x1a1/0x7e0
[ 1569.204280][  T564]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1569.212787][  T564]  ? __alloc_pages_slowpath+0x28b0/0x28b0
[ 1569.214875][ T5246] binder: unexpected work type, 4, not freed
[ 1569.232720][  T564]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1569.232744][  T564]  ? __kmalloc_node+0x3d/0x70
[ 1569.232761][  T564]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1569.232775][  T564]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1569.232791][  T564]  alloc_pages_current+0x107/0x210
[ 1569.232810][  T564]  push_pipe+0x3fc/0x7a0
[ 1569.232832][  T564]  iov_iter_get_pages_alloc+0x8c2/0x1350
[ 1569.232857][  T564]  ? __save_stack_trace+0x99/0x100
[ 1569.288041][  T564]  ? iov_iter_revert+0xaa0/0xaa0
[ 1569.288062][  T564]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1569.288075][  T564]  ? iov_iter_pipe+0xba/0x2f0
[ 1569.288103][  T564]  default_file_splice_read+0x199/0x890
[ 1569.298214][  T564]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1569.298229][  T564]  ? kasan_kmalloc+0x9/0x10
[ 1569.298241][  T564]  ? __kmalloc+0x15c/0x740
[ 1569.298257][  T564]  ? alloc_pipe_info+0x199/0x430
[ 1569.298276][  T564]  ? do_sendfile+0x597/0xd00
[ 1569.298303][  T564]  ? do_syscall_64+0x103/0x610
[ 1569.303843][ T5246] binder: undelivered TRANSACTION_COMPLETE
[ 1569.308969][  T564]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1569.308988][  T564]  ? __lock_acquire+0x548/0x3fb0
[ 1569.309006][  T564]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1569.309036][  T564]  ? percpu_ref_put_many+0x94/0x190
[ 1569.309059][  T564]  ? percpu_ref_put_many+0x94/0x190
[ 1569.340434][ T5246] binder: send failed reply for transaction 518, target dead
[ 1569.346528][  T564]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1569.346549][  T564]  ? fsnotify+0x811/0xbc0
[ 1569.346565][  T564]  ? fsnotify+0xbc0/0xbc0
[ 1569.346579][  T564]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1569.346595][  T564]  ? fsnotify_first_mark+0x210/0x210
[ 1569.346608][  T564]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1569.346637][  T564]  ? security_file_permission+0x94/0x380
[ 1569.468647][  T564]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1569.474316][  T564]  do_splice_to+0x12a/0x190
[ 1569.478859][  T564]  splice_direct_to_actor+0x2d2/0x970
[ 1569.484284][  T564]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1569.489869][  T564]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1569.496238][  T564]  ? do_splice_to+0x190/0x190
[ 1569.501123][  T564]  ? rw_verify_area+0x118/0x360
[ 1569.506615][  T564]  do_splice_direct+0x1da/0x2a0
[ 1569.511501][  T564]  ? splice_direct_to_actor+0x970/0x970
[ 1569.517168][  T564]  ? rw_verify_area+0x118/0x360
[ 1569.522078][  T564]  do_sendfile+0x597/0xd00
23:27:11 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)

[ 1569.527001][  T564]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1569.532681][  T564]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1569.545695][  T564]  ? _copy_from_user+0xdd/0x150
[ 1569.551145][  T564]  __x64_sys_sendfile64+0x15a/0x220
[ 1569.556366][  T564]  ? __ia32_sys_sendfile+0x230/0x230
[ 1569.562226][  T564]  ? do_syscall_64+0x26/0x610
[ 1569.566955][  T564]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1569.568480][  T567] binder: 563:567 transaction failed 29189/-22, size 2097327-0 line 2994
[ 1569.572390][  T564]  ? trace_hardirqs_on+0x67/0x230
[ 1569.572412][  T564]  do_syscall_64+0x103/0x610
[ 1569.572433][  T564]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1569.572446][  T564] RIP: 0033:0x458209
[ 1569.572463][  T564] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
23:27:11 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:11 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x200000}}, 0xfffffefd)

23:27:11 executing program 1 (fault-call:2 fault-nth:19):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1569.572470][  T564] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1569.572483][  T564] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
[ 1569.572490][  T564] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1569.572497][  T564] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1569.572505][  T564] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
[ 1569.572512][  T564] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
[ 1569.730546][T24362] binder: release 669:673 transaction 523 out, still active
[ 1569.746470][  T676] FAULT_INJECTION: forcing a failure.
[ 1569.746470][  T676] name failslab, interval 1, probability 0, space 0, times 0
[ 1569.749788][T24362] binder: unexpected work type, 4, not freed
[ 1569.761230][  T676] CPU: 1 PID: 676 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
23:27:11 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x805, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000005140)={&(0x7f0000003d00)=@pppol2tpin6={0x18, 0x1, {0x0, <r1=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, 0x0, 0x0, &(0x7f00000050c0)=""/67, 0x43}, 0x2000)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000051c0)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f0000005340)={&(0x7f0000005180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000005300)={&(0x7f0000005200)={0x70, r2, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0x44, 0x2, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@broadcast}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@broadcast}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x8001}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000000}, 0x4040011)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)

[ 1569.777136][  T676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1569.793602][  T676] Call Trace:
[ 1569.797304][  T676]  dump_stack+0x172/0x1f0
[ 1569.801901][  T676]  should_fail.cold+0xa/0x15
[ 1569.805268][T24362] binder: undelivered TRANSACTION_COMPLETE
[ 1569.806553][  T676]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1569.806578][  T676]  ? ___might_sleep+0x163/0x280
[ 1569.806598][  T676]  __should_failslab+0x121/0x190
23:27:11 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4)
connect$inet6(r1, &(0x7f0000000080), 0x1c)

[ 1569.806624][  T676]  should_failslab+0x9/0x14
[ 1569.814663][T24362] binder: undelivered TRANSACTION_ERROR: 29189
[ 1569.820231][  T676]  __kmalloc+0x2dc/0x740
[ 1569.820252][  T676]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1569.820270][  T676]  ? rw_copy_check_uvector+0x28c/0x330
[ 1569.820289][  T676]  rw_copy_check_uvector+0x28c/0x330
[ 1569.820307][  T676]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1569.820329][  T676]  import_iovec+0xbf/0x200
[ 1569.820344][  T676]  ? dup_iter+0x260/0x260
[ 1569.820358][  T676]  ? __kmalloc_node+0x3d/0x70
[ 1569.820372][  T676]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1569.820388][  T676]  vfs_readv+0xc6/0x160
[ 1569.820400][  T676]  ? alloc_pages_current+0x10f/0x210
[ 1569.820415][  T676]  ? compat_rw_copy_check_uvector+0x3f0/0x3f0
[ 1569.820427][  T676]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1569.820448][  T676]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1569.820461][  T676]  ? iov_iter_get_pages_alloc+0x3ae/0x1350
[ 1569.820481][  T676]  ? iov_iter_revert+0xaa0/0xaa0
[ 1569.820496][  T676]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1569.820508][  T676]  ? iov_iter_pipe+0xba/0x2f0
[ 1569.820525][  T676]  default_file_splice_read+0x475/0x890
[ 1569.820551][  T676]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1569.820565][  T676]  ? kasan_kmalloc+0x9/0x10
[ 1569.820577][  T676]  ? __kmalloc+0x15c/0x740
[ 1569.820593][  T676]  ? alloc_pipe_info+0x199/0x430
23:27:11 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x11}}, 0xfffffefd)

[ 1569.820616][  T676]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1569.820640][  T676]  ? percpu_ref_put_many+0x94/0x190
[ 1569.820658][  T676]  ? percpu_ref_put_many+0x94/0x190
[ 1569.820672][  T676]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1569.820714][  T676]  ? security_file_permission+0x94/0x380
[ 1569.820733][  T676]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1569.820757][  T676]  do_splice_to+0x12a/0x190
[ 1569.826818][T24362] binder: send failed reply for transaction 523, target dead
[ 1569.830836][  T676]  splice_direct_to_actor+0x2d2/0x970
[ 1569.830854][  T676]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1569.830876][  T676]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1569.830890][  T676]  ? do_splice_to+0x190/0x190
[ 1569.830921][  T676]  ? rw_verify_area+0x118/0x360
[ 1569.830937][  T676]  do_splice_direct+0x1da/0x2a0
[ 1569.830951][  T676]  ? splice_direct_to_actor+0x970/0x970
[ 1569.830975][  T676]  ? rw_verify_area+0x118/0x360
[ 1569.830990][  T676]  do_sendfile+0x597/0xd00
[ 1569.831014][  T676]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1569.831032][  T676]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1569.831049][  T676]  ? _copy_from_user+0xdd/0x150
[ 1569.831074][  T676]  __x64_sys_sendfile64+0x15a/0x220
[ 1570.103627][  T676]  ? __ia32_sys_sendfile+0x230/0x230
[ 1570.108936][  T676]  ? do_syscall_64+0x26/0x610
[ 1570.113645][  T676]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1570.119796][  T676]  ? trace_hardirqs_on+0x67/0x230
[ 1570.125236][  T676]  do_syscall_64+0x103/0x610
[ 1570.130352][  T676]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1570.139809][  T676] RIP: 0033:0x458209
[ 1570.143811][  T676] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1570.164522][  T676] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1570.174380][  T676] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
[ 1570.182612][  T676] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1570.191798][  T676] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1570.202983][  T676] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
[ 1570.211476][  T676] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
23:27:11 executing program 1 (fault-call:2 fault-nth:20):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1570.344603][  T689] FAULT_INJECTION: forcing a failure.
[ 1570.344603][  T689] name failslab, interval 1, probability 0, space 0, times 0
[ 1570.361054][  T689] CPU: 1 PID: 689 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
[ 1570.369358][  T689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1570.380319][  T689] Call Trace:
[ 1570.383839][  T689]  dump_stack+0x172/0x1f0
[ 1570.388610][  T689]  should_fail.cold+0xa/0x15
[ 1570.393605][  T689]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1570.400419][  T689]  ? ___might_sleep+0x163/0x280
[ 1570.406309][  T689]  __should_failslab+0x121/0x190
[ 1570.413512][  T689]  should_failslab+0x9/0x14
[ 1570.421574][  T689]  kmem_cache_alloc_node_trace+0x270/0x720
[ 1570.431705][  T689]  ? kernel_poison_pages+0x178/0x2b0
[ 1570.438608][  T689]  __kmalloc_node+0x3d/0x70
[ 1570.443767][  T689]  kvmalloc_node+0x68/0x100
[ 1570.449093][  T689]  traverse+0x401/0x760
[ 1570.453927][  T689]  ? seq_dentry+0x2d0/0x2d0
[ 1570.462575][  T689]  seq_read+0x8f8/0x1130
[ 1570.467126][  T689]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1570.473598][  T689]  ? seq_dentry+0x2d0/0x2d0
[ 1570.478666][  T689]  proc_reg_read+0x1fe/0x2c0
[ 1570.485968][  T689]  ? proc_reg_compat_ioctl+0x2a0/0x2a0
[ 1570.496429][  T689]  ? rw_verify_area+0x118/0x360
[ 1570.503039][  T689]  do_iter_read+0x4a9/0x660
[ 1570.508053][  T689]  ? dup_iter+0x260/0x260
[ 1570.513369][  T689]  vfs_readv+0xf0/0x160
[ 1570.518515][  T689]  ? alloc_pages_current+0x10f/0x210
[ 1570.524579][  T689]  ? compat_rw_copy_check_uvector+0x3f0/0x3f0
[ 1570.531180][  T689]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1570.537657][  T689]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1570.544123][  T689]  ? iov_iter_get_pages_alloc+0x3ae/0x1350
[ 1570.549978][  T689]  ? iov_iter_revert+0xaa0/0xaa0
[ 1570.554971][  T689]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1570.562029][  T689]  ? iov_iter_pipe+0xba/0x2f0
[ 1570.566816][  T689]  default_file_splice_read+0x475/0x890
[ 1570.572430][  T689]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1570.578481][  T689]  ? kasan_kmalloc+0x9/0x10
[ 1570.583124][  T689]  ? __kmalloc+0x15c/0x740
[ 1570.588038][  T689]  ? alloc_pipe_info+0x199/0x430
[ 1570.593381][  T689]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1570.600624][  T689]  ? percpu_ref_put_many+0x94/0x190
[ 1570.605897][  T689]  ? percpu_ref_put_many+0x94/0x190
[ 1570.611224][  T689]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1570.617621][  T689]  ? security_file_permission+0x94/0x380
[ 1570.624693][  T689]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1570.630374][  T689]  do_splice_to+0x12a/0x190
[ 1570.635018][  T689]  splice_direct_to_actor+0x2d2/0x970
[ 1570.640611][  T689]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1570.646304][  T689]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1570.652600][  T689]  ? do_splice_to+0x190/0x190
[ 1570.659064][  T689]  ? rw_verify_area+0x118/0x360
[ 1570.663979][  T689]  do_splice_direct+0x1da/0x2a0
[ 1570.669539][  T689]  ? splice_direct_to_actor+0x970/0x970
[ 1570.669607][  T689]  ? rw_verify_area+0x118/0x360
[ 1570.669623][  T689]  do_sendfile+0x597/0xd00
[ 1570.669646][  T689]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1570.669666][  T689]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1570.669684][  T689]  ? _copy_from_user+0xdd/0x150
[ 1570.669705][  T689]  __x64_sys_sendfile64+0x15a/0x220
[ 1570.669724][  T689]  ? __ia32_sys_sendfile+0x230/0x230
[ 1570.669740][  T689]  ? do_syscall_64+0x26/0x610
[ 1570.669766][  T689]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1570.706879][  T689]  ? trace_hardirqs_on+0x67/0x230
[ 1570.706913][  T689]  do_syscall_64+0x103/0x610
[ 1570.706936][  T689]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1570.706948][  T689] RIP: 0033:0x458209
[ 1570.706965][  T689] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1570.706973][  T689] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
23:27:12 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:12 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x805, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000005140)={&(0x7f0000003d00)=@pppol2tpin6={0x18, 0x1, {0x0, <r1=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, 0x0, 0x0, &(0x7f00000050c0)=""/67, 0x43}, 0x2000)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000051c0)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f0000005340)={&(0x7f0000005180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000005300)={&(0x7f0000005200)={0x70, r2, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0x44, 0x2, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@broadcast}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@broadcast}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x8001}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x11}}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000000}, 0x4040011)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)

[ 1570.706989][  T689] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
[ 1570.706998][  T689] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1570.707006][  T689] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1570.707014][  T689] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
[ 1570.707023][  T689] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
23:27:12 executing program 1 (fault-call:2 fault-nth:21):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1570.942121][  T990] FAULT_INJECTION: forcing a failure.
[ 1570.942121][  T990] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1570.957564][  T990] CPU: 0 PID: 990 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36
[ 1570.965386][  T990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1570.975464][  T990] Call Trace:
[ 1570.979005][  T990]  dump_stack+0x172/0x1f0
[ 1570.983490][  T990]  should_fail.cold+0xa/0x15
[ 1570.989078][  T990]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1570.994925][  T990]  ? percpu_ref_tryget_live+0xef/0x290
[ 1571.000628][  T990]  should_fail_alloc_page+0x50/0x60
[ 1571.006297][  T990]  __alloc_pages_nodemask+0x1a1/0x7e0
[ 1571.012835][  T990]  ? find_held_lock+0x35/0x130
[ 1571.017746][  T990]  ? __alloc_pages_slowpath+0x28b0/0x28b0
[ 1571.024471][  T990]  cache_grow_begin+0x9c/0x860
[ 1571.029268][  T990]  ? __kmalloc_node+0x3d/0x70
[ 1571.033982][  T990]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1571.041569][  T990]  kmem_cache_alloc_node_trace+0x658/0x720
[ 1571.048134][  T990]  ? kernel_poison_pages+0x178/0x2b0
[ 1571.056151][  T990]  __kmalloc_node+0x3d/0x70
[ 1571.060876][  T990]  kvmalloc_node+0x68/0x100
[ 1571.065508][  T990]  traverse+0x401/0x760
[ 1571.069701][  T990]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1571.075646][  T990]  ? seq_dentry+0x2d0/0x2d0
[ 1571.080297][  T990]  seq_read+0x8f8/0x1130
[ 1571.084580][  T990]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1571.090865][  T990]  ? seq_dentry+0x2d0/0x2d0
[ 1571.095677][  T990]  proc_reg_read+0x1fe/0x2c0
[ 1571.100345][  T990]  ? proc_reg_compat_ioctl+0x2a0/0x2a0
[ 1571.105850][  T990]  ? rw_verify_area+0x118/0x360
[ 1571.110836][  T990]  do_iter_read+0x4a9/0x660
[ 1571.110854][  T990]  ? dup_iter+0x260/0x260
[ 1571.110876][  T990]  vfs_readv+0xf0/0x160
[ 1571.110890][  T990]  ? alloc_pages_current+0x10f/0x210
[ 1571.110919][  T990]  ? compat_rw_copy_check_uvector+0x3f0/0x3f0
[ 1571.110937][  T990]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1571.110973][  T990]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1571.149381][  T990]  ? iov_iter_get_pages_alloc+0x3ae/0x1350
[ 1571.155335][  T990]  ? iov_iter_revert+0xaa0/0xaa0
[ 1571.155354][  T990]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1571.155368][  T990]  ? iov_iter_pipe+0xba/0x2f0
[ 1571.155389][  T990]  default_file_splice_read+0x475/0x890
[ 1571.155410][  T990]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1571.155424][  T990]  ? kasan_kmalloc+0x9/0x10
[ 1571.155437][  T990]  ? __kmalloc+0x15c/0x740
23:27:12 executing program 0:
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[], 0xffdbc6a1)
unlink(&(0x7f0000000140)='./file0\x00')
clone(0x2100001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
mount(&(0x7f0000000000)=ANY=[], &(0x7f0000000080)='./file0\x00', 0x0, 0x2002, 0x0)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)

23:27:12 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x400000}}, 0xfffffefd)

[ 1571.155454][  T990]  ? alloc_pipe_info+0x199/0x430
[ 1571.155482][  T990]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1571.187674][  T990]  ? percpu_ref_put_many+0x94/0x190
[ 1571.187694][  T990]  ? percpu_ref_put_many+0x94/0x190
[ 1571.187710][  T990]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1571.187755][  T990]  ? security_file_permission+0x94/0x380
[ 1571.187786][  T990]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1571.225836][  T990]  do_splice_to+0x12a/0x190
[ 1571.225855][  T990]  splice_direct_to_actor+0x2d2/0x970
[ 1571.225874][  T990]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1571.225896][  T990]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1571.225918][  T990]  ? do_splice_to+0x190/0x190
[ 1571.225939][  T990]  ? rw_verify_area+0x118/0x360
[ 1571.225958][  T990]  do_splice_direct+0x1da/0x2a0
[ 1571.225973][  T990]  ? splice_direct_to_actor+0x970/0x970
[ 1571.225995][  T990]  ? rw_verify_area+0x118/0x360
[ 1571.226014][  T990]  do_sendfile+0x597/0xd00
[ 1571.226048][  T990]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1571.226070][  T990]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1571.226089][  T990]  ? _copy_from_user+0xdd/0x150
[ 1571.226110][  T990]  __x64_sys_sendfile64+0x15a/0x220
[ 1571.226129][  T990]  ? __ia32_sys_sendfile+0x230/0x230
[ 1571.226146][  T990]  ? do_syscall_64+0x26/0x610
[ 1571.226163][  T990]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1571.226181][  T990]  ? trace_hardirqs_on+0x67/0x230
[ 1571.226201][  T990]  do_syscall_64+0x103/0x610
[ 1571.226222][  T990]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1571.226235][  T990] RIP: 0033:0x458209
[ 1571.226252][  T990] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1571.226260][  T990] RSP: 002b:00007fa1ea819c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1571.226275][  T990] RAX: ffffffffffffffda RBX: 00007fa1ea819c90 RCX: 0000000000458209
23:27:12 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x18}}, 0xfffffefd)

[ 1571.226284][  T990] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1571.226293][  T990] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1571.226303][  T990] R10: 08000000000092dd R11: 0000000000000246 R12: 00007fa1ea81a6d4
[ 1571.226312][  T990] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
[ 1571.368077][  T999] input: syz1 as /devices/virtual/input/input10
23:27:12 executing program 1 (fault-call:2 fault-nth:22):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:13 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:13 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:13 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x1a, 0x8000000000092dd)

23:27:13 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000300)={0x0, {{0x2, 0x0, @multicast1}}, 0xffffffffffffffff}, 0x90)

23:27:13 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x34, 0x8000000000092dd)

23:27:13 executing program 0:
pipe(&(0x7f0000000280)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$binfmt_script(r1, &(0x7f0000001200)=ANY=[@ANYBLOB="2321202e2f66696c65300a0b8f4c59ea47e21c3ed3da21b5956060261761eefdd186dc22c4816e1a77b646b85438815faca8dd0b630ca3ae39f7d1fd805cf53a99cb8624d88be5b36864a3"], 0x4b)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
write$binfmt_script(r1, &(0x7f0000003280)=ANY=[@ANYBLOB="2321202e2f66696c65300acbdb1519e37e45369ffc4903380a366992479ffdef051e2952f6c30d1063a0474203386cd7e01fafc3d6ccfd98e8959300a5a4ae39f456e001b88a578bbb63239a38c88af1e065796e400ddc326db5fac4fef7c9737f25bc02e88e794705aa2a9a6c499a88e084445a113fdb0f122b2996365025a531bce25f1cd781732d772972edf2501fd74c8f04e0ee6bb4360e8a1296b1b310c89b4bcf3680f6bb321f17f76336cbf9d3c4fa6b720ff1484af84d0fd2d27e6e133cf7d239a64c9421a32370454f5f8ea2403aec2b2654dce6318298dc4ce1201d2727ddcfdeea637af3a023993acbda972baabb4255b4baff03e5b3e58ac7614958fffbea9838049393ba4af0ce5aa6b4c0d9de9661a975edcdcc53eeb899af0488d3db5d81782aa219a32b77a6c1f23f950e99d8908692df2d6da9f5e2ddb40c4dc74b31654216172a75643f094611f5d037ec6845df533fdaa285d7cc929cdb471c32f56c585d12b4cb75fa480e07e845823dec2becd38604518cc982c3a0f33ca2632b88a1e10d54c73de58661efb9afb0c8bf0d87e6b37f7a66895fc8723104e47e0cc923bcfafaa39f1f6b57d2f81e4126e244995268d0e39e053e33adb7a5b15d82045bf173e708508c211dee12e3b07539901324b5aa09e9e54aabccb5e7ce0b5d9f578c14eb2f147c434216f532b5face991bdb518b924490458f0ce72f71e3ab3a1319fd2fa046db43109dbc521cd002a330cb4c23010100000000000057604b7ba3249a60c9df68a5d2c9e2cc59170f5782d22cdbcf31ccbe07a416119472d697656bd0dd2bd69e723e7e53ad21ee593910ac19e9a67d9bf1af10e112e6187bf8a463937c461214f738132511987801fa3b5073cd4754c43659a3bfa3ff782f29218a77a0546ce393c055469ab16941a5fe1365af0ea33146084062039de1d69c3ff59bae44785e52d24797ee07cd0d86112867259510e8baf338563d785366bd54ac7e91661aef2ae4646a9a04ce34ff7889689c5af643dd40f53ba1e79163a4454a3340bca09a985a746700b7048c535b8aab2ce2934a463c15dbef9e2709bfe266d39e9b65160fb3a348df01aa89f7cf34bd20a0e6963ad2b3ddf73f47f7578017fccebbaaf0c3565755bd6326ff030000173b83621a348069f58c879c6cc41281d6118eb5bc931f51fd160c7e0b0e9bf8ff8a281ca5f819f23f2d8bb74f03affd7ae53d943634a0b499b5ee449af423477c36a8beb9d5e977a834ab7109878d1b7de1773c37a1ea66f187ee30de723f38b4ec05947529a4b6267d8619af20f83ded0734e56fc4e2e4877e36924e2ef952a966233ec16c5aba8d192bf3f8f959972db8b15f92ab5ae774f8a0a3dc079f610045cf4ba0501a9d131b5053418c0104fed306150da3d9cb24dc6aa79feb8af9c9ada745ff620a8c784c7ec3ceaf1055854fcb01ffa21835341c16806ca3124a36b73ca0a349bc6b48f93c84afe5e8421cc6712c07b428e4968e6c78d80b7c35c206b8a0f49c8f0b3f23c8c0c696c3f209474f00a65c4b759baa875635889f630c68551ffa4c9f07806efab7b91e289928a0d00360b695d5455bfe8e5b80cefb20488a1eca6f61363af11639bf3e18bea7461611638b9fcc43024bbac88b5ab9f64c1343fa3e46017785fac4c743de0f15e0c3a306b4a8f863476cdf53bfcd11279385d00200d5c4f66d97b18bf3928ccff0793735f98080cc25922cee3449cc65740d7695ec4f1a8a7371d0cdfd92170255b2b2df61a66037c48491f9409f66b40c76385b16e43bcec2be4044dee026a70e260598d2aaa27a7f198b49dfd7787b1a60b4bcf2da6f72ac707c3ec04f90dc9dd12bcb87ae26054dc87183276f51df76bcb50948a963857e20cf1d1d55af767fa652394e10f70bf628551421216f1febdb9a47e372266539d1911517ef7301a7cd6c2faeefe7e7821984af8853e6bac886673d326a73cc84a2f6e5db97cbcadcf27be220c7b7f39d1855709d5c30f92ba83045e4f49459cb9fb87fda0c31ca8501cfd61a904318840405d3633cdd993dfc699c1fa6e725eeffbbe202bc48f76427bb0477d36e7ae4b232a6ae3a0fc377ae330d1f7129b477979bb47b4fc6addcb04418805341a278a44f430c36460407e928dc8317cddebdde33b2f27e8d6de9f2e6fc3efa6bba05540c6f3d318a8dca4ce872f28c38bba5731184a37605302d7af26016d94e6813504c84de2150d6abe9727ce524c24155a109fe842c6d24e58cca59e313ce40ef26bfbba8161f5d1dc4a6b544da89438ab9f7042577a6beebedda3c5f18a6437bba3e352762262a3e4771b6ec1938e12407c96a98ca6fac2cf48d1b6517010239fd7a02621159f01c661b17712c06dbbc5edeec33906578492c4f8d905a903fe121d4401e3e189a20a5fc1c762211b2123bbd24fcfd647d6a405c2032f5ec42247d5a3cb1fedd918183f22b66ad0d5f901e7170be6de255da8912bfacebb42c00325f260f344613c01fab835e81cac69c3d6c93211b4b27c7abefdc845dd8851eea37d38303a520f3b9c906d103f1d951b6dfff01ca007a070282e1f373595e4dd16146ce70dc793da310dfaf3163c2d9e41d4916f524a5895dc8d423465c87c6e79a4a9eeae07a9b1de8e13d1fe290ff306a9e9bcfbd2d83225d7860e654085d1603d7dc9df2c11fa0a9cd16ce8b53b3f7f8fe85b83ec3fc6a12f864131e85a9968af1d9e9a9e669e1fdd6c5c99c7f23091b98581187d878d5b635286938fc041173ff0da2af5154e37332ffb7bfca117336ec309240c0688cd5aa0b5d0994cc96eb4677e2b72d04d17d8f8aa5c270e41a6336d37cc8b984fd6513f21da0ab77e58e0eccef660dfe0acef6b441457fcbb8b13a3340ffcc1490f6c613a2994ecba211d0cfffb4892331470f836ba16913068033b0c9fb0a48aebd41d9407dd68b835c8e3a108e77293b0fa2521c27d0f5e986dc96941eb82a82bb9032f0d3dc6629272a7f5df92c8fb13a4bebf0251965fa9a8cc82b58c96d821a26dba8d9e7e50ba0a8cf265d887a6c95500598a1f97c6f9ba74ee2cd1f3b1100c0a765369ea4ff7cd620d58feaad6ee6f81d27557427b3940e1d470e8f72343ae0ea93098ca5e2c4c3ae776ea59d1e8bfa0fb1acc3b6fb169877b3619b3e2f20d24ba5fa3a854fa85e4f56bc7e08d943c1c3433f2d9b95008410e78ee32192ede3a68ba8fb6e5f1cc5482d4d4b366a14d73ff8f85d0a56d1c29f3268b0394d975f50448126a1a0f9d0784cda1f7210ac6ce92455ab8a89c60dcd347c1fca805179056faec6e66e4231328d5a7d8d3ada23eee7a00df4fcf41bfb1c6668013bfabc8e07492703550f9511dca7dfd8d6051a11fdb7701ad3bc4845cb84c1d77e8ebec7660570b797ed1a906e4c4b823788eb29cc822a9ec50ba272cfa1648afd4d88c35ef7efcbddb569172a5b0bc24bf1b0f10b271082c24992cb447a184775430a3f79ae1b5cc1fd32f9fdc1a9ac5a1571fb8b891f43bd048d79880e5177ffcc2409bd10815f936ca5f2c7fb96ebe164ba09d9bad2f3356974803be8fc36a1d6f9ae327d4d2d178d1ab9e81bd2a8d4e2c9e8c32586da6dbacef8c51f68b2ac430bcb0489f775d6d006c621ec9f3c4077f5fc6e7e56df644f83bc93ad809717100f9299d88d2962b80c42ac47bbb8caf2b8214276cf3eef856181f04810db1fc7e093e04aa516aefb47de7af34dcc418f9318f2830bc00b62296473cf32aefdd38715dfb48f43d611a9bc6fcf9c19bdab4c83122ba38c47fa54a8f21f8e112a69d0197637ca9de38b7894f93f78612ca6a30daefb5345b20147ca9f999fa0a5eb2fecd952ba4bfe35e2868d7edb23a1c5e78e39aaecc9f0c57109ca82c12efa64931315f64dc55e51c62f2bc781f020d9b409145db85086f0f4205e5d4b9b84835e3678756121d50389b0923ba8a39bd8759dadaf546d02a677c728cf13efcf2a57f19c5834a4217c49412cff005246b6d0b1aec94da6ec4575a4e4ace7afeded3aabf88517cd93c5eac2ebb37fccafb1000000000000801f37141bef087efc0a2054b743fae0267e698313de2bb667c7c34ef2fd0fee44fb467d498fca8dc539ec9e6ec445aaf2741263b10b2f83f37efa28b5d984088fb0301bcd1c3c853d1257d70cd93871c1c4191f2943989381d82fb788b969fd2a3e0906cfd4636749ccb3970aa2164f621869480699552da8ee123241e9e7cc28a614bb5c9399ed2158350261f6f23194748649885940889500d44baa0311dd33aa9c4966b4b3aabda20452ce20ff2a2027547f1eace50ff97b7229142dde784b310f4cfb83eb9aaec3e8f85ff74220b27dbfbf3d6bd952697d45b3b2998b2ea2e325f69c4277001f6bbf8dc12f29e01292373d9f7b98c813a7f61466cb784c37084525aae8ea21a236c07d122f6f4e6a9ad8202fed98dd61c6f3e4793e1d689af4762ea37b91d8fa7393c8d7e972e5be4bc2686ae9cb0b05bb365b1cc4a4aaf97631a61032a24693021193004202e7c19bf3dd6388d40778f634994ddc1828f723450a67391fb75b616c10012dd017f8721d83f91da0a4f6dde4a61b166322b28c7ddc18394853012f03f2e6d12cbdddd162848af8ac56996ddc482d05833a2ce91c7868176a6bf265194b8375a0f569ac3e9688de15df5160b0b24d2266b22c67f1f418bd4d8afa29674c7bce79ddae2eb79ccad7a78c5f965122a24bc032e524878a41fe9ad4b7fd915baaff5fe97f681251bd1d3397d9d474d4eb7980afd007b3959aeb161c4b71de6f89c7ec4d50c0b8d861538c86fa18d46d2d669d72f5e26200ef43dd6707b8b78f3caee23fe4e435a32ea3ced78fca25419124905f2a34efa6155299b9f840672fe03392376fe4381d5a90fee058de97f3d6371f8306f8b00ecd6b07d111984bebdd48bc3ea760a758e892f0877f1eb05e0e101c14133fef6713c4aa66dde37b536b61c05696c4f02fe748bc3bd2fb57b8cbaba798206bdabb6e0eed30a0c67eea69f045e822667744ff450845bc00aaec44211ca105ec72cb3372b20e6bec465fac05f8ba556472c8cb95b0f88e6eebf5780c5ba935639ba183c2e9133063c5c8e59598b319957d55a66b6d10e382872fd48b483c5ebbdd93931cb2790571c8f03ade2643f5eaa4a0d62586d14280fa1098be9bf29d6840387e5f0cb45b4ded3b4ae21033656f864ff0b5a19f6bc99546e44d6c6928c7dc84230adbd2e5a5a4ee434f57e671ba05a2f262718f21ad1aad61ef54cdfa5980c93fb50ae20544b2a116185ca9224585891ddf19dffc65496897047cc429fbb057331e8f4ad4796beafa12e6874881f6da60d5a75a51decfaf21143f98180f0bbaccc76a00618a8f503ee38f58fbce529b5761eb50b875cdf6e19d8a93c53a8f6e68444f6f7fdbb8054eb0321dcfd5046a3d51f6ac2b0b903c3c91ac14d0b88624554872c931d6c2ed257cff417b61217972e546740cdcba5e36c1dec6b99ccfa93fc3e4d5274eee7995eed7cbb1ffb0473fd2b33a581b501a51ea9174665c9dd008c81a9f8f8f0af439000a17c11645ee6636fcd78b03da4dd19b05b37f25a16c73783fe39d"], 0xf8b)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x0, 0xfffffffffffffffc}, 0x4)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000180)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0xfff}]}, 0x10)
bind$inet(r2, &(0x7f0000000300)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10)
splice(r0, 0x0, r2, 0x0, 0x10005, 0x0)

23:27:13 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x49, 0x8000000000092dd)

23:27:13 executing program 5:

23:27:13 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x5f, 0x8000000000092dd)

23:27:13 executing program 5:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x1132})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x6, 0x0)
ioctl$TUNSETQUEUE(r0, 0x400454d9, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132})
r2 = socket$kcm(0x29, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000340)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&')
write$cgroup_subtree(r1, &(0x7f0000000640)=ANY=[@ANYBLOB="00038aa174036ed7e08f93dd86dd22fa60a96fe906dc3163371e2549df6e86aa750c85f0b201eb71dc36072d8353f6752c95324065640ea98f2b714c517c0a0000000000000000000000"], 0x4a)

[ 1572.299541][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1572.305738][    C1] protocol 88fb is buggy, dev hsr_slave_1
23:27:13 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x800c00}}, 0xfffffefd)

23:27:13 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x7b, 0x8000000000092dd)

23:27:13 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x50}}, 0xfffffefd)

23:27:14 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:14 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
socket$kcm(0x11, 0x0, 0x300)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1f', 0x2761, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)}, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, &(0x7f0000000000)=0xb)
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

23:27:14 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x94, 0x8000000000092dd)

[ 1572.637074][ T1786] device nr0
 entered promiscuous mode
23:27:14 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0xb1, 0x8000000000092dd)

23:27:14 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0xc7, 0x8000000000092dd)

23:27:14 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0xdf, 0x8000000000092dd)

23:27:14 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0xf5, 0x8000000000092dd)

23:27:14 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x11a, 0x8000000000092dd)

23:27:15 executing program 5:
r0 = memfd_create(&(0x7f0000000140)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\x94a\xac', 0x0)
write$binfmt_misc(r0, &(0x7f0000000c40)=ANY=[@ANYRES32], 0xfffffe43)
lseek(r0, 0x0, 0x4)

23:27:15 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x137, 0x8000000000092dd)

23:27:15 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xd00700}}, 0xfffffefd)

23:27:15 executing program 0:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000002580)=[{&(0x7f00000012c0)=""/115, 0x73}], 0x1}}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000400)='cmdline\x00')
preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x3f00)

23:27:15 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:15 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xa0}}, 0xfffffefd)

23:27:15 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x14d, 0x8000000000092dd)

23:27:15 executing program 0:
r0 = socket(0x10, 0x20000000000003, 0x0)
recvfrom(r0, &(0x7f00000001c0)=""/4096, 0x1000, 0x0, 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000003080)={0x14, 0x1a, 0x201}, 0x14}}, 0x0)

23:27:15 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x168, 0x8000000000092dd)

23:27:15 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x17e, 0x8000000000092dd)

23:27:15 executing program 5:

23:27:15 executing program 0:

23:27:15 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x19b, 0x8000000000092dd)

23:27:15 executing program 0:

23:27:16 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xf00f00}}, 0xfffffefd)

23:27:16 executing program 5:

23:27:16 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x1b2, 0x8000000000092dd)

23:27:16 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:16 executing program 0:

23:27:16 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x300}}, 0xfffffefd)

23:27:16 executing program 5:

23:27:16 executing program 0:

23:27:16 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x1c8, 0x8000000000092dd)

23:27:16 executing program 5:

23:27:16 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x1e0, 0x8000000000092dd)

23:27:16 executing program 0:

23:27:16 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x1000000}}, 0xfffffefd)

23:27:16 executing program 5:

23:27:16 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x1f7, 0x8000000000092dd)

23:27:16 executing program 0:

23:27:16 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:16 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x500}}, 0xfffffefd)

23:27:17 executing program 0:

23:27:17 executing program 5:

23:27:17 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x210, 0x8000000000092dd)

23:27:17 executing program 0:

23:27:17 executing program 5:

23:27:17 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x214, 0x8000000000092dd)

23:27:17 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x2000000}}, 0xfffffefd)

23:27:17 executing program 0:

23:27:17 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x217, 0x8000000000092dd)

23:27:17 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:17 executing program 5:

23:27:17 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x600}}, 0xfffffefd)

23:27:18 executing program 5:

23:27:18 executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r0, &(0x7f0000000080)="0f", 0x1, 0x0, 0x0, 0x0)
shutdown(r0, 0x1)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6c, &(0x7f0000018000)={0x0, @in6}, 0x0)

23:27:18 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x21d, 0x8000000000092dd)

23:27:18 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SMI(r2, 0xaeb7)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

23:27:18 executing program 0:
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x4, 0xc, 0x20, 0x0, 0x9}, 0xffffffffffffffff, 0xa, 0xffffffffffffff9c, 0x0)
r0 = memfd_create(&(0x7f0000000140)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\x94a\xac', 0x0)
write$binfmt_misc(r0, &(0x7f0000000c40)=ANY=[@ANYRES32], 0xfffffe43)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
lseek(r0, 0x0, 0x4)

23:27:18 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x253, 0x8000000000092dd)

23:27:18 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x3000000}}, 0xfffffefd)

23:27:18 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x25d, 0x8000000000092dd)

23:27:18 executing program 5:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(hmac(sha256-generic))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={0x0}}, 0x0)

23:27:18 executing program 0:
socket(0x880800000000010, 0x802, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
syz_open_dev$usbmon(0x0, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
connect$caif(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000ad7000)={0x1, &(0x7f0000acbff8)=[{0x6, 0x0, 0x0, 0x6}]}, 0x10)
bind$inet6(r0, &(0x7f0000807fe4)={0xa, 0x4e22}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x200408d4, &(0x7f000072e000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
r2 = dup2(r0, r0)
ioctl$KDGKBSENT(0xffffffffffffffff, 0x4b48, 0x0)
sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x0, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
sendto$inet6(r0, &(0x7f0000ad6fad)='\x00', 0x1, 0x3, 0x0, 0x0)
poll(&(0x7f0000000040)=[{r2}], 0x1, 0xe0)
dup2(r1, r0)

23:27:18 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:18 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x700}}, 0xfffffefd)

[ 1577.419447][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1577.425296][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1577.431116][    C1] protocol 88fb is buggy, dev hsr_slave_1
23:27:18 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x264, 0x8000000000092dd)

23:27:19 executing program 5:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x8}}, 0xfffffefd)

23:27:19 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x26b, 0x8000000000092dd)

23:27:19 executing program 0 (fault-call:5 fault-nth:0):
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

23:27:19 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x293, 0x8000000000092dd)

[ 1577.771595][ T6044] binder: release 6043:6044 transaction 527 out, still active
[ 1577.828951][ T6044] binder: unexpected work type, 4, not freed
[ 1577.836790][ T6044] binder: undelivered TRANSACTION_COMPLETE
23:27:19 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

[ 1577.904626][ T5246] binder: send failed reply for transaction 527, target dead
[ 1577.988034][ T6154] binder: release 6153:6154 transaction 531 out, still active
[ 1578.026227][ T6154] binder: unexpected work type, 4, not freed
[ 1578.049262][ T6154] binder: undelivered TRANSACTION_COMPLETE
[ 1578.130092][ T5246] binder: send failed reply for transaction 531, target dead
23:27:19 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x4000000}}, 0xfffffefd)

23:27:19 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:19 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xa00}}, 0xfffffefd)

23:27:19 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x2, 0x0)

23:27:19 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x29a, 0x8000000000092dd)

23:27:19 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x2ac, 0x8000000000092dd)

23:27:19 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x5421, 0x0)

[ 1578.471608][ T1512] binder: send failed reply for transaction 535 to 6266:6294
[ 1578.496850][ T1512] binder: undelivered TRANSACTION_COMPLETE
[ 1578.515762][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
23:27:20 executing program 5 (fault-call:2 fault-nth:0):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:27:20 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x2bd, 0x8000000000092dd)

23:27:20 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x5450, 0x0)

[ 1578.725668][ T6798] FAULT_INJECTION: forcing a failure.
[ 1578.725668][ T6798] name failslab, interval 1, probability 0, space 0, times 0
[ 1578.757271][ T1512] binder: send failed reply for transaction 539 to 6592:6593
[ 1578.765375][ T1512] binder: undelivered TRANSACTION_COMPLETE
[ 1578.773862][ T6798] CPU: 0 PID: 6798 Comm: syz-executor.5 Not tainted 5.1.0-rc2 #36
[ 1578.781976][ T6798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1578.792045][ T6798] Call Trace:
[ 1578.792077][ T6798]  dump_stack+0x172/0x1f0
[ 1578.792103][ T6798]  should_fail.cold+0xa/0x15
[ 1578.792131][ T6798]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1578.810126][ T6798]  ? ___might_sleep+0x163/0x280
[ 1578.814990][ T6798]  __should_failslab+0x121/0x190
[ 1578.819964][ T6798]  should_failslab+0x9/0x14
[ 1578.824479][ T6798]  kmem_cache_alloc_trace+0x2d1/0x760
[ 1578.829861][ T6798]  ? _parse_integer+0x139/0x190
[ 1578.829888][ T6798]  alloc_pipe_info+0xb9/0x430
[ 1578.829918][ T6798]  splice_direct_to_actor+0x775/0x970
[ 1578.829936][ T6798]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1578.829953][ T6798]  ? lock_downgrade+0x880/0x880
[ 1578.829968][ T6798]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1578.829982][ T6798]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1578.830006][ T6798]  ? do_splice_to+0x190/0x190
[ 1578.830027][ T6798]  ? rw_verify_area+0x118/0x360
[ 1578.830044][ T6798]  do_splice_direct+0x1da/0x2a0
[ 1578.830060][ T6798]  ? splice_direct_to_actor+0x970/0x970
[ 1578.830084][ T6798]  ? rw_verify_area+0x118/0x360
[ 1578.845248][ T6798]  do_sendfile+0x597/0xd00
[ 1578.898239][ T6798]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1578.903646][ T6798]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1578.909928][ T6798]  ? _copy_from_user+0xdd/0x150
[ 1578.914798][ T6798]  __x64_sys_sendfile64+0x15a/0x220
[ 1578.920039][ T6798]  ? __ia32_sys_sendfile+0x230/0x230
[ 1578.925355][ T6798]  ? do_syscall_64+0x26/0x610
[ 1578.930037][ T6798]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1578.935334][ T6798]  ? trace_hardirqs_on+0x67/0x230
[ 1578.940369][ T6798]  do_syscall_64+0x103/0x610
[ 1578.944974][ T6798]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1578.950869][ T6798] RIP: 0033:0x458209
[ 1578.954784][ T6798] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
23:27:20 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x2be, 0x8000000000092dd)

[ 1578.974421][ T6798] RSP: 002b:00007f919147cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1578.982847][ T6798] RAX: ffffffffffffffda RBX: 00007f919147cc90 RCX: 0000000000458209
[ 1578.990830][ T6798] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1578.998822][ T6798] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1579.006845][ T6798] R10: 08000000000092dd R11: 0000000000000246 R12: 00007f919147d6d4
[ 1579.014936][ T6798] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
[ 1579.024517][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
23:27:20 executing program 5 (fault-call:2 fault-nth:1):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:27:20 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x5451, 0x0)

[ 1579.126713][ T5246] binder: send failed reply for transaction 543 to 6806:6812
[ 1579.141491][ T5246] binder: undelivered TRANSACTION_COMPLETE
[ 1579.220833][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
[ 1579.232340][ T7120] FAULT_INJECTION: forcing a failure.
[ 1579.232340][ T7120] name failslab, interval 1, probability 0, space 0, times 0
[ 1579.266809][ T7120] CPU: 0 PID: 7120 Comm: syz-executor.5 Not tainted 5.1.0-rc2 #36
[ 1579.274664][ T7120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1579.284862][ T7120] Call Trace:
[ 1579.288185][ T7120]  dump_stack+0x172/0x1f0
[ 1579.292549][ T7120]  should_fail.cold+0xa/0x15
[ 1579.297176][ T7120]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1579.303219][ T7120]  ? ___might_sleep+0x163/0x280
[ 1579.308099][ T7120]  __should_failslab+0x121/0x190
[ 1579.313071][ T7120]  should_failslab+0x9/0x14
[ 1579.317581][ T7120]  __kmalloc+0x2dc/0x740
[ 1579.321936][ T7120]  ? kmem_cache_alloc_trace+0x354/0x760
[ 1579.327504][ T7120]  ? _parse_integer+0x139/0x190
[ 1579.332380][ T7120]  ? alloc_pipe_info+0x199/0x430
[ 1579.337431][ T7120]  alloc_pipe_info+0x199/0x430
[ 1579.342220][ T7120]  splice_direct_to_actor+0x775/0x970
[ 1579.347609][ T7120]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1579.353259][ T7120]  ? lock_downgrade+0x880/0x880
[ 1579.353275][ T7120]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
23:27:20 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x5000000}}, 0xfffffefd)

23:27:20 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x2, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:20 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x2c8, 0x8000000000092dd)

23:27:20 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xb00}}, 0xfffffefd)

[ 1579.353296][ T7120]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1579.353310][ T7120]  ? do_splice_to+0x190/0x190
[ 1579.353330][ T7120]  ? rw_verify_area+0x118/0x360
[ 1579.353351][ T7120]  do_splice_direct+0x1da/0x2a0
[ 1579.385923][ T7120]  ? splice_direct_to_actor+0x970/0x970
[ 1579.391877][ T7120]  ? rw_verify_area+0x118/0x360
[ 1579.396875][ T7120]  do_sendfile+0x597/0xd00
[ 1579.401346][ T7120]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1579.406755][ T7120]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1579.413118][ T7120]  ? _copy_from_user+0xdd/0x150
[ 1579.417995][ T7120]  __x64_sys_sendfile64+0x15a/0x220
[ 1579.423246][ T7120]  ? __ia32_sys_sendfile+0x230/0x230
[ 1579.428647][ T7120]  ? do_syscall_64+0x26/0x610
[ 1579.433342][ T7120]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1579.438649][ T7120]  ? trace_hardirqs_on+0x67/0x230
[ 1579.443698][ T7120]  do_syscall_64+0x103/0x610
[ 1579.448315][ T7120]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1579.454222][ T7120] RIP: 0033:0x458209
[ 1579.458126][ T7120] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1579.477741][ T7120] RSP: 002b:00007f919147cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1579.486176][ T7120] RAX: ffffffffffffffda RBX: 00007f919147cc90 RCX: 0000000000458209
[ 1579.494163][ T7120] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1579.502154][ T7120] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1579.510138][ T7120] R10: 08000000000092dd R11: 0000000000000246 R12: 00007f919147d6d4
[ 1579.518241][ T7120] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
23:27:21 executing program 5 (fault-call:2 fault-nth:2):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:27:21 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x5452, 0x0)

23:27:21 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x2c9, 0x8000000000092dd)

[ 1579.638317][ T1512] binder: send failed reply for transaction 547 to 7121:7123
[ 1579.646819][ T1512] binder: undelivered TRANSACTION_COMPLETE
[ 1579.653195][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
23:27:21 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x2d7, 0x8000000000092dd)

[ 1579.792165][ T7441] FAULT_INJECTION: forcing a failure.
[ 1579.792165][ T7441] name failslab, interval 1, probability 0, space 0, times 0
[ 1579.859179][ T7441] CPU: 0 PID: 7441 Comm: syz-executor.5 Not tainted 5.1.0-rc2 #36
[ 1579.867228][ T7441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1579.877517][ T7441] Call Trace:
[ 1579.880858][ T7441]  dump_stack+0x172/0x1f0
[ 1579.885233][ T7441]  should_fail.cold+0xa/0x15
[ 1579.889868][ T7441]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1579.895712][ T7441]  ? ___might_sleep+0x163/0x280
[ 1579.900597][ T7441]  __should_failslab+0x121/0x190
[ 1579.905563][ T7441]  should_failslab+0x9/0x14
[ 1579.910101][ T7441]  kmem_cache_alloc_node_trace+0x270/0x720
[ 1579.915947][ T7441]  ? lock_downgrade+0x880/0x880
[ 1579.920815][ T7441]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1579.927086][ T7441]  __kmalloc_node+0x3d/0x70
[ 1579.931616][ T7441]  kvmalloc_node+0x68/0x100
[ 1579.936144][ T7441]  iov_iter_get_pages_alloc+0x862/0x1350
[ 1579.941793][ T7441]  ? unwind_get_return_address+0x61/0xa0
[ 1579.947445][ T7441]  ? __save_stack_trace+0x99/0x100
[ 1579.952581][ T7441]  ? iov_iter_revert+0xaa0/0xaa0
[ 1579.957623][ T7441]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1579.963358][ T7441]  ? iov_iter_pipe+0xba/0x2f0
[ 1579.968074][ T7441]  default_file_splice_read+0x199/0x890
[ 1579.973648][ T7441]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1579.979470][ T7441]  ? kasan_kmalloc+0x9/0x10
[ 1579.984014][ T7441]  ? __kmalloc+0x15c/0x740
[ 1579.988583][ T7441]  ? alloc_pipe_info+0x199/0x430
[ 1579.993631][ T7441]  ? do_sendfile+0x597/0xd00
[ 1579.998267][ T7441]  ? do_syscall_64+0x103/0x610
[ 1580.003055][ T7441]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1580.009179][ T7441]  ? __lock_acquire+0x548/0x3fb0
[ 1580.014152][ T7441]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1580.019724][ T7441]  ? percpu_ref_put_many+0x94/0x190
[ 1580.024952][ T7441]  ? percpu_ref_put_many+0x94/0x190
[ 1580.030196][ T7441]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1580.036633][ T7441]  ? fsnotify+0x811/0xbc0
[ 1580.040995][ T7441]  ? fsnotify+0xbc0/0xbc0
[ 1580.045372][ T7441]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1580.051634][ T7441]  ? fsnotify_first_mark+0x210/0x210
[ 1580.056945][ T7441]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1580.063229][ T7441]  ? security_file_permission+0x94/0x380
[ 1580.068895][ T7441]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1580.074467][ T7441]  do_splice_to+0x12a/0x190
[ 1580.078980][ T7441]  splice_direct_to_actor+0x2d2/0x970
[ 1580.084348][ T7441]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1580.089914][ T7441]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1580.096159][ T7441]  ? do_splice_to+0x190/0x190
[ 1580.100859][ T7441]  ? rw_verify_area+0x118/0x360
[ 1580.105705][ T7441]  do_splice_direct+0x1da/0x2a0
[ 1580.110576][ T7441]  ? splice_direct_to_actor+0x970/0x970
[ 1580.116122][ T7441]  ? rw_verify_area+0x118/0x360
[ 1580.120989][ T7441]  do_sendfile+0x597/0xd00
[ 1580.125457][ T7441]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1580.130754][ T7441]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1580.136996][ T7441]  ? _copy_from_user+0xdd/0x150
[ 1580.141850][ T7441]  __x64_sys_sendfile64+0x15a/0x220
[ 1580.147245][ T7441]  ? __ia32_sys_sendfile+0x230/0x230
[ 1580.152526][ T7441]  ? do_syscall_64+0x26/0x610
[ 1580.157209][ T7441]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1580.162486][ T7441]  ? trace_hardirqs_on+0x67/0x230
[ 1580.167518][ T7441]  do_syscall_64+0x103/0x610
[ 1580.172334][ T7441]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1580.178245][ T7441] RIP: 0033:0x458209
[ 1580.182339][ T7441] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1580.201970][ T7441] RSP: 002b:00007f919147cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
23:27:21 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x6000000}}, 0xfffffefd)

[ 1580.210461][ T7441] RAX: ffffffffffffffda RBX: 00007f919147cc90 RCX: 0000000000458209
[ 1580.218424][ T7441] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1580.226402][ T7441] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1580.234512][ T7441] R10: 08000000000092dd R11: 0000000000000246 R12: 00007f919147d6d4
[ 1580.248760][ T7441] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
23:27:21 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x2d8, 0x8000000000092dd)

23:27:21 executing program 5 (fault-call:2 fault-nth:3):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:27:21 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x5460, 0x0)

[ 1580.330047][ T5246] binder: release 7335:7442 transaction 551 out, still active
[ 1580.338097][ T5246] binder: unexpected work type, 4, not freed
23:27:21 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x3, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1580.423516][ T5246] binder: undelivered TRANSACTION_COMPLETE
[ 1580.433919][ T5246] binder: send failed reply for transaction 551, target dead
23:27:22 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x2d9, 0x8000000000092dd)

[ 1580.520017][ T7877] FAULT_INJECTION: forcing a failure.
[ 1580.520017][ T7877] name fail_page_alloc, interval 1, probability 0, space 0, times 0
23:27:22 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xd00}}, 0xfffffefd)

[ 1580.607793][ T7877] CPU: 1 PID: 7877 Comm: syz-executor.5 Not tainted 5.1.0-rc2 #36
[ 1580.615654][ T7877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1580.625843][ T7877] Call Trace:
[ 1580.629158][ T7877]  dump_stack+0x172/0x1f0
[ 1580.633601][ T7877]  should_fail.cold+0xa/0x15
[ 1580.638227][ T7877]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1580.639821][ T1512] binder: send failed reply for transaction 555 to 7867:7876
[ 1580.644602][ T7877]  ? ___might_sleep+0x163/0x280
[ 1580.644626][ T7877]  should_fail_alloc_page+0x50/0x60
[ 1580.644643][ T7877]  __alloc_pages_nodemask+0x1a1/0x7e0
[ 1580.644660][ T7877]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1580.644677][ T7877]  ? __alloc_pages_slowpath+0x28b0/0x28b0
[ 1580.644692][ T7877]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1580.644715][ T7877]  ? __kmalloc_node+0x3d/0x70
[ 1580.652988][ T1512] binder: undelivered TRANSACTION_COMPLETE
[ 1580.657135][ T7877]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1580.657152][ T7877]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1580.657171][ T7877]  alloc_pages_current+0x107/0x210
[ 1580.657191][ T7877]  push_pipe+0x3fc/0x7a0
[ 1580.657214][ T7877]  iov_iter_get_pages_alloc+0x8c2/0x1350
[ 1580.657236][ T7877]  ? __save_stack_trace+0x99/0x100
[ 1580.664539][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
[ 1580.668119][ T7877]  ? iov_iter_revert+0xaa0/0xaa0
[ 1580.668139][ T7877]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1580.668153][ T7877]  ? iov_iter_pipe+0xba/0x2f0
[ 1580.668173][ T7877]  default_file_splice_read+0x199/0x890
[ 1580.668201][ T7877]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1580.761470][ T7877]  ? kasan_kmalloc+0x9/0x10
[ 1580.766175][ T7877]  ? __kmalloc+0x15c/0x740
[ 1580.770609][ T7877]  ? alloc_pipe_info+0x199/0x430
[ 1580.775572][ T7877]  ? do_sendfile+0x597/0xd00
[ 1580.780189][ T7877]  ? do_syscall_64+0x103/0x610
[ 1580.785089][ T7877]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1580.791265][ T7877]  ? __lock_acquire+0x548/0x3fb0
[ 1580.796380][ T7877]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1580.801967][ T7877]  ? percpu_ref_put_many+0x94/0x190
23:27:22 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046205, 0x0)

[ 1580.807189][ T7877]  ? percpu_ref_put_many+0x94/0x190
[ 1580.812445][ T7877]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1580.818743][ T7877]  ? fsnotify+0x811/0xbc0
[ 1580.823102][ T7877]  ? fsnotify+0xbc0/0xbc0
[ 1580.827650][ T7877]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1580.833944][ T7877]  ? fsnotify_first_mark+0x210/0x210
[ 1580.839275][ T7877]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1580.845583][ T7877]  ? security_file_permission+0x94/0x380
[ 1580.851250][ T7877]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1580.857191][ T7877]  do_splice_to+0x12a/0x190
[ 1580.862776][ T7877]  splice_direct_to_actor+0x2d2/0x970
[ 1580.868373][ T7877]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1580.874219][ T7877]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1580.880479][ T7877]  ? do_splice_to+0x190/0x190
[ 1580.885156][ T7877]  ? rw_verify_area+0x118/0x360
[ 1580.890001][ T7877]  do_splice_direct+0x1da/0x2a0
[ 1580.894863][ T7877]  ? splice_direct_to_actor+0x970/0x970
[ 1580.900465][ T7877]  ? rw_verify_area+0x118/0x360
[ 1580.905331][ T7877]  do_sendfile+0x597/0xd00
[ 1580.909755][ T7877]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1580.915171][ T7877]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1580.921411][ T7877]  ? _copy_from_user+0xdd/0x150
[ 1580.926280][ T7877]  __x64_sys_sendfile64+0x15a/0x220
[ 1580.931505][ T7877]  ? __ia32_sys_sendfile+0x230/0x230
[ 1580.936835][ T7877]  ? do_syscall_64+0x26/0x610
[ 1580.941517][ T7877]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1580.946813][ T7877]  ? trace_hardirqs_on+0x67/0x230
[ 1580.951847][ T7877]  do_syscall_64+0x103/0x610
[ 1580.956451][ T7877]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1580.962351][ T7877] RIP: 0033:0x458209
[ 1580.966253][ T7877] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1580.985853][ T7877] RSP: 002b:00007f919147cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1580.994369][ T7877] RAX: ffffffffffffffda RBX: 00007f919147cc90 RCX: 0000000000458209
[ 1581.002355][ T7877] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1581.010426][ T7877] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1581.018494][ T7877] R10: 08000000000092dd R11: 0000000000000246 R12: 00007f919147d6d4
[ 1581.026477][ T7877] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
23:27:22 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x2fb, 0x8000000000092dd)

23:27:22 executing program 5 (fault-call:2 fault-nth:4):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

[ 1581.155690][ T8176] binder: 8110:8176 ioctl 40046205 0 returned -22
23:27:22 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092fb)

[ 1581.242120][ T8242] FAULT_INJECTION: forcing a failure.
[ 1581.242120][ T8242] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1581.290272][ T8242] CPU: 0 PID: 8242 Comm: syz-executor.5 Not tainted 5.1.0-rc2 #36
[ 1581.298146][ T8242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1581.308233][ T8242] Call Trace:
[ 1581.311557][ T8242]  dump_stack+0x172/0x1f0
[ 1581.315925][ T8242]  should_fail.cold+0xa/0x15
[ 1581.320740][ T8242]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1581.326581][ T8242]  ? ___might_sleep+0x163/0x280
[ 1581.331475][ T8242]  should_fail_alloc_page+0x50/0x60
[ 1581.336700][ T8242]  __alloc_pages_nodemask+0x1a1/0x7e0
[ 1581.342108][ T8242]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[ 1581.347952][ T8242]  ? __alloc_pages_slowpath+0x28b0/0x28b0
[ 1581.354837][ T8242]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1581.361273][ T8242]  ? __kmalloc_node+0x3d/0x70
[ 1581.365994][ T8242]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1581.371827][ T8242]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1581.378183][ T8242]  alloc_pages_current+0x107/0x210
[ 1581.383521][ T8242]  push_pipe+0x3fc/0x7a0
[ 1581.387819][ T8242]  iov_iter_get_pages_alloc+0x8c2/0x1350
[ 1581.393483][ T8242]  ? __save_stack_trace+0x99/0x100
[ 1581.393504][ T8242]  ? iov_iter_revert+0xaa0/0xaa0
[ 1581.393522][ T8242]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1581.393534][ T8242]  ? iov_iter_pipe+0xba/0x2f0
[ 1581.393554][ T8242]  default_file_splice_read+0x199/0x890
[ 1581.393571][ T8242]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1581.393593][ T8242]  ? kasan_kmalloc+0x9/0x10
[ 1581.403743][ T8242]  ? __kmalloc+0x15c/0x740
[ 1581.403759][ T8242]  ? alloc_pipe_info+0x199/0x430
[ 1581.403775][ T8242]  ? do_sendfile+0x597/0xd00
[ 1581.403791][ T8242]  ? do_syscall_64+0x103/0x610
[ 1581.403805][ T8242]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1581.403819][ T8242]  ? __lock_acquire+0x548/0x3fb0
[ 1581.403836][ T8242]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1581.403859][ T8242]  ? percpu_ref_put_many+0x94/0x190
[ 1581.403880][ T8242]  ? percpu_ref_put_many+0x94/0x190
[ 1581.476158][ T8242]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1581.482423][ T8242]  ? fsnotify+0x811/0xbc0
[ 1581.486779][ T8242]  ? fsnotify+0xbc0/0xbc0
[ 1581.489137][ T5246] binder: send failed reply for transaction 559 to 8110:8176
[ 1581.491125][ T8242]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1581.491143][ T8242]  ? fsnotify_first_mark+0x210/0x210
[ 1581.491157][ T8242]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1581.491188][ T8242]  ? security_file_permission+0x94/0x380
[ 1581.491209][ T8242]  ? iter_file_splice_write+0xbe0/0xbe0
[ 1581.491230][ T8242]  do_splice_to+0x12a/0x190
[ 1581.499066][ T5246] binder: undelivered TRANSACTION_COMPLETE
[ 1581.504864][ T8242]  splice_direct_to_actor+0x2d2/0x970
[ 1581.504882][ T8242]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1581.504902][ T8242]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1581.504927][ T8242]  ? do_splice_to+0x190/0x190
[ 1581.504947][ T8242]  ? rw_verify_area+0x118/0x360
[ 1581.504963][ T8242]  do_splice_direct+0x1da/0x2a0
[ 1581.504986][ T8242]  ? splice_direct_to_actor+0x970/0x970
[ 1581.532210][ T8242]  ? rw_verify_area+0x118/0x360
[ 1581.543388][ T8242]  do_sendfile+0x597/0xd00
[ 1581.559502][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
[ 1581.559866][ T8242]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1581.595818][ T8242]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1581.602172][ T8242]  ? _copy_from_user+0xdd/0x150
[ 1581.607141][ T8242]  __x64_sys_sendfile64+0x15a/0x220
[ 1581.612381][ T8242]  ? __ia32_sys_sendfile+0x230/0x230
[ 1581.617724][ T8242]  ? do_syscall_64+0x26/0x610
[ 1581.622457][ T8242]  ? lockdep_hardirqs_on+0x418/0x5d0
[ 1581.627773][ T8242]  ? trace_hardirqs_on+0x67/0x230
[ 1581.633095][ T8242]  do_syscall_64+0x103/0x610
23:27:22 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x4, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:22 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x7000000}}, 0xfffffefd)

23:27:23 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046207, 0x0)

[ 1581.636862][ T8539] binder: BINDER_SET_CONTEXT_MGR already set
[ 1581.637715][ T8242]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1581.637730][ T8242] RIP: 0033:0x458209
[ 1581.637745][ T8242] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1581.637764][ T8242] RSP: 002b:00007f919147cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1581.666671][ T8539] binder: 8538:8539 ioctl 40046207 0 returned -16
23:27:23 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x14002, 0x0)
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x7)

[ 1581.673265][ T8242] RAX: ffffffffffffffda RBX: 00007f919147cc90 RCX: 0000000000458209
[ 1581.673274][ T8242] RDX: 0000000020000000 RSI: 0000000000000004 RDI: 0000000000000003
[ 1581.673287][ T8242] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1581.673294][ T8242] R10: 08000000000092dd R11: 0000000000000246 R12: 00007f919147d6d4
[ 1581.673301][ T8242] R13: 00000000004c5135 R14: 00000000004d8ea8 R15: 0000000000000005
23:27:23 executing program 5 (fault-call:2 fault-nth:5):
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:27:23 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r0, &(0x7f0000000040), 0x2)

23:27:23 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xe00}}, 0xfffffefd)

23:27:23 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x4004622f, 0x0)

23:27:23 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f00000000c0)={0x0, <r1=>0x0})
r2 = syz_open_procfs(r1, &(0x7f0000000080)='net/ptype\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1582.033539][ T1512] binder: send failed reply for transaction 563 to 8538:8539
[ 1582.047057][ T1512] binder: undelivered TRANSACTION_COMPLETE
[ 1582.066689][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
23:27:23 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
mmap$xdp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0x142013, r1, 0x180000000)
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1582.177287][ T8965] binder: 8876:8965 ioctl 4004622f 0 returned -22
23:27:23 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046242, 0x0)

23:27:23 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20c, 0x8000000000092dd)

[ 1582.372546][ T5246] binder: send failed reply for transaction 567 to 8876:8965
[ 1582.381353][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
[ 1582.524060][ T9377] binder: 9372:9377 ioctl 40046242 0 returned -22
23:27:24 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x5, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:24 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x7d00000}}, 0xfffffefd)

23:27:24 executing program 1:
r0 = socket(0x11, 0x80005, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:24 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:27:24 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x240000, 0x0)
ioctl$VT_OPENQRY(r1, 0x5600, &(0x7f00000000c0))
r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/puyp\x81\xee|\xe9\x02r\xca\xfb\xef\xe3\xdb\x99\x1a\x00\x9e\xb0^\xee\x9a\r\xbe&\x00\xc1\xa3\xb1A\r\x98\x05\xdd{\x82\xe8\xd1|\xe3N\xa1\x93\xcfD\xebe\x15t\xdc\vg\x00\x00\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:24 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046253, 0x0)

[ 1582.754571][ T5246] binder: send failed reply for transaction 571 to 9372:9377
[ 1582.766044][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
[ 1582.830463][ T9792] binder: 9791:9792 ioctl 40046253 0 returned -22
[ 1582.958968][ T5246] binder: send failed reply for transaction 575 to 9791:9792
[ 1582.979613][ T5246] binder_release_work: 2 callbacks suppressed
[ 1582.979619][ T5246] binder: undelivered TRANSACTION_COMPLETE
23:27:24 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = accept4$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x0, @reserved}, 0x10, 0x800)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
fcntl$setpipe(r1, 0x407, 0x4)
sendfile(r0, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:24 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x8f, 0x8000000000092dd)

23:27:24 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40049409, 0x0)

23:27:24 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xf00}}, 0xfffffefd)

[ 1583.025673][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
23:27:24 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = getpid()
ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000040))
r2 = syz_open_procfs(r1, &(0x7f00000001c0)='fdinfo/3\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:24 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x4018620d, 0x0)

[ 1583.278170][ T5246] binder: undelivered TRANSACTION_COMPLETE
[ 1583.387108][T10314] binder: 10312:10314 ioctl 4018620d 0 returned -22
23:27:24 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x6, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:25 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x8000000}}, 0xfffffefd)

23:27:25 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0xa9, 0x8000000000092dd)

23:27:25 executing program 1:
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x450002, 0x0)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000080)={<r1=>0x0, 0x7db1, 0x3, [0x100000001, 0x100, 0x7]}, &(0x7f00000000c0)=0xe)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000100)={r1, 0x7fffffff, 0x2}, &(0x7f0000000140)=0x8)
r2 = socket(0x11, 0x3, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r2, r3, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:25 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x4020940d, 0x0)

[ 1583.568349][ T5246] binder_send_failed_reply: 1 callbacks suppressed
[ 1583.568361][ T5246] binder: send failed reply for transaction 583 to 10312:10314
[ 1583.586229][ T5246] binder: undelivered TRANSACTION_COMPLETE
[ 1583.619407][ T5246] binder_release_work: 1 callbacks suppressed
[ 1583.619414][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
23:27:25 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
socket(0x18, 0x80004, 0x0)
setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000040)=0xb51a, 0x4)

[ 1583.857062][ T5246] binder: send failed reply for transaction 587 to 10625:10636
[ 1583.868543][ T5246] binder: undelivered TRANSACTION_COMPLETE
[ 1583.898027][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
23:27:25 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x1100}}, 0xfffffefd)

23:27:25 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
accept(r0, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, &(0x7f00000000c0)=0x80)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:25 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0xc0045878, 0x0)

23:27:25 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0xbc, 0x8000000000092dd)

23:27:25 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
ioctl$sock_SIOCGSKNS(r0, 0x894c, &(0x7f0000000040)=0xfffffffffffeffff)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x400000, 0x0)
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x5)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f00000000c0)={<r3=>0x0, 0x1, 0x30, 0x100, 0x1ff}, &(0x7f0000000100)=0x18)
write$P9_RATTACH(r2, &(0x7f0000000180)={0x14, 0x69, 0x1, {0x25, 0x1, 0x8}}, 0x14)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000140)={r1, &(0x7f00000002c0)="a59b32585ede2b335dd11e76ddb86a092003494fd01e842e0f51b0e0970305028e7026a108b7d92f20653a23a472743efeac7142ecba6dd27e87ccff22f5b76a061f5916e31d2afd009768746adbbff1cbf4d225522359491947981f334aff8e358309623393b4ab9ff10d0a562ade7bb781ada578fd16a503efc8697760cdf1384589bf799a6b765d04142e83433253151f8b71ad8231afcaf92753e560e1d5156cf7e9ee994846a6028534aaea5ea6350989bb6d6c267b949e02919170cc982a61ad84f7174f4355e8cb35bf45f2a6d2a80d28d9323031d14694446df55c33ce60fce944"}, 0x10)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000200)={r3, @in6={{0xa, 0x4e24, 0x8, @local, 0x1}}, 0x2, 0x46134f63}, 0x90)

23:27:25 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0xc0045878, 0x0)

[ 1584.201135][ T1512] binder: send failed reply for transaction 591 to 10945:11045
[ 1584.209151][ T1512] binder: undelivered TRANSACTION_COMPLETE
[ 1584.216931][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
23:27:25 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x7, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:26 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xa000000}}, 0xfffffefd)

23:27:26 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/rt_acct\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:26 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0xcf, 0x8000000000092dd)

23:27:26 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0xc0046209, 0x0)

[ 1584.431071][ T1512] binder: send failed reply for transaction 595 to 11353:11354
[ 1584.445034][ T1512] binder: undelivered TRANSACTION_COMPLETE
[ 1584.459598][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
23:27:26 executing program 1:
socket(0x11, 0x3, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r0, &(0x7f0000000080), 0x8000000000092dd)

[ 1584.602771][T11674] binder: 11665:11674 ioctl c0046209 0 returned -22
[ 1584.759858][ T1512] binder: send failed reply for transaction 599 to 11665:11674
[ 1584.767806][ T1512] binder: undelivered TRANSACTION_COMPLETE
[ 1584.779490][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
23:27:26 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x1800}}, 0xfffffefd)

23:27:26 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0xc018620b, 0x0)

23:27:26 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0xe2, 0x8000000000092dd)

23:27:26 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000040)={0x18, 0x8, 0x8, 0x2, 0xa, 0x3ff, 0x5, 0x9a, 0x1})
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1584.984282][T12086] binder: 12000:12086 ioctl c018620b 0 returned -14
23:27:26 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000002440)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
pwritev(r1, &(0x7f00000023c0)=[{&(0x7f0000000040)="9f125270bb19d4a6e1fb732cc1377095fecd10fbee968e123e486fde2c60f61ff8c1b835b4fc1094057453793ce1", 0x2e}, {&(0x7f0000000080)="177cc00b3e6f2a8363214a07d10675223a9788e536469a7a1157657ca842f1b3780fd848380f5557f1a4ff80886047cf4b76836eae6000924f0c0f172f0c80e4c3217537f24e919cc0faf38331f8173480db1e8bdd3498ef69296d7544435f6aaf7b727ecd8cedec7a567699a7ec8b091917dd15251b9345b322c6cc4b3d0f479928e0e230c2a265a6e92de45e07a76fc148dab7fece21ed74bb8b6ecb941525fa1d6a5e9e7e2a4cdbbad667c77dd8e12d73ebe2338950678d1a5d0277daaad20cf52309a4482e7eff3952301f213d9205131ee6a434d629d54809ed1600700a5e041d648e3f26c93a458d735957a3e0", 0xf0}, {&(0x7f0000000200)="7ef8f9c1a6f3f40fd0396a4c4ad73c6fb662a288921c1a5668054a721abe08b40695fde8c5eed97e4e1bff89b8548eaca771a8f41dabc1225fa3fb2851954e25444022feef", 0x45}, {&(0x7f0000000280)="0105bc0b312ef2ab8df869cd6db8caa1ad1ac09df1b05c4bd7e57745a9ec044fdc4e66b75c2727adc698050dca1f9bfab40a88b154c6e34ad37ab7d1068d13598be5b29f8baafecb745b", 0x4a}, {&(0x7f0000000300)="bca63be36f32acf2c1390a1468e54ea84169d9fe1c0cc770b0e4eeb8058e825c649dd9318aa5c280df32ae73ac4806bb50c47b8b27cedc5fcce042734c52c8d935c9cfbff2039772ecde755ad795f101fb8caff545a2b39fc721df94a9b37e5f5771f5272582908555b9584dbebb96b290505b2ab4377f153d71692dc6a8acace29031c6d69902046e346f75f92535ef66c56d7782a2991a328553d3f9a1a833ce43870b544a9f9c0bc449c67b1789ef90d8825acf39faf662903dbcd35361465e7e64aaf825b5ccea63a6a89e8c6f41c0320782a8d4b1b46d71688a4610faa8cb370b21e2c489f2f4af0de40d33801e228517a3f7fb3c29649f2c83e3d00ec3aa8c93e1ec2d82eb012e6c79d45c654bafcbbe6af0f01770133671fd62fa820fa335ec0af63341484bce6fccec9e7dec86d1131e75e90f72fb52b17c009a348011c65d2378b3d8f577aaf6678edf977bfcfc951bfc024b319acdc1a51d79fa98eb28700efdec1274e7a2d8dd62cba1f21be2dfc0bc3aa88ba3bf18f7cce908716c67b723a88c19ac8929549db7160f39c63f92a8a1806b0efa923d14bd27a33428b9f68c99c0359f2e516cf808d0ca7d7bd7309d0bc555fda02929d805a2e0c3351e4bdcb17319f852a70f35b595f9543a6d4f9e1444708d095a1a084a271e8b5b169a0ccd1aee6fbd2277fd872ed5e9814a8527216b7cde81a1577e8c01502bdf44e4ba9e204dd1788ae46ca5e1bfaefaf58e999ef75eb0ddacbc64e3a1c91e165178d82b8ee1c7cd5f0e5674a8a36f13f2113a71ae90686ff99508d2f9689c8781861da6263ed65546252b33d1a0c1936b5243d6183e82f3421e513a8a82542137e0054da9f40c6ba5e2298b6b223c01c4268c1bc55cc258d65ade6be527058ff4146a667fbb87bd5233c43fd2a55835e8f2dff284ebe58dcb9ca0f07ff0450296ff85ab38f258ed6fed15a9ae299fc1d8ae3c2f4c5ffcc00de515ab862f22ef70fe56209c4aaab6f976e8949b5471149148ff133189566abcd5d5de6141dbe46b3425371749dfc179cf132e7f168551c98e1dae663520f511f5719f2f61a32d0855da71c00887a3cb67d39615f1e103629eb4f49916af62b546b7bf06271e2d5f9f86bf54c4481484545af152e38a501dd320acdd434f3935e954666e506ea61e14f4fffba184187cdda23b52188b229f247d19e350a37581c908fc42954a4e274d3e70580340b15fbcf2ada0d6321fe0a1d1f564190843dca245230d7bc572edcf1dbf5c0da891c8a3467ce9d1aed7a2128a5476f1b7d96ece335e7452b71f930b6a93ca79628f83332b7f87fbec4198b1fb87f6698d26ae150a8ea44614c831e7ac2941c0479f99eb47e14c784a04ce31bb90c827ed6acef042d19c0dc1d8cbb4f18c2cdd1280be598deced9b081b7714d5a5a3264371ff8e8d3bd2b43f3e485627dde30563716209fe426aaddc7b5ea6619fc6bda9b1cca36d7577d926ff4f3e50280d91695771eafb4cb85b628c7cfdb4cb2fe1cda22e8d9f8110de3fa0ea29a03b9b4c0172b13371833c58d1b82c4535607cd922266ffb69a48c7ef8d00659c39d67b4c82d59ee6ee9bcf08f3fdcc1eb35ce09e1ec6ec4a09377beec8398b8cc5fd72ce668513317edc77c8eb8842841cc4fc47ca126d17540e585592f5dbfb9b0924c47fdff9a0205fe36e62271d6e182d24d6da5add46eb602dc1c23229dffa47c03d43308d7a076b1e148d9eebe03718503191df977572c0852073f1939973a4c50e53f9d93301577f442a9cbaba67578126bde1c5e490ddc329e9e1afcbf0e98fc13b35e14383b65727518ed8585733de0c5715777b584728c9c4d7ab4c6fde97074a227b43709c9e8edb7484f5282b164fb252d47c85d8d9440cec0a135cb140ea3477242bc1f989530082f08d80770bc42126823d2a0e4e085da0d06b7f568047dee8e42917f956d825a6fbb4e5cb416167d7411ad7511da1deedf628140f9171d6541c9b5f376010e0a57b965a9a326661c52a69a863d3522adcc78273c6ed4ddf97fc80dc85870a7f853dbd89c0036c2c9c60797449a49840e70b0463a8612fecc62a0820f8c34fbfcc5f39363bd8546b1d54dfbaef1775335a90c7e5f7e2e94e2c040f440feb629aa52a38d0d2b032a530ed0f1a4682e13d5b4353e70efdba2ee1248ded108c87437501684b6782622c2c969a3dc82793aa7ff99aec63484805e5d9f5901fcbd916b7e35458f25d7da42936a86d3178bc1b96c39db7f60c4e4b97eba33b6f996b0b7e29646d9f15880a3d5ff7d8fd4d7d4795e56e5bc0cd42ea41c66653c4ec15be3806fa57eb312b54991fbb70858bc6dd299c0e35bee1d6e8868705d65d073669aec942db122c7ba4bf3e14ac6d2b6a2f933f8f400f6a498174fc329d7de0fee4ef201d8a31691fa4cf4e96c99465141ae5216793f50c8641cb735f153342a8960d05be6154367ff6d910233f9cd79b893b592536a90a4ed98e5ec3bc22b7f2fd85eead9ce24fad0bbb33680d9c657e5876a0b54205a720029ee10d6f0db4f5185ac96b810be5c8050c380fee0ad25ec96d44fba00ba4c592a9a6adf55beca532966020a34ca4ea179d6b4cb615404fcaaa4156f91e00a1678d5c47ffdc85a348c6412ae5492cba20118c7c710e99734cab3a2a4dfd5050bdfb80d3be3014af0c2fee3ca229cd245851cd1ead7c8ea0ed598476c8fef27b5dcfec90581f14674b521ec4295c0e9429bd031cdebfa1041273b215f41bfc50e2c8eb001e35b02bed1010bff65bc39b7013a22640db763e9fc55aaf741a8937f888e85680207c9abb06aa0722e566746d82d64ab022d521869c3519ce02c61cd413647f5aafbdc83104d1b3cf690f7c03f3e7f7279f84d2cfc50852747a201f34f83c1fed9496e50396242a755561c3cc7308554703a5f5dc135f2d03e22bd29e3f0468f8b15a822b18a67b3788500fe2f789518d0cc1200fc35e46288625f3062bacaf5ca187daf4e4e31239a940a5e2548c769e72cdb30e8c2a2839e2f34b9b449f698cfd85ece85e138591d05f8c7d5485beabe5d3cf1ef5bacaafea61d31a32475d3e7955a558d0addd79266ca694846859c1d0cb2ffe0eefd6ba259a4a3c15504e7c781aac824bd82fb519a4069e42c0b3fd5bb307c1d27e7c70c39ebded367a05eb2cf12476a6bfb29aa535ddd1184468ec0bf749b45704dfb604bc5f0ae488aca7c7694ec05fdf003bea7e6adc122810dc7609dd6b708411b339a290e100267565188e69c1ffe29293ed89d4de838f05a452a8b1ca250dc82f81eba38f3fc21d9899ac4c02e1d1c0713a6222abae524405d05ce3cd744ddd1441d7398e31bb4584350fcea5ee70fb28783321ae4993aa3bb22fe04195aa3517d0d94334d351eb744367d61dc7e7ab342fab0857d3548d746f5c5f4a3d49c39136a5e23613f27b1a888b06558f266e0744c48960757f0d727ec9104f9a3796fb79d7d423f0cc6836477403e64f39d51fe6dfca6bc891d14d15eb6757cc66261d057a61f21f267ef411fabf27a00f10964de7f70faa55278279cdee7e0b1d88a18d10839dcda8ac77f073329bd31b3e3bb4a8e61c1e01676c58cb8bb28275d32c384b6133b71236469ca1f6ed8c208a6d86c512a493266750eb572e2f2caf56ad1d25825dc6da1f2610fd63b8642c20ad96064936558a82406dcb32d8380b9fc337574636002dbce3b3a88de8af380d3623bdeb2d7638e2d50917df93be40f56548877829da59814ed2a7238675c01f8a899495b64d3898ff2a4943e96ce4fb9d6ff239376c3c5d3edef17777f0b8715bf13688d9bf757f87dba89ad9b3c55ef43d37dab51d24dbaf0a49be0532bc61404c1fba38b0676adaf40a7290107773b803327b0efb322eded2f2d3b56b41f7f67c81e7b677ddc254c7d119a4e27abf0b0810f22957078390d81f26bf2be886af1e23b51806177a7d431061418ba9d553c60ee50b7c5c7ddf76f55dc78aa22afcc03ed9b3f47b0f91f9a463c95bf8a14e0c34a2592ea91194420fddc4dedf3a0be2fb069aa22fc62b1d6aa1bacd43e23569f5113dbf023249a9bc9b82b748377a41a223586e110a22fd8103fe6cc0fb36e8c49eeb43ebae0b6372e9cf7650e4e2ff1d65fbb8e00dd3e7846148843dffa1663d23d5886ac1329b664c35bb2d66360f829de799a0322d8bc2cefbb5dddcb3232ac4ba9504f9b487aa5e795aaeedc7275ee62448b7509ddefa9b43af67d442298f449d8aabebae42ca183a87cbab93631b8a4e6388b68e2b224d10ff2ed32e9c5eb80ba8e2e85aefce3698db407203df918177985489f269f86ec0f6c2d3f076f257b5e47e4db1e14706b08b60c9bc23806aad9d4da993caee4d1a2db0cf20673220f8da736f119ca8cc13d87c9eef25f3445cae462b9b62208dd8e26770c71c6698c4334ea7b69e500674c5fb7fa6ee50012f3f266e8b15256f1df89a746fc5a2d5da6a945796d4f46e802ee72e71fbfb793201bb3c895281a2067edd0e0208717b3cd5c8161ec15b4cd574b4eb85b7af7389500aab3efdde4e84314af09d8d45b8ae054693e5d619ab6e23b303f0610e483af387da02cc573e0cca4014365eaf88c08dca063334f2710103cee26de6cf4591c6239b05e786a3852f73590b959c42e67ab0b7857f929a3dc9707ad46525387771286ab3f37aa7ea6e3a34bf3baa469e9c7403844c180da18d58031010312b082d4f4931cc63e71727ff18dceeae9f65efbc1c7c86ae93b86c25b73bb24ee8a8c69cc826f2a65dae8e87779700281c9b5421e703ba88efa9b179069efad17eaeebadcbead70f91822eab5f45b5d35b7d8bbd05e57062fcf9c02387449eaf56da456a36513b38bdca78c0353ab6ae5497db134f8e89205680d5a8d8e0fd0f1c1d5cabe3238973061a2956fa558ac8ed328b824454eb8960f5dc78c5324fa09e16bf0f798176da18182f1ef9ecc50fe99c1691833d75b626b46daf330353b4ab31a08badedc7a63b054ef370489b0a94ddfc8756367c33bc6eb285a9589e2383dc86bcee43483e8e500b9633adff29efcd8c7adcf26e51f3f2994bf16c0e11de9f55fd01d28ee76bbd09519a3caf64cea5a408ed8c0be49e6ed2c3928be878ecf2ee963a37aec3bf92e74f44439a7a5a919baee7b7f5294f38ef008b4738819fb4efde24510c1959d66c85798d914287631d296fbd31edb01ce2e85782d61080e8bb2540c0c3cd8d2aaa9f43ee76cf98214da48bc2fa074c964717bf5b2e0afaf2ee06beb1bf06f948e8567fe55785d35f6c045281838fe7dc15a90dd8a58be81c58fa0d598a4a97698040d88ad5257af8bb16a64e85e56a470f5d90f5e83e41fb57531ae5cf27bc95816bb14b84cef18109b6aa7f49148bafba3a8927f81e83f4e897b64404bab7fda9a31326ae46d199232a92b46cf3acb2131f9694ac3764d355567da949ac6ece42ad82400b96e25c695c2046c4ffe86f7bfbcf80fbf4f694d94f1ec512af69bde23bdf28183b5f67b3a62bb9da48f189136213b978c2f1cbba0662eb329d13ad6323bfc6f18f202c28f362706909cad73e7fa599bebc4aa4a2566b3c111904e81c0bb5362165766094d7a1c77f6775e94051cb063d6f685ece15db7e7957b5db2dceaebf833aa65f24d51a693a9eb0bab1eee56ab6d624bf0d37ef39812502167764eeb3bbf0f973c95edf8dcc7744678d1795772a3bffc062f177e17743afe317348857944cc61d1ea6d1940615a8924e5a4cae5a90ec5e2cfcea23e24f2ea", 0x1000}, {&(0x7f0000001300)="003e0d5411f773ceca1cd75b084667ee562d73c6d90a89cbc099e851bdbc10d0c6ba495d38b64d893f35f7050cc7d75b0d604b6c882d81749f7ed00053762ec446a8b90d2e31c2f758af8df0e2c339b946d5bac17e61491f963f858990d2f470002d358907e4686f8c14d268facf9548fcde8c01e76193ac5e157c4b6d438d8bc44fe8d61febd8fe26710bf87e7abae879daf0e6864f6df0f409b3f0a5d3894a5657087f1040db5cdc0a7c880a4dbb905d74112ff962d5926168294752d303b6c76ad3e3931e87ce521174131f4fedee7b4c43ce9b4991a2fa34b4991eef6d0f60c46c26d4d74eeb461f8c3d9f6fac69fb6529f3fb423cd5890ab0f5e80e8be3f94342df058528f7e6da3da2b345e048d259fd8f19a19849676fc64df30d53ef9ba88422528a74edb31eef8cc1b2961f2f499e6912ade8fce532b1c05d2282eb135a4f637c2398286830c78bfbf61fc143c791f85bb8ad2638a45b0ccb7df56c232b42d353b00b7565667951aac1cc5ebbc4a482be5c4b430427dabf4c25a7ba49b54cb2c87d249719ae1403432cff859a849e5123b4dcc5505167a6d7a138ac6afc90e761c0b1288d9999cb81dbf4c4e1e286253ab0a60a0f06dbb65f3c88b800756714f18898fc98f204d6bb39ce5c52b32f7e2db9843a9063a1c295e00a415092a4a9d8e9c4ad19f1ac132e240b1d7336bbf213b53406d2dc9ae9f07b5a98612e0f8ee54893e26833f6bba107fde18f66a68dcfd8041b90f82b5e0a2a93cb83926994cbaf8f91252ee30cc5c486ab623f68802881a1f3052759edbd35fb1b987316003afc1b013c478c3ae542c74dd0bd6914464bf13a678d22b1db663e20ff511ba2f0cf8778420fff6453326b4c9996f21bdddc7bcc0e4eb7360dba9292180422dc390ce68b78fb2ce6862480b51a9422d5e049f1c316e9ae677a72f0452e5491cd83e5ab3575dd424a6a105b7f8224bd0f48abdf48671322299d754cf5f2176c8e09a31f331ee26fd686f48585978d774e758535f711153e711a48c493ab3b894f6906b8abab9b5c1f3d4fc8831c41782bf845d9b8b6cce152e6b76f62757cb6cb32ee1211104e65a437ab0cb70d735e08f1badaf44a917a488fa5bec44c634a3aab56a7562c050c4baef7180f18c66105de5d5189c6dac802fb32d4e76fce663d57776de8129265f95d6a9ef681c266114376d1a50ced3d75497026c190129d6e9a6e43d815a42fd6f7bcaf1179fde034448818eee7095cf372a72207f51eb944a652c92feafdda79e9a4dac1dbb66d358a2108ccbd2abc8909080f940f6af89ef8787159f3de75a95e9a33340cbf4ced85310ce4dad0ea0ec7607d7eaac4f810bf532045aee165cdeb69d407ba969a2aeb55e6245af8a2bcfb2eafce3ae33f3fcc9a1d4ea52619819e19ce5f174a8cad0346cb08fc134133c176fc3380ac28daeba96e67514f98632edb7b5144fca1f07bd9f82218ec05c4e0c0640c2d74874f918ab773e64f6836815d0110787be177f3309037bacdc8a12bb83869a2bd7039eea20a6b7a72edf627074f481e2bc079f38c7e3fc5ac7b5574b702002591504c59d6593ad802a9de7c4652b52836a06c479e89d3d0410339018a8832a3e391ace3d31a3e1dca1522b7f85285465d9fe2c64846cf5644eb98aee4bf7334f1b7a831a62345134a64a1cbd055e052797f3eeaeab3d8e6169051109cba338627623dbc0da94ff4d9353d4033ac16159ce0d5ed3b1f2f93661772887dfcec0cdc72d337d1e15f2087df28e07be4ca635cb81f89bd5d3438538d94f48e5ffcb4a9171093af7c40e63f5dac441cf57e573ebc7185cbf2d67b747935d97ad06d68b18aab949b0d170587c28cb96545fb99a5c3fdd5c681c98824c0827e46f1ad4b02cb4b7dabdb3bd216ec05f0f33c55ab1be8687fc85bc1375cc4d4ad9669c5c4d4f6f368059e8f8e2a50b301806f1073839a410734cba4cc524a38843a0b9e1972714cc3eff5b5d9dd8cb1311a9aa1f904e87009355de018e5cd10548ce0c254ad9bf75a33315861bb3d48024dda41359b03fa1f034b303251bfad12f191e6f3efe719ac2ec2c97d16ed870dbfad3430675ca6c6d5fb905851cca7e4633aa135cfe18628b76a0a2d6ddf0117623fd7a37a11fdf53f9d9f89dc10e831f010f4345bfbb198fa175112adfdeb2e28c36bbb00969d429f935611d14d250cc19b9f43504e7cc5a610a1b7e042659fad828b0302db75007bbf6810a743bdbb683480dfd8e58f97f21426efa2a65f9c4ca608f7d8afce9148b4d84e144aad7ced27bc02d3f5d412ee2fad11d0bff3af29e7aec165c572cc6128b67b94ee3173658d9c84fbd32bcbbea7b2f43589cc96854b831afae9647c5426af83a17eb76a6a833d5f693ed61314a0d75206dbf418a4d4feed15268e83d873f605dd11b200054dffd285e85dd1783e2332db303cf365a7b91d935c2fb73601930a8050ee1296f25117c2133f79e013185b6d7384a037e881ffd4b2a7cf6e86c14f18068ee5d6d574c95a2243a31984b1e9ed7edbb987d0636db399e69b4bd3fd67a2fe0d88e95b4a931d3e52aaebee882f460f8e58b9d8b03c23253cb7e5d5a307cf53cae39b998e6876d61247e2dadfefefd023399f3297dd98f86e4cf5264d7a7c369bedfc485ab10fe9437d0e899b18acc18fca716b7efabe457b9f04c4ab228b06986d8097505f4b115a0dda782d3d3d21a797b860264248f9a8f24d8830d7b5b8071387339785e54667105890f9c670a76faba6bf2f5847d2bd9e6ed6d83417da898b816998d3e4088e9422670121569012336f16c1826dc7ef919c1d0b767d14b477fe03c02b8edf201eacebdb7097328108ac37ec5600331d74d6c02cfe297ec81180fa3c2e9acb0cda00c7e77d8d6109dbbf180b0fcc554147ee49b702a89b91cd4a6dc35255cd46145e14501454290ccd361d8cb1efc40427a67c47d9fbeef4f1925b0d801daa4ef322f00311e7d06a2d22733d087974cc52e58163bcffd801134a9367f2d9499069644639fb786864c3b168045b47ad2be211649b6c65d1ce506510aecf493a0a22afa57c8c64f0a545ef0b9b533bc111d5cd4288d580fbdc10cb393fff27d7909b067477d27e145554b9902a7035b3d8b0c430df0e101d235cd263c1024d1ce4acce1ce7a8f30a8ab373302afe9856d5f0bcd8e3960f870377c00c9abd559993ae384e1140ff4aaa39c2821ebb15f35c74455c6f7cee4e9cec8ce9975694d6463115ae1332d91d976de57fe75155294fe54df7ccc48e3f610f29beeb90f72926ba86127c9232e48ff674048b56af84847c16f11fd164433ba3c088354fc52f3ee43bbfd8b54d808e2bda135ae132c479bc79e43f1c1776b64102963d982bbd17e5d6966a513bdb9188e4ad011a8cbfe5db3c62aedbfa85f14d1ffbfb21999a5717d19994e17cf4298728164cd2f486f2eff852ad4ce02ed341df7e73112a4e08f3afac3177a5a4357c426216d7f7962486c254eef4091901519d13423a5a7831e63960498bcf9fe894c8515e8048c9bbe9707a3e72ae8c780a4ac38f760ff264af68ea1521b8b71fbcd7e74ee2b6fd8be0366826c6f9065d326c5a0703017c03b4043e22df235efa43acbb42df285275b407ede22a0d63a818d77e52cc5ae3bd714d4f182355a073d025eb415858e7bac2d79188f9a7e65c8efa34301936cfa33168f162b604e64ce8dbacde3582e2a414a468bd013416910f261742f5ad3e9e7a836161cd7d205175590ea609ed6c05062f8d9913edcca8dcf6a70056e7d3d444f08d7602050653286bacadebe69dc2fe94197390d070e6bce336966a7c437915dffb63951c4b5bf5b51c87ed85f6a0ed7413693150a7b87f0faa55ef2188ff88ccfb4f665d6eddb3b9a16e8ae7855b424ad5ccae5c9df04da57720a8ba52eb6b8fed06a26254d16715e516ca3721c831f2f1c0961d94c8eaf517e776ba47999254ae3ba4da4e5b16c397cb3cb7d92dc8e4e34c33fd46bacda66dbe90fb0dfe43d0ef95d63597161c49017deb222fd37a4930e628ab581833ddbfa897f1eb96f311e8d1874452201f1018f0460c9243e88ed76e5105a0d2d8d27203730cc814bac3b79a971fcb83778e0d69971efc23ec725026f00ddf2f7b34459f9d3313278b18ab20ccf87cc21de181feafdb6c50ea36105eda4641aa13b0a1fb721b2481febd6ccec0105e9cc0d03d17c82ef6fff3f91f177b0bd28c5e8cf2b4b2ab9ddc7684df64a40de12f9c2c10c4e1af06643bea7ad749ec4ebcfdafb5c308243f9d2ddcdeb748a386251963f249152eac42e3bd3d39e7d03596b0e689f64019401577de2469653a52100b4c0ceedf0cdecd5be642a244bedc9ff82a05d225b5e8bf67282d6e1cd3e5da831e04ed0659b6f76fbe0f624462ada260dfd8788cde87df3c655f529ee0ca15ef1b2ba25e957ccbcc5c38afcb8ea1848d79171bf1c210464827b1b791af00e37e9314512bc6817d1ca7a6e2a8fac8e45af5e1d9c37bdc6d703b8a737b9080b05467769df785eed6fe1da0a5c7b3540abc52119b347e7e9eb9dc98c762c0922a85c08fd77e54c03926667a6e02d7a16dc2d81233c507cd7083545bec959b5d48e66c32fca11fb0a30b041ef25170b5be26432c67acb5834a55c8607ddd50407627a95ca0a9a5e73d31464f6e87b98942084ffa5cc658a7c222de21d256322c2b4bcd6d767c37b92d8a8a4755b90df2d120b5a2fb0f670c67995635a9ffb29b8f5899988fb9ab102b0a3cf5dccbb9c43280fa3eaca8594521875dc4b1c4993415b745f6a3b0aea6b9d12d25f56f32a8b40a0702a25ca52e0e207a97dc8919eab748254554d3cbefd82b2b74e4b4d86acd8aec52a44c39c4c54e0b3d7c174011e42d5c72ccfcf34f57b7a121b31ed4a8b48d140f0d8ee21be2e8e7ee28e919d3731bd44257a7c7c2672d914ae9cd03936afcf7c302e346697afcdd01118dcd5a18fbd041a952c12bb9e2d47a4bfa75cbd97d2b0bcf30b5463cbbb725eaeace33d39fa742dc4219056e8165273bc41efa5427c8a5cebccd27e5fa9e14107fe5554a124667c38abc589abb41f69cde29bf8bb73e811f211a1430b269efeb629b3c8ffe307a84ab16cb4852142e7f954e6e983e0d5ca1b4f9483d07e8f33e8051dfdd96724354da559b28dfc496ab82fa2fe5fb403c37bcf0c31e97f5968b30c143b30116f5e1ae3b7389f4621ddc9a65b8e2e24ef76a09bb8a5701599a90b899b2edeb8eda58fe033134835d6d81dfc5e272c306d4ffaa84d28bbc16f3c093e8e998cfb9b76ea20baee73e2096bab78b9e61ed32f0331ab80e0a8ede48dc98cde712fe1148efc865c48522a3c0a90c55b2b40eddaa04252e2f9cf56d47f6dc7a262040f3c903551e8c44595c5ded9d3ed8ef25b142775bc0b8be4b192c8afc56487f14b6a023237c064d4c750c17e72053182224792cca572ddcef172e8b383c71a6f7e93a233ed2bd1f35d05b415c185962d32b9727392e612011b3920bcfd5c596429bae06469c367a8357577af70a94e72d90ce09ad8217bd070197ecdeae267bb268b7b96e761e4da9df4a509823936369a3120549bba30cdf2a0c1c8f36f5117b7addb11619e79593f63666497ccc33e72a3b83b14325b891480f321a13da9ab8baaa84ad513da3b9e20c62f33c9df49fd25b1414d019ce62d6fd1fd3a142e7863287c3ff0a91393602c2fcb4029a71fe51b695298d2b13915f20d8ea1d39df1181a9a7f77485e63e162066ca852eb335500058", 0x1000}, {&(0x7f0000000180)='u', 0x1}, {&(0x7f0000002300)="460771b1f3c46708ea3e1e28e54f9603f98e90c14577d8b8836a8cf7032b4d8699e542394ee864cecceef6110fb0696228000415eed203b96ad9850e79d75abb450f8febf80a1508da403e9de28638ee562ac929ec5fe7696bd36d8231189868d6604d54a72e955359c5051dd3fefd9d75159d39ddb93488d9d382a6d0b698cbadebd5b292", 0x85}], 0x8, 0x0)

23:27:26 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = dup(r0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x13f, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r1, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000200), r2, 0x2}}, 0x18)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r3, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1585.157298][ T5246] binder: send failed reply for transaction 603 to 12000:12086
[ 1585.166550][ T5246] binder: undelivered TRANSACTION_COMPLETE
[ 1585.178680][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
23:27:26 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x8, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:26 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xb000000}}, 0xfffffefd)

23:27:26 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0xc018620c, 0x0)

23:27:26 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20002, 0x8000000000092dd)

23:27:26 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'veth0_to_bridge\x00', <r1=>0x0})
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f00000003c0)={@mcast1, @local, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x80, 0x1, 0x200, 0x400, 0x400, 0x4000040, r1})
r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x6d, &(0x7f00000007c0)=ANY=[@ANYRES64=r1, @ANYRESOCT=r0], &(0x7f000095dffc)=0x2)
r3 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0xc2cc, 0x100)
ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r3, 0xc0505510, &(0x7f0000000500)={0x3f, 0x400000000000043, 0x2, 0x8001, &(0x7f0000000580)=[{}, {}, {}, {}, {}]})
r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x2, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(r4, 0xc004aea7, &(0x7f0000000080)=0xa06)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r5, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f0000000200)={0xffff, {{0xa, 0x4e20, 0x4, @remote, 0x2}}, 0x1, 0x2, [{{0xa, 0x4e23, 0x8f7, @ipv4={[], [], @local}, 0x5}}, {{0xa, 0x4e24, 0x1, @ipv4={[], [], @rand_addr=0x1000}, 0x376}}]}, 0x190)
ioctl$SIOCGSTAMPNS(r4, 0x8907, &(0x7f0000000440))

[ 1585.526267][T12731] binder: 12643:12731 ioctl c018620c 0 returned -14
23:27:27 executing program 1:
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0)
r1 = perf_event_open$cgroup(&(0x7f00000000c0)={0x7, 0x70, 0x3, 0x0, 0x3, 0x7fff, 0x0, 0x800, 0xc008, 0xa, 0x2, 0x0, 0x800, 0x10000, 0x8, 0x1, 0x4, 0x7, 0x8, 0x5, 0x9, 0x8001, 0x800, 0x20, 0x80000, 0x4, 0x7, 0x2, 0x3, 0x0, 0x2, 0x2, 0x100000000, 0x7ff, 0x3, 0xfffffffffffffffd, 0x3e5, 0x5, 0x0, 0x2ef, 0x5, @perf_bp={&(0x7f0000000080), 0x8}, 0x1, 0x5, 0x2, 0x1, 0xffffffff8e72a5a5, 0x5, 0x3}, 0xffffffffffffff9c, 0x3, 0xffffffffffffff9c, 0xb)
tee(r0, r1, 0xbb, 0x6b4292d38b3b872d)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000140)={0x97f, 0x7, 0x7ff, 0x3, 0x3}, 0x14)
r2 = socket(0x11, 0x3, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r2, r3, &(0x7f0000000000), 0x7)

[ 1585.753560][ T5246] binder: send failed reply for transaction 607 to 12643:12731
[ 1585.782501][ T5246] binder: undelivered TRANSACTION_COMPLETE
23:27:27 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x1f40}}, 0xfffffefd)

23:27:27 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={'veth0\x00', {0x2, 0x4e22, @loopback}})
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:27 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20003, 0x8000000000092dd)

23:27:27 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0xc0189436, 0x0)

[ 1585.808371][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
23:27:27 executing program 1:
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x88)
ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f00000000c0)=@buf={0x30, &(0x7f0000000080)="cae58c9554406eec58d6d3e0737b3576b7baca7838aea594612da54ca9b0e04d9791bc3a957ce232eab5e0000e63552f"})
r1 = socket(0x11, 0x3, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r1, r2, &(0x7f0000000100)=0x20f, 0x8000000000092dd)
openat$cgroup_ro(r2, &(0x7f0000000280)='cgroup.controllers\x00', 0x0, 0x0)

23:27:27 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0xc020660b, 0x0)

[ 1586.050572][ T5246] binder: send failed reply for transaction 611 to 13019:13021
[ 1586.062982][ T5246] binder: undelivered TRANSACTION_COMPLETE
[ 1586.076958][ T5246] binder: undelivered TRANSACTION_ERROR: 29189
23:27:27 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x9, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1586.265925][ T1512] binder: send failed reply for transaction 615 to 13537:13539
[ 1586.277755][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
23:27:27 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xb000200}}, 0xfffffefd)

23:27:27 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20004, 0x8000000000092dd)

23:27:27 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
getpgrp(0x0)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000180)=<r1=>0x0)
r2 = syz_open_procfs(r1, &(0x7f0000000080)='\x00et/ptype\x00q1\x0e\x8a\x855S ~}\x1c\v\xbc\x02\xf0\xf5\x01\xaf\x14\x17\xbbG\x96\xcb\xf5\xe7[\xf6\x04\xd7\a\xc5\xf0r:\xaa(Z)\xd9\x16\xbf\xa7|\xe5\xf6z\b\x86\xf1tI\xc1\xf3E\xe4\xee=\xd3a\xfd\x1f\xa1b\x99\xf4D\xe5il\xe5u\xdf\xff\xcd\xe2X\x83r\xb7\xdb[l\x1b\xd3\x05\x8bO\xc2%\xbf\x04v\xd9\xdc>\xbe\x0f\xac\x05\b\x19#E\x0fG\xf1\xb4R\x9d\x1d\xc7QR}\xfa\xa5\x90F\"\a')
sendfile(r0, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f00000001c0)={{0x0, 0x5, 0x3ff, 0x200}, 'syz0\x00', 0x48})
ioctl$TIOCGPTPEER(r2, 0x5441, 0xae)

23:27:27 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0xc0306201, 0x0)

23:27:28 executing program 1:
r0 = socket(0x80000010011, 0x80000, 0x8)
connect$caif(r0, &(0x7f0000000180)=@dgm={0x25, 0x4, 0xc7}, 0x18)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x224040, 0x0)
ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x80, 0x3, 0x8, 0x8, "c974d132371e5be562eda56cc52edb950a734e489863da3d10479a9681c93a6c93b0555ad336bd2ba2734d3d3ae27adc13e3828f88516fc96ddf68e68250a301", "c60b5ba3da6af8189c705c60fcbe9c17059dd1b0011c313da2c0ec9961ce3530", [0x2, 0x2]})
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000040)={@rand_addr="cd4722ebd0b737ddebdb06fe4c678299", 0x800000002, 0xfffffffffffffffc, 0x2, 0x8, 0x8, 0x164}, 0x20)
sendfile(r0, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1586.467217][T13792] binder: 13700:13792 ioctl c0306201 0 returned -14
[ 1586.596465][ T1512] binder: send failed reply for transaction 619 to 13700:13792
[ 1586.609694][ T1512] binder: undelivered TRANSACTION_ERROR: 29189
23:27:28 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
ioctl$VIDIOC_DBG_G_REGISTER(r0, 0xc0385650, &(0x7f0000000100)={{0x4, @addr=0x1}, 0xfffffffffffffd1b, 0x408, 0xffff})
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:28 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x2)

23:27:28 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x2000}}, 0xfffffefd)

23:27:28 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20005, 0x8000000000092dd)

23:27:28 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='rpe\x00.\xa4\x85!\x8f\x88[9?\x90PG\xa9\x14\xfe\xb2\x17\xaaeik\xab9\xad\xf8\x87\xc2\x96\xf9W\x8f\x86(*&\xb1AJ\xb4\xa7cw>[K\xec\x7fNF\xe3a\x00\x00')
syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x0, 0x2)
sendfile(r0, r1, &(0x7f0000000000)=0x210, 0x8000000000092dd)

[ 1586.902107][T14207] binder: release 14071:14207 transaction 623 out, still active
23:27:28 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0xa, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1586.964487][T14207] binder: unexpected work type, 4, not freed
23:27:28 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x100010000, 0x1)
r1 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x7, 0xdafd72b8f0d177c2)
ioctl$NBD_SET_FLAGS(r1, 0xab0a, 0xffffffffffffcb18)
ioctl$BLKTRACESTART(r0, 0x1274, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000800)={0x9, 0x6, 0x6, 0xd8ee, 0x7})
r2 = socket(0x11, 0x3, 0x0)
write$binfmt_elf64(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="7f454c46701f05073f0000000000000003000300000000005f020000000000004000000000000000b90300000000000001000000090038000200060007000c00010000005c000000030000000000000000020000000000000900000000000000080000000000000007000000000000009acb000000000000192ff5724e40d90098fe4ca74bc297ec302c080934a9ef4564159de14407b425f980cdd3ec9ffdcdf886b1ba117a030f14f44bf8c264c8c37ca26dbcf58fa044bea68df90af0916c79e7b7bf9fb10b349f9cb4a5cd779746e10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x5d1)
fcntl$getownex(r2, 0x10, &(0x7f00000000c0))
r3 = gettid()
r4 = syz_open_procfs(r3, &(0x7f00000001c0)='net/ptype\x00')
bind$isdn(r1, &(0x7f0000000180)={0x22, 0x40, 0xfffffffffffff051, 0xffffffff00000000, 0x20}, 0x6)
dup2(r0, r0)
sendfile(r2, r4, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
syz_kvm_setup_cpu$x86(r4, r1, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000100)="0f699a50000f01c8839be536000f00500666b8a8b500000f23d00f21f86635300000070f23f8660f6bf2f366fff6f3160f30ba4200ec", 0x36}], 0x1, 0x10, &(0x7f0000000180), 0x0)

[ 1587.175783][ T1512] binder: send failed reply for transaction 623, target dead
23:27:28 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20006, 0x8000000000092dd)

23:27:28 executing program 1:
r0 = syz_open_dev$vivid(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2)
ioctl$VIDIOC_SUBDEV_G_SELECTION(r0, 0xc040563d, &(0x7f0000000080)={0x1, 0x0, 0x0, 0x2, {0x3, 0x100000001, 0x5, 0x4}})
r1 = socket(0x0, 0x3, 0xfffffffffffffffd)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x30202, 0x0)
ioctl$BLKIOOPT(r2, 0x1279, &(0x7f0000000180))
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r1, r3, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
getsockopt$TIPC_SRC_DROPPABLE(r3, 0x10f, 0x80, &(0x7f00000000c0), &(0x7f0000000100)=0x4)

23:27:28 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x3)

23:27:28 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xd000000}}, 0xfffffefd)

23:27:28 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r2=>0x0})
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r1, 0xc0305602, &(0x7f00000000c0)={0x0, 0x5, 0x200b, 0x1})
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', r2})

[ 1587.361738][T14696] binder: release 14692:14696 transaction 627 out, still active
[ 1587.396760][T14696] binder: unexpected work type, 4, not freed
23:27:29 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20007, 0x8000000000092dd)

23:27:29 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x4)

[ 1587.576526][ T1512] binder: send failed reply for transaction 627, target dead
[ 1587.661428][T15117] binder: release 15114:15117 transaction 631 out, still active
[ 1587.687974][T15117] binder: unexpected work type, 4, not freed
[ 1587.773639][ T5246] binder: send failed reply for transaction 631, target dead
23:27:29 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f0000000040)={<r2=>0x0})
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00')
sendmsg$TIPC_CMD_GET_NETID(r1, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x9000100}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r3, 0x100, 0x70bd29, 0x25dfdbfe, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x841}, 0x24000041)
ioctl$DRM_IOCTL_GET_SAREA_CTX(r1, 0xc010641d, &(0x7f0000000100)={r2, &(0x7f0000000080)=""/120})
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f00000002c0)={<r4=>0x0, 0xffffffff0000000, 0x8000, 0x6, 0xf445, 0x3}, &(0x7f0000000300)=0x14)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r1, 0xc08c5334, &(0x7f0000000380)={0x9, 0x3, 0xfff, 'queue0\x00', 0x3})
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000340)={0xae92, 0x0, 0xfffffffffffffffe, 0x8, r4}, 0x10)

23:27:29 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x5)

23:27:29 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x4000}}, 0xfffffefd)

23:27:29 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0xb, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:29 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20008, 0x8000000000092dd)

23:27:29 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
write$P9_RATTACH(r1, &(0x7f00000000c0)={0x14, 0x69, 0x1, {0x20, 0x4, 0x8}}, 0x14)
getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000040)=0x8, &(0x7f0000000080)=0x4)

[ 1587.946079][T15526] binder: release 15322:15526 transaction 635 out, still active
[ 1587.970730][T15526] binder: unexpected work type, 4, not freed
23:27:29 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
sendto$rxrpc(r0, &(0x7f00000000c0)="47eadd0de1f1708d7fec9cdbf4fe53a5e4bfad59773da16a9e55ec354003757df988b5ff54b85b3186a4f430f8e1c629b77f971a5716a3ac4d9c4a32d812d3c3e69374a0a506057225d4c1bb544d5b148bf5af9b56e573c2cd4191c12031be", 0x5f, 0x1, &(0x7f0000000040)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e20, @empty}}, 0x24)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0xfffc, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:29 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x6)

[ 1588.203814][ T5246] binder: send failed reply for transaction 635, target dead
23:27:29 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
socket$vsock_stream(0x28, 0x1, 0x0)
membarrier(0x10, 0x0)
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000040)={<r2=>0x0, 0x9c, "9019ea136268ec84d42cc5c09ca632b4bf8a3f89617bcc751388704aeb35e671ba10d89f30eb5297a85e6dbd300a61d0d4f1a20ee84da27a10095daf2fcaf5748915684687f7ce18568ffbbe29fc6174d6a9033db7c73b22b0101abb8d6e83262d4172726a14e716a428267c872e5a46d5f540de1390fb44f908dc3aae6f0147d05ba36569daa915da92b086c0c64278adf1d8075ad05cad551151b4"}, &(0x7f0000000100)=0xa4)
setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000140)={r2, 0x7}, 0x8)

23:27:29 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xe000000}}, 0xfffffefd)

23:27:29 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20009, 0x8000000000092dd)

[ 1588.298362][T15946] binder: release 15945:15946 transaction 639 out, still active
[ 1588.329302][T15946] binder: unexpected work type, 4, not freed
[ 1588.355400][T15946] binder_release_work: 6 callbacks suppressed
[ 1588.355406][T15946] binder: undelivered TRANSACTION_COMPLETE
23:27:29 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x7)

23:27:30 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
ioctl$PPPOEIOCSFWD(r0, 0x4008b100, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={[], 0x10}, 'bond_slave_0\x00'}})
getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000040)=""/224, &(0x7f0000000140)=0xe0)
ioctl$EVIOCGABS2F(r1, 0x8018456f, &(0x7f0000000240)=""/101)
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0xa)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0)='TIPCv2\x00')
sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f0000000700)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000006c0)={&(0x7f00000004c0)={0x1dc, r2, 0x501, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x88, 0x5, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xcf}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x21f8000000000}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x81}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}]}, @TIPC_NLA_LINK={0x38, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_BEARER={0xb8, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xbb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xe83}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x99}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8001}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xd}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0xfd, @mcast2, 0xd10c}}}}]}, @TIPC_NLA_NET={0x50, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x5}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x800}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1362}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6a80}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x6}]}]}, 0x1dc}, 0x1, 0x0, 0x0, 0x8000}, 0x1)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200)='TIPCv2\x00')
sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000940)=ANY=[@ANYBLOB="10010000", @ANYRES16=r3, @ANYBLOB="000426bd7000fddbdf2509000000440004000000010073797a30000000001400010062726f6164636173742d6c696e6b00000c00070008000300070000001400070008000300ff97d68f9556fef7f4a7333f07000008000100090000003800020004000400040004000800020000020000080002000000000008000100070000000800010008000000080001000002000004000400800001002c0004001400010002004e240000000700000000000000001400020002004e210000000000000000000000002c0004001400014445b6d1450002004e210000000000000000000000001400020002004e220000000000000000000000001000010069623a7465616d30000000001400010069623a73797a6b616c6c65723100000004454b57e4da8e811a09e3742678c83e23b48662376519c332049bbfccac6212053f71d2841493cd7d170aa2777c13b83301cb38a5caf7d50e580de13a96d1023c197bd2de46caeaaf472699c086a931d761389b22862cebe286ef80148f2931dd4092b16a8d33dce27250cba0bdc5988e39222c00e4aa4d63b26e4e44823da7125876fd66e352f5c0a21accb67a1bfc170190dbf478ac34bd41fc610b293984dcbfee6b6ad0a1d1a66c5be718003387"], 0x110}, 0x1, 0x0, 0x0, 0x20000000}, 0x2400c000)
ioctl$SIOCNRDECOBS(r1, 0x89e2)

[ 1588.475340][ T5246] binder: send failed reply for transaction 639, target dead
23:27:30 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x2000a, 0x8000000000092dd)

[ 1588.581043][T16308] binder: release 16258:16308 transaction 643 out, still active
[ 1588.629619][T16308] binder: unexpected work type, 4, not freed
[ 1588.636829][T16308] binder: undelivered TRANSACTION_COMPLETE
23:27:30 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x401f}}, 0xfffffefd)

[ 1588.809660][ T1512] binder: send failed reply for transaction 643, target dead
23:27:30 executing program 1:
socket(0x2, 0x5, 0x9)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
ioctl$BLKIOOPT(r0, 0x1279, &(0x7f00000000c0))
ioctl$PPPOEIOCSFWD(r0, 0x4008b100, &(0x7f0000000100)={0x18, 0x0, {0x2, @link_local, 'veth1_to_bridge\x00'}})
ioctl$BLKGETSIZE64(r0, 0x80081272, &(0x7f0000000040))
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000000), &(0x7f0000000080)=0x4)

23:27:30 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0xc, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:30 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x48)

23:27:30 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x2000b, 0x8000000000092dd)

[ 1588.903950][T16679] binder: release 16677:16679 transaction 647 out, still active
[ 1588.942048][T16679] binder: unexpected work type, 4, not freed
23:27:30 executing program 1:
r0 = socket(0x80013, 0x800000000002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={<r1=>0x0, <r2=>0xffffffffffffff9c, 0x0, 0x14, &(0x7f00000000c0)='lo:bdev\'keyringbdev\x00', 0xffffffffffffffff}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000300)={<r3=>0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0xa, &(0x7f0000000180)='net/ptype\x00'}, 0x30)
r4 = dup3(r2, r0, 0x80000)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000540)={{0x8, 0x0, 0x400000000c00, 0x6, 'syz0\x00', 0x90f}, 0x4d3, 0x2a, 0x1, r1, 0x6, 0x9, 'syz1\x00', &(0x7f0000000340)=['u\x8banet/pType\x02$\xa5~\x8fZ\xd7\x9e\xca)\x81v\x9cj\xe73\xbe\xb7\x8d\'^\"\xfc\x83$\vR\xcc\xeb\xff}\xc5^:\xbfI\xf2w\xcd\x17\xc9v\xf2\xa50\xa99\x92\xe6\x92oE\x91\n\xeb_\xf2h\xc6\x9c7\t\xf2\xac\xdb\x91H94ZVM\x96\x88\xe28!\x18bK>\x81\x1d]GVtl\x80\xb5\x16\xa6\xe3\xdc\xa9\xc0\xdaHJ\x1c\x9f\xb8\\\x1e\x1e\xd2\x8b\xa9\x1f\x9b\xef\xca]\xf3\x16o \xec=Xc\n\xe6\xae\xe3\xffm\xb9E/\x14\x9d\x835\xbar\xaa\x8e\x12E\xb0\xad^\xd7w\xe5\xb9A\x9d\x19\xd2\xd1xXT\xc4\xfd\a~\xd7\x1b\x98\xb1\xbb\xdaM\xef\xfe\xc0T\x03N\x89\xf6\f#\xdf\xfd\xf0\xa6^\'\x83\xc8Z\x86\xb5V\xcc\x97-\x12\x11N\xacJ\xab\xe6LB#\xd4\x9b\x10\x18I\xe3\x82\xb9\xea', 'lo:bdev\'keyringbdev\x00', 'net/ptype\x00', 'net/ptype\x00', 'u\x8banet/pType\x02$\xa5~\x8fZ\xd7\x9e\xca)\x81v\x9cj\xe73\xbe\xb7\x8d\'^\"\xfc\x83$\vR\xcc\xeb\xff}\xc5^:\xbfI\xf2w\xcd\x17\xc9v\xf2\xa50\xa99\x92\xe6\x92oE\x91\n\xeb_\xf2h\xc6\x9c7\t\xf2\xac\xdb\x91H94ZVM\x96\x88\xe28!\x18bK>\x81\x1d]GVtl\x80\xb5\x16\xa6\xe3\xdc\xa9\xc0\xdaHJ\x1c\x9f\xb8\\\x1e\x1e\xd2\x8b\xa9\x1f\x9b\xef\xca]\xf3\x16o \xec=Xc\n\xe6\xae\xe3\xffm\xb9E/\x14\x9d\x835\xbar\xaa\x8e\x12E\xb0\xad^\xd7w\xe5\xb9A\x9d\x19\xd2\xd1xXT\xc4\xfd\a~\xd7\x1b\x98\xb1\xbb\xdaM\xef\xfe\xc0T\x03N\x89\xf6\f#\xdf\xfd\xf0\xa6^\'\x83\xc8Z\x86\xb5V\xcc\x97-\x12\x11N\xacJ\xab\xe6LB#\xd4\x9b\x10\x18I\xe3\x82\xb9\xea', '&\x00'], 0x1e6, [], [0x7fffffff, 0x3, 0x9, 0x3f]})
r5 = syz_open_procfs(r3, &(0x7f0000000200)='u\x8banet/pType\x02$\xa5~\x8fZ\xd7\x9e\xca)\x81v\x9cj\xe73\xbe\xb7\x8d\'^\"\xfc\x83$\vR\xcc\xeb\xff}\xc5^:\xbfI\xf2w\xcd\x17\xc9v\xf2\xa50\xa99\x92\xe6\x92oE\x91\n\xeb_\xf2h\xc6\x9c7\t\xf2\xac\xdb\x91H94ZVM\x96\x88\xe28!\x18bK>\x81\x1d]GVtl\x80\xb5\x16\xa6\xe3\xdc\xa9\xc0\xdaHJ\x1c\x9f\xb8\\\x1e\x1e\xd2\x8b\xa9\x1f\x9b\xef\xca]\xf3\x16o \xec=Xc\n\xe6\xae\xe3\xffm\xb9E/\x14\x9d\x835\xbar\xaa\x8e\x12E\xb0\xad^\xd7w\xe5\xb9A\x9d\x19\xd2\xd1xXT\xc4\xfd\a~\xd7\x1b\x98\xb1\xbb\xdaM\xef\xfe\xc0T\x03N\x89\xf6\f#\xdf\xfd\xf0\xa6^\'\x83\xc8Z\x86\xb5V\xcc\x97-\x12\x11N\xacJ\xab\xe6LB#\xd4\x9b\x10\x18I\xe3\x82\xb9\xea')
sendfile(r0, r0, &(0x7f0000000040), 0x8000000000092dd)
socket$nl_crypto(0x10, 0x3, 0x15)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000080)={r5, 0x3, 0x1, 0x2, &(0x7f0000000000)=[0x0, 0x0, 0x0], 0x3}, 0x20)
setsockopt$netlink_NETLINK_RX_RING(r4, 0x10e, 0x6, &(0x7f00000001c0)={0xfca, 0xff, 0xfff, 0x8}, 0x10)
syz_open_dev$sndctrl(&(0x7f0000000140)='/dev/snd/controlC#\x00', 0xe2b, 0x8080)

[ 1588.978509][T16679] binder: undelivered TRANSACTION_COMPLETE
23:27:30 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
write$binfmt_misc(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="73797a30ef5d177c8ce71aa0e9bde72c61cdfccc357179ba3a0e600ed04c72c9583b6177798bb2fc83"], 0x2e)
getpgid(0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)=<r1=>0x0)
r2 = syz_open_procfs(r1, &(0x7f0000000280)='net/sockstat\x00')
ioctl$KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{}, {}]})
sendfile(r0, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1589.142871][ T1512] binder: send failed reply for transaction 647, target dead
23:27:30 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x4c)

23:27:30 executing program 1:
r0 = socket(0x0, 0x3, 0xfffffffffffffffe)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
ioctl$LOOP_SET_FD(r1, 0x4c00, r1)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000080)={<r2=>0x0, @in={{0x2, 0x4e23, @rand_addr=0x7}}, 0x4, 0x7}, &(0x7f0000000140)=0x90)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r1, 0x84, 0x78, &(0x7f0000000180)=r2, 0x4)
setsockopt$CAIFSO_LINK_SELECT(r0, 0x116, 0x7f, &(0x7f0000000040)=0x91, 0x4)
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
ioctl$KDSETLED(r1, 0x4b32, 0x6)

23:27:30 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xf000000}}, 0xfffffefd)

23:27:30 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x2000c, 0x8000000000092dd)

[ 1589.383782][T17208] binder: release 17206:17208 transaction 651 out, still active
23:27:30 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
dup(r1)
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1589.424936][T17208] binder: unexpected work type, 4, not freed
[ 1589.474992][T17208] binder: undelivered TRANSACTION_COMPLETE
[ 1589.673544][ T5246] binder: send failed reply for transaction 651, target dead
23:27:31 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x5000}}, 0xfffffefd)

23:27:31 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
ioctl$VIDIOC_S_PRIORITY(r1, 0x40045644, 0x3)
ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f0000000040)={'rose0\x00', {0x2, 0x4e22, @loopback}})
creat(&(0x7f0000000080)='./file0\x00', 0x2)
fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f00000000c0))
write$P9_RLOCK(r1, &(0x7f0000000100)={0x8, 0x35, 0x1, 0x2}, 0x8)

23:27:31 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x60)

23:27:31 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x2000d, 0x8000000000092dd)

23:27:31 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0xd, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1589.834536][T17736] binder: release 17730:17736 transaction 655 out, still active
[ 1589.872073][T17736] binder: unexpected work type, 4, not freed
[ 1589.889080][T17736] binder: undelivered TRANSACTION_COMPLETE
23:27:31 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
rt_sigsuspend(&(0x7f0000000040)={0x5}, 0x8)

23:27:31 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x68)

[ 1590.009774][ T1512] binder: send failed reply for transaction 655, target dead
23:27:31 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x2000e, 0x8000000000092dd)

[ 1590.095174][T18049] binder: release 18048:18049 transaction 659 out, still active
[ 1590.107221][T18049] binder: unexpected work type, 4, not freed
[ 1590.118007][T18049] binder: undelivered TRANSACTION_COMPLETE
23:27:31 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x6c)

23:27:31 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x10000000}}, 0xfffffefd)

[ 1590.279836][ T1512] binder: send failed reply for transaction 659, target dead
23:27:31 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x2000f, 0x8000000000092dd)

[ 1590.351605][T18261] binder: unexpected work type, 4, not freed
[ 1590.373141][T18261] binder: undelivered TRANSACTION_COMPLETE
23:27:31 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x74)

[ 1590.564240][T18462] binder: unexpected work type, 4, not freed
[ 1590.581143][T18462] binder: undelivered TRANSACTION_COMPLETE
23:27:32 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xa000}}, 0xfffffefd)

23:27:32 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0xe, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:32 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20010, 0x8000000000092dd)

23:27:32 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x7a)

23:27:32 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/fib_trie\x00')
openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x2040, 0x0)
ioctl$SIOCAX25OPTRT(r0, 0x89e7, &(0x7f0000000080)={@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, 0x2, 0x44})
getsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000040)=0x9, &(0x7f0000000140)=0x2)
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1590.844946][T18776] binder: unexpected work type, 4, not freed
[ 1590.861730][T18776] binder: undelivered TRANSACTION_COMPLETE
23:27:32 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x300)

23:27:32 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
ioctl$sock_bt_bnep_BNEPGETCONNINFO(r0, 0x800442d3, &(0x7f0000000040)={0xfffffffffffffbff, 0x3, 0x1ff, @remote, 'bcsf0\x00'})

23:27:32 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20048, 0x8000000000092dd)

[ 1591.098731][T19118] binder: unexpected work type, 4, not freed
23:27:32 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\xe4W\x05\x87\xdf\xb3\x9d\xce\xb9\xd2\x15\xb3b\x8c4\xc9\x85g.\x14&B\xde?\x9f\x7f\xb0$\a\xfd\x9a2\xc9T\x8c\xb7\xe0qz\x82\x9e\xa3\x92q\x06}\x9b\xeac{\xa3\xf0\xb9 \x03\xeeD\xc1\x81 -\xba\x1b\xa4G\xc9\xae\xf5\xd82t_\xf6\x1a\r\x15\xcc\xbc\x1b\xcdi\xe2\x19OW\xffU]\xd2Y\xf8\x91,\xe8\x06\xad\xe5\xd7^\a\xc8\xb4P\xb8A\xad\x9c`\x9a\xf1k\xa9\xe4\xae\x82A-\xa8{0\xb0-\xaa\xb0\x96\xb4\xf4\xe3\xeeP;\x81\xcbp\xad\xf5\x15\x9b.<:;\xc0\xd2\xec\xcao\xe4\x04\x9d\x90H2J?\a\xe0\xe3]g\x89\xf6\x9a\xf4a\xc2\xe8\xa0\xd72\xa8\xe5\\\x1f\xce\x05\xbe\xddL\xde\x89\x0f\xea\xe9<l\xd1\x1dd\x8d\xca\x04\x84&a\xe7\xd2\x89\xad*\xe7\b\xc1\x82\xbf7\xa2\xcf3\xc4\x17\xc5\x8f\xe8\xdb\x14{.\xcb\xc4\x10\x96Q\xe1\nO\x9fn>\xf7Z\xa8`')
getpeername$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, &(0x7f0000000080)=0x1c)
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:32 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x11000000}}, 0xfffffefd)

[ 1591.153074][T19118] binder: undelivered TRANSACTION_COMPLETE
23:27:32 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x500)

23:27:32 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="64010000", @ANYRES16=r1, @ANYBLOB="080003cf108bffdbdf2505000000280001000800030052ed00001c000200080002000700000008000300080000000800030001000000340009000800010002000000080001000400000008000200000100000800010005000000080002000008000008000100040000003c000700080002002d47000008000200008000000c00040005000000000000000c000300080000000000000008000200070000000800010008000000b800050008000100756470002c000200080002005702000008000400a7000000080002001b8800000800030000000000080003002e00000044000200080004000500000008000200070000000800010016000000080004000100000008000300220a000008000400030000000800040000000080080001000f0000003c00020008000400060000000800020000000000080004004004000008000100070000000800030005000000080001000b0000000800010012000000"], 0x164}, 0x1, 0x0, 0x0, 0x800}, 0x24004000)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1591.487045][T19614] binder: unexpected work type, 4, not freed
23:27:33 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xd007}}, 0xfffffefd)

23:27:33 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x2004c, 0x8000000000092dd)

23:27:33 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0xf, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:33 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x600)

23:27:33 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = dup(r0)
ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06855c8, &(0x7f0000000040)={0x10, 0x2, {0x0, 0x1000, 0xff, {0x9, 0xffffffffffffffff}, {0x3, 0x7ff}, @const={0x343, {0x3, 0x200, 0x0, 0x2e}}}, {0x56, 0x100, 0x5, {0x0, 0x1}, {0x3, 0xffffffffffffff80}, @const={0x80000000, {0x5, 0x101, 0xfffffffffffff801}}}})
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r2, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
setsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, &(0x7f00000000c0)={0x100, 0x3}, 0x2)

[ 1591.784153][T19908] binder: unexpected work type, 4, not freed
23:27:33 executing program 1:
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000080)={0x7, 0x4, [0x4]})
r1 = socket(0x11, 0x3, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r1, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1591.875643][T20095] Unknown ioctl -1073195748
[ 1591.884691][T20095] Unknown ioctl -1073195748
23:27:33 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000040)=0x20d, 0x8000000000092dd)

23:27:33 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x700)

23:27:33 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20068, 0x8000000000092dd)

[ 1592.087530][T20337] binder_thread_release: 6 callbacks suppressed
[ 1592.087544][T20337] binder: release 20336:20337 transaction 687 out, still active
23:27:33 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x20000000}}, 0xfffffefd)

23:27:33 executing program 1:
r0 = socket(0x14, 0xa, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f0000000100))

[ 1592.165666][T20337] binder: unexpected work type, 4, not freed
23:27:33 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse\x00', 0x2, 0x0)
sendfile(r0, r0, &(0x7f0000000000)=0x211, 0x8000000000092dd)
r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000200)='/dev/cachefiles\x00', 0x1, 0x0)
getsockopt$packet_buf(r1, 0x107, 0x1, &(0x7f00000000c0)=""/156, &(0x7f0000000240)=0x9c)
ioctl$EVIOCGRAB(r2, 0x40044590, &(0x7f0000000080)=0xe1ad)
getsockopt$IPT_SO_GET_ENTRIES(r2, 0x0, 0x41, &(0x7f0000000280)={'nat\x00', 0x98, "1115c35d0544cb5a5b53654a2253e4c248d29d8ab9272be5ed461cb73920836ea4e39a8e53be02917a6d51b86819385b24f74bb3aa4d89335136594619a3ed93e0278b951237b1a22acc64f48ee5c303fcf8b1edccdf2aa80f6451da867fd7d9bebc9d692641ec32293dae399fb56a166b214ebc8f0fd34034d163208784d7c03c24677ded899fd3cf79a7b3ab580a60a95c268981164bf4"}, &(0x7f0000000180)=0xbc)

23:27:33 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x2000)

[ 1592.378763][ T5246] binder_send_failed_reply: 6 callbacks suppressed
[ 1592.378772][ T5246] binder: send failed reply for transaction 687, target dead
[ 1592.495112][T20756] binder: release 20753:20756 transaction 691 out, still active
[ 1592.510621][T20756] binder: unexpected work type, 4, not freed
23:27:34 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x186a0}}, 0xfffffefd)

23:27:34 executing program 1:
r0 = socket(0xd, 0x2309cd5cc9e662d9, 0x800008)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:34 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x10, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:34 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x2006c, 0x8000000000092dd)

23:27:34 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x4800)

[ 1592.648461][ T1512] binder: send failed reply for transaction 691, target dead
23:27:34 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x0, 0x2)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f0000000080)={0x3, <r2=>0x0, 0x10000, 0x1})
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f00000000c0)={0x200, r2, 0x0, 0x44000000000000})
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r3, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:34 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1592.846985][T21166] binder: release 21144:21166 transaction 695 out, still active
[ 1592.867337][T21166] binder: unexpected work type, 4, not freed
23:27:34 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20074, 0x8000000000092dd)

[ 1593.073337][ T1512] binder: send failed reply for transaction 695, target dead
23:27:34 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
fgetxattr(r0, &(0x7f0000000040)=@known='trusted.syz\x00', &(0x7f0000000080), 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
ioctl$SG_EMULATED_HOST(r1, 0x2203, &(0x7f0000000080))

23:27:34 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x4c00)

23:27:34 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x40000000}}, 0xfffffefd)

23:27:34 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x2007a, 0x8000000000092dd)

[ 1593.229310][T21596] binder: release 21500:21596 transaction 699 out, still active
[ 1593.254255][T21596] binder: unexpected work type, 4, not freed
[ 1593.392133][ T1512] binder: send failed reply for transaction 699, target dead
23:27:35 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x2000b}}, 0xfffffefd)

23:27:35 executing program 1:
r0 = socket(0xd, 0x3, 0xffffffffffffffff)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000140)={0xec, 0xc, 0x5, 0x7, <r2=>0x0}, &(0x7f00000000c0)=0xfffffe31)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000100)={r2}, 0x8)
ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f0000000040)={'rose0\x00', {0x2, 0x4e20, @loopback}})
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

23:27:35 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20300, 0x8000000000092dd)

23:27:35 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x6000)

23:27:35 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x11, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1593.710396][T21922] binder: release 21916:21922 transaction 703 out, still active
23:27:35 executing program 1:
r0 = socket(0x10, 0x43, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
clock_getres(0x7, &(0x7f0000000080))
r2 = fcntl$getown(r1, 0x9)
write$P9_RREAD(r1, &(0x7f00000000c0)={0x4f, 0x75, 0x2, {0x44, "5524a6adcf1af817ea63dff1d829cf820f588d11f42fe0fa72dc6ef73344e6a54f49ca3e852c35dd0318342b2114e32f2aacd21f6f195f03d9dd844a6e58e9be640af280"}}, 0x4f)
syz_open_procfs(r2, &(0x7f0000000040)='loginuid\x00')

[ 1593.803710][T21922] binder: unexpected work type, 4, not freed
23:27:35 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x280001, 0x0)
signalfd4(r0, &(0x7f0000000080)={0x7ff}, 0x8, 0x800)
r1 = socket(0x11, 0x3, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r1, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1593.849523][T21922] binder_release_work: 6 callbacks suppressed
[ 1593.849530][T21922] binder: undelivered TRANSACTION_COMPLETE
23:27:35 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20500, 0x8000000000092dd)

23:27:35 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x401f0000}}, 0xfffffefd)

23:27:35 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
getpid()
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x8, 0x10, r0, 0x2)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000000c0))
r1 = getpgid(0x0)
r2 = syz_open_procfs(r1, &(0x7f0000000140)='sessionid\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:35 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x6800)

[ 1594.126711][ T1512] binder: send failed reply for transaction 703, target dead
23:27:35 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000100)={<r1=>0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x19}}}, 0x1f, 0x60}, &(0x7f0000000200)=0x90)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000240)={0x10001, 0x20a, 0xda99, 0x7, r1}, &(0x7f0000000280)=0x10)
r2 = timerfd_create(0x8, 0x20800)
setsockopt$X25_QBITINCL(r2, 0x106, 0x1, &(0x7f00000000c0)=0x1, 0x4)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r3, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
ioctl$EVIOCSABS0(r3, 0x401845c0, &(0x7f0000000040)={0x6, 0xf711, 0xee, 0x2, 0x8000, 0x3})
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r3, 0x28, 0x2, &(0x7f0000000080)=0x80000001, 0x8)

[ 1594.245796][T22640] binder: release 22570:22640 transaction 707 out, still active
[ 1594.261450][T22640] binder: unexpected work type, 4, not freed
[ 1594.268290][T22640] binder: undelivered TRANSACTION_COMPLETE
[ 1594.415740][ T5246] binder: send failed reply for transaction 707, target dead
23:27:36 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x7d000}}, 0xfffffefd)

23:27:36 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20600, 0x8000000000092dd)

23:27:36 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x6c00)

23:27:36 executing program 1:
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ubi_ctrl\x00', 0x1200000, 0x0)
vmsplice(r0, &(0x7f0000000140)=[{&(0x7f0000000040)="ca24116fc6d933957e75c84234aff84a628f67e64a956bb2145930", 0x1b}, {&(0x7f00000000c0)="428a5a03d324255ba50cae5b12a8ac56cf6d9095348ec5bcb2bb425e273e76dc8cba", 0x22}], 0x2, 0xa)
r1 = socket(0x11, 0x3, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r1, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:36 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x12, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:36 executing program 1:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet_int(r0, 0x0, 0xa, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
fsync(r2)
r3 = socket(0x11, 0x3, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
fsetxattr$security_smack_transmute(r4, &(0x7f00000002c0)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000240)='TRUE', 0x56da, 0x2)
sendfile(r3, r4, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
setsockopt$bt_l2cap_L2CAP_CONNINFO(r4, 0x6, 0x2, &(0x7f0000000200)={0x1, 0xfffffffffffffff8, 0x80, 0x1}, 0x6)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180)=r0, 0x4)

[ 1594.620562][T23055] binder: release 22954:23055 transaction 711 out, still active
[ 1594.640752][T23055] binder: unexpected work type, 4, not freed
[ 1594.659116][T23055] binder: undelivered TRANSACTION_COMPLETE
23:27:36 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
fcntl$getown(r0, 0x9)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
setsockopt$inet_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f00000000c0), 0x4)
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:36 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x7400)

[ 1594.885821][ T1512] binder: send failed reply for transaction 711, target dead
[ 1594.983903][T23478] binder: release 23475:23478 transaction 715 out, still active
[ 1595.001134][T23478] binder: unexpected work type, 4, not freed
[ 1595.017094][T23478] binder: undelivered TRANSACTION_COMPLETE
23:27:36 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xa0860100}}, 0xfffffefd)

23:27:36 executing program 1:
prctl$PR_SET_FPEXC(0xc, 0x1a0000)
r0 = socket(0x11, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r0, &(0x7f0000000100)=0xb, 0x6)
getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000040)=0x1, &(0x7f0000000080)=0x4)

23:27:36 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20700, 0x8000000000092dd)

23:27:36 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x7a00)

[ 1595.100737][ T1512] binder: send failed reply for transaction 715, target dead
[ 1595.238143][T23764] binder: release 23739:23764 transaction 719 out, still active
[ 1595.257960][T23764] binder: unexpected work type, 4, not freed
[ 1595.274048][T23764] binder: undelivered TRANSACTION_COMPLETE
[ 1595.356948][ T5246] binder: send failed reply for transaction 719, target dead
23:27:37 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20900, 0x8000000000092dd)

23:27:37 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xc8000}}, 0xfffffefd)

23:27:37 executing program 1:
r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000040)='syz1\x00', 0x200002, 0x0)
pwritev(r0, &(0x7f0000001200)=[{&(0x7f0000000080)="08a3f2ed8bd9256309ebcde2c5a7ee508f195729e570558a313a66fff7525cba26efdcd8bb8949a883e6c3d17f59de512d4879b9a7fa67160a55c269657f11866a7f9c094d1b6675963c4cd7dafd6d87eb973ed1af533cb3a7214cbbe3cc0b1db16f1bced9c3c07b10d5bf1cc9d5839990adb57f3278872a03648f893291b5f1938b81b1abc9d733ef9996b0914136fc691dab373e", 0x95}, {&(0x7f0000000140)="de37d394bf4bf6bff91507d54f4b791872cc959fb9f4433f5f55910c2e954d0d219e8c3268be4bb1f7d966fb8f7f5da2b0bedb957a3f0c04a0cac9e1db9af7ad00ac538842d3f1c25382ac438471012a7830bb610d8d50ad5bbcb9608cdd464c646faebf50f0c48c42f26479be8e761ead86c9b1afdd", 0x76}, {&(0x7f0000000200)="8718bb2fc0881dae6c7b34c9103c5a03a3738757b59298158c3d3a241cad02c6d54aee8068e01915137bf8604516910d70a6a0f81ed6f3d0e435a5057d4818c33383c0206ba6537300a9dd1a26918a0846d8f1118199b9b0d31a71d7b12721b204a67d569af7d4eb234b51d4da8e5e806f4d69670c0c166e6e6d3d0baeb8a2d527a80cd50b7dd9efc4852b1b06c94ec817ce0b6a564a3f938920683108f3c453a5e15004d1bd188a2ba858f53ac04a59e11255f5ec5879713aad840c6aec9aa2f602eac639def24a432461f22f27af2da80ad8ab57e2291a23cfc9d0dc399984d32d09679884dabc2673d71e5509b57857a49233fc00da0d0a3d19fb42b76d0588be4acf53301781b9699a577c579be943f53fd9ff2d1aa2695d42b297f5ee49de4b048599007b04802a9142809f1b794872f80bfc3e3a5540d9c20368473e23993f4687d2b0939871244c4d631351bbb5210f9945ceb03e40e26e84087720a36070bd61670ccaf317d312c4346b4d118edd62079f427abbaef5caabb32cbca7fa28f563ce23176c31d7d3bc1c3422227231f6273c8013163c9c5f29898eb4e506e97e5fa609f260e04403343d26a4336e74bb13c44dceee4947712e78d351f70f6145cd7c175bde00c4df15c15c802623a7aeb39d6dcd8ce1f3b6a2282b90ccd9df496c1acec060edb88f15c69b32ae8ba87c54e0b1f6a652c62ccc6295690b0a64d228800922799a3ca6d846f4af476c844dc92df6e0d55d4ee4d96381f765b325d1dad1ad2ec7f6f29f15a35a4970f521cf7687c479acc0e1371e932dfad732a8fed55248a2aa040029b2c7f48a318713fed5fdf15e196223d429cef53ed9d37150cf22637c1cb975ab7fc0637ac416e7c873f4ff21573051f72f723632235b7d5dcae7b9588e36a6550fc144392c4e9b21133ac2f4fba2d6dd500534f856a5325162ce8ff313bf1ab686ba1396fbbef8fb00f860bac57b521cb45b5fd8a9daecca560b9938f2399b1c4cbcd753c04578c951da9385ca4b3ecf8dce6431a8cf2f7cb930775c92110d0fbc6c76f3a89be5499fb75a614a8056e997088befd890dcac4e12f93b224fabbc668cacee4a1d6059bf80fa7b5d261f4910c5e196a549564a87a81f4124fabe41130112aea0708cd128bcfac75196c0c27c4f3cdf1c9efe8968fa6180a01f97008c2848a6527bc5dbfad62d56ace81efc6c6a35f913efd2e2520514721783fc7a518069df82cf134a50fd3d05e679fb284374aeac580f1b6d61736f04a281c19477ce8db07a9654885a09220e9967f8aabd570068d36c9422f4c4cd5a6520ef24406357f0ae77b5cc96317ecd34f62d9ebffddbb7f66b7b5a620cc353d1988e165020a97066863df369988654e7e80346cf78797f4ee83adc9774f100b6a11efaecc2f086a4d9c657b93a448d992e7136994b215cfa911944f0a8a9ba418e848a26bdadbf5d4c4cef719ce1e7846ac1d93539dda4feac632ed6d6dcd87c2105350b6d4507ba4cf709e8f475ab2318b061693f92df887fb9f8ebf67d5bb50a25d5891882eb6ac51b536a19f108d3674c6362219153b1b64eed5c04f9a6f0e98ef64260197c65973d9c0f49e5eacf6568d6ddd278cf92a7a0ed1bfe2c04fcd91911cb9ebe1fa27adf91f525ed1bc483b8e027a4c964e322952adba3abcc139991ab72b2e132efe66b6920e522e7bd88f518f236a230c41fc885eff9ae9b87a9a2ac5f2277a0cdde33ef4e622d1a84238fbd888753cdcce4e407da23f1148b8e3d130814b2a6cde90a4d175a68eda38d7f6f0021ba472cd62b2826482d584cb3e5f7f0ace11c1af38c1a3d50626e3693ab39e68696569a4917a2fa0ad4d3211f860d960c8d9de97775b4086a5ba624baf093036f9eedd6eac9b13a605108bd30276dcde0323a7a6dc959af4658c7db0bf3bdde14075b7b46716a65635413577e23b2f00e10db7111100d6d568056cc10339fbb24f6bfc6bbe2c4442e8b09e48da67cd7ef80183f1e78c9aa16c57e9bbc9b9661087ddabea104478b56a68d3a5c844408704a1be0a8fd8f0108f958b53195fe15a8abf521c2c8bd6e3558396bb90346995c1625ffd76a18822cff951583d2e5210ecfd0b0e94c9562be66cf9c45b8078c1638cd63206d3e10fc318a7c8339fb6a097c8512610cfe11e5b4ce0d92b2bfd2571168bee1a3c259a416624e7a52a4f4cc63d888964def2600a43407c5aafc5990f6fddcd73c813b805ebcbc246656860f8cdc8623530d29f96b124842b5dd56f4f643c79d4183eb7eedeb362e66c0b8ee3d2dcc94b2ba0158019a565f961a7a8bd464a8c836e306464bd97e195858ecceb20e87d540e7e34a2ffc77d2453e0d002bb00cbdc5cab9badaae2194ef10bb6acf0997f91664c027717b88c19224aee4f4e8a0d9f46e607c5f79f487bfe66699c4fcd22e955a94faaeea424427d85e2e25118c5f5fd706541f289fd490e018122ca8cda0c48617af31fc6e2e949e84df2d724b8f7a41ba50d92b535426dfab567a1bf0f84b48e2bcc944240d2eacad4c3b6c6b7dcb2ce433cc715703aba4f67588d588866692bc07409d0cf027b1c76c6d31b6bb859c51531b285897823284ad5dc2e1c0df17a42c95ea4bfa376e6a38b559c591706a6792e70ea0c7b1b5fe103b231af2c567cb19d63a9e1b26576d9a0b582159aeef0a64c7372e01997ca011e16eaebf6a31edda1a6cf90427ee657a6c9c85fc8948513ff053b6686648aeacee029ad56eff2a0ac298df4902bcf1eda449766152c6aa19ef4d877c7e7039b53f702f12435ad2b490b7f8183aaff57675350de23b03b115517bfa75e4e3fc54edebcd6e24a306925d03b6465068d0992a6cc7466a6e9ddc2eccb909c5f6a601baec134fd6069861dd1487d7992e4ff6715ac3ee884c51db147f76ba0b445459415d2f343b3a613d6d382b5a4945010c9a88acf39fe9bfbb9c5520ded648bf963d1d1a0351e85ab823b76e109e0f48bc7ac0e34effef14d5b7116d84f6a277e6bdc8bbd18f824f1b61f5a15287840d0f79f905bdb41f0ce17b25b4f1c01b24d17293ee6e48d5f0ae99cffcd8fdf30d960ebe45eb40a6b24c97d6915f5badfdf156f2bfd90ab342bc5239966b45bc3ca4efb59fdc595a7e18f6f9c6460abaab2e1b71de281b541eacb346ad1d96f9fc0d1ae83866f549a01d8e0ed05071277da885fd0a4dc91f4de011c94d3fb3f1e42805f9a99238dd5ee1407e98a5570bd29fa2c265ddab2a960e58b68d4b2d73da9aea5ac608be3782f7dbd29b46beffc813f2438858481d47ffc557c39e926a727a6acebc8e0c428e81650d0cbc3b62572db567287179b699f0b80a84b57c5a28ed0889ac94440c3833e3770b94f04a65c3d76ab92e96e1abdd1adb1f9c31a3efb253294687fe74b61c8db8f84df77efa96e5027f6c5070264c7f8716dca287879102294f740b9a290bd7f2667f0b82a06a59ef7f2502e5d34736e2d1c9cdc5e6b34b1c843044714529cbf200472144cd77c709a76544247355529414ed9d7754b6863cca8d1826b8e6e3e148469a370ade7cc8a7a397e224bb8a8713f73ed6a1e9440bfa94961b5e3e33c731b387629dd22ba0cf189263e8207920c89a6148f977e91924b7a35544865bdf330bbc67291a0b196d096290ec13aed4ead5f6b4763d490026c45cf932987ac0cca7818fbf6066383ce13212d4ec841b545c250cfc829a7cae92e01693c7bc711449ab235ce3d91cd8839bdc6d16486a4fa5c34040d71d9a59417be7bdc05c91952be186fd3010825d81c160b12455b9134292f88a941e92f51f550f2cc3a19f66ec25621ec5ae1d2ca05d66524cc24502058f543e1a2b3d3d7f1417bb8a58a467c76c45aca37b06ee13b2948ca71e6d4488cc2e534771ccc75c845005ee7a0786d508c148c74a75ab136208d552b5e0b94639a7ce189cc1b4e849492fbb911be76ea53cc8f8dc04e40448d8d8b077c9327770c4068c88cb7d2872107bdf194066d2550d7614e8c8423f0bc202f7cc09fdca05b97443024380625303ae7a217f245bfc745cfb3b544ef0e3a9d94362c8ff809965b8c45a0fcb75bf90f4156b1dc1ab67f7ab9e45ff5959bd7625eb7e4abc42bc86be473e9f2597ba1ed449e8e3b10da48b54331ba6f3a15ec3e78317202f2895530068ffcc1069c450e1173162754ea4ea263ffc46046fd5efffe4ce2555e2474e4f274e5bb270ad969a35c3ced9f34ff5171585e46bd461c0f5d6667741986b5bf8ffcdc18dec8869b01a5f17ba3b06c6c43949f13817ccab9d857690e3285d90524bf09aeab6ad8b13ac441b60c5c8d91227071be7b6ce1d91659e62e5b4338bef1415603428758e02a4a2781154bb3d3cce963030c14de665cd742e2d0349aac3fd51b3555a65c4a8e5d9144f97010f97f00caae6174578be3801347763329e5da10635e9e50c41e70d0a947c87e23638e46529275dd8a8b06d3533b722f3606f95b869b7fdaf01fc81cbb15579a9e5a0c960aba98827a631831dd2b9a8c11ac99e34426a4f9b905b6243e4c8b0b854b466a03bae427c993d663385be9a5ba16dc0bbaad9e48668b6bb55e26e0005a431294427de4d4d1aade2a013739d3390cc35b0de26e7bc1e815267fca3221e688c08822b434f4c3a8d06d373594d33905be2cb3f108e26f86f3e24dc7d098a7b5500681c3b471d00d8d6f14721f01906f43e65459bfbce89a8ea09052a51fae02f6a1a0374e7bc02352111e700de820f84ad9b5d8cb51153d4e0d5fa0435c592710e72fcc7b8633a175dc6935a893fcf2833b2c093306174335054e8a31ca0fa973aa5ea3a32bde4f25fd73d0bec4ce9c3c0afe2529a6d5487caad9b050d2f6a75585dfaa9c3c0b1f9c98ac87b5a321d28a30ce00dfd8cd5215302422db61c1e1605f383324df975d3be2b4364611571190e766bb06dd270aea883f4302692063fb2c01503965bab53350612252b87c3eb6fc96abe996b216395c65220182887c3e8dba48084aaa4a19972962538761ed08bd5929508a02d52be6848c2fe375ad05829cfafe57e25dd3e6479bfc557daa3a45c1a8de8deb7369ca4cb3a70e5301c7923d01afcbcc35f0e624a9d95acf3e0fc2ca8effd506d1c9538cb2206a54748ce9fd4745961afd84b71b92261c517dd61a85cb3744376e75c792758226252f7304f9977614ef3d9d2b33a9dd7a78f0fac9bd913afc0c08895d7e891c72989b859f0e0a39f80d321fbf9da9f4fb7f367c60cb3540f886896d3ddda607c6aca0e354ef3f852754a0e238779a55f557abf1c3adc683e8fe083de52a7cb47984d557e389ec8891583dee3dc3a172487019cf71c7713b298572d1ee65b8cce10278d4c1a72f2e6409ca4816880fae233f226f82a46f31c140607e57d3b46dd8d2a8571c683d512a1dd93854427e31d9fa41b8c0202b4354d35e13221d37ac5698803e7cb3a67da038b99d7af18686e00b266cc5849b8d61a3d15c60a056dbbfd39fb622870f83c37dd73ef0891185696002a140daf639a52d0edfc28efc2acdd1a18467ee4a4d0741c4dd9a39a17712856915c75ea9545ebf6dde3d7dd8b98b7d6fa29af0fc0cfb2f5e1997cd7c714d7ae3654b77c95b5f255b4f7f5fd0f64e22802d9c3d36bb84a9fc65d663863a04c92fec1f5e1245ac6a99b630c2b96465aecb46407750f262381405a1c5e9418315b0e04618a3836dd9d4d8b7fe147478efd5af9f2c63ad3639221b7e761b6bfec39cb992d28707ebb61efa7c39536170149f7197b5c94", 0x1000}], 0x3, 0x0)
r1 = socket(0x11, 0x3, 0x0)
r2 = getpgid(0xffffffffffffffff)
r3 = syz_open_procfs(r2, &(0x7f00000001c0)='n\xb1\x88\xcf]\x06a\x8e\xdf\x00')
sendfile(r1, r3, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:37 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x13, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:37 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x1000000)

[ 1595.563371][T24027] binder: release 24000:24027 transaction 723 out, still active
[ 1595.586521][T24027] binder: unexpected work type, 4, not freed
[ 1595.605607][T24027] binder: undelivered TRANSACTION_COMPLETE
23:27:37 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20e, 0x8000000000092dd)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @loopback, @loopback}, 0xc)

23:27:37 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20a00, 0x8000000000092dd)

23:27:37 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x2000000)

[ 1595.792671][ T1512] binder: send failed reply for transaction 723, target dead
[ 1595.896791][T24422] binder: unexpected work type, 4, not freed
[ 1595.907674][T24422] binder: undelivered TRANSACTION_COMPLETE
23:27:37 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:37 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x3000000)

23:27:37 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20b00, 0x8000000000092dd)

23:27:37 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xfeffffff}}, 0xfffffefd)

23:27:37 executing program 1:
r0 = socket(0x2, 0x3, 0x590)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs\x00', 0x8000, 0x0)
getsockopt$inet_mreq(r1, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @empty}, &(0x7f0000000140)=0x8)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000200)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000080)=0x1, r2, 0x0, 0x2, 0x4}}, 0x20)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r3, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1596.167055][T24634] binder: unexpected work type, 4, not freed
[ 1596.181763][T24634] binder: undelivered TRANSACTION_COMPLETE
23:27:37 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xff000}}, 0xfffffefd)

23:27:37 executing program 1:
r0 = socket(0x14, 0x10000003, 0xb2)
r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x400, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000140)=0x100000000)
arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x5)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000840)='/dev/btrfs-control\x00', 0xa2cfe746e29a9dca, 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000880)=<r2=>0x0)
fcntl$setown(r1, 0x8, r2)
fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000080)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U-'}, 0x28, 0x3)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='comm\x00')
sendfile(r0, r3, &(0x7f0000000040), 0x8000000000092dd)
socketpair(0x0, 0xe, 0x9941, &(0x7f0000000800))
write$binfmt_elf32(r3, &(0x7f0000000180)={{0x7f, 0x45, 0x4c, 0x46, 0xe3e, 0xfffffffffffffffc, 0x1712, 0x395a3572, 0xd3c, 0x0, 0x3e, 0x0, 0x3b, 0x38, 0x3b3, 0x8, 0x6, 0x20, 0x1, 0x1, 0x2ccd, 0x5e}, [{0x70000000, 0x101d, 0x1d7, 0x6ee, 0x51, 0x60, 0x5, 0x8}, {0x70000001, 0xdf, 0x1f, 0x101, 0x3, 0x6, 0xfffffffffffffff7, 0x8}], "bac9398d891cc488c6a7b2fa900148f4afce3cafc22c765e46ab1f163bb4ac7b3538211d5187cc2db4ca3760005d71465a1c0347715268fc15895650900b0d4ba79661efa7d3838189a77624f236739b57b915849ae0363081ab373a9f41d04a4a8202cd48e1bd67a76e3f827e093e3659eeb80f6246ce8b8cf65d3bcea5dbc5d91946196e8657d7a53eb2ca8d4bbbaf0a66135c5dcf67846eaf7de699d3c8ed39cfc81f42bb786d6ab2c69e60ce51e8f765e86c1027a54fe2ab31cb761d1ce8ae669850711fe8b0e5a7a5a24bffd3b1e9", [[], [], [], [], []]}, 0x649)

23:27:37 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x4000000)

23:27:37 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x14, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:37 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20c00, 0x8000000000092dd)

23:27:38 executing program 1:
r0 = socket(0x13, 0x1, 0x0)
r1 = syz_genetlink_get_family_id$team(&(0x7f0000000080)='team\x00')
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000200)={{{@in6=@loopback, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@dev}, 0x0, @in6=@initdev}}, &(0x7f0000000180)=0xe8)
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000300)={{{@in=@broadcast, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6}, 0x0, @in6=@empty}}, &(0x7f0000000400)=0xe8)
clock_gettime(0x0, &(0x7f0000002d80)={<r4=>0x0, <r5=>0x0})
recvmmsg(r0, &(0x7f0000002c00)=[{{&(0x7f0000001900)=@x25={0x9, @remote}, 0x80, &(0x7f0000001980), 0x0, &(0x7f00000019c0)=""/128, 0x80}, 0x1}, {{&(0x7f0000001a40)=@alg, 0x80, &(0x7f0000001b00)=[{&(0x7f0000001ac0)}], 0x1, &(0x7f0000001b40)=""/213, 0xd5}, 0x4}, {{&(0x7f0000001c40)=@generic, 0x80, &(0x7f0000001d40)=[{&(0x7f0000001cc0)=""/128, 0x80}], 0x1, &(0x7f0000001d80)=""/125, 0x7d}, 0x4}, {{&(0x7f0000001e00)=@hci, 0x80, &(0x7f0000002180)=[{&(0x7f0000001e80)=""/99, 0x63}, {&(0x7f0000001f00)=""/149, 0x95}, {&(0x7f0000001fc0)=""/93, 0x5d}, {&(0x7f0000002040)=""/147, 0x93}, {&(0x7f0000002100)=""/26, 0x1a}, {&(0x7f0000002140)=""/16, 0x10}], 0x6, &(0x7f0000002200)=""/248, 0xf8}, 0x3}, {{&(0x7f0000002300)=@xdp={0x2c, 0x0, <r6=>0x0}, 0x80, &(0x7f0000002680)=[{&(0x7f0000002380)=""/10, 0xa}, {&(0x7f00000023c0)=""/100, 0x64}, {&(0x7f0000002440)=""/201, 0xc9}, {&(0x7f0000002540)=""/26, 0x1a}, {&(0x7f0000002580)=""/106, 0x6a}, {&(0x7f0000002600)=""/97, 0x61}], 0x6, &(0x7f0000002700)=""/24, 0x18}, 0x80000001}, {{&(0x7f0000002740)=@l2, 0x80, &(0x7f0000002b40)=[{&(0x7f00000027c0)=""/165, 0xa5}, {&(0x7f0000002880)=""/11, 0xb}, {&(0x7f00000028c0)=""/19, 0x13}, {&(0x7f0000002900)=""/199, 0xc7}, {&(0x7f0000002a00)=""/119, 0x77}, {&(0x7f0000002a80)=""/62, 0x3e}, {&(0x7f0000002ac0)=""/98, 0x62}], 0x7, &(0x7f0000002bc0)}, 0x25c}], 0x6, 0x10001, &(0x7f0000002dc0)={r4, r5+30000000})
accept4$packet(r0, &(0x7f0000002e00)={0x11, 0x0, <r7=>0x0}, &(0x7f0000002e40)=0x14, 0x80000)
getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000002e80)={{{@in=@multicast1, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in=@multicast2}, 0x0, @in=@initdev}}, &(0x7f0000002f80)=0xe8)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000002fc0)={'syz_tun\x00', <r9=>0x0})
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000003240)={{{@in=@multicast1, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0}}, {{@in6=@ipv4={[], [], @remote}}, 0x0, @in6=@dev}}, &(0x7f0000003340)=0xe8)
getpeername$packet(r0, &(0x7f0000003380)={0x11, 0x0, <r11=>0x0}, &(0x7f00000033c0)=0x14)
getsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000003400)={@rand_addr, @loopback, <r12=>0x0}, &(0x7f0000003440)=0xc)
getsockopt$inet6_mreq(r0, 0x29, 0x1f, &(0x7f0000003480)={@dev, <r13=>0x0}, &(0x7f00000034c0)=0x14)
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000003500)={{{@in6=@mcast2, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r14=>0x0}}, {{@in6=@initdev}}}, &(0x7f0000003600)=0xe8)
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000003640)={{{@in6=@initdev, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r15=>0x0}}, {{@in=@dev}, 0x0, @in6=@dev}}, &(0x7f0000003740)=0xe8)
r16 = openat$vfio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vfio/vfio\x00', 0x80000, 0x0)
ioctl$KVM_SMI(r16, 0xaeb7)
sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000003cc0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000003c80)={&(0x7f0000003780)={0x4ec, r1, 0x300, 0x70bd25, 0x25dfdbfe, {}, [{{0x8, 0x1, r2}, {0x16c, 0x2, [{0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x5}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r3}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0x14, 0x4, [{0x442, 0x5, 0x18, 0x10001}, {0x7, 0x0, 0x6973, 0x2}]}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8, 0x4, 0x6}}, {0x8, 0x6, r7}}}]}}, {{0x8, 0x1, r8}, {0xb0, 0x2, [{0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x6}}}, {0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0xc, 0x4, 'hash\x00'}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x5}}}]}}, {{0x8, 0x1, r9}, {0xb0, 0x2, [{0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0xffffffffffffff01}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r10}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x5}}}]}}, {{0x8, 0x1, r11}, {0x80, 0x2, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r12}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r13}}}]}}, {{0x8, 0x1, r14}, {0x164, 0x2, [{0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'broadcast\x00'}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x4}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r15}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x4}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x80000000}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0xffffffff}}}]}}]}, 0x4ec}, 0x1, 0x0, 0x0, 0x4}, 0x20000880)
r17 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
getsockopt$inet_sctp6_SCTP_MAXSEG(r16, 0x84, 0xd, &(0x7f0000000100)=@assoc_id=<r18=>0x0, &(0x7f0000000140)=0x4)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r17, 0x84, 0x7c, &(0x7f0000000440)={r18, 0xffffffffffff5651, 0xffffffff}, 0x8)
sendfile(r0, r17, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1596.602716][T25168] binder: unexpected work type, 4, not freed
[ 1596.644929][T25168] binder: undelivered TRANSACTION_COMPLETE
23:27:38 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000040)=0x20d, 0x8000000000092dd)
fstat(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x20, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_client='access=client'}], [{@mask={'mask', 0x3d, 'MAY_WRITE'}}, {@context={'context', 0x3d, 'staff_u'}}, {@fsuuid={'fsuuid', 0x3d, {[0x64, 0x34, 0x33, 0x7b, 0x66, 0x37, 0x77, 0x65], 0x2d, [0x63, 0x67, 0x77, 0x77], 0x2d, [0x0, 0x66, 0x34], 0x2d, [0x35, 0x37, 0x39, 0x7f], 0x2d, [0x0, 0x0, 0x65, 0x63, 0x77, 0x66, 0x3c, 0x34]}}}, {@func={'func', 0x3d, 'MODULE_CHECK'}}, {@euid_lt={'euid<', r2}}]}})

23:27:38 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x5000000)

23:27:38 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d00, 0x8000000000092dd)

23:27:38 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x0, 0x0)
set_mempolicy(0x4003, &(0x7f0000000140)=0x6, 0x9)
r1 = creat(&(0x7f0000000240)='./bus\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x44000)
perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fallocate(r1, 0x0, 0x0, 0xa6ba0)
ioctl$sock_bt_hci(r0, 0x400448fd, &(0x7f0000000340)="cb9e42316c6dcdbf574c39ba116981d3cafdcb931fc675b60ab7a06d0a8a305864fdfb3c103b6f3b8d7a2ce0ba5cd561e8756495ade6c1f82152bed8e78e30cf2d14f63b951d17d3856c65b2249def5c7c078a9691c7cf772223351f958c722b071ed36e1a2a07e7e832ef784e291e674cc2fa6bbdfcc21cd2b046b334523d1cda6496b5e5c55798e18e84756b496ed8b9f507986d01e90ddde98ec63fc39ff67f057a1c7f754a6e06f8e69e4d8c")
io_setup(0x40000100000003, &(0x7f0000000200)=<r2=>0x0)
io_submit(r2, 0x653, &(0x7f0000000540)=[&(0x7f00000000c0)={0x804000000000000, 0x0, 0x8, 0x1, 0x90030000000000, r1, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc00}])
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x5c831, 0xffffffffffffffff, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r3, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1596.952047][T25574] binder: unexpected work type, 4, not freed
[ 1596.981192][T25574] binder: undelivered TRANSACTION_COMPLETE
23:27:38 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xffffff7f}}, 0xfffffefd)

23:27:38 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x6000000)

[ 1597.229008][T25881] binder_thread_release: 4 callbacks suppressed
[ 1597.229020][T25881] binder: release 25879:25881 transaction 743 out, still active
[ 1597.269703][T25881] binder: unexpected work type, 4, not freed
[ 1597.456524][ T1512] binder_send_failed_reply: 4 callbacks suppressed
[ 1597.456533][ T1512] binder: send failed reply for transaction 743, target dead
23:27:39 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x100000}}, 0xfffffefd)

23:27:39 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20e00, 0x8000000000092dd)

23:27:39 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x15, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:39 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x7000000)

23:27:39 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
recvfrom$rose(r0, &(0x7f0000000100)=""/207, 0xcf, 0x0, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, 0x1, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, 0x1c)
r1 = getpid()
r2 = syz_open_procfs(r1, &(0x7f00000000c0)='ne\x06\x00\x00\x00\x00\x00\x00\x008\xb2#\xa5\xf8\xaf)\x99@\xe3')
sendfile(r0, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1597.584110][T26094] binder: release 26090:26094 transaction 747 out, still active
[ 1597.617262][T26094] binder: unexpected work type, 4, not freed
23:27:39 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = gettid()
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value, &(0x7f0000000100)=0x8)
r2 = syz_open_procfs(r1, &(0x7f0000000040)='net/ptype\x00')
fcntl$setflags(r2, 0x2, 0x1)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000240)={{{@in, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6}, 0x0, @in6=@empty}}, &(0x7f0000000340)=0xe8)
sendmsg$xdp(r2, &(0x7f00000005c0)={&(0x7f0000000380)={0x2c, 0x7, r3, 0x35}, 0x10, &(0x7f0000000580)=[{&(0x7f00000003c0)="03cebebd014c2dbe3cd43e99115f0a88be33dd7f3e2487a63596cfe5cd818b11d354401932cd99ffe333c7b5256879d29fc7d5b8d733448df403b6b00c8703449897240cbbae9d7e6ad1020a73d70dff97c6115e3a73a92e9f05b9d977d379175fee0af88c1fd7d81edd26d51481564bcb3192636b42f1f5df658a84635b407ee6ab455dbb6289f8939e867311df4c84a88f3822f7f08ee6d5255d3ca8f1cf0d9f7c87f27b3cc1a99edfe51f5a5f74085ab973631b6262d03283907006b735e4759021", 0xc3}, {&(0x7f00000004c0)="8511b4bad45d048555986482fb6d12c80eb5dd8e81694ffb8eb59ebda6f2ecc62d3ba240da08705e05", 0x29}, {&(0x7f0000000500)="1206b9e205fdb3e702ce1fbecea72880f431c05cc1a933649b3653270a39", 0x1e}, {&(0x7f0000000540)="70e19e3b893b435fd42bd82f82aae269fc14cb96b2ad54693dfff78872f90644b8685ceb014ba62e3373212b95a4500e89ec29", 0x33}], 0x4, 0x0, 0x0, 0x8004}, 0x24004811)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x0, 0x0)
sendfile(r0, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
ioctl$SG_SET_RESERVED_SIZE(r2, 0x2275, &(0x7f0000000080)=0x9d7f)

23:27:39 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x20000000)

23:27:39 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20f00, 0x8000000000092dd)

[ 1597.775208][ T5246] binder: send failed reply for transaction 747, target dead
23:27:39 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
getpid()
r1 = gettid()
r2 = syz_open_procfs(r1, &(0x7f0000000080)='pagemap\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1597.925748][T26508] binder: release 26503:26508 transaction 751 out, still active
23:27:39 executing program 1:
r0 = socket(0x11, 0x2, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1597.988647][T26508] binder: unexpected work type, 4, not freed
23:27:39 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xfffffffe}}, 0xfffffefd)

23:27:39 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x24800, 0x8000000000092dd)

[ 1598.158742][ T5246] binder: send failed reply for transaction 751, target dead
23:27:39 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x101000}}, 0xfffffefd)

23:27:39 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x48000000)

23:27:39 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r0, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:39 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x16, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:39 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x24c00, 0x8000000000092dd)

[ 1598.570267][T27239] binder: release 27135:27239 transaction 755 out, still active
[ 1598.581254][T27239] binder: unexpected work type, 4, not freed
23:27:40 executing program 1:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x200000, 0x0)
ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000080))
r1 = socket(0x11, 0x3, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r1, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000140)={0x12, 0x45, &(0x7f00000000c0)="23344891515887bc91c677187ccbca580a2759caddc8695584597d3acbee022e20533f1a6ba7702345dd3b5ffcb2be2c3440fbfc7092fdc4b2cd3f117394ed2b6d35882fc3"})
ioctl$TCFLSH(r2, 0x540b, 0x7ff)

23:27:40 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x4c000000)

[ 1598.701740][ T1512] binder: send failed reply for transaction 755, target dead
23:27:40 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000), 0x8000000000092d9)

23:27:40 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x26800, 0x8000000000092dd)

[ 1598.786182][T27547] binder: release 27546:27547 transaction 759 out, still active
[ 1598.805631][T27547] binder: unexpected work type, 4, not freed
23:27:40 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f0000000080)={0x3, 0x37, "d18d1885545ce8c5aa6082335036e8c19c1210baa41b89a1120d8eb6ce7a8e98a10f48da176f9f5c062bc304b4f3eff35c40a8d8852ac5"})
socket$vsock_stream(0x28, 0x1, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
bind$isdn(r1, &(0x7f0000000040)={0x22, 0x8, 0xb64f, 0x7fffffff}, 0x6)
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
write$binfmt_aout(r1, &(0x7f0000000a40)=ANY=[@ANYBLOB="0b014006e50100007301000009000000680100000700000000000000000000003e6164e1cd2df82acc26b6dc0eaad2a6371396e461794ad0f634fa970fbc003813c599c3f769835a0c799000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000670f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fdffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008324eadac2704b6b25beaced02db46a15237c50eca50d9bf2eea39dc6f6426a0996bcb6935dd519d55c6bc212dff9ca94b24c22905a861b7b8155f93d7519c9fba8945e057f8f88017d96462b4341fcc61053ae2c05acfc8abaadb7994659242189b41c0b10e8d2867ac80c0671d835d88f5ca8702adbe185e7cdbee3748b6730746b7556a5d381da0c8f7edba97ab822ed02f82214a70bc0b648c798c8c5ab1885ac69ed63df1ecf41bd923e2934f08faa12f440f83cad5e8a0b5a7869f503ed752ba521b8c86e1df328240932bd96ea419"], 0x654)

[ 1598.960301][ T5246] binder: send failed reply for transaction 759, target dead
23:27:40 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x60000000)

23:27:40 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000040)={<r2=>0x0, 0x98, "00a931d9c230528a6eee6d10103e38502f5f8ed8255db20e686c69cb502b8fccb30daf17fd4a00dd8bc180e7f7d7bb2359a63edfa79c0b61d1459833e6f701a57dcc3cdc99520470255f8559b944c94ba9292a3495f98f68bce3773d3b5be50c669ebc1fd925fa3da02e6dcf8fbce0f59ca98b56e6c0c8a571bc708c7d74435472560f730ff39347d830b1b67281597da7779c3331a7e352"}, &(0x7f0000000100)=0xa0)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000140)={0x20, 0x2, 0x6, 0x10001, r2}, &(0x7f0000000180)=0x10)
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1599.172862][T27968] binder: release 27959:27968 transaction 763 out, still active
[ 1599.181618][T27968] binder: unexpected work type, 4, not freed
[ 1599.188043][T27968] binder_release_work: 5 callbacks suppressed
[ 1599.188048][T27968] binder: undelivered TRANSACTION_COMPLETE
[ 1599.290224][ T1512] binder: send failed reply for transaction 763, target dead
23:27:40 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x180000}}, 0xfffffefd)

23:27:40 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x100000000000}}, 0xfffffefd)

23:27:40 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x26c00, 0x8000000000092dd)

23:27:40 executing program 1:
r0 = syz_open_dev$midi(&(0x7f0000000100)='/dev/midi#\x00', 0x24c, 0x101080)
ioctl$PPPIOCSDEBUG(r0, 0x40047440, &(0x7f0000000140)=0x8)
r1 = socket(0x11, 0x3, 0x0)
r2 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x80, 0x301080)
ioctl$BLKFRASET(r2, 0x1264, &(0x7f00000000c0)=0x643)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
sendfile(r1, r3, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:40 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x68000000)

23:27:40 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x17, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1599.485656][T28313] binder: release 28270:28313 transaction 767 out, still active
23:27:41 executing program 1:
r0 = socket(0x4, 0x2, 0x8)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1599.537765][T28313] binder: unexpected work type, 4, not freed
[ 1599.546936][T28313] binder: undelivered TRANSACTION_COMPLETE
23:27:41 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
ioctl$NBD_SET_FLAGS(r1, 0xab0a, 0x800)
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:41 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x6c000000)

23:27:41 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x27400, 0x8000000000092dd)

[ 1599.779248][ T5246] binder: send failed reply for transaction 767, target dead
23:27:41 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={<r1=>0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0x1, &(0x7f0000000100)='\x00', 0xffffffffffffffff}, 0x30)
r2 = syz_open_procfs(r1, &(0x7f00000000c0)='\x15\v\x00\b\a\x00\x00\x00\x00\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r2)
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000040), &(0x7f0000000080)=0x4)

[ 1599.907823][T28834] binder: release 28796:28834 transaction 771 out, still active
[ 1599.939642][T28834] binder: unexpected work type, 4, not freed
[ 1599.949244][T28834] binder: undelivered TRANSACTION_COMPLETE
23:27:41 executing program 1:
r0 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x3, 0x2)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000080)={{{@in6=@dev, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@local}, 0x0, @in6=@mcast1}}, &(0x7f0000000180)=0xe8)
connect$can_bcm(r0, &(0x7f0000000200)={0x1d, r1}, 0x10)
r2 = socket(0x11, 0x3, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r2, r3, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000000240)={0x2b, 0x3, 0x0, {0x1, 0xa, 0x0, 'net/ptype\x00'}}, 0x2b)

[ 1600.138278][ T5246] binder: send failed reply for transaction 771, target dead
23:27:41 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x200000}}, 0xfffffefd)

23:27:41 executing program 1:
r0 = socket(0x31, 0x80000, 0xfffffffffffffffd)
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000040)={@in6={{0xa, 0x4e23, 0x4, @mcast1, 0x7fff}}, 0x0, 0x8, 0x0, "d99745a341c7caefda1c0d9bf1096baa5f824fccd026335f7c1ab28e94832df715c464ada055a27bf88e8c23e9c3140c34e00a84ea7e150b350c6cdd2e3753de2ab03e9fb9c18fa9d8cf41879154d313"}, 0xd8)

23:27:41 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x27a00, 0x8000000000092dd)

23:27:41 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x18, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:41 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x200000000000}}, 0xfffffefd)

23:27:41 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x74000000)

23:27:41 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000240)={<r1=>0x0, 0x5}, &(0x7f0000000200)=0xffffffffffffff39)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f00000000c0)={r1, 0x1800000}, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={r1, 0x80000000}, &(0x7f0000000080)=0x8)
r2 = syz_open_procfs(0x0, &(0x7f0000000140)='net/fib_trie\x00')
sendfile(r2, r0, &(0x7f0000000000)=0x20d, 0x8000000000092de)

[ 1600.476518][T29455] binder: release 29365:29455 transaction 775 out, still active
[ 1600.525771][T29455] binder: unexpected work type, 4, not freed
[ 1600.564928][T29455] binder: undelivered TRANSACTION_COMPLETE
23:27:42 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000040)=0x6, 0x4)

23:27:42 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x7a000000)

23:27:42 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000080)={<r2=>0x0, 0x14, "0dd2627c4d04e82383acf8415376816b157ad9f2"}, &(0x7f00000000c0)=0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000100)={r2, 0x8}, 0x8)
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/exec\x00', 0x2, 0x0)

23:27:42 executing program 1:
r0 = socket(0x0, 0x20000000000003, 0xfffc)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
ioctl$DRM_IOCTL_INFO_BUFS(r1, 0xc0106418, &(0x7f0000000200)={0x3772, 0x1, 0x1, 0x7, 0x4, 0x1})
sendto$netrom(r1, &(0x7f00000000c0)="2d2eb3507d246f7b26c02535b2d0a0f155a46d60bd3cb468fe0842c27e9ca735163d7804a6beea9ef536b8895843d728b864424c54781d89e3219319608e3ee563feae1eedd8b22f22dba1ef49163af2067bd17fc84c5c84a42cbe683db19d1d84a56049588b3af0a6dbb6c462372b38ec1f904fd0d28194", 0x78, 0x8000, &(0x7f0000000140)={{0x3, @null, 0x1}, [@null, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
ioctl$KVM_GET_EMULATED_CPUID(r1, 0xc008ae09, &(0x7f0000000040)=""/93)
sendfile(r0, r1, &(0x7f0000000000), 0x8000000000092dd)

[ 1600.732384][ T5246] binder: send failed reply for transaction 775, target dead
[ 1600.899110][T29886] binder: release 29874:29886 transaction 779 out, still active
[ 1600.929519][T29886] binder: unexpected work type, 4, not freed
23:27:42 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)=<r2=>0x0)
lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
fchownat(r1, &(0x7f0000000040)='./file0\x00', r2, r3, 0x2883cd4d1fba2e9a)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='trusted.overlay.redirect\x00', &(0x7f0000000300)='./file0/file0\x00', 0xe, 0x0)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16=r4, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)
ioctl$TCSBRK(r1, 0x5409, 0x7c9)
sendfile(r0, r1, &(0x7f0000000000), 0x4)
ioctl$TIOCLINUX3(r1, 0x541c, &(0x7f0000000180))

[ 1600.948343][T29886] binder: undelivered TRANSACTION_COMPLETE
23:27:42 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
getsockopt$IP_VS_SO_GET_TIMEOUT(r0, 0x0, 0x486, &(0x7f0000000040), &(0x7f0000000080)=0xc)

[ 1601.218309][ T1512] binder: send failed reply for transaction 779, target dead
23:27:42 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x400000}}, 0xfffffefd)

23:27:42 executing program 5:
r0 = socket(0xf, 0x5, 0xfffffffffffffffc)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000040)={0x0, 0xc6, 0x400, 0x1, 0x200, 0x2, 0x2}, 0xc)
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:27:42 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0xfdfdffff)

23:27:42 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x19, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:42 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040))
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000300))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0xa, &(0x7f0000000340)='net/ptype\x00', 0xffffffffffffffff}, 0x2da)
r1 = gettid()
r2 = syz_open_procfs(r1, &(0x7f00000002c0)='smaps\x00')
ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f00000001c0)={0xa0, 0x1, 0x7, {0x0, @vbi={0x7, 0x3, 0xffee, 0x3831354f, [0x7], [0x100000001, 0x3ff], 0x109}}})
sendfile(r0, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
ioctl$SG_GET_REQUEST_TABLE(r2, 0x2286, &(0x7f00000003c0))

23:27:42 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xd00700000000}}, 0xfffffefd)

23:27:43 executing program 1:
r0 = getpgid(0xffffffffffffffff)
sched_setscheduler(r0, 0x5, &(0x7f0000000080)=0x509)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGKEYCODE(r1, 0x80084504, &(0x7f0000000180)=""/1)
r2 = socket(0x11, 0x3, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
ioctl$SIOCRSGL2CALL(r2, 0x89e5, &(0x7f0000000040)=@rose)
sendfile(r2, r3, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1601.467840][T30656] binder: unexpected work type, 4, not freed
[ 1601.474891][T30656] binder: undelivered TRANSACTION_COMPLETE
23:27:43 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x12282, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000080)={<r2=>0xffffffffffffffff}, 0x13f, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f0000000100)={0x14, 0x88, 0xfa00, {r2, 0x3c, 0x0, @ib={0x1b, 0x9, 0x9, {"e0862f9cea595b6c7f7da64e517fdd93"}, 0x800, 0x4, 0x8}}}, 0x90)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r3, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:27:43 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0xfffffdfd)

23:27:43 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x80000, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r1, 0x54a3)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:43 executing program 1:
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm-control\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{<r2=>0x0}, {}]})
syz_extract_tcp_res(&(0x7f00000002c0), 0x3f, 0x7f)
ioctl$DRM_IOCTL_RM_CTX(r0, 0xc0086421, &(0x7f0000000140)={r2, 0x3})
r3 = socket(0x11, 0x3, 0xfffffffffffffffe)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r1, 0xc0045540, &(0x7f0000000300)=0x7)
r4 = gettid()
wait4(r4, &(0x7f00000001c0), 0x0, &(0x7f0000000200))
r5 = syz_open_procfs(r4, &(0x7f00000000c0)='net/xfrm_stat\x00')
sendfile(r3, r5, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1601.775568][T31020] binder: unexpected work type, 4, not freed
[ 1601.805853][T31020] binder: undelivered TRANSACTION_COMPLETE
23:27:43 executing program 1:
r0 = socket(0xf, 0x3, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000000)=<r1=>0x0)
r2 = syz_open_procfs(r1, &(0x7f00000001c0)='children\x00')
ioctl$SG_GET_VERSION_NUM(r2, 0x2282, &(0x7f0000000040))
sendfile(r0, r2, &(0x7f00000000c0)=0xffffffffffffffff, 0x100000005)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000080)={<r3=>0x0, 0x80}, &(0x7f0000000100)=0x8)
setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000140)={r3, 0x6, 0x100000001}, 0x8)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x4813, r2, 0x0)

23:27:43 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x800c00}}, 0xfffffefd)

23:27:43 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
setsockopt$TIPC_CONN_TIMEOUT(r1, 0x10f, 0x82, &(0x7f0000000040)=0x8, 0x4)

23:27:43 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x100000000000000)

23:27:43 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r0, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
socket(0x8, 0x4, 0x1)
getpeername$ax25(r0, &(0x7f0000000040)={{0x3, @null}, [@netrom, @remote, @null, @netrom, @null, @netrom, @bcast, @rose]}, &(0x7f00000000c0)=0x48)

23:27:43 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x1a, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:43 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x10000000000000}}, 0xfffffefd)

[ 1602.363145][T31542] binder_thread_release: 2 callbacks suppressed
[ 1602.363158][T31542] binder: release 31537:31542 transaction 791 out, still active
[ 1602.394802][T31542] binder: unexpected work type, 4, not freed
[ 1602.418605][T31542] binder: undelivered TRANSACTION_COMPLETE
23:27:43 executing program 1:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x900, 0x0)
sendto$x25(r0, &(0x7f0000000100)="4c63cb3f16b2d9df3546c0bbf1330aafd8f17526dc3119a7ecc027648851fb6ad7195f5559b4387a98c79bfb5351441788b2c99ce91fa7f5335a61837259ec13d9ba7e6d8a7fb590449867fecdfcb7fecbd3fbfb77b01ae578b41f49709a47ff2542e54478cf886117b0d828c9d7d2d52db40ca6659ffe255a4929547faf98738d32eb0a0b820e275fe79d26668284dbbe19ec410b", 0x95, 0x4000001, &(0x7f0000000080)={0x9, @remote={[], 0x2}}, 0x12)
r1 = socket(0x11, 0x1, 0x0)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f00000000c0)=0x800004, 0xfffffffffffffda3)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r1, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:44 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:27:44 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r0, r1, &(0x7f0000000080)=0x20d, 0x8000000000092dd)
getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x4)

23:27:44 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x200000000000000)

23:27:44 executing program 1:
r0 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x3, 0x4000)
ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000080)=0x1)
ioctl$NBD_DO_IT(r0, 0xab03)
r1 = socket(0x11, 0x3, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendfile(r1, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)
ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f00000000c0)=0x9)

[ 1602.693863][ T5246] binder_send_failed_reply: 2 callbacks suppressed
[ 1602.693871][ T5246] binder: send failed reply for transaction 791, target dead
23:27:44 executing program 1:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x19, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1602.830660][T32264] binder: release 32191:32264 transaction 795 out, still active
[ 1602.864070][T32264] binder: unexpected work type, 4, not freed
[ 1602.905319][T32264] binder: undelivered TRANSACTION_COMPLETE
[ 1603.022724][ T1512] binder: send failed reply for transaction 795, target dead
23:27:44 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xd00700}}, 0xfffffefd)

23:27:44 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x1b, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:44 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x10100000000000}}, 0xfffffefd)

23:27:44 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x300000000000000)

23:27:44 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000100)=<r2=>0x0)
perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x4, 0x9, 0x3, 0x3, 0x0, 0x2, 0x8000, 0xb, 0x0, 0x8, 0x21a, 0x8, 0x9, 0x2, 0x5f, 0x5ab, 0x3, 0x73de, 0x3, 0x6, 0x7, 0x40, 0xdc, 0x2, 0x3, 0xffff, 0x100, 0x9434, 0x9afb, 0x8, 0x100000000, 0x9, 0x4, 0x9, 0x2, 0x9, 0x0, 0xffff, 0x0, @perf_bp={&(0x7f0000000040), 0xc}, 0x2040, 0x20, 0x10001, 0x7, 0x8, 0x100, 0xb6b}, r2, 0x8, r1, 0x8)

[ 1603.318425][T32480] binder: release 32478:32480 transaction 799 out, still active
[ 1603.330968][T32480] binder: unexpected work type, 4, not freed
[ 1603.337982][T32480] binder: undelivered TRANSACTION_COMPLETE
23:27:44 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x400000000000000)

23:27:45 executing program 5:
r0 = syz_open_dev$mouse(&(0x7f0000000380)='/dev/input/mouse#\x00', 0xffffffff, 0x80080)
ioctl$KDGKBENT(r0, 0x4b46, &(0x7f00000003c0)={0x8, 0x37b, 0x2})
r1 = socket(0x11, 0x3, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r1, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
r3 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x1, 0x2)
write$UHID_CREATE(r3, &(0x7f0000000080)={0x0, 'syz0\x00', 'syz0\x00\x00\x00\x00\x02\x06L\x8a\xab\x13\x9b\xc5\x00\x00\x00\x00\x00\x00\xa8\xa0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x98\x92\xaa\x00', 'syzr\x00\x00\x00\x00\x00\x00\b\x00\x00\xed\x00\x00\x00\x00\x00\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x01\x00\x12\x97\xfe\xb0\xee\xd3\xaf3\x00\x04\x00', 0x0}, 0x120)
ioctl$TIOCPKT(r2, 0x5420, &(0x7f0000000200)=0x3ff)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000340)={0x0, 0x3, 0x2, 0x6})
ioctl$VIDIOC_G_FMT(r3, 0xc0d05605, &(0x7f0000000240)={0x7, @pix_mp})
ioctl$VIDIOC_STREAMOFF(r2, 0x40045613, &(0x7f0000000040)=0x1)

[ 1603.476375][ T5246] binder: send failed reply for transaction 799, target dead
[ 1603.618048][T32691] binder: release 32689:32691 transaction 803 out, still active
[ 1603.640202][T32691] binder: unexpected work type, 4, not freed
23:27:45 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)=<r2=>0x0)
lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
fchownat(r1, &(0x7f0000000040)='./file0\x00', r2, r3, 0x2883cd4d1fba2e9a)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='trusted.overlay.redirect\x00', &(0x7f0000000300)='./file0/file0\x00', 0xe, 0x0)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16=r4, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)
ioctl$TCSBRK(r1, 0x5409, 0x7c9)
sendfile(r0, r1, &(0x7f0000000000), 0x4)
ioctl$TIOCLINUX3(r1, 0x541c, &(0x7f0000000180))

23:27:45 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x500000000000000)

23:27:45 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)=<r2=>0x0)
lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
fchownat(r1, &(0x7f0000000040)='./file0\x00', r2, r3, 0x2883cd4d1fba2e9a)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='trusted.overlay.redirect\x00', &(0x7f0000000300)='./file0/file0\x00', 0xe, 0x0)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16=r4, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)
ioctl$TCSBRK(r1, 0x5409, 0x7c9)
sendfile(r0, r1, &(0x7f0000000000), 0x4)
ioctl$TIOCLINUX3(r1, 0x541c, &(0x7f0000000180))

[ 1603.789302][ T5246] binder: send failed reply for transaction 803, target dead
23:27:45 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000040)={&(0x7f0000ff8000/0x6000)=nil, 0x6000})
pwritev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="cdbe9e19fa916ae9402a72c779f9735830dc794f7d07a6687f9d3ffc0f1ec4fc60f7afb133773c3be8bddbde6ec48f926ff32d65afe42f85107d8a2d803e032f1cc7f22ee22f8aae79153e753f80f8518ca2e6ac37f639bfa914d08e6c055e1d7f2a5ef2af28edd8895496a45bf4c8f87fe77238543ac6cf4f72a865fb939286e37b3ba879276cb64f60cf70b365817f9020401601c99284981f8225b0c29978a23c06a00e", 0xa5}], 0x1, 0x0)
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:27:45 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)=<r2=>0x0)
lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
fchownat(r1, &(0x7f0000000040)='./file0\x00', r2, r3, 0x2883cd4d1fba2e9a)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='trusted.overlay.redirect\x00', &(0x7f0000000300)='./file0/file0\x00', 0xe, 0x0)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16=r4, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)
ioctl$TCSBRK(r1, 0x5409, 0x7c9)
sendfile(r0, r1, &(0x7f0000000000), 0x4)
ioctl$TIOCLINUX3(r1, 0x541c, &(0x7f0000000180))

[ 1603.907029][  T433] binder: release 430:433 transaction 807 out, still active
[ 1603.916466][  T433] binder: unexpected work type, 4, not freed
23:27:45 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)=<r2=>0x0)
lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
fchownat(r1, &(0x7f0000000040)='./file0\x00', r2, r3, 0x2883cd4d1fba2e9a)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='trusted.overlay.redirect\x00', &(0x7f0000000300)='./file0/file0\x00', 0xe, 0x0)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16=r4, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)
ioctl$TCSBRK(r1, 0x5409, 0x7c9)
sendfile(r0, r1, &(0x7f0000000000), 0x4)

[ 1604.085007][ T1512] binder: send failed reply for transaction 807, target dead
23:27:45 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xf00f00}}, 0xfffffefd)

23:27:45 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x600000000000000)

23:27:45 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)=<r2=>0x0)
lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
fchownat(r1, &(0x7f0000000040)='./file0\x00', r2, r3, 0x2883cd4d1fba2e9a)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='trusted.overlay.redirect\x00', &(0x7f0000000300)='./file0/file0\x00', 0xe, 0x0)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16=r4, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)
ioctl$TCSBRK(r1, 0x5409, 0x7c9)

23:27:45 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x1c, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:45 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x18000000000000}}, 0xfffffefd)

23:27:45 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
socket$key(0xf, 0x3, 0x2)
getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000240)={'HL\x00'}, &(0x7f0000000280)=0x1e)
sendfile(r0, r1, &(0x7f0000000200), 0x2ab)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r1, 0x80dc5521, &(0x7f00000000c0)=""/217)
getsockopt$packet_buf(r0, 0x107, 0xd, &(0x7f0000000000)=""/70, &(0x7f0000000080)=0x46)
ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0)

23:27:45 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)=<r2=>0x0)
lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
fchownat(r1, &(0x7f0000000040)='./file0\x00', r2, r3, 0x2883cd4d1fba2e9a)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='trusted.overlay.redirect\x00', &(0x7f0000000300)='./file0/file0\x00', 0xe, 0x0)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16=r4, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)

23:27:45 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)=<r2=>0x0)
lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
fchownat(r1, &(0x7f0000000040)='./file0\x00', r2, r3, 0x2883cd4d1fba2e9a)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='trusted.overlay.redirect\x00', &(0x7f0000000300)='./file0/file0\x00', 0xe, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)

[ 1604.351704][  T760] binder: release 750:760 transaction 811 out, still active
[ 1604.384634][  T760] binder: unexpected work type, 4, not freed
[ 1604.409722][  T760] binder_release_work: 2 callbacks suppressed
[ 1604.409729][  T760] binder: undelivered TRANSACTION_COMPLETE
23:27:45 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)=<r2=>0x0)
lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
fchownat(r1, &(0x7f0000000040)='./file0\x00', r2, r3, 0x2883cd4d1fba2e9a)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)

23:27:46 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100))
lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200))
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)

23:27:46 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x700000000000000)

[ 1604.585528][ T5246] binder: send failed reply for transaction 811, target dead
23:27:46 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100))
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)

[ 1604.711421][  T975] binder: release 973:975 transaction 815 out, still active
[ 1604.743700][  T975] binder: unexpected work type, 4, not freed
[ 1604.766319][  T975] binder: undelivered TRANSACTION_COMPLETE
[ 1604.867870][ T5246] binder: send failed reply for transaction 815, target dead
23:27:46 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)

23:27:46 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x2000000000000000)

23:27:46 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x1e, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:46 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
ioctl$PIO_CMAP(r1, 0x4b71, &(0x7f0000000040)={0x4, 0x6, 0x200, 0x2, 0x8, 0x4})
r2 = gettid()
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f00000000c0))
ioctl$TIOCSPGRP(r1, 0x5410, &(0x7f0000000080)=r2)

23:27:46 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x1000000}}, 0xfffffefd)

23:27:46 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x40000000000000}}, 0xfffffefd)

23:27:46 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)

[ 1605.229975][ T1208] binder: release 1207:1208 transaction 819 out, still active
[ 1605.249985][ T1208] binder: unexpected work type, 4, not freed
23:27:46 executing program 1:
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)

[ 1605.274825][ T1208] binder: undelivered TRANSACTION_COMPLETE
23:27:46 executing program 1:
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)

23:27:46 executing program 1:
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)

23:27:46 executing program 1:
r0 = socket(0x0, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)

23:27:47 executing program 1:
r0 = socket(0x0, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)

23:27:47 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x4800000000000000)

[ 1605.543563][ T1512] binder: send failed reply for transaction 819, target dead
[ 1605.652809][ T1544] binder: release 1534:1544 transaction 823 out, still active
[ 1605.689652][ T1544] binder: unexpected work type, 4, not freed
[ 1605.705609][ T1544] binder: undelivered TRANSACTION_COMPLETE
[ 1605.792116][ T5246] binder: send failed reply for transaction 823, target dead
23:27:47 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x2000000}}, 0xfffffefd)

23:27:47 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x0)
mount$fuse(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x79fd, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:27:47 executing program 1:
r0 = socket(0x0, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)

23:27:47 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x4c00000000000000)

23:27:47 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x60, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:47 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x800c0000000000}}, 0xfffffefd)

23:27:47 executing program 1:
r0 = socket(0x11, 0x0, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)

[ 1606.142181][ T1778] binder: release 1774:1778 transaction 827 out, still active
[ 1606.153925][ T1778] binder: unexpected work type, 4, not freed
[ 1606.168766][ T1778] binder: undelivered TRANSACTION_COMPLETE
23:27:47 executing program 1:
r0 = socket(0x11, 0x0, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)

23:27:47 executing program 1:
r0 = socket(0x11, 0x0, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)

23:27:47 executing program 1:
socket(0x11, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)

23:27:47 executing program 1:
socket(0x11, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)

23:27:47 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x6000000000000000)

[ 1606.466839][ T5246] binder: send failed reply for transaction 827, target dead
[ 1606.568558][ T2100] binder: unexpected work type, 4, not freed
[ 1606.587730][ T2100] binder: undelivered TRANSACTION_COMPLETE
23:27:48 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x3000000}}, 0xfffffefd)

23:27:48 executing program 1:
socket(0x11, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)

23:27:48 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x6800000000000000)

23:27:48 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x78, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:48 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
ioctl$KVM_X86_SET_MCE(r1, 0x4040ae9e, &(0x7f0000000040)={0x800000000000000, 0x1, 0xfffffffffffffffc, 0x2, 0x5})

23:27:48 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xd0070000000000}}, 0xfffffefd)

23:27:48 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, 0x0, 0x80)

[ 1607.101846][ T2313] binder: unexpected work type, 4, not freed
23:27:48 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, 0x0, 0x80)

[ 1607.168617][ T2313] binder: undelivered TRANSACTION_COMPLETE
23:27:48 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, 0x0, 0x80)

23:27:48 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
ioctl$KDSIGACCEPT(r1, 0x4b4e, 0xe)
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:27:48 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x3}, 0x1, 0x0, 0x0, 0x80}, 0x80)

23:27:48 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x3}, 0x1, 0x0, 0x0, 0x80}, 0x80)

23:27:48 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x6c00000000000000)

[ 1607.576026][ T2651] binder_thread_release: 2 callbacks suppressed
[ 1607.576038][ T2651] binder: release 2650:2651 transaction 839 out, still active
[ 1607.618647][ T2651] binder: unexpected work type, 4, not freed
[ 1607.634806][ T2651] binder: undelivered TRANSACTION_COMPLETE
[ 1607.748644][ T1512] binder_send_failed_reply: 2 callbacks suppressed
[ 1607.748653][ T1512] binder: send failed reply for transaction 839, target dead
23:27:49 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x4000000}}, 0xfffffefd)

23:27:49 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x3}, 0x1, 0x0, 0x0, 0x80}, 0x80)

23:27:49 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
fcntl$getownex(r0, 0x10, &(0x7f0000000040)={0x0, <r2=>0x0})
stat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000180)={r2, r3, r4}, 0xc)

23:27:49 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x7400000000000000)

23:27:49 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x300, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:49 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xf00f0000000000}}, 0xfffffefd)

23:27:49 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x500, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:49 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340), 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="54010000f7b90bcb2d8f800f47030b1d7e1e10405da27743824185be341f611763dd353dd7668ddb4dc13ddd2ee2b67f707977bdda854922601d13d1da6e5e49d619aec228f50cabdb572791083952f0de52388ea85a64e9c9a7eb2a797888ebe56d74f477ae0a3d619052b621f2455e21d8078aab2c00f26c0ce37f52bed9ba598b1668b4357ab5ee3674315135f374580382ee1169178747565195943dce37ec37f10042e803257bc946fc77831de9568f2e826e022179d4217b6b26", @ANYRES16, @ANYBLOB="000227bd7000fddbdf25050000002c00030014000600ff01000000000000000000000000000114000200766c616e3000000000000000000000000800060001010000400001000800080020000000080008000000008008000b0073697000080009006b00000014000300ffffffff00000000000000000000000008000200020000003c00030008000400fdff0000080008003f000000080007004e200000080007004e220000080007004e220000080001000100000008000400fbff00002c0002000800060000000000080002004e24000008000b000a00000008000b000a00000008000800d5c2000008000600ee0d000054000300080007004e2200000800030003000000080004000100000008000400ac0000000800040001000000080007004e20000008000400020000000800030001000000080003000100000008000800ff0000000800040029000000"], 0x154}, 0x1, 0x0, 0x0, 0x80}, 0x80)

23:27:49 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x600, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1608.111096][ T2978] binder: release 2909:2978 transaction 843 out, still active
[ 1608.129829][ T2978] binder: unexpected work type, 4, not freed
23:27:49 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340), 0xc, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x80)

[ 1608.164157][ T2978] binder: undelivered TRANSACTION_COMPLETE
23:27:49 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x700, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:49 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340), 0xc, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x80)

[ 1608.403214][ T1512] binder: send failed reply for transaction 843, target dead
23:27:50 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340), 0xc, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x80)

23:27:50 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x7a00000000000000)

23:27:50 executing program 5:
r0 = socket(0x11, 0x3, 0x4)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20001, 0x8000000000092dd)

23:27:50 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x900, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:50 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x5000000}}, 0xfffffefd)

23:27:50 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x100000000000000}}, 0xfffffefd)

23:27:50 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0xa00, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:50 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340), 0xc, 0x0}, 0x80)

23:27:50 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0xae0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:50 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340), 0xc, 0x0}, 0x80)

23:27:50 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0xb00, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:50 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340), 0xc, 0x0}, 0x80)

23:27:50 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0xc00, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:51 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x6000000}}, 0xfffffefd)

23:27:51 executing program 5:
r0 = socket(0x15, 0x3, 0x3)
flock(r0, 0x3)
ioctl$SIOCX25GCAUSEDIAG(r0, 0x89e6, &(0x7f0000000040)={0x9, 0xfffffffffffffffc})
accept4$llc(r0, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000100)=0x10, 0x800)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:27:51 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0xfdfdffff00000000)

23:27:51 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0xd00, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:51 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340), 0xc, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0)

23:27:51 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x200000000000000}}, 0xfffffefd)

23:27:51 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0xe00, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:51 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340), 0xc, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0)

[ 1610.171226][ T4448] binder: release 4398:4448 transaction 847 out, still active
[ 1610.182300][ T4448] binder: unexpected work type, 4, not freed
23:27:51 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0xe80, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1610.214096][ T4448] binder: undelivered TRANSACTION_COMPLETE
23:27:51 executing program 1:
r0 = socket(0x11, 0xa, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000580)={&(0x7f0000000340), 0xc, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0)

23:27:51 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0xe88, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:51 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x0)
mount$fuse(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x79fd, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

[ 1610.549035][ T5246] binder: send failed reply for transaction 847, target dead
23:27:52 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x7000000}}, 0xfffffefd)

23:27:52 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0xec0, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:52 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x4c00000000000000)

23:27:52 executing program 0:
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video36\x00', 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000100)={0x8, @pix_mp={0xffff, 0x4, 0x76757f5b, 0xb, 0x4, [{0x2, 0x5}, {0x1, 0x6f85ae33}, {0x8, 0x3}, {0x7fff, 0xfffffffffffffffb}, {0x15, 0x4}, {0x7, 0xffffffffffffdf26}, {0x4, 0xfffffffffffffff8}, {0x4, 0xbe2}], 0x7, 0x100, 0x1, 0x2, 0x5}})
r1 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000480)={0x7, @raw_data="6d0edf44562369ebefdd85841b8288051fa22b603e157ce7aeefc401db6f9d8eaf7c988920ec8b96588fc07a6bcd61ee9bf548c1f339935cb948c8ade76f5b0e110bceb70f66ecbd7b888680882a848b9be5af68d499dd0d6dba395d2e948a2371dc314752ed63861ccf4be62734c1d992bc11e777125dc921df7843220926f029732f14a9600ab85db4c5c238cc471a8cd0fb67b4c015438a33d17e2899799aa7db74a96356375d9d60e0c49d70648ee074aae750d02e74c1ad52107a3ebbb537689abc2699bfd9"})
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000380)=ANY=[@ANYBLOB="852a627300000000", @ANYRES64=0x0, @ANYBLOB="52510019f2752d332d10029a653c7b050000007da453db20f0edd989634204568d8870061310b6d9ea7a6a9c043aadab5b92f2abc3b03c2f3e861854d0222adef0db8c247da62b3429dbeb94ae0f602e70d9d0d994a39e147dbe2ae35233e5e1cd4d3c1d17a34f394dee28ca02bbc1931b7ea2b9890a1796c2ec80b8f3b8592a221015e200928b8ecd02fb61fb"], @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000040)={&(0x7f0000001000/0x2000)=nil, &(0x7f0000001000/0x3000)=nil, &(0x7f0000003000/0x1000)=nil, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000003000/0x3000)=nil, &(0x7f0000000000)="0f8eeaf08d6e156c820098f0", 0xc, r2}, 0x68)

23:27:52 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x300000000000000}}, 0xfffffefd)

23:27:52 executing program 5:
r0 = socket(0x15, 0x800000003, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

[ 1611.115255][ T5006] binder: release 4987:5006 transaction 851 out, still active
[ 1611.126093][ T5006] binder: unexpected work type, 4, not freed
[ 1611.133103][ T5006] binder: undelivered TRANSACTION_COMPLETE
23:27:52 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0xf00, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:52 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x4800000000000000)

[ 1611.161006][ T1512] binder: send failed reply for transaction 851, target dead
23:27:52 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x1100, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1611.233419][ T5199] binder: release 5144:5199 transaction 855 out, still active
[ 1611.241195][ T5199] binder: unexpected work type, 4, not freed
[ 1611.247199][ T5199] binder: undelivered TRANSACTION_COMPLETE
23:27:52 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x500000000000000)

[ 1611.281216][ T1512] binder: send failed reply for transaction 855, target dead
[ 1611.290724][ T5182] binder: release 5004:5182 transaction 859 out, still active
[ 1611.309216][ T5182] binder: unexpected work type, 4, not freed
23:27:52 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x1200, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1611.327664][ T5305] binder: BINDER_SET_CONTEXT_MGR already set
[ 1611.333868][ T5305] binder: 5271:5305 ioctl 40046207 0 returned -16
[ 1611.343679][ T5305] binder: release 5271:5305 transaction 862 out, still active
[ 1611.364603][ T5305] binder: unexpected work type, 4, not freed
[ 1611.373044][ T5305] binder: undelivered TRANSACTION_COMPLETE
23:27:52 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
write$binfmt_misc(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="73797a30ef5d177c8ce71aa0e9bde72c61cdfccc357179ba3a0e600ed04c72c9583b6177798bb2fc83"], 0x2e)
getpgid(0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)=<r1=>0x0)
r2 = syz_open_procfs(r1, &(0x7f0000000280)='net/sockstat\x00')
ioctl$KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{}, {}]})
sendfile(r0, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1611.413176][ T5182] binder: undelivered TRANSACTION_COMPLETE
[ 1611.622871][ T1512] binder: send failed reply for transaction 859, target dead
[ 1611.637513][ T1512] binder: send failed reply for transaction 862, target dead
23:27:53 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x7d00000}}, 0xfffffefd)

23:27:53 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x1300, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:53 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
write$binfmt_misc(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="73797a30ef5d177c8ce71aa0e9bde72c61cdfccc357179ba3a0e600ed04c72c9583b6177798bb2fc83"], 0x2e)
getpgid(0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)=<r1=>0x0)
r2 = syz_open_procfs(r1, &(0x7f0000000280)='net/sockstat\x00')
ioctl$KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{}, {}]})
sendfile(r0, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:53 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$void(r1, 0xc0045c79)

23:27:53 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x10800, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r2=>0xffffffffffffffff}, 0x13f, 0xb}}, 0x20)
write$RDMA_USER_CM_CMD_CONNECT(r1, &(0x7f0000000200)={0x6, 0x118, 0xfa00, {{0xf372, 0x0, "0a45b53810048af428a5bddbd65b8f39badcb2f3fe8c07ae75bc630e0abb144530a49becd41fae68f3ef6b15249b62abdb02f0989472620569b77f88f695b416306763f1ae7a9d04d8644e17991d9951c8c425ff868b86dfd7f9e8bbe241592e56c57e26a30685717d9ee90ba1d3e076cf9a08c2c6eecdfdb02a1da51615c6c1d1d5d4d25907e2ffdd2a52b358f2a019104f7f693b7d78d7239b9133eaa78cbe2110b6244599d2447688be2807dec0f204ef3967948df0c935b42380ae9e43d9b3f719fbd36dd954b50872cc422debb85405decfd62144ce256a3ea55c2d97bd884820d1bce7c805d53930e6e20caaf367e58dc11df2855fcb63421b7b154dda", 0xa3, 0x4, 0x8000000000000, 0xfffffffffffffff8, 0x6, 0x8, 0x74c, 0x1}, r2}}, 0x120)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r3, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000040)={0x0, @aes256})

23:27:53 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x400000000000000}}, 0xfffffefd)

23:27:53 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x1400, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:53 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
write$binfmt_misc(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="73797a30ef5d177c8ce71aa0e9bde72c61cdfccc357179ba3a0e600ed04c72c9583b6177798bb2fc83"], 0x2e)
getpgid(0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)=<r1=>0x0)
r2 = syz_open_procfs(r1, &(0x7f0000000280)='net/sockstat\x00')
ioctl$KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{}, {}]})
sendfile(r0, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:53 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x1500, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1612.376028][ T5840] binder: release 5651:5840 transaction 866 out, still active
23:27:53 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
write$binfmt_misc(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="73797a30ef5d177c8ce71aa0e9bde72c61cdfccc357179ba3a0e600ed04c72c9583b6177798bb2fc83"], 0x2e)
getpgid(0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180)=<r1=>0x0)
r2 = syz_open_procfs(r1, &(0x7f0000000280)='net/sockstat\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:53 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x1600, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:54 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
write$binfmt_misc(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="73797a30ef5d177c8ce71aa0e9bde72c61cdfccc357179ba3a0e600ed04c72c9583b6177798bb2fc83"], 0x2e)
getpgid(0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180))
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1612.488203][ T5840] binder: unexpected work type, 4, not freed
[ 1612.530047][ T5840] binder: undelivered TRANSACTION_COMPLETE
[ 1612.653038][ T1512] binder: send failed reply for transaction 866, target dead
23:27:54 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x8000000}}, 0xfffffefd)

23:27:54 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
ioctl$FICLONE(r0, 0x40049409, r0)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cachefiles\x00', 0x8800, 0x0)
ioctl$CAPI_SET_FLAGS(r1, 0x80044324, &(0x7f0000000300))
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='n\xbfD/ip_vs\x00')
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r2, 0x84, 0x20, &(0x7f0000000240), &(0x7f0000000280)=0x4)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000040)={<r3=>0x0, @in6={{0xa, 0x4e24, 0xa0, @rand_addr="000cf2f18730e4aa330322ee18526198", 0x7}}, 0x5, 0x2, 0x652, 0x9541, 0x90}, &(0x7f0000000100)=0x98)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000140)={r3, 0x5}, 0x8)
sendfile(r0, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
ioctl$VIDIOC_DBG_G_REGISTER(r2, 0xc0385650, &(0x7f0000000180)={{0x6, @name="e5219287de2417ea041b26381752778491f121f1761fe0ad5a259b3add4bb2c4"}, 0x8, 0x9a2, 0x4})
syz_open_dev$sndpcmc(&(0x7f0000000200)='/dev/snd/pcmC#D#c\x00', 0x8, 0x20000)

23:27:54 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
write$binfmt_misc(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="73797a30ef5d177c8ce71aa0e9bde72c61cdfccc357179ba3a0e600ed04c72c9583b6177798bb2fc83"], 0x2e)
getpgid(0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180))
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:54 executing program 0:
prctl$PR_SET_TIMERSLACK(0x1d, 0x3)
r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x3, 0x440480)
getpeername$netrom(r0, &(0x7f0000000040)={{0x3, @bcast}, [@default, @default, @rose, @netrom, @netrom, @rose, @null, @default]}, &(0x7f00000000c0)=0x48)
r1 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0)

23:27:54 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x500000000000000}}, 0xfffffefd)

23:27:54 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x1700, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:54 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x1800, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:54 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
write$binfmt_misc(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="73797a30ef5d177c8ce71aa0e9bde72c61cdfccc357179ba3a0e600ed04c72c9583b6177798bb2fc83"], 0x2e)
getpgid(0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180))
sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:54 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x1900, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:54 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
write$binfmt_misc(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="73797a30ef5d177c8ce71aa0e9bde72c61cdfccc357179ba3a0e600ed04c72c9583b6177798bb2fc83"], 0x2e)
getpgid(0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/sockstat\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1613.412827][ T6378] binder: release 6267:6378 transaction 870 out, still active
[ 1613.426279][ T6378] binder: unexpected work type, 4, not freed
[ 1613.434024][ T6378] binder: undelivered TRANSACTION_COMPLETE
23:27:55 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x1a00, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:55 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
write$binfmt_misc(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="73797a30ef5d177c8ce71aa0e9bde72c61cdfccc357179ba3a0e600ed04c72c9583b6177798bb2fc83"], 0x2e)
r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/sockstat\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1613.692694][ T1512] binder: send failed reply for transaction 870, target dead
23:27:55 executing program 5:
r0 = socket(0x11, 0x80e, 0x6)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x18740, 0x0)
connect$l2tp(r0, &(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, r1, 0x3, 0x0, 0x4, 0x4, {0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, [], 0x29}, 0x100000001}}}, 0x3a)
futimesat(r1, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100))
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x41, 0x0, 0x1}, 0x10)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r0, &(0x7f0000000200), 0x8000000000092dd)

23:27:55 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xa000000}}, 0xfffffefd)

23:27:55 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x1b00, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:55 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/sockstat\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:55 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="852a627300000080", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0xc800, 0x0)
ioctl$TIOCSCTTY(r2, 0x540e, 0x6)

23:27:55 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r1, 0xc0bc5310, &(0x7f0000000080))
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000200)=""/129, &(0x7f0000000140)=0x81)

23:27:55 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x600000000000000}}, 0xfffffefd)

23:27:55 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x1c00, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:55 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000280)='net/sockstat\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1614.417128][ T7131] binder: release 7064:7131 transaction 874 out, still active
[ 1614.451743][ T7131] binder: unexpected work type, 4, not freed
23:27:56 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x1e00, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:56 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000280)='net/sockstat\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1614.476946][ T7131] binder: undelivered TRANSACTION_COMPLETE
23:27:56 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000280)='net/sockstat\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:56 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x1f00, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1614.780958][ T1512] binder: send failed reply for transaction 874, target dead
23:27:56 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xb000000}}, 0xfffffefd)

23:27:56 executing program 1:
r0 = socket(0x0, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/sockstat\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:56 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x2000, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:56 executing program 5:
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x4000)
getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f0000000100)={'filter\x00', 0x0, 0x4, 0x2f, [], 0x0, &(0x7f0000000080)=[{}], &(0x7f0000000200)=""/56}, &(0x7f0000000180)=0x78)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(0xffffffffffffffff, r1, &(0x7f0000000000)=0x20000, 0x8000000000092dd)
getsockopt$IP6T_SO_GET_REVISION_TARGET(r0, 0x29, 0x45, &(0x7f00000000c0)={'HL\x00'}, &(0x7f0000000240)=0x1e)

23:27:56 executing program 0:
r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_user\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f0000000100)=0x2)
r2 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x20011, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x8400, 0x0)
gettid()
ioctl$SIOCX25SDTEFACILITIES(r3, 0x89eb, &(0x7f0000000040)={0xc5a, 0x51, 0x5, 0x5, 0x8, 0x10, 0x2, "fd83b095972d43be552c14f39c11d6d829e062cc", "c21282dd1514981e2ecb8497e78ab79a50e01126"})

23:27:56 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x700000000000000}}, 0xfffffefd)

23:27:56 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x5865, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:57 executing program 1:
r0 = socket(0x0, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/sockstat\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:57 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x6000, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1615.538985][ T7956] binder: release 7703:7956 transaction 878 out, still active
23:27:57 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x6558, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1615.591597][ T7956] binder: unexpected work type, 4, not freed
[ 1615.617523][ T7956] binder: undelivered TRANSACTION_COMPLETE
23:27:57 executing program 1:
r0 = socket(0x0, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/sockstat\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:57 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x7800, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1615.934393][ T1512] binder: send failed reply for transaction 878, target dead
23:27:57 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xb000200}}, 0xfffffefd)

23:27:57 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2)
ioctl$EVIOCGSW(r1, 0x8040451b, &(0x7f0000000080)=""/136)
write$binfmt_aout(r1, &(0x7f0000000200)={{0x10b, 0x7, 0x0, 0xe8, 0xdd, 0x0, 0x10b, 0x80000001}, "3587811f4d068e5a67eff128eb2cfc694396a1465e32c57b8757c632c8ac6ba321de3ffc970a197edce443973779bb9dbd3f67d90776d0ff24913b05e2b3c1bacb5fe60790f64dff13e6091c22d6d78adc2279e5414f1bef8f78f0b5ae296e5f0eb5f3c78499083f25c2fb38f3727fabd098bf3c5e94936c808d518aa2484f24429e68768f7eea475db545bc42a54e22da235110cd6273f69ad007422b5aa17db11fd2cec934c4c0ee774cfb1fee", [[], [], [], [], []]}, 0x5ce)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r0, r0, &(0x7f0000000040)=0x20000, 0x10000)

23:27:57 executing program 1:
r0 = socket(0x11, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/sockstat\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:57 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0xfffffda4, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000000)=ANY=[@ANYBLOB="852a62730000000058d027a776efa88e2591f2a2a8b5b653dfa6a7c08f71d187e8f9d0152803c24f8082f1e94b3e7d0c7fc5040500009b671fd2b86e736a13d49ed5d8000000eaffffff00000000000000000000000000003266526991593777060aef9fa58da50bbb1d680a89c6014555536331b34d6f0dfd11d354255f820b7b3163e5ef1367f63f93e0af7ad4993eea2acd642f0b7571d0ffff3830b3ddc8a568cd4520d1ea", @ANYRES64=0x0, @ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0})
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r1 = open(&(0x7f00000000c0)='./file0\x00', 0x400, 0x140)
bind$rose(r1, &(0x7f0000000100)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, 0x3, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null]}, 0x40)
fallocate(0xffffffffffffffff, 0x0, 0x5, 0x72)
fcntl$setstatus(r0, 0x4, 0x44400)

23:27:57 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x800e, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:57 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0x800000000000000}}, 0xfffffefd)

23:27:57 executing program 1:
r0 = socket(0x11, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/sockstat\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:58 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x8100, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:58 executing program 1:
r0 = socket(0x11, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/sockstat\x00')
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:58 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x880e, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:58 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:58 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0xc00e, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1616.665277][ T9003] binder: 8754:9003 transaction failed 29189/-22, size 24-8 line 2994
[ 1616.701949][ T9003] binder: undelivered TRANSACTION_ERROR: 29189
23:27:58 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xd000000}}, 0xfffffefd)

23:27:58 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0xe00a, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:58 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:58 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x10b000, 0x0)
setsockopt$IP_VS_SO_SET_TIMEOUT(r2, 0x0, 0x48a, &(0x7f0000000040)={0x8d1, 0x1000}, 0xc)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
getpeername$inet6(r2, &(0x7f00000002c0)={0xa, 0x0, 0x0, @remote}, &(0x7f0000000380)=0x1c)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="852a627300000000", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="00fcb7019d000000"]], 0x0, 0x0, 0x0})
getsockopt$inet6_dccp_buf(r2, 0x21, 0xd, &(0x7f0000000480)=""/225, &(0x7f00000001c0)=0xe1)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000080)=[@request_death={0x400c630e, 0x4}, @enter_looper], 0x94, 0x0, &(0x7f00000000c0)="d52280da6c688a478e7d47bc4d99f18efe053f5f23c6b870d1afc39d088559f0d5eb934ef86c80dd4da58cc62519fbdaebc4cd2a04a5d1d673ec990052c15642759aeb6560d66f6afd397c80d6d258811e6c84c159be643f33d01c85d286572409d7047506095996966dc432f5eb0875a92ee199d64478dbe1e9666b5c0087915b6e29c2916980c95d544b857dda3b5bf5e32387"})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
connect$caif(r2, &(0x7f0000000280)=@util={0x25, "f5237e329fabea888ddb261b89a5a20f"}, 0x18)

23:27:58 executing program 5:
r0 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x4, 0x200)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000080)={&(0x7f0000ffb000/0x3000)=nil, 0x3000}, &(0x7f00000000c0)=0x10)
r1 = socket(0x11, 0x3, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r1, r2, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

23:27:59 executing program 2:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x12, 0x1079000000000000, {0x0, 0x0, 0xa00000000000000}}, 0xfffffefd)

23:27:59 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0xff00, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:59 executing program 1:
r0 = socket(0x11, 0x3, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
sendfile(r0, r1, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

23:27:59 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x1a000, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

23:27:59 executing program 1:
socket(0x11, 0x3, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000280)='net/sockstat\x00')
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x20d, 0x8000000000092dd)

[ 1617.622973][ T9388] ------------[ cut here ]------------
[ 1617.628515][ T9388] kernel BUG at drivers/android/binder_alloc.c:1141!
23:27:59 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="4c0000001a00ff09fffefd956fa283b724a6008000000000000000683540150024001d003ab6821148a730de33a49868c62b2ca654a6613b6a00200000000000000000000000000000000000", 0x4c}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f0000001380)=[{{0x0, 0x118, &(0x7f0000000240), 0x34000, 0x0, 0x87}}], 0x4000056, 0x0, &(0x7f0000000200)={0x77359400})

[ 1617.691674][ T9388] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 1617.697828][ T9388] CPU: 1 PID: 9388 Comm: syz-executor.0 Not tainted 5.1.0-rc2 #36
[ 1617.705823][ T9388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1617.715995][ T9388] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[ 1617.722517][ T9388] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 bf f9 23 fc 4c 89 e6 4c 89 ef e8 d4 fa 23 fc 4d 39 e5 76 07 e8 aa f9 23 fc <0f> 0b e8 a3 f9 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 b1
[ 1617.742129][ T9388] RSP: 0018:ffff888056a97550 EFLAGS: 00010216
[ 1617.748208][ T9388] RAX: 0000000000040000 RBX: 0000000020001000 RCX: ffffc90005b01000
[ 1617.756186][ T9388] RDX: 0000000000000518 RSI: ffffffff854c77d6 RDI: 0000000000000006
[ 1617.764327][ T9388] RBP: ffff888056a975d0 R08: ffff888058a02240 R09: 0000000000000028
[ 1617.772291][ T9388] R10: ffffed100ad52f01 R11: ffff888056a9780f R12: 0000000000000020
[ 1617.780277][ T9388] R13: 0000000000000028 R14: ffff88808c399d50 R15: 0000000000000000
[ 1617.788268][ T9388] FS:  00007f91b41dd700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[ 1617.797201][ T9388] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1617.803828][ T9388] CR2: 00007f91b41bbdb8 CR3: 000000005a273000 CR4: 00000000001406e0
[ 1617.811827][ T9388] Call Trace:
[ 1617.815127][ T9388]  ? memcpy+0x46/0x50
[ 1617.819105][ T9388]  binder_alloc_copy_from_buffer+0x37/0x42
[ 1617.824925][ T9388]  binder_get_object+0xc3/0x200
[ 1617.829820][ T9388]  binder_transaction+0x2b4a/0x6690
[ 1617.835024][ T9388]  ? binder_thread_read+0x3d50/0x3d50
[ 1617.840403][ T9388]  ? __lock_acquire+0x548/0x3fb0
[ 1617.845350][ T9388]  ? __might_fault+0x12b/0x1e0
[ 1617.850125][ T9388]  ? lock_downgrade+0x880/0x880
[ 1617.855062][ T9388]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1617.861315][ T9388]  ? _copy_from_user+0xdd/0x150
[ 1617.866210][ T9388]  binder_thread_write+0x64a/0x2820
[ 1617.871508][ T9388]  ? binder_transaction+0x6690/0x6690
[ 1617.876894][ T9388]  ? __might_fault+0x12b/0x1e0
[ 1617.881692][ T9388]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1617.887944][ T9388]  ? _copy_from_user+0xdd/0x150
[ 1617.892921][ T9388]  binder_ioctl+0x1033/0x183b
[ 1617.897614][ T9388]  ? binder_thread_write+0x2820/0x2820
[ 1617.903157][ T9388]  ? tomoyo_path_number_perm+0x263/0x520
[ 1617.908924][ T9388]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1617.914720][ T9388]  ? smack_log+0x415/0x540
[ 1617.919146][ T9388]  ? binder_thread_write+0x2820/0x2820
[ 1617.924602][ T9388]  do_vfs_ioctl+0xd6e/0x1390
[ 1617.929187][ T9388]  ? ioctl_preallocate+0x210/0x210
[ 1617.934304][ T9388]  ? smack_file_ioctl+0x196/0x310
[ 1617.939334][ T9388]  ? smack_inode_rename+0x2d0/0x2d0
[ 1617.944538][ T9388]  ? nsecs_to_jiffies+0x30/0x30
[ 1617.949416][ T9388]  ? tomoyo_file_ioctl+0x23/0x30
[ 1617.954376][ T9388]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1617.960649][ T9388]  ? security_file_ioctl+0x93/0xc0
[ 1617.965754][ T9388]  ksys_ioctl+0xab/0xd0
[ 1617.969904][ T9388]  __x64_sys_ioctl+0x73/0xb0
[ 1617.974505][ T9388]  do_syscall_64+0x103/0x610
[ 1617.979192][ T9388]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1617.985088][ T9388] RIP: 0033:0x458209
[ 1617.988969][ T9388] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1618.008675][ T9388] RSP: 002b:00007f91b41dcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1618.018977][ T9388] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458209
[ 1618.026945][ T9388] RDX: 0000000020000440 RSI: 00000000c0306201 RDI: 0000000000000003
[ 1618.035468][ T9388] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
23:27:59 executing program 5:
r0 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x8, 0x2000)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000100)={<r1=>0xffffffffffffffff}, 0x117, 0xf}}, 0x20)
write$RDMA_USER_CM_CMD_ACCEPT(r0, &(0x7f0000000200)={0x8, 0x120, 0xfa00, {0x3, {0x80000000, 0xe30, "371c94b838dc4e4200a06848e64b40e3de8f98c8b8f306e18aca52edec9539208e5836ee0d3781858ab71cf591c0182cb668d9c042777dca910660bdcc0cc65072c3c89458811d03d7d9e5bcc58022f4f7b145a5aa29bc50625cae8fb128298d0d598a629c18d8e75c74a4548e0fe365bc6bb4e1f96f0ee50ab1bfc478864e4f76bc940bc8d454eee6db1c62c2c9cd8a6093b4f6a453b21cea86b7275c839bc8369efe2f986c95a352552fad4aa16b72fdaf9e81d979f7dce4132a9c3933e764c0dfe8996d7041f2b9e194f7ef560cac16049ca30cfd41d3a6d6dc68abc83d95bc5012d2731738e3482c13e324d63f2c22c679190dcb6cbd5c87bf7fdbc1597f", 0x64, 0x800, 0x3, 0x0, 0xfffffffffffffeff, 0xffffffffffffffff, 0x8}, r1}}, 0x128)
getsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000180), 0x4)
r2 = socket(0x11, 0x100080005, 0x0)
getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x12, &(0x7f0000000040), &(0x7f0000000080)=0x4)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs\x00')
sendfile(r2, r3, &(0x7f0000000000)=0x20000, 0x8000000000092dd)

[ 1618.043531][ T9388] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f91b41dd6d4
[ 1618.051494][ T9388] R13: 00000000004bf49a R14: 00000000004d0e80 R15: 00000000ffffffff
[ 1618.059456][ T9388] Modules linked in:
[ 1618.065131][ T9388] ---[ end trace 110d84bebab5ba8e ]---
[ 1618.071154][ T9388] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510
[ 1618.085138][ T9388] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 bf f9 23 fc 4c 89 e6 4c 89 ef e8 d4 fa 23 fc 4d 39 e5 76 07 e8 aa f9 23 fc <0f> 0b e8 a3 f9 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 b1
[ 1618.121799][ T3877] kobject: 'loop5' (000000003a0d74ec): kobject_uevent_env
[ 1618.158239][ T9388] RSP: 0018:ffff888056a97550 EFLAGS: 00010216
[ 1618.160797][ T3877] kobject: 'loop5' (000000003a0d74ec): fill_kobj_path: path = '/devices/virtual/block/loop5'
[ 1618.185347][ T9388] RAX: 0000000000040000 RBX: 0000000020001000 RCX: ffffc90005b01000
[ 1618.214759][ T9388] RDX: 0000000000000518 RSI: ffffffff854c77d6 RDI: 0000000000000006
[ 1618.222441][ T3877] kobject: 'loop1' (0000000026e778c2): kobject_uevent_env
[ 1618.252014][ T9388] RBP: ffff888056a975d0 R08: ffff888058a02240 R09: 0000000000000028
[ 1618.254982][ T3877] kobject: 'loop1' (0000000026e778c2): fill_kobj_path: path = '/devices/virtual/block/loop1'
[ 1618.273922][ T9388] R10: ffffed100ad52f01 R11: ffff888056a9780f R12: 0000000000000020
[ 1618.298759][ T9388] R13: 0000000000000028 R14: ffff88808c399d50 R15: 0000000000000000
[ 1618.301705][ T3877] kobject: 'loop5' (000000003a0d74ec): kobject_uevent_env
[ 1618.318386][ T9388] FS:  00007f91b41dd700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[ 1618.337534][ T3877] kobject: 'loop5' (000000003a0d74ec): fill_kobj_path: path = '/devices/virtual/block/loop5'
[ 1618.353759][ T9388] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1618.369167][ T9388] CR2: 0000000000625208 CR3: 000000005a273000 CR4: 00000000001406e0
[ 1618.387705][ T9388] Kernel panic - not syncing: Fatal exception
[ 1618.394598][ T9388] Kernel Offset: disabled
[ 1618.399036][ T9388] Rebooting in 86400 seconds..