[info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.2' (ECDSA) to the list of known hosts. 2018/12/24 08:03:16 fuzzer started 2018/12/24 08:03:18 dialing manager at 10.128.0.26:34681 2018/12/24 08:03:18 syscalls: 1 2018/12/24 08:03:18 code coverage: enabled 2018/12/24 08:03:18 comparison tracing: enabled 2018/12/24 08:03:18 setuid sandbox: enabled 2018/12/24 08:03:18 namespace sandbox: enabled 2018/12/24 08:03:18 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/24 08:03:18 fault injection: enabled 2018/12/24 08:03:18 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/24 08:03:18 net packet injection: enabled 2018/12/24 08:03:18 net device setup: enabled 08:05:31 executing program 0: syzkaller login: [ 173.783433] IPVS: ftp: loaded support on port[0] = 21 08:05:31 executing program 1: [ 174.073719] IPVS: ftp: loaded support on port[0] = 21 08:05:32 executing program 2: [ 174.432400] IPVS: ftp: loaded support on port[0] = 21 08:05:32 executing program 3: [ 174.766142] IPVS: ftp: loaded support on port[0] = 21 08:05:32 executing program 4: [ 175.243514] IPVS: ftp: loaded support on port[0] = 21 08:05:33 executing program 5: [ 175.650226] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.696816] IPVS: ftp: loaded support on port[0] = 21 [ 175.707536] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.721846] device bridge_slave_0 entered promiscuous mode [ 175.880084] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.896326] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.906071] device bridge_slave_1 entered promiscuous mode [ 176.096405] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 176.238742] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 176.311975] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.334376] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.342054] device bridge_slave_0 entered promiscuous mode [ 176.534876] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.541297] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.561944] device bridge_slave_1 entered promiscuous mode [ 176.614336] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 176.717714] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 176.771021] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 176.863283] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 177.005854] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.012257] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.025227] device bridge_slave_0 entered promiscuous mode [ 177.033732] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 177.044347] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 177.086303] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.092806] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.100210] device bridge_slave_0 entered promiscuous mode [ 177.214809] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.221218] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.231877] device bridge_slave_1 entered promiscuous mode [ 177.245113] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.251497] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.275841] device bridge_slave_1 entered promiscuous mode [ 177.334875] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 177.344875] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 177.392944] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 177.459685] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 177.532523] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 177.540940] team0: Port device team_slave_0 added [ 177.548357] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 177.559654] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 177.739303] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 177.747038] team0: Port device team_slave_1 added [ 177.754743] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.761745] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.770941] device bridge_slave_0 entered promiscuous mode [ 177.844603] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 177.857422] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.945613] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 177.973616] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 177.986010] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 177.997343] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.023176] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.030640] device bridge_slave_1 entered promiscuous mode [ 178.043765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 178.060078] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.106416] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 178.115420] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 178.138922] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.165037] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 178.185362] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 178.210026] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.219476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.255401] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.261818] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.269323] device bridge_slave_0 entered promiscuous mode [ 178.277807] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 178.286042] team0: Port device team_slave_0 added [ 178.295039] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 178.302044] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.319192] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 178.329112] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 178.357195] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 178.373409] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.393605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.405860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 178.435894] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.442307] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.450588] device bridge_slave_1 entered promiscuous mode [ 178.461754] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 178.470722] team0: Port device team_slave_1 added [ 178.504759] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 178.521805] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.577701] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 178.603064] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.611064] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.638747] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 178.756936] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.781876] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 178.792444] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 178.806032] team0: Port device team_slave_0 added [ 178.821543] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 178.867695] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 178.885783] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.902547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.956111] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 178.963991] team0: Port device team_slave_0 added [ 178.971972] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 178.988990] team0: Port device team_slave_1 added [ 179.002126] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.021218] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 179.030285] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.046506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.097071] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 179.120361] team0: Port device team_slave_1 added [ 179.135308] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 179.143067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.178624] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 179.193278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.209535] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.251862] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.267014] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 179.279243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.297025] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.330831] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 179.338519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.365493] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 179.382421] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 179.413244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.421231] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.449001] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 179.471343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.482227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.503005] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 179.512161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.546174] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 179.564980] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.582297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.623787] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 179.632663] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.643810] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.682389] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 179.722669] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.739139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.769457] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 179.787677] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.813763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.850160] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 179.858526] team0: Port device team_slave_0 added [ 180.014056] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.020553] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.027547] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.033963] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.042256] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 180.060710] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 180.068369] team0: Port device team_slave_1 added [ 180.116194] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 180.123921] team0: Port device team_slave_0 added [ 180.220067] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 180.232927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 180.240873] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.277344] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 180.293763] team0: Port device team_slave_1 added [ 180.353544] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 180.360392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.382567] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.421895] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 180.443207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 180.451080] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.494470] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.501681] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.513763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.572246] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.578722] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.585471] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.591844] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.607392] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 180.650714] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 180.667252] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.683116] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.701374] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.709170] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.723882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.758069] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.783982] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.797894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.889666] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.903304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.911462] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.003743] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.011607] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.410218] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.416748] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.423578] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.429965] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.446611] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 181.507897] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.514385] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.521626] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.528079] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.554855] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 182.012936] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 182.024108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 182.065816] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.072226] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.078977] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.085412] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.095539] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 182.357143] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.363605] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.370308] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.376757] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.395160] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 183.122237] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.133568] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.703355] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.235072] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.255333] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 186.688572] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 186.708480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.718970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.781624] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.799884] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 186.926088] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.240399] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.265476] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.292902] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.300904] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.337936] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 187.362950] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.370024] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.397416] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.694681] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 187.700870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.720361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.756323] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.778300] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 187.880414] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 187.900613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.910980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.927700] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.173505] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 188.181846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.191348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.243518] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.294019] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 188.300176] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.313468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.350044] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.597169] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.702245] 8021q: adding VLAN 0 to HW filter on device team0 08:05:48 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) [ 190.310594] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 08:05:48 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:05:48 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:05:48 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:05:48 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:05:48 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="021000000a000000000000ec000048000800120000004000000061e64d0000000000000008030002a9ac39b70000000005000000bd00000000002000000000000000af79000000000000000000000000"], 0x50}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x79b09bd2d2b4ee, 0x0) 08:05:48 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000100)={'bcsh0\x00', 0x400}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x2000001, 0x31, 0xffffffffffffffff, 0x0) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f00000000c0)={0x0, 0x0}) 08:05:49 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) 08:05:49 executing program 1: r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1002000007, 0x11, r0, 0x0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r0, 0x88200) write$cgroup_type(r1, &(0x7f0000000200)='threaded\x00', 0x175d900f) madvise(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x9) 08:05:49 executing program 3: mkdir(&(0x7f0000001340)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='proc\x00', 0x1, 0x0) lsetxattr(&(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0) 08:05:49 executing program 4: clone(0x210007f8, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x2000000000000177, 0x0, &(0x7f0000000240)='GPL\x00\x90\xb6M\xed\x9a\x8c\xeb\xf9\xadT\xce\x99\x9b\xc9\rw\x01\xc3v^B(\x1c\xec\\D\xbd\x05)\x12\x03\x7f\xc6,,\x03\xf4D\xb5bf\xdew\xa1B>\x89\\\xb9i\xf9\xaa\x87\xbf\xbf\xda\x06\x1b\x1a\x92A{\xb1\xf4\x1d\xf1#f\x05f\xa2\x8b\x84YZ3\x99\xd8\xae\x11y\xec\x1c\x16\xfe\x1b\x0eH\a\x0e\x85#b_\x16\xb0\xea\xc3\xe8\x15\xe7\x9c\xc5k\a\x00\x00\x00\xe9\xa0\x81&\xbb\xa0\x85\xe3\xb3\xcf\xfc\xd12\xf7;s\x8c\xe0u\xc4\xcd', 0x0, 0xffffffbb}, 0x48) socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socket$inet6(0xa, 0x1, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x37, 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) rt_sigtimedwait(&(0x7f00000001c0)={0x53fd}, 0x0, &(0x7f0000000300), 0x8) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x1e7) 08:05:49 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:05:49 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000051cff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000200)=0xa35) read(r0, &(0x7f00003fefff)=""/1, 0x1) readv(r0, &(0x7f0000dcdff0)=[{&(0x7f0000cd8000)=""/1, 0x1}], 0x1) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000080)) tkill(0x0, 0x0) 08:05:49 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) socket(0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) [ 191.710561] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 08:05:49 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:05:49 executing program 5: ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000040)='dns_resolver\x00', 0x0, &(0x7f0000000100)="f1adeb1af858baacf3badb1d79cae63160297c5622f1bd4355db6251ba98a1e2907b45d18f94a48704000000222a0027dec36a9f5f10be85cdfbb42864d37ef802ac13632e6787578d000000d38f350b8b23000000000000000000", 0x5b, 0xfffffffffffffffb) 08:05:49 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:05:49 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000001100)=[{{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000003540)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:05:49 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x11, &(0x7f0000000240)=0xffffffdffffffffd, 0x4) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, 0x0, 0x0) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c) getsockname$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000140)) sendmmsg(r2, &(0x7f0000007e00), 0x136a88c83115738, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 08:05:49 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 191.886258] Option ' ' to dns_resolver key: bad/missing value [ 191.909210] Option ' ' to dns_resolver key: bad/missing value [ 192.055237] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 08:05:50 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:05:50 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) fcntl$dupfd(r1, 0x0, r0) ioctl$BLKPBSZGET(0xffffffffffffffff, 0x127b, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r3 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) fcntl$notify(0xffffffffffffffff, 0x402, 0x10) fcntl$getownex(r3, 0x10, &(0x7f0000000100)={0x0, 0x0}) ptrace(0xffffffffffffffff, r4) dup(0xffffffffffffffff) unshare(0x40000000) rt_sigprocmask(0x0, 0x0, &(0x7f0000000740), 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_read_part_table(0xfffffffffffffffe, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="000000000000000000000000000000000000000000000000e0e51532000000000200880126000100000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}]) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={0xffffffffffffffff, &(0x7f0000000040), 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.stat\x00', 0x0, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r2, 0x8004e500, 0x0) 08:05:50 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000001100)=[{{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000003540)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:05:50 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 192.319243] IPVS: ftp: loaded support on port[0] = 21 [ 192.367028] hrtimer: interrupt took 42342 ns 08:05:50 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000001100)=[{{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000003540)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:05:50 executing program 2: ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0xfffffffffffffffe) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580), 0x0) socketpair(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000580)='ip6_vti0\x00') socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f2, &(0x7f0000000580)='ip6_vti0\x00') [ 192.556441] loop1: p1 p2 p3 p4 < > 08:05:50 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:05:50 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:05:50 executing program 4: r0 = socket$inet6(0xa, 0x80003, 0xff) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c) write$binfmt_aout(r0, &(0x7f0000000140), 0x20) 08:05:50 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000001100)=[{{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000003540)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:05:50 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000080)={0x0, 0x7530}, 0x10) sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) sendmsg$TEAM_CMD_OPTIONS_GET(r1, &(0x7f00000065c0)={0x0, 0x0, &(0x7f0000006580)={&(0x7f0000005fc0)={0x5c, 0x0, 0x0, 0x0, 0x0, {}, [{{0x8}, {0x40, 0x2, [{0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8}}}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x10) setsockopt$packet_int(r3, 0x107, 0x800000000007, &(0x7f0000000000)=0x2, 0x4) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) ftruncate(r2, 0x2007fff) sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000fffffffe) 08:05:50 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 192.814513] __loop_clr_fd: partition scan of loop1 failed (rc=-22) [ 192.848114] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 192.906721] print_req_error: I/O error, dev loop1, sector 101 flags 80700 [ 192.918380] print_req_error: I/O error, dev loop1, sector 201 flags 80700 [ 192.942474] print_req_error: I/O error, dev loop1, sector 1 flags 80700 08:05:50 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 192.959794] IPVS: ftp: loaded support on port[0] = 21 [ 192.963515] print_req_error: I/O error, dev loop1, sector 101 flags 0 [ 192.971797] Buffer I/O error on dev loop1p2, logical block 0, async page read [ 192.979775] print_req_error: I/O error, dev loop1, sector 201 flags 0 [ 192.986483] Buffer I/O error on dev loop1p3, logical block 0, async page read [ 192.994202] print_req_error: I/O error, dev loop1, sector 205 flags 0 [ 193.000862] Buffer I/O error on dev loop1p3, logical block 1, async page read [ 193.013718] print_req_error: I/O error, dev loop1, sector 1 flags 0 [ 193.020194] Buffer I/O error on dev loop1p1, logical block 0, async page read [ 193.027930] print_req_error: I/O error, dev loop1, sector 5 flags 0 [ 193.034444] Buffer I/O error on dev loop1p1, logical block 1, async page read [ 193.034499] print_req_error: I/O error, dev loop1, sector 201 flags 0 [ 193.034515] Buffer I/O error on dev loop1p3, logical block 0, async page read [ 193.034549] print_req_error: I/O error, dev loop1, sector 205 flags 0 [ 193.034564] Buffer I/O error on dev loop1p3, logical block 1, async page read [ 193.053591] Buffer I/O error on dev loop1p1, logical block 0, async page read [ 193.058429] Buffer I/O error on dev loop1p1, logical block 1, async page read [ 193.062508] Buffer I/O error on dev loop1p2, logical block 1, async page read 08:05:51 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) fcntl$dupfd(r1, 0x0, r0) ioctl$BLKPBSZGET(0xffffffffffffffff, 0x127b, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r3 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) fcntl$notify(0xffffffffffffffff, 0x402, 0x10) fcntl$getownex(r3, 0x10, &(0x7f0000000100)={0x0, 0x0}) ptrace(0xffffffffffffffff, r4) dup(0xffffffffffffffff) unshare(0x40000000) rt_sigprocmask(0x0, 0x0, &(0x7f0000000740), 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_read_part_table(0xfffffffffffffffe, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="000000000000000000000000000000000000000000000000e0e51532000000000200880126000100000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}]) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={0xffffffffffffffff, &(0x7f0000000040), 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.stat\x00', 0x0, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r2, 0x8004e500, 0x0) 08:05:51 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:05:51 executing program 2: ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0xfffffffffffffffe) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580), 0x0) socketpair(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000580)='ip6_vti0\x00') socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f2, &(0x7f0000000580)='ip6_vti0\x00') 08:05:51 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000001100)=[{{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000003540)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:05:51 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:05:51 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000001100)=[{{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000003540)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:05:51 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) fcntl$dupfd(r1, 0x0, r0) ioctl$BLKPBSZGET(0xffffffffffffffff, 0x127b, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r3 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) fcntl$notify(0xffffffffffffffff, 0x402, 0x10) fcntl$getownex(r3, 0x10, &(0x7f0000000100)={0x0, 0x0}) ptrace(0xffffffffffffffff, r4) dup(0xffffffffffffffff) unshare(0x40000000) rt_sigprocmask(0x0, 0x0, &(0x7f0000000740), 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_read_part_table(0xfffffffffffffffe, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="000000000000000000000000000000000000000000000000e0e51532000000000200880126000100000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}]) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={0xffffffffffffffff, &(0x7f0000000040), 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.stat\x00', 0x0, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r2, 0x8004e500, 0x0) [ 193.397678] IPVS: ftp: loaded support on port[0] = 21 [ 193.509225] IPVS: ftp: loaded support on port[0] = 21 08:05:51 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:05:51 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000140)={r0}) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000100)={r0}) 08:05:51 executing program 2: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x859, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c) sendmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000700)="3ec15689d443547ede50c74eda3ab89483fad8a36c42ae30bc7a5232deaffafca4f39203e339e6fb", 0x28}], 0x1}}], 0x1, 0x0) 08:05:51 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000140)={r0}) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000100)={r0}) 08:05:51 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000001100)=[{{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000003540)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) [ 193.665971] loop4: p1 p2 p3 p4 < > [ 193.805496] loop1: p1 p2 p3 p4 < > [ 194.018300] __loop_clr_fd: partition scan of loop4 failed (rc=-22) [ 194.083771] __loop_clr_fd: partition scan of loop1 failed (rc=-22) 08:05:52 executing program 1: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000080)={0x0, 0x7530}, 0x10) sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) sendmsg$TEAM_CMD_OPTIONS_GET(r1, &(0x7f00000065c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x10) setsockopt$packet_int(r3, 0x107, 0x800000000007, &(0x7f0000000000)=0x2, 0x4) setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) ftruncate(r2, 0x2007fff) sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000fffffffe) 08:05:52 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:05:52 executing program 2: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0) ioctl$TIOCMSET(r0, 0x5418, 0x0) 08:05:52 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000001100)=[{{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000003540)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:05:52 executing program 4: clone(0x200000041fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() getgroups(0x2, &(0x7f0000000080)=[0xffffffffffffffff, 0xee00]) setregid(0x0, r1) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000000c0)) ptrace(0x10, r0) 08:05:52 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000140)={r0}) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000100)={r0}) 08:05:52 executing program 2: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000280)={'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 0x5002}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x2e0, &(0x7f0000000300)={&(0x7f0000000040)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RSTAT(r3, &(0x7f0000000180)=ANY=[@ANYBLOB="4e0021007d020000005f1f83040908"], 0xf) ftruncate(r3, 0x2007fff) sendfile(r0, r3, &(0x7f0000d83ff8)=0xa, 0x800000000024) 08:05:52 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:05:52 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 194.295542] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 08:05:52 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000001100)=[{{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000003540)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:05:52 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:05:52 executing program 1: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'lo\x00', 0x0}) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, 0x0, &(0x7f0000000000)) bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @local}, 0x14) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000140)=0xfb8, 0x4) splice(r0, 0x0, r2, 0x0, 0x10002, 0x0) [ 194.553867] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 08:05:52 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 194.599192] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 08:05:52 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000001100)=[{{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000003540)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:05:52 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:05:52 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) [ 194.792301] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 08:05:52 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:05:52 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000340)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x4000) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) r2 = creat(&(0x7f00000002c0)='./bus\x00', 0x80) r3 = open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1, 0x11, r3, 0x0) arch_prctl$ARCH_SET_GS(0x1001, 0x1000) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000000)=@hopopts={0x89, 0x2, [], [@hao={0xc9, 0x10, @mcast2}]}, 0x20) stat(0x0, &(0x7f0000000ac0)) write$P9_RSTATu(r2, &(0x7f0000000c40)=ANY=[@ANYRES32, @ANYRES32], 0x8) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) 08:05:53 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}]) fcntl$dupfd(0xffffffffffffffff, 0x406, r0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x1ff, 0x4, 0x0, 0x5, 0x0, 0x4, 0x44020, 0x2, 0x7, 0x0, 0x7ff, 0x0, 0x45ad, 0x9, 0x0, 0x7ca, 0x6, 0x101, 0x0, 0x5, 0x0, 0x9, 0x5376, 0x7, 0x4, 0x7, 0x0, 0x0, 0x2, 0x4, 0x24d, 0x0, 0x400, 0x8001, 0x0, 0x2, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x0, 0x10000, 0x0, 0x6, 0x1f, 0x5}, 0x0, 0x1, 0xffffffffffffff9c, 0x8) socket$inet(0x2, 0x0, 0x200000000000) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x1) dup3(r0, 0xffffffffffffffff, 0x5c5eb52e10e8e865) socketpair$unix(0x1, 0x0, 0x0, 0x0) fsetxattr$trusted_overlay_upper(0xffffffffffffffff, 0x0, &(0x7f0000000580)=ANY=[], 0x0, 0x0) prctl$PR_GET_DUMPABLE(0x3) 08:05:53 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000001100)=[{{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000003540)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:05:53 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:05:53 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 195.096680] kauditd_printk_skb: 10 callbacks suppressed [ 195.096694] audit: type=1804 audit(1545638752.936:31): pid=7935 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor4" name="/root/syzkaller-testdir249933403/syzkaller.2mQTDp/7/bus" dev="sda1" ino=16554 res=1 08:05:53 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 195.508959] loop2: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21 08:05:53 executing program 1: pipe(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$sock_inet_udp_SIOCOUTQ(r1, 0x5411, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0xa) timer_create(0x8, &(0x7f0000000300)={0x0, 0x8, 0x0, @thr={0x0, 0x0}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000180)={0x0, @dev, @multicast2}, &(0x7f00000007c0)=0xc) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x5) write$P9_RXATTRWALK(r0, &(0x7f0000000040)={0x5, 0x1f, 0x0, 0x800}, 0xf) getdents64(r0, &(0x7f0000000700)=""/161, 0xa1) ioctl$TCSBRK(r0, 0x5409, 0x63a) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x4e21, 0x3, @mcast2, 0x4}, 0x1c) ioctl$FITRIM(r1, 0xc0185879, 0x0) r4 = request_key(&(0x7f00000005c0)='rxrpc_s\x00', 0x0, &(0x7f0000000640)='\x00', 0xfffffffffffffffa) r5 = add_key(0x0, &(0x7f0000000980)={'syz', 0x0}, 0x0, 0x0, r4) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, r5) truncate(&(0x7f00000001c0)='./file0\x00', 0x8d2) shutdown(r2, 0x0) ioctl$EVIOCGSW(r1, 0x8040451b, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000400)=r6) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @ipv4={[], [], @loopback}}, 0x1c) setgid(r8) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000800)={{{@in=@rand_addr=0x4e, @in=@empty, 0x4e24, 0x9, 0x4e24, 0x9, 0x2, 0x80, 0x20, 0x2b, r3, r7}, {0x9, 0x81, 0x81, 0x6, 0x4fad, 0x1, 0xf6fe, 0x9}, {0x7, 0x0, 0x7fffffff, 0xffffffff80000001}, 0x0, 0x6e6bb7, 0x0, 0x1, 0x1, 0x2}, {{@in=@rand_addr=0x4, 0x4d2, 0xff}, 0xa, @in6, 0x3503, 0x3, 0x0, 0x2, 0x9, 0x7f, 0x5}}, 0xe8) accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000001d80), 0x800) getsockopt$SO_COOKIE(r2, 0x1, 0x39, &(0x7f00000009c0), 0x0) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 08:05:53 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:05:53 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000001100)=[{{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000003540)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:05:53 executing program 3: bind$inet(0xffffffffffffffff, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r1 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000140)={0xffffffffffffffff, r0}) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000100)={0xffffffffffffffff, r0}) [ 195.509085] loop2: partition table partially beyond EOD, truncated [ 195.687556] loop2: p1 start 1 is beyond EOD, truncated [ 195.699434] loop2: p2 size 2 extends beyond EOD, truncated 08:05:53 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) [ 195.786792] loop2: p3 start 201 is beyond EOD, truncated [ 195.814194] loop2: p4 start 301 is beyond EOD, truncated [ 195.841891] loop2: p5 start 1 is beyond EOD, truncated 08:05:53 executing program 3: bind$inet(0xffffffffffffffff, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r1 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000140)={0xffffffffffffffff, r0}) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000100)={0xffffffffffffffff, r0}) [ 195.863085] loop2: p6 start 1 is beyond EOD, truncated [ 195.868532] loop2: p7 start 1 is beyond EOD, truncated [ 195.961893] loop2: p8 start 1 is beyond EOD, truncated [ 196.015081] loop2: p9 start 1 is beyond EOD, truncated [ 196.029093] audit: type=1804 audit(1545638753.876:32): pid=7971 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor4" name="/root/syzkaller-testdir249933403/syzkaller.2mQTDp/7/bus" dev="sda1" ino=16554 res=1 [ 196.036521] loop2: p10 start 1 is beyond EOD, truncated [ 196.060641] syz-executor4 (7935) used greatest stack depth: 9872 bytes left [ 196.087390] audit: type=1804 audit(1545638753.916:33): pid=7976 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor4" name="/root/syzkaller-testdir249933403/syzkaller.2mQTDp/7/bus" dev="sda1" ino=16554 res=1 [ 196.128763] loop2: p11 start 1 is beyond EOD, truncated [ 196.132505] audit: type=1804 audit(1545638753.916:34): pid=7972 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor4" name="/root/syzkaller-testdir249933403/syzkaller.2mQTDp/7/bus" dev="sda1" ino=16554 res=1 [ 196.159882] loop2: p12 start 1 is beyond EOD, truncated [ 196.173688] loop2: p13 start 1 is beyond EOD, truncated 08:05:54 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000340)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x4000) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) r2 = creat(&(0x7f00000002c0)='./bus\x00', 0x80) r3 = open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1, 0x11, r3, 0x0) arch_prctl$ARCH_SET_GS(0x1001, 0x1000) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000000)=@hopopts={0x89, 0x2, [], [@hao={0xc9, 0x10, @mcast2}]}, 0x20) stat(0x0, &(0x7f0000000ac0)) write$P9_RSTATu(r2, &(0x7f0000000c40)=ANY=[@ANYRES32, @ANYRES32], 0x8) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 196.184364] loop2: p14 start 1 is beyond EOD, truncated [ 196.195393] loop2: p15 start 1 is beyond EOD, truncated [ 196.240998] loop2: p16 start 1 is beyond EOD, truncated [ 196.252257] loop2: p17 start 1 is beyond EOD, truncated [ 196.262054] audit: type=1804 audit(1545638754.106:35): pid=7991 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor4" name="/root/syzkaller-testdir249933403/syzkaller.2mQTDp/8/bus" dev="sda1" ino=16554 res=1 [ 196.289149] loop2: p18 start 1 is beyond EOD, truncated [ 196.300155] loop2: p19 start 1 is beyond EOD, truncated [ 196.311216] loop2: p20 start 1 is beyond EOD, truncated [ 196.321874] loop2: p21 start 1 is beyond EOD, truncated [ 196.332835] loop2: p22 start 1 is beyond EOD, truncated [ 196.343535] loop2: p23 start 1 is beyond EOD, truncated [ 196.354733] loop2: p24 start 1 is beyond EOD, truncated [ 196.364842] loop2: p25 start 1 is beyond EOD, truncated [ 196.374959] loop2: p26 start 1 is beyond EOD, truncated [ 196.386694] loop2: p27 start 1 is beyond EOD, truncated [ 196.397265] loop2: p28 start 1 is beyond EOD, truncated [ 196.407319] loop2: p29 start 1 is beyond EOD, truncated [ 196.417791] loop2: p30 start 1 is beyond EOD, truncated [ 196.428038] loop2: p31 start 1 is beyond EOD, truncated [ 196.445137] loop2: p32 start 1 is beyond EOD, truncated [ 196.462896] loop2: p33 start 1 is beyond EOD, truncated [ 196.478786] loop2: p34 start 1 is beyond EOD, truncated [ 196.495650] loop2: p35 start 1 is beyond EOD, truncated [ 196.512524] loop2: p36 start 1 is beyond EOD, truncated [ 196.529740] loop2: p37 start 1 is beyond EOD, truncated [ 196.551012] loop2: p38 start 1 is beyond EOD, truncated [ 196.567938] loop2: p39 start 1 is beyond EOD, truncated [ 196.584830] loop2: p40 start 1 is beyond EOD, truncated [ 196.593058] loop2: p41 start 1 is beyond EOD, truncated [ 196.616217] loop2: p42 start 1 is beyond EOD, truncated [ 196.621593] loop2: p43 start 1 is beyond EOD, truncated [ 196.632814] loop2: p44 start 1 is beyond EOD, truncated [ 196.638351] loop2: p45 start 1 is beyond EOD, truncated [ 196.655587] loop2: p46 start 1 is beyond EOD, truncated [ 196.671386] loop2: p47 start 1 is beyond EOD, truncated [ 196.687175] loop2: p48 start 1 is beyond EOD, truncated [ 196.703004] loop2: p49 start 1 is beyond EOD, truncated [ 196.717765] loop2: p50 start 1 is beyond EOD, truncated [ 196.732820] loop2: p51 start 1 is beyond EOD, truncated [ 196.749956] loop2: p52 start 1 is beyond EOD, truncated [ 196.768881] loop2: p53 start 1 is beyond EOD, truncated [ 196.800787] loop2: p54 start 1 is beyond EOD, truncated [ 196.821186] loop2: p55 start 1 is beyond EOD, truncated [ 196.839731] loop2: p56 start 1 is beyond EOD, truncated [ 196.852069] loop2: p57 start 1 is beyond EOD, truncated [ 196.863329] loop2: p58 start 1 is beyond EOD, truncated [ 196.875574] loop2: p59 start 1 is beyond EOD, truncated [ 196.886640] loop2: p60 start 1 is beyond EOD, truncated [ 196.898969] loop2: p61 start 1 is beyond EOD, truncated [ 196.905903] loop2: p62 start 1 is beyond EOD, truncated [ 196.911458] loop2: p63 start 1 is beyond EOD, truncated [ 196.917450] loop2: p64 start 1 is beyond EOD, truncated [ 196.923260] loop2: p65 start 1 is beyond EOD, truncated [ 196.928810] loop2: p66 start 1 is beyond EOD, truncated [ 196.934746] loop2: p67 start 1 is beyond EOD, truncated [ 196.940270] loop2: p68 start 1 is beyond EOD, truncated [ 196.946120] loop2: p69 start 1 is beyond EOD, truncated [ 196.951633] loop2: p70 start 1 is beyond EOD, truncated [ 196.957493] loop2: p71 start 1 is beyond EOD, truncated [ 196.963298] loop2: p72 start 1 is beyond EOD, truncated [ 196.968802] loop2: p73 start 1 is beyond EOD, truncated [ 196.974683] loop2: p74 start 1 is beyond EOD, truncated [ 196.980184] loop2: p75 start 1 is beyond EOD, truncated [ 196.985961] loop2: p76 start 1 is beyond EOD, truncated [ 196.991464] loop2: p77 start 1 is beyond EOD, truncated [ 196.997327] loop2: p78 start 1 is beyond EOD, truncated [ 197.003137] loop2: p79 start 1 is beyond EOD, truncated [ 197.008639] loop2: p80 start 1 is beyond EOD, truncated [ 197.014533] loop2: p81 start 1 is beyond EOD, truncated [ 197.020074] loop2: p82 start 1 is beyond EOD, truncated [ 197.025975] loop2: p83 start 1 is beyond EOD, truncated [ 197.031485] loop2: p84 start 1 is beyond EOD, truncated [ 197.038335] loop2: p85 start 1 is beyond EOD, truncated [ 197.044149] loop2: p86 start 1 is beyond EOD, truncated [ 197.049686] loop2: p87 start 1 is beyond EOD, truncated [ 197.055553] loop2: p88 start 1 is beyond EOD, truncated [ 197.061064] loop2: p89 start 1 is beyond EOD, truncated [ 197.066812] loop2: p90 start 1 is beyond EOD, truncated [ 197.072332] loop2: p91 start 1 is beyond EOD, truncated [ 197.078195] loop2: p92 start 1 is beyond EOD, truncated [ 197.084029] loop2: p93 start 1 is beyond EOD, truncated [ 197.123053] loop2: p94 start 1 is beyond EOD, truncated [ 197.128520] loop2: p95 start 1 is beyond EOD, truncated [ 197.139888] loop2: p96 start 1 is beyond EOD, truncated [ 197.145727] loop2: p97 start 1 is beyond EOD, truncated [ 197.151197] loop2: p98 start 1 is beyond EOD, truncated [ 197.157135] loop2: p99 start 1 is beyond EOD, truncated [ 197.162586] loop2: p100 start 1 is beyond EOD, truncated [ 197.169602] loop2: p101 start 1 is beyond EOD, truncated [ 197.175662] loop2: p102 start 1 is beyond EOD, truncated [ 197.181199] loop2: p103 start 1 is beyond EOD, truncated [ 197.187398] loop2: p104 start 1 is beyond EOD, truncated [ 197.193233] loop2: p105 start 1 is beyond EOD, truncated [ 197.198780] loop2: p106 start 1 is beyond EOD, truncated [ 197.204666] loop2: p107 start 1 is beyond EOD, truncated [ 197.210200] loop2: p108 start 1 is beyond EOD, truncated [ 197.216044] loop2: p109 start 1 is beyond EOD, truncated [ 197.221577] loop2: p110 start 1 is beyond EOD, truncated [ 197.227509] loop2: p111 start 1 is beyond EOD, truncated [ 197.233070] loop2: p112 start 1 is beyond EOD, truncated [ 197.238523] loop2: p113 start 1 is beyond EOD, truncated [ 197.244063] loop2: p114 start 1 is beyond EOD, truncated [ 197.249527] loop2: p115 start 1 is beyond EOD, truncated [ 197.255024] loop2: p116 start 1 is beyond EOD, truncated [ 197.260482] loop2: p117 start 1 is beyond EOD, truncated [ 197.265970] loop2: p118 start 1 is beyond EOD, truncated [ 197.271421] loop2: p119 start 1 is beyond EOD, truncated [ 197.276898] loop2: p120 start 1 is beyond EOD, truncated [ 197.282362] loop2: p121 start 1 is beyond EOD, truncated [ 197.287843] loop2: p122 start 1 is beyond EOD, truncated [ 197.293791] loop2: p123 start 1 is beyond EOD, truncated [ 197.299232] loop2: p124 start 1 is beyond EOD, truncated [ 197.304761] loop2: p125 start 1 is beyond EOD, truncated [ 197.310258] loop2: p126 start 1 is beyond EOD, truncated [ 197.315770] loop2: p127 start 1 is beyond EOD, truncated [ 197.321230] loop2: p128 start 1 is beyond EOD, truncated [ 197.326710] loop2: p129 start 1 is beyond EOD, truncated [ 197.332160] loop2: p130 start 1 is beyond EOD, truncated [ 197.337644] loop2: p131 start 1 is beyond EOD, truncated [ 197.343139] loop2: p132 start 1 is beyond EOD, truncated [ 197.348575] loop2: p133 start 1 is beyond EOD, truncated [ 197.354052] loop2: p134 start 1 is beyond EOD, truncated [ 197.359543] loop2: p135 start 1 is beyond EOD, truncated [ 197.365023] loop2: p136 start 1 is beyond EOD, truncated [ 197.370472] loop2: p137 start 1 is beyond EOD, truncated [ 197.375971] loop2: p138 start 1 is beyond EOD, truncated [ 197.381421] loop2: p139 start 1 is beyond EOD, truncated [ 197.386906] loop2: p140 start 1 is beyond EOD, truncated [ 197.392377] loop2: p141 start 1 is beyond EOD, truncated [ 197.397889] loop2: p142 start 1 is beyond EOD, truncated [ 197.403382] loop2: p143 start 1 is beyond EOD, truncated [ 197.408841] loop2: p144 start 1 is beyond EOD, truncated [ 197.414396] loop2: p145 start 1 is beyond EOD, truncated [ 197.419847] loop2: p146 start 1 is beyond EOD, truncated [ 197.426000] loop2: p147 start 1 is beyond EOD, truncated [ 197.431506] loop2: p148 start 1 is beyond EOD, truncated [ 197.438530] loop2: p149 start 1 is beyond EOD, truncated [ 197.444494] loop2: p150 start 1 is beyond EOD, truncated [ 197.450050] loop2: p151 start 1 is beyond EOD, truncated [ 197.456002] loop2: p152 start 1 is beyond EOD, truncated [ 197.461545] loop2: p153 start 1 is beyond EOD, truncated [ 197.467611] loop2: p154 start 1 is beyond EOD, truncated [ 197.473499] loop2: p155 start 1 is beyond EOD, truncated [ 197.479082] loop2: p156 start 1 is beyond EOD, truncated [ 197.485002] loop2: p157 start 1 is beyond EOD, truncated [ 197.490548] loop2: p158 start 1 is beyond EOD, truncated [ 197.496586] loop2: p159 start 1 is beyond EOD, truncated [ 197.502131] loop2: p160 start 1 is beyond EOD, truncated [ 197.508157] loop2: p161 start 1 is beyond EOD, truncated [ 197.514042] loop2: p162 start 1 is beyond EOD, truncated [ 197.519750] loop2: p163 start 1 is beyond EOD, truncated [ 197.525775] loop2: p164 start 1 is beyond EOD, truncated [ 197.531295] loop2: p165 start 1 is beyond EOD, truncated [ 197.536831] loop2: p166 start 1 is beyond EOD, truncated [ 197.542305] loop2: p167 start 1 is beyond EOD, truncated [ 197.547817] loop2: p168 start 1 is beyond EOD, truncated [ 197.553782] loop2: p169 start 1 is beyond EOD, truncated [ 197.559229] loop2: p170 start 1 is beyond EOD, truncated [ 197.564758] loop2: p171 start 1 is beyond EOD, truncated [ 197.570225] loop2: p172 start 1 is beyond EOD, truncated [ 197.575872] loop2: p173 start 1 is beyond EOD, truncated [ 197.581368] loop2: p174 start 1 is beyond EOD, truncated [ 197.586887] loop2: p175 start 1 is beyond EOD, truncated [ 197.592355] loop2: p176 start 1 is beyond EOD, truncated [ 197.597855] loop2: p177 start 1 is beyond EOD, truncated [ 197.603383] loop2: p178 start 1 is beyond EOD, truncated [ 197.608820] loop2: p179 start 1 is beyond EOD, truncated [ 197.614494] loop2: p180 start 1 is beyond EOD, truncated [ 197.619986] loop2: p181 start 1 is beyond EOD, truncated [ 197.625519] loop2: p182 start 1 is beyond EOD, truncated [ 197.630992] loop2: p183 start 1 is beyond EOD, truncated [ 197.636534] loop2: p184 start 1 is beyond EOD, truncated [ 197.641993] loop2: p185 start 1 is beyond EOD, truncated [ 197.647522] loop2: p186 start 1 is beyond EOD, truncated [ 197.653129] loop2: p187 start 1 is beyond EOD, truncated [ 197.658605] loop2: p188 start 1 is beyond EOD, truncated [ 197.664173] loop2: p189 start 1 is beyond EOD, truncated [ 197.669643] loop2: p190 start 1 is beyond EOD, truncated [ 197.675188] loop2: p191 start 1 is beyond EOD, truncated [ 197.680659] loop2: p192 start 1 is beyond EOD, truncated [ 197.687140] loop2: p193 start 1 is beyond EOD, truncated [ 197.692601] loop2: p194 start 1 is beyond EOD, truncated [ 197.698151] loop2: p195 start 1 is beyond EOD, truncated [ 197.703684] loop2: p196 start 1 is beyond EOD, truncated [ 197.709138] loop2: p197 start 1 is beyond EOD, truncated [ 197.714669] loop2: p198 start 1 is beyond EOD, truncated [ 197.720139] loop2: p199 start 1 is beyond EOD, truncated [ 197.725669] loop2: p200 start 1 is beyond EOD, truncated [ 197.731144] loop2: p201 start 1 is beyond EOD, truncated [ 197.737218] loop2: p202 start 1 is beyond EOD, truncated [ 197.742665] loop2: p203 start 1 is beyond EOD, truncated [ 197.748198] loop2: p204 start 1 is beyond EOD, truncated [ 197.753712] loop2: p205 start 1 is beyond EOD, truncated [ 197.759179] loop2: p206 start 1 is beyond EOD, truncated [ 197.764693] loop2: p207 start 1 is beyond EOD, truncated [ 197.770147] loop2: p208 start 1 is beyond EOD, truncated [ 197.775671] loop2: p209 start 1 is beyond EOD, truncated [ 197.781129] loop2: p210 start 1 is beyond EOD, truncated [ 197.786636] loop2: p211 start 1 is beyond EOD, truncated [ 197.792122] loop2: p212 start 1 is beyond EOD, truncated [ 197.797630] loop2: p213 start 1 is beyond EOD, truncated [ 197.803116] loop2: p214 start 1 is beyond EOD, truncated [ 197.808552] loop2: p215 start 1 is beyond EOD, truncated [ 197.814716] loop2: p216 start 1 is beyond EOD, truncated [ 197.820177] loop2: p217 start 1 is beyond EOD, truncated [ 197.825699] loop2: p218 start 1 is beyond EOD, truncated [ 197.831175] loop2: p219 start 1 is beyond EOD, truncated [ 197.836786] loop2: p220 start 1 is beyond EOD, truncated [ 197.842243] loop2: p221 start 1 is beyond EOD, truncated [ 197.847734] loop2: p222 start 1 is beyond EOD, truncated [ 197.853222] loop2: p223 start 1 is beyond EOD, truncated [ 197.858661] loop2: p224 start 1 is beyond EOD, truncated [ 197.864204] loop2: p225 start 1 is beyond EOD, truncated [ 197.869670] loop2: p226 start 1 is beyond EOD, truncated [ 197.875173] loop2: p227 start 1 is beyond EOD, truncated [ 197.880633] loop2: p228 start 1 is beyond EOD, truncated [ 197.886165] loop2: p229 start 1 is beyond EOD, truncated [ 197.891623] loop2: p230 start 1 is beyond EOD, truncated [ 197.897139] loop2: p231 start 1 is beyond EOD, truncated [ 197.902592] loop2: p232 start 1 is beyond EOD, truncated [ 197.908124] loop2: p233 start 1 is beyond EOD, truncated [ 197.913630] loop2: p234 start 1 is beyond EOD, truncated [ 197.919097] loop2: p235 start 1 is beyond EOD, truncated [ 197.924597] loop2: p236 start 1 is beyond EOD, truncated [ 197.930048] loop2: p237 start 1 is beyond EOD, truncated [ 197.935558] loop2: p238 start 1 is beyond EOD, truncated [ 197.941032] loop2: p239 start 1 is beyond EOD, truncated [ 197.947200] loop2: p240 start 1 is beyond EOD, truncated [ 197.952647] loop2: p241 start 1 is beyond EOD, truncated [ 197.958170] loop2: p242 start 1 is beyond EOD, truncated [ 197.963659] loop2: p243 start 1 is beyond EOD, truncated [ 197.969095] loop2: p244 start 1 is beyond EOD, truncated [ 197.974651] loop2: p245 start 1 is beyond EOD, truncated [ 197.980112] loop2: p246 start 1 is beyond EOD, truncated [ 197.985644] loop2: p247 start 1 is beyond EOD, truncated [ 197.991092] loop2: p248 start 1 is beyond EOD, truncated [ 197.996625] loop2: p249 start 1 is beyond EOD, truncated [ 198.002088] loop2: p250 start 1 is beyond EOD, truncated [ 198.007582] loop2: p251 start 1 is beyond EOD, truncated [ 198.013064] loop2: p252 start 1 is beyond EOD, truncated [ 198.018497] loop2: p253 start 1 is beyond EOD, truncated [ 198.024007] loop2: p254 start 1 is beyond EOD, truncated [ 198.029468] loop2: p255 start 1 is beyond EOD, truncated 08:05:55 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}]) fcntl$dupfd(0xffffffffffffffff, 0x406, r0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x1ff, 0x4, 0x0, 0x5, 0x0, 0x4, 0x44020, 0x2, 0x7, 0x0, 0x7ff, 0x0, 0x45ad, 0x9, 0x0, 0x7ca, 0x6, 0x101, 0x0, 0x5, 0x0, 0x9, 0x5376, 0x7, 0x4, 0x7, 0x0, 0x0, 0x2, 0x4, 0x24d, 0x0, 0x400, 0x8001, 0x0, 0x2, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x0, 0x10000, 0x0, 0x6, 0x1f, 0x5}, 0x0, 0x1, 0xffffffffffffff9c, 0x8) socket$inet(0x2, 0x0, 0x200000000000) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x1) dup3(r0, 0xffffffffffffffff, 0x5c5eb52e10e8e865) socketpair$unix(0x1, 0x0, 0x0, 0x0) fsetxattr$trusted_overlay_upper(0xffffffffffffffff, 0x0, &(0x7f0000000580)=ANY=[], 0x0, 0x0) prctl$PR_GET_DUMPABLE(0x3) 08:05:55 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000001100)=[{{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000003540)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:05:55 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:05:55 executing program 3: bind$inet(0xffffffffffffffff, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r1 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000140)={0xffffffffffffffff, r0}) ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000100)={0xffffffffffffffff, r0}) 08:05:56 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) io_submit(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000200), 0xfffffdcc}]) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x13) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0x9c}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:05:56 executing program 4: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20}, 0x1c) listen(r0, 0x1ffffffc) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg(r1, &(0x7f00000055c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=[{0x10}], 0x438}}], 0x1, 0x0) 08:05:56 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:05:56 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) [ 198.171263] warning: process `syz-executor1' used the deprecated sysctl system call with [ 198.194622] __loop_clr_fd: partition scan of loop2 failed (rc=-22) 08:05:56 executing program 4: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85a, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ustat(0x6, &(0x7f0000000080)) 08:05:56 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000001100)=[{{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000003540)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:05:56 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 198.338014] loop2: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21 [ 198.338027] loop2: partition table partially beyond EOD, [ 198.438575] truncated [ 198.441492] loop2: p1 start 1 is beyond EOD, truncated [ 198.464349] loop2: p2 size 2 extends beyond EOD, truncated 08:05:56 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r0, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) [ 198.487135] loop2: p3 start 201 is beyond EOD, truncated [ 198.502900] loop2: p4 start 301 is beyond EOD, truncated [ 198.527207] loop2: p5 start 1 is beyond EOD, truncated [ 198.551797] loop2: p6 start 1 is beyond EOD, truncated [ 198.597441] loop2: p7 start 1 is beyond EOD, truncated [ 198.611413] loop2: p8 start 1 is beyond EOD, truncated [ 198.627025] loop2: p9 start 1 is beyond EOD, truncated [ 198.648997] loop2: p10 start 1 is beyond EOD, truncated [ 198.658217] loop2: p11 start 1 is beyond EOD, truncated [ 198.664712] loop2: p12 start 1 is beyond EOD, truncated [ 198.670263] loop2: p13 start 1 is beyond EOD, truncated [ 198.677226] loop2: p14 start 1 is beyond EOD, truncated [ 198.689061] loop2: p15 start 1 is beyond EOD, truncated [ 198.699573] loop2: p16 start 1 is beyond EOD, truncated [ 198.705218] loop2: p17 start 1 is beyond EOD, truncated [ 198.710645] loop2: p18 start 1 is beyond EOD, truncated [ 198.716160] loop2: p19 start 1 is beyond EOD, truncated [ 198.721531] loop2: p20 start 1 is beyond EOD, truncated [ 198.727742] loop2: p21 start 1 is beyond EOD, truncated [ 198.733831] loop2: p22 start 1 is beyond EOD, truncated [ 198.739193] loop2: p23 start 1 is beyond EOD, truncated [ 198.748923] loop2: p24 start 1 is beyond EOD, truncated [ 198.754386] loop2: p25 start 1 is beyond EOD, truncated [ 198.759768] loop2: p26 start 1 is beyond EOD, truncated [ 198.765208] loop2: p27 start 1 is beyond EOD, truncated [ 198.770575] loop2: p28 start 1 is beyond EOD, truncated [ 198.776083] loop2: p29 start 1 is beyond EOD, truncated [ 198.781469] loop2: p30 start 1 is beyond EOD, truncated [ 198.786950] loop2: p31 start 1 is beyond EOD, truncated [ 198.792329] loop2: p32 start 1 is beyond EOD, truncated [ 198.798264] loop2: p33 start 1 is beyond EOD, truncated [ 198.803711] loop2: p34 start 1 is beyond EOD, truncated [ 198.803725] loop2: p35 start 1 is beyond EOD, truncated [ 198.803735] loop2: p36 start 1 is beyond EOD, truncated [ 198.803745] loop2: p37 start 1 is beyond EOD, truncated [ 198.803756] loop2: p38 start 1 is beyond EOD, truncated [ 198.803767] loop2: p39 start 1 is beyond EOD, truncated [ 198.803777] loop2: p40 start 1 is beyond EOD, truncated [ 198.803787] loop2: p41 start 1 is beyond EOD, truncated [ 198.803798] loop2: p42 start 1 is beyond EOD, truncated [ 198.803822] loop2: p43 start 1 is beyond EOD, truncated [ 198.803848] loop2: p44 start 1 is beyond EOD, truncated [ 198.803864] loop2: p45 start 1 is beyond EOD, truncated [ 198.803874] loop2: p46 start 1 is beyond EOD, truncated [ 198.803883] loop2: p47 start 1 is beyond EOD, truncated [ 198.803892] loop2: p48 start 1 is beyond EOD, truncated [ 198.803901] loop2: p49 start 1 is beyond EOD, truncated [ 198.814832] loop2: p50 start 1 is beyond EOD, truncated [ 198.814860] loop2: p51 start 1 is beyond EOD, truncated [ 198.814871] loop2: p52 start 1 is beyond EOD, truncated [ 198.814882] loop2: p53 start 1 is beyond EOD, truncated [ 198.814893] loop2: p54 start 1 is beyond EOD, truncated [ 198.814903] loop2: p55 start 1 is beyond EOD, truncated [ 198.814914] loop2: p56 start 1 is beyond EOD, truncated [ 198.825723] loop2: p57 start 1 is beyond EOD, truncated [ 198.825736] loop2: p58 start 1 is beyond EOD, truncated [ 198.825746] loop2: p59 start 1 is beyond EOD, truncated [ 198.825757] loop2: p60 start 1 is beyond EOD, truncated [ 198.825768] loop2: p61 start 1 is beyond EOD, truncated [ 198.825777] loop2: p62 start 1 is beyond EOD, truncated [ 198.825788] loop2: p63 start 1 is beyond EOD, truncated [ 198.825799] loop2: p64 start 1 is beyond EOD, truncated [ 198.825815] loop2: p65 start 1 is beyond EOD, truncated [ 198.836588] loop2: p66 start 1 is beyond EOD, truncated [ 198.836602] loop2: p67 start 1 is beyond EOD, truncated [ 198.836612] loop2: p68 start 1 is beyond EOD, truncated [ 198.836622] loop2: p69 start 1 is beyond EOD, truncated [ 198.836633] loop2: p70 start 1 is beyond EOD, truncated [ 198.836644] loop2: p71 start 1 is beyond EOD, truncated [ 198.836655] loop2: p72 start 1 is beyond EOD, truncated [ 198.836667] loop2: p73 start 1 is beyond EOD, truncated [ 198.836677] loop2: p74 start 1 is beyond EOD, truncated [ 198.836692] loop2: p75 start 1 is beyond EOD, truncated [ 198.847466] loop2: p76 start 1 is beyond EOD, truncated [ 198.847479] loop2: p77 start 1 is beyond EOD, truncated [ 198.847497] loop2: p78 start 1 is beyond EOD, truncated [ 198.859762] loop2: p79 start 1 is beyond EOD, truncated [ 198.869706] loop2: p80 start 1 is beyond EOD, truncated [ 198.880589] loop2: p81 start 1 is beyond EOD, truncated [ 198.891464] loop2: p82 start 1 is beyond EOD, truncated [ 198.902445] loop2: p83 start 1 is beyond EOD, truncated [ 198.913319] loop2: p84 start 1 is beyond EOD, truncated [ 198.924326] loop2: p85 start 1 is beyond EOD, truncated [ 198.935115] loop2: p86 start 1 is beyond EOD, truncated [ 198.946115] loop2: p87 start 1 is beyond EOD, truncated [ 198.956775] loop2: p88 start 1 is beyond EOD, truncated [ 198.967640] loop2: p89 start 1 is beyond EOD, truncated [ 198.978577] loop2: p90 start 1 is beyond EOD, truncated [ 198.990360] loop2: p91 start 1 is beyond EOD, truncated [ 199.118640] loop2: p92 start 1 is beyond EOD, truncated [ 199.124639] loop2: p93 start 1 is beyond EOD, truncated [ 199.138383] loop2: p94 start 1 is beyond EOD, truncated [ 199.143943] loop2: p95 start 1 is beyond EOD, truncated [ 199.149450] loop2: p96 start 1 is beyond EOD, truncated [ 199.155024] loop2: p97 start 1 is beyond EOD, truncated [ 199.155037] loop2: p98 start 1 is beyond EOD, truncated [ 199.155048] loop2: p99 start 1 is beyond EOD, truncated [ 199.155058] loop2: p100 start 1 is beyond EOD, truncated [ 199.177356] loop2: p101 start 1 is beyond EOD, truncated [ 199.183195] loop2: p102 start 1 is beyond EOD, truncated [ 199.188789] loop2: p103 start 1 is beyond EOD, truncated [ 199.194479] loop2: p104 start 1 is beyond EOD, truncated [ 199.200109] loop2: p105 start 1 is beyond EOD, truncated [ 199.205740] loop2: p106 start 1 is beyond EOD, truncated [ 199.211348] loop2: p107 start 1 is beyond EOD, truncated [ 199.217020] loop2: p108 start 1 is beyond EOD, truncated [ 199.222620] loop2: p109 start 1 is beyond EOD, truncated [ 199.228385] loop2: p110 start 1 is beyond EOD, truncated [ 199.233999] loop2: p111 start 1 is beyond EOD, truncated [ 199.239565] loop2: p112 start 1 is beyond EOD, truncated [ 199.245818] loop2: p113 start 1 is beyond EOD, truncated [ 199.251283] loop2: p114 start 1 is beyond EOD, truncated [ 199.256865] loop2: p115 start 1 is beyond EOD, truncated [ 199.262352] loop2: p116 start 1 is beyond EOD, truncated [ 199.267860] loop2: p117 start 1 is beyond EOD, truncated [ 199.273350] loop2: p118 start 1 is beyond EOD, truncated [ 199.273364] loop2: p119 start 1 is beyond EOD, truncated [ 199.273376] loop2: p120 start 1 is beyond EOD, truncated [ 199.273387] loop2: p121 start 1 is beyond EOD, truncated [ 199.273398] loop2: p122 start 1 is beyond EOD, truncated [ 199.273409] loop2: p123 start 1 is beyond EOD, truncated [ 199.273420] loop2: p124 start 1 is beyond EOD, truncated [ 199.273431] loop2: p125 start 1 is beyond EOD, truncated [ 199.284392] loop2: p126 start 1 is beyond EOD, truncated [ 199.284405] loop2: p127 start 1 is beyond EOD, truncated [ 199.295360] loop2: p128 start 1 is beyond EOD, truncated [ 199.295373] loop2: p129 start 1 is beyond EOD, truncated [ 199.295385] loop2: p130 start 1 is beyond EOD, truncated [ 199.295396] loop2: p131 start 1 is beyond EOD, truncated [ 199.295407] loop2: p132 start 1 is beyond EOD, truncated [ 199.295418] loop2: p133 start 1 is beyond EOD, truncated [ 199.295430] loop2: p134 start 1 is beyond EOD, truncated [ 199.306382] loop2: p135 start 1 is beyond EOD, truncated [ 199.306394] loop2: p136 start 1 is beyond EOD, truncated [ 199.317334] loop2: p137 start 1 is beyond EOD, truncated [ 199.317347] loop2: p138 start 1 is beyond EOD, truncated [ 199.317358] loop2: p139 start 1 is beyond EOD, truncated [ 199.317369] loop2: p140 start 1 is beyond EOD, truncated [ 199.317380] loop2: p141 start 1 is beyond EOD, truncated [ 199.317392] loop2: p142 start 1 is beyond EOD, truncated [ 199.328370] loop2: p143 start 1 is beyond EOD, truncated [ 199.328382] loop2: p144 start 1 is beyond EOD, truncated [ 199.328394] loop2: p145 start 1 is beyond EOD, truncated [ 199.328405] loop2: p146 start 1 is beyond EOD, truncated [ 199.328416] loop2: p147 start 1 is beyond EOD, truncated [ 199.339401] loop2: p148 start 1 is beyond EOD, truncated [ 199.339413] loop2: p149 start 1 is beyond EOD, truncated [ 199.339425] loop2: p150 start 1 is beyond EOD, truncated [ 199.339436] loop2: p151 start 1 is beyond EOD, truncated [ 199.339447] loop2: p152 start 1 is beyond EOD, truncated [ 199.350391] loop2: p153 start 1 is beyond EOD, truncated [ 199.350403] loop2: p154 start 1 is beyond EOD, truncated [ 199.350415] loop2: p155 start 1 is beyond EOD, truncated [ 199.350426] loop2: p156 start 1 is beyond EOD, truncated [ 199.350437] loop2: p157 start 1 is beyond EOD, truncated [ 199.361377] loop2: p158 start 1 is beyond EOD, truncated [ 199.361389] loop2: p159 start 1 is beyond EOD, truncated [ 199.361400] loop2: p160 start 1 is beyond EOD, truncated [ 199.361412] loop2: p161 start 1 is beyond EOD, truncated [ 199.361423] loop2: p162 start 1 is beyond EOD, truncated [ 199.372368] loop2: p163 start 1 is beyond EOD, truncated [ 199.372381] loop2: p164 start 1 is beyond EOD, truncated [ 199.372392] loop2: p165 start 1 is beyond EOD, truncated [ 199.372404] loop2: p166 start 1 is beyond EOD, truncated [ 199.372414] loop2: p167 start 1 is beyond EOD, truncated [ 199.384303] loop2: p168 start 1 is beyond EOD, truncated [ 199.394574] loop2: p169 start 1 is beyond EOD, truncated [ 199.405587] loop2: p170 start 1 is beyond EOD, truncated [ 199.416595] loop2: p171 start 1 is beyond EOD, truncated [ 199.427619] loop2: p172 start 1 is beyond EOD, truncated [ 199.438585] loop2: p173 start 1 is beyond EOD, truncated [ 199.449570] loop2: p174 start 1 is beyond EOD, truncated [ 199.586607] loop2: p175 start 1 is beyond EOD, truncated [ 199.592199] loop2: p176 start 1 is beyond EOD, truncated [ 199.598835] loop2: p177 start 1 is beyond EOD, truncated [ 199.604828] loop2: p178 start 1 is beyond EOD, truncated [ 199.610384] loop2: p179 start 1 is beyond EOD, truncated [ 199.616550] loop2: p180 start 1 is beyond EOD, truncated [ 199.622138] loop2: p181 start 1 is beyond EOD, truncated [ 199.629148] loop2: p182 start 1 is beyond EOD, truncated [ 199.634684] loop2: p183 start 1 is beyond EOD, truncated [ 199.640131] loop2: p184 start 1 is beyond EOD, truncated [ 199.645647] loop2: p185 start 1 is beyond EOD, truncated [ 199.651108] loop2: p186 start 1 is beyond EOD, truncated [ 199.657594] loop2: p187 start 1 is beyond EOD, truncated [ 199.663114] loop2: p188 start 1 is beyond EOD, truncated [ 199.668566] loop2: p189 start 1 is beyond EOD, truncated [ 199.674082] loop2: p190 start 1 is beyond EOD, truncated [ 199.679558] loop2: p191 start 1 is beyond EOD, truncated [ 199.685058] loop2: p192 start 1 is beyond EOD, truncated [ 199.690528] loop2: p193 start 1 is beyond EOD, truncated [ 199.696038] loop2: p194 start 1 is beyond EOD, truncated [ 199.701535] loop2: p195 start 1 is beyond EOD, truncated [ 199.707028] loop2: p196 start 1 is beyond EOD, truncated [ 199.712499] loop2: p197 start 1 is beyond EOD, truncated [ 199.717986] loop2: p198 start 1 is beyond EOD, truncated [ 199.723481] loop2: p199 start 1 is beyond EOD, truncated [ 199.728917] loop2: p200 start 1 is beyond EOD, truncated [ 199.734403] loop2: p201 start 1 is beyond EOD, truncated [ 199.739896] loop2: p202 start 1 is beyond EOD, truncated [ 199.745395] loop2: p203 start 1 is beyond EOD, truncated [ 199.750864] loop2: p204 start 1 is beyond EOD, truncated [ 199.756361] loop2: p205 start 1 is beyond EOD, truncated [ 199.761839] loop2: p206 start 1 is beyond EOD, truncated [ 199.767327] loop2: p207 start 1 is beyond EOD, truncated [ 199.772844] loop2: p208 start 1 is beyond EOD, truncated [ 199.778287] loop2: p209 start 1 is beyond EOD, truncated [ 199.783822] loop2: p210 start 1 is beyond EOD, truncated [ 199.789292] loop2: p211 start 1 is beyond EOD, truncated [ 199.794802] loop2: p212 start 1 is beyond EOD, truncated [ 199.800250] loop2: p213 start 1 is beyond EOD, truncated [ 199.805832] loop2: p214 start 1 is beyond EOD, truncated [ 199.811296] loop2: p215 start 1 is beyond EOD, truncated [ 199.816895] loop2: p216 start 1 is beyond EOD, truncated [ 199.822360] loop2: p217 start 1 is beyond EOD, truncated [ 199.827880] loop2: p218 start 1 is beyond EOD, truncated [ 199.833362] loop2: p219 start 1 is beyond EOD, truncated [ 199.838802] loop2: p220 start 1 is beyond EOD, truncated [ 199.844333] loop2: p221 start 1 is beyond EOD, truncated [ 199.849836] loop2: p222 start 1 is beyond EOD, truncated [ 199.855337] loop2: p223 start 1 is beyond EOD, truncated [ 199.860814] loop2: p224 start 1 is beyond EOD, truncated [ 199.866307] loop2: p225 start 1 is beyond EOD, truncated [ 199.871758] loop2: p226 start 1 is beyond EOD, truncated [ 199.877248] loop2: p227 start 1 is beyond EOD, truncated [ 199.882773] loop2: p228 start 1 is beyond EOD, truncated [ 199.888224] loop2: p229 start 1 is beyond EOD, truncated [ 199.893706] loop2: p230 start 1 is beyond EOD, truncated [ 199.899175] loop2: p231 start 1 is beyond EOD, truncated [ 199.904662] loop2: p232 start 1 is beyond EOD, truncated [ 199.910123] loop2: p233 start 1 is beyond EOD, truncated [ 199.915616] loop2: p234 start 1 is beyond EOD, truncated [ 199.921069] loop2: p235 start 1 is beyond EOD, truncated [ 199.926557] loop2: p236 start 1 is beyond EOD, truncated [ 199.932066] loop2: p237 start 1 is beyond EOD, truncated [ 199.937549] loop2: p238 start 1 is beyond EOD, truncated [ 199.943047] loop2: p239 start 1 is beyond EOD, truncated [ 199.948489] loop2: p240 start 1 is beyond EOD, truncated [ 199.954013] loop2: p241 start 1 is beyond EOD, truncated [ 199.959462] loop2: p242 start 1 is beyond EOD, truncated [ 199.964953] loop2: p243 start 1 is beyond EOD, truncated [ 199.970421] loop2: p244 start 1 is beyond EOD, truncated [ 199.975925] loop2: p245 start 1 is beyond EOD, truncated [ 199.981401] loop2: p246 start 1 is beyond EOD, truncated [ 199.986883] loop2: p247 start 1 is beyond EOD, truncated [ 199.992367] loop2: p248 start 1 is beyond EOD, truncated [ 199.997877] loop2: p249 start 1 is beyond EOD, truncated 08:05:57 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="000000000000000000000000000000000010000000000000ed793afe0000000002008201260001000000640000000001270005000000000000006400000000030d0085043100c90000006400000000043200052020002d010000d306000055aa", 0x60, 0x1a0}]) fcntl$dupfd(0xffffffffffffffff, 0x406, r0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x1ff, 0x4, 0x0, 0x5, 0x0, 0x4, 0x44020, 0x2, 0x7, 0x0, 0x7ff, 0x0, 0x45ad, 0x9, 0x0, 0x7ca, 0x6, 0x101, 0x0, 0x5, 0x0, 0x9, 0x5376, 0x7, 0x4, 0x7, 0x0, 0x0, 0x2, 0x4, 0x24d, 0x0, 0x400, 0x8001, 0x0, 0x2, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x0, 0x10000, 0x0, 0x6, 0x1f, 0x5}, 0x0, 0x1, 0xffffffffffffff9c, 0x8) socket$inet(0x2, 0x0, 0x200000000000) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x1) dup3(r0, 0xffffffffffffffff, 0x5c5eb52e10e8e865) socketpair$unix(0x1, 0x0, 0x0, 0x0) fsetxattr$trusted_overlay_upper(0xffffffffffffffff, 0x0, &(0x7f0000000580)=ANY=[], 0x0, 0x0) prctl$PR_GET_DUMPABLE(0x3) [ 200.003355] loop2: p250 start 1 is beyond EOD, truncated [ 200.008805] loop2: p251 start 1 is beyond EOD, truncated [ 200.014294] loop2: p252 start 1 is beyond EOD, truncated [ 200.019752] loop2: p253 start 1 is beyond EOD, truncated [ 200.025235] loop2: p254 start 1 is beyond EOD, truncated [ 200.030716] loop2: p255 start 1 is beyond EOD, truncated 08:05:57 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:05:57 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000001100)=[{{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000003540)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:05:57 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 200.139084] __loop_clr_fd: partition scan of loop2 failed (rc=-22) [ 200.202139] print_req_error: 1670 callbacks suppressed [ 200.202150] print_req_error: I/O error, dev loop2, sector 0 flags 80700 [ 200.215208] print_req_error: I/O error, dev loop2, sector 0 flags 0 [ 200.221621] buffer_io_error: 1658 callbacks suppressed [ 200.221627] Buffer I/O error on dev loop2p2, logical block 0, async page read [ 200.234730] print_req_error: I/O error, dev loop2, sector 0 flags 0 [ 200.241214] Buffer I/O error on dev loop2p2, logical block 0, async page read [ 200.249125] print_req_error: I/O error, dev loop2, sector 0 flags 0 [ 200.255689] Buffer I/O error on dev loop2p2, logical block 0, async page read [ 200.283076] loop_reread_partitions: partition scan of loop2 () failed (rc=-16) [ 200.377671] __loop_clr_fd: partition scan of loop2 failed (rc=-22) 08:05:59 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) io_submit(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000200), 0xfffffdcc}]) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x13) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0x9c}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:05:59 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) syz_emit_ethernet(0x437, &(0x7f0000000200)={@local, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x401, 0x11, 0x0, @dev, @local, {[], @dccp={{0x0, 0x4e20, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}, "2b00b32def4f1142b6793bb530f9b20e90aa25d5c2b9431efd840a07c1922833b2c789aefbbaee9f63cbab38a8acfb8dba0595ecb683e74ea2bc44a7aee9c52e18ca01c06a5c354712b8b1ff75f45ba55a3487c83849023d37e037d2d3e3e842e9ba099e9ed8775d1173d8e78335aa65d58f54c1d78d4fce897cfefa24b7f268f90be76c7f4e1bfe4d84a869353e931c3732afea55697618a1318ecb657b34172b93fd59d7988d43630cf81e976a0ea01fd8b2547ab593bc605c985f56664b84ed3c9f90ffb666e030c794e2d2d5070af38d83dc275da88cfe6910b2ded59f6c418af5d247237eceb14857c1d7c3ee32e729d9793040f8f4e432eb875a89fe31cbed117f0e76643797169fba3dac3f377d145ce97980ba626da7a279e698a9e040a22d63c535f0ee06adb59e9e06ad7295e6601f3a5fe9b581975993c6c775734212bccb26288d42a672c965d40e80d0e1908f04425a60a08241378ec7ff88315de073b64c5f9647e51732be34988e0948f12e6c560bedbece811bca501d4389dbfe20e4df5160cd7324c0670c7b3e8980b061e31b1c8461d6f7a63f9e9fd24326924c076e01631a0b9703a6106accfaa064075fa1f16e16c5171b6a324e8642b2ab76618b824110c312ab12d9f65d6a980634a6a7cba8bf89e01a91259f446232476a1c490982636b78d1300befab1a2f6e8261e07336c5692db37bb7d3cebf4a942b62f2fa6cceb7e488aa02b2e52c6f82bd3792845fff41cce52e0469d14821ce11491864860c11421a92dae3152eb23106a0c679d2b1f0a9809b56abdcf893f9531508f24e64ec911fd8e8b3c8fd2291f1a7b910222c38533d4caadac9acd194be7e53549c1719bdf668887a0e19db83b5356f8f7d93cbef1ef3505dcc40d0d2a02a2745ab518979b9c3774babfe8e70ead767c7a00289b8cc6e51d1a957548270cb3f5064961a88f61b34f9442d78ae5a8551713f9afb4269d689f9adb6b4a902a637184f7f899efe9fa0ddb45cd1076c4eeeda51ca8dc20dcfc9cc5f56768073b3f4c2c9f543324a4fd0b8bc7b95e232bf85bf222394fa4336ab4007d7ad2dc85afa6eb79ad2624c4be6c674ee98fce9a51786b7cc2b5044de114d36d2690e13bcedf96590c7d5aeb8040b74c4d6a5aa38a7c1f0857522f4f968795056b9a7034dc3444784f9486b575e44dec3216d72845500e63297d7197961e7e593ea3411001d1d47ba42d70e7af8e91246c02d7e37ff0eb60abebc37dd00315b4fbb09e77a6b5f7e8441818ebcfafecf622731f1db8a11fa2de8e30d808bedbfee104b3b1100f5094675521da07dd2a28be7e486b325a0f0e6d75116be1bbc2aa20deb64a6e4e7b824b12d009e6f1802f5a8e31559b125d71d00a5684fbde4668f5af1eb4ca04fa7c4ef4d2a194b0856e007"}}}}}}, 0x0) recvfrom(r0, &(0x7f00000000c0)=""/251, 0x3f9, 0x0, &(0x7f0000000000)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "8df0d47434cdbcd50af760189e41d163f0fc8a3fcd8091d7e462359ba12143866e68a9028c2ccc7c1fc5ae13c3f188e2e7d7b8b4d32be094067b9571df0821"}, 0x709000) 08:05:59 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, 0x0, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:05:59 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000001100)=[{{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000003540)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:05:59 executing program 2: r0 = memfd_create(&(0x7f0000000080)='/dev/autofs\x00', 0x2) setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f00000000c0)=0x2, 0x4) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0x4000, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000100)) r2 = socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open$cgroup(&(0x7f0000000280)={0x0, 0x70, 0x401, 0xece, 0x8, 0x4, 0x0, 0x0, 0x10, 0x1, 0x9, 0x7, 0x4, 0x0, 0x1, 0xffffffffffffff17, 0x9, 0x80, 0x3, 0x8, 0x34d, 0x6, 0x8, 0x101, 0x8, 0x9, 0x0, 0x100, 0x1, 0x7, 0x3, 0x1, 0x800, 0xb37c, 0x8001, 0x100000000, 0x81, 0xfffffffffffffffb, 0x0, 0x87, 0x1, @perf_config_ext={0x0, 0x3}, 0x20, 0x1, 0x5, 0xd, 0x2, 0x7ff}, r0, 0x5, r0, 0x4) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000180)={{}, {0x20000000304, @link_local}, 0x3, {0x2, 0x0, @broadcast}, '\x00\x00\x00\x00\x01\x00\x00\x00\xff\xff\xff\xff\xff\xff\xf1\x00'}) ioctl$EVIOCGPROP(r1, 0x80404509, &(0x7f0000000240)=""/40) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x1, @remote, 0xffffffffffffff80}, 0x1c) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r0) 08:05:59 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:05:59 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, 0x0, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:05:59 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:05:59 executing program 2: r0 = memfd_create(&(0x7f0000000080)='/dev/autofs\x00', 0x2) setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f00000000c0)=0x2, 0x4) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0x4000, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000100)) r2 = socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open$cgroup(&(0x7f0000000280)={0x0, 0x70, 0x401, 0xece, 0x8, 0x4, 0x0, 0x0, 0x10, 0x1, 0x9, 0x7, 0x4, 0x0, 0x1, 0xffffffffffffff17, 0x9, 0x80, 0x3, 0x8, 0x34d, 0x6, 0x8, 0x101, 0x8, 0x9, 0x0, 0x100, 0x1, 0x7, 0x3, 0x1, 0x800, 0xb37c, 0x8001, 0x100000000, 0x81, 0xfffffffffffffffb, 0x0, 0x87, 0x1, @perf_config_ext={0x0, 0x3}, 0x20, 0x1, 0x5, 0xd, 0x2, 0x7ff}, r0, 0x5, r0, 0x4) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000180)={{}, {0x20000000304, @link_local}, 0x3, {0x2, 0x0, @broadcast}, '\x00\x00\x00\x00\x01\x00\x00\x00\xff\xff\xff\xff\xff\xff\xf1\x00'}) ioctl$EVIOCGPROP(r1, 0x80404509, &(0x7f0000000240)=""/40) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x1, @remote, 0xffffffffffffff80}, 0x1c) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r0) 08:05:59 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, 0x0, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:05:59 executing program 2: socketpair$unix(0x1, 0x80002, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x1000000004e23, @local}, 0x10) mkdir(&(0x7f0000000940)='./file0\x00', 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 08:05:59 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:02 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) io_submit(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000200), 0xfffffdcc}]) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x13) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0x9c}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:06:02 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x0, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:02 executing program 0: bind(0xffffffffffffffff, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(0xffffffffffffffff, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:02 executing program 2: r0 = gettid() ioctl$TIOCLINUX3(0xffffffffffffffff, 0x541c, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) dup(0xffffffffffffffff) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) getgid() timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) ioctl$PIO_UNIMAPCLR(0xffffffffffffffff, 0x4b68, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockname$netlink(r1, 0x0, &(0x7f0000000040)) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff) statfs(0x0, 0x0) tkill(r0, 0x1000000000016) io_getevents(0x0, 0x0, 0x0, 0x0, 0x0) 08:06:02 executing program 4: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20}, 0x1c) listen(r0, 0x1ffffffc) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg(r1, &(0x7f0000002dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001640)=[{0x10, 0x10d}], 0x10}}], 0x1, 0x0) 08:06:02 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:02 executing program 0: bind(0xffffffffffffffff, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(0xffffffffffffffff, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:02 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x46, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) vmsplice(r0, &(0x7f0000002440)=[{&(0x7f0000000040)='u', 0x1}, {0x0}], 0x2, 0x0) 08:06:02 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x0, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:02 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000), 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:02 executing program 2: io_setup(0x0, 0x0) io_getevents(0x0, 0x0, 0x0, 0x0, 0x0) io_getevents(0x0, 0x0, 0x0, 0x0, 0x0) 08:06:02 executing program 0: bind(0xffffffffffffffff, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(0xffffffffffffffff, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:05 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) io_submit(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000200), 0xfffffdcc}]) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x13) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0x9c}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:06:05 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x18, 0x32, 0x829, 0x0, 0x0, {0x3}, [@nested={0x4}]}, 0x18}}, 0x0) 08:06:05 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x0, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:05 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:05 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x0) fcntl$setstatus(r0, 0x4, 0x6000) read(r0, &(0x7f00000004c0)=""/244, 0xfffffea0) 08:06:05 executing program 0: r0 = socket$inet(0x2, 0x0, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:05 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:05 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:05 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000250007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0) 08:06:05 executing program 2: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000250007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 08:06:05 executing program 4: perf_event_open(&(0x7f0000000100)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x0, 0x0, 0x0) 08:06:05 executing program 0: r0 = socket$inet(0x2, 0x0, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) [ 207.528959] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'. 08:06:08 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) io_submit(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000200), 0xfffffdcc}]) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x13) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0x9c}) ptrace$cont(0x20, r0, 0x0, 0x0) 08:06:08 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:08 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:08 executing program 0: r0 = socket$inet(0x2, 0x0, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:08 executing program 4: r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) [ 210.431133] binder: 8200 invalid dec weak, ref 2 desc 0 s 1 w 0 [ 210.463780] binder: 8200:8201 got reply transaction with no transaction stack 08:06:08 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:08 executing program 4: r0 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)={0x0, 0x5}) 08:06:08 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) [ 210.492206] binder: 8200:8201 transaction failed 29201/-71, size 0-0 line 2755 [ 210.523674] binder: undelivered TRANSACTION_ERROR: 29201 08:06:08 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(0xffffffffffffffff, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:08 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 210.672894] binder: 8234 invalid dec weak, ref 6 desc 0 s 1 w 0 [ 210.679247] binder: 8234:8235 got reply transaction with no transaction stack [ 210.688239] binder: 8234:8235 transaction failed 29201/-71, size 0-0 line 2755 [ 210.705069] binder: undelivered TRANSACTION_ERROR: 29201 08:06:11 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) io_submit(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000200), 0xfffffdcc}]) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x13) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0x9c}) ptrace$cont(0x20, r0, 0x0, 0x0) 08:06:11 executing program 4: r0 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)={0x0, 0x5}) 08:06:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:11 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:11 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:11 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(0xffffffffffffffff, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:11 executing program 4: r0 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)={0x0, 0x5}) 08:06:11 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:11 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) [ 213.523231] binder: 8241 invalid dec weak, ref 9 desc 0 s 1 w 0 [ 213.542670] binder: 8241:8249 got reply transaction with no transaction stack [ 213.561637] binder: 8241:8249 transaction failed 29201/-71, size 0-0 line 2755 08:06:11 executing program 4: r0 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)={0x0, 0x5}) 08:06:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) [ 213.613790] binder: undelivered TRANSACTION_ERROR: 29201 08:06:11 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 213.726473] binder: 8269 invalid dec weak, ref 12 desc 0 s 1 w 0 [ 213.740052] binder: 8269:8270 got reply transaction with no transaction stack [ 213.757517] binder: 8269:8270 transaction failed 29201/-71, size 0-0 line 2755 [ 213.797755] binder: undelivered TRANSACTION_ERROR: 29201 08:06:14 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) io_submit(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000200), 0xfffffdcc}]) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x13) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0x9c}) ptrace$cont(0x20, r0, 0x0, 0x0) 08:06:14 executing program 4: ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000140)={0x0, 0x5}) 08:06:14 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:14 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:14 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(0xffffffffffffffff, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:14 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:14 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:14 executing program 4: ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000140)={0x0, 0x5}) [ 216.702051] binder: 8294:8296 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 216.731922] binder: 8294:8296 got reply transaction with no transaction stack [ 216.742981] binder: 8294:8296 transaction failed 29201/-71, size 0-0 line 2755 08:06:14 executing program 4: ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000140)={0x0, 0x5}) 08:06:14 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) [ 216.756974] binder: undelivered TRANSACTION_ERROR: 29201 08:06:17 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:17 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:17 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) io_submit(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000200), 0xfffffdcc}]) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x13) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:06:17 executing program 4: r0 = syz_open_dev$vbi(0x0, 0xffffffffffffffff, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)={0x0, 0x5}) 08:06:17 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:17 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 219.644691] binder: 8316:8322 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 219.677748] binder: 8316:8322 got reply transaction with no transaction stack 08:06:17 executing program 4: r0 = syz_open_dev$vbi(0x0, 0xffffffffffffffff, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)={0x0, 0x5}) 08:06:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) [ 219.696752] binder: 8316:8322 transaction failed 29201/-71, size 0-0 line 2755 [ 219.729283] binder: undelivered TRANSACTION_ERROR: 29201 08:06:17 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:17 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:17 executing program 4: r0 = syz_open_dev$vbi(0x0, 0xffffffffffffffff, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)={0x0, 0x5}) [ 219.819630] binder: 8337:8339 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 219.852614] binder: 8337:8339 got reply transaction with no transaction stack 08:06:17 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:17 executing program 4: syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000140)={0x0, 0x5}) [ 219.869035] binder: 8337:8339 transaction failed 29201/-71, size 0-0 line 2755 [ 219.889776] binder: undelivered TRANSACTION_ERROR: 29201 08:06:20 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) io_submit(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000200), 0xfffffdcc}]) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x13) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:06:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r1 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:20 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:20 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:20 executing program 4: syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000140)={0x0, 0x5}) 08:06:20 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:20 executing program 4: syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000140)={0x0, 0x5}) 08:06:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r1 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:20 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:20 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r1 = dup2(0xffffffffffffffff, r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:20 executing program 4: r0 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, 0x0) 08:06:23 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) io_submit(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000200), 0xfffffdcc}]) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x13) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:06:23 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x0, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0xb7, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:23 executing program 4: r0 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, 0x0) 08:06:23 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:23 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:23 executing program 4: r0 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, 0x0) [ 225.757433] binder: 8399:8401 Acquire 1 refcount change on invalid ref 0 ret -22 [ 225.785179] binder: 8399:8401 DecRefs 0 refcount change on invalid ref 0 ret -22 08:06:23 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x0, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0xb7, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:23 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) [ 225.808972] binder: 8399:8401 got reply transaction with no transaction stack [ 225.832669] binder: 8399:8401 transaction failed 29201/-71, size 0-0 line 2755 [ 225.850973] binder: undelivered TRANSACTION_ERROR: 29201 08:06:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:23 executing program 4: r0 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)) 08:06:23 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x0, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0xb7, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 225.971521] binder: 8420:8423 Acquire 1 refcount change on invalid ref 0 ret -22 [ 226.009928] binder: 8420:8423 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 226.029108] binder: 8420:8423 got reply transaction with no transaction stack [ 226.058456] binder: 8420:8423 transaction failed 29201/-71, size 0-0 line 2755 [ 226.071188] binder: undelivered TRANSACTION_ERROR: 29201 08:06:26 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) io_submit(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000200), 0xfffffdcc}]) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x13) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0x9c}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:06:26 executing program 4: r0 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)) 08:06:26 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, 0x0, 0x1, 0xb7, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:26 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:26 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) [ 228.813040] binder: 8434:8435 Acquire 1 refcount change on invalid ref 0 ret -22 [ 228.845844] binder: 8434:8435 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 228.854470] binder: 8434:8435 got reply transaction with no transaction stack 08:06:26 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, 0x0, 0x1, 0xb7, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:26 executing program 4: r0 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)) [ 228.861938] binder: 8434:8435 transaction failed 29201/-71, size 0-0 line 2755 [ 228.877738] binder: undelivered TRANSACTION_ERROR: 29201 08:06:26 executing program 2: ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r1 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:26 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:26 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, 0x0, 0x1, 0xb7, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:26 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f00000000c0)={0x0, 0x10000}, 0x8) dup2(r0, r0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x400200007fe, &(0x7f00000002c0)={0x2, 0x10084e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='yeah\x00', 0x5) prctl$PR_GET_ENDIAN(0x13, &(0x7f0000000040)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x100) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)=0x20000) write$binfmt_elf64(r1, &(0x7f00000007c0)={{0x7f, 0x45, 0x4c, 0x46, 0xfffffffffffffff8, 0x7, 0x5, 0xffffffff, 0x6, 0x3, 0x3e, 0x3b3, 0x13a, 0x40, 0xd5, 0x1, 0x1d, 0x38, 0x2, 0xfffffffffffffffb, 0x0, 0x9}, [{0x3, 0x40, 0x8001, 0x9, 0xb8c1, 0x2f45d7ac, 0x1, 0x8000}], "5cf99de56cd2427d3cc80fd9b51efded397d3e699711a46d1969a317544e8f47286e13d7da18327b1b8bc2fb887550d04eb667ce7847d40e63c1e2bc1207b8cf5e6b614af43876e34b694e3725aac514b6956cb1535702f742e32863cb895092a0816fc12987d250286dfc19924f5bd1a3c721352125", [[], [], [], [], [], [], [], []]}, 0x8ee) 08:06:29 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) io_submit(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000200), 0xfffffdcc}]) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x13) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0x9c}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:06:29 executing program 2: ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r1 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:29 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:29 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:29 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:29 executing program 4: ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x80800) r0 = socket(0xa, 0x3, 0x8) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000180)={'bridge0\x00\x03\x00\x02k\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000100)={'bridge0\x00', 0xfffffffffffffffd}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_crypto(0x10, 0x3, 0x15) 08:06:29 executing program 2: ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r1 = dup2(r0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:29 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 231.899697] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.907055] bridge0: port 1(bridge_slave_0) entered disabled state 08:06:29 executing program 2: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:29 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, 0x0, 0x0) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:29 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:29 executing program 2: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) [ 232.373192] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.379648] bridge0: port 2(bridge_slave_1) entered forwarding state [ 232.386446] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.392945] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.399649] device bridge0 entered promiscuous mode [ 232.405700] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 233.412846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 08:06:32 executing program 2: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:32 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) io_submit(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000200), 0xfffffdcc}]) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x13) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0x9c}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:06:32 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, 0x0, 0x0) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:32 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, 0x0, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x400200007fe, &(0x7f00000002c0)={0x2, 0x10084e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='yeah\x00', 0x5) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x100) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(r1, 0x0, 0x0) 08:06:32 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:32 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:32 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, 0x0, 0x0) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:32 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 235.090207] binder: 8533:8535 Acquire 1 refcount change on invalid ref 0 ret -22 [ 235.124847] binder: 8533:8535 DecRefs 0 refcount change on invalid ref 0 ret -22 08:06:33 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc), 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:33 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 235.141497] binder: 8533:8535 got reply transaction with no transaction stack [ 235.149122] binder: 8533:8535 transaction failed 29201/-71, size 0-0 line 2755 [ 235.158403] binder: undelivered TRANSACTION_ERROR: 29201 08:06:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:33 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, 0x0, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x400200007fe, &(0x7f00000002c0)={0x2, 0x10084e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='yeah\x00', 0x5) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x100) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(r1, 0x0, 0x0) [ 235.284213] binder: 8543:8545 Acquire 1 refcount change on invalid ref 0 ret -22 [ 235.315023] binder: 8543:8545 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 235.331463] binder: 8543:8545 got reply transaction with no transaction stack [ 235.339109] binder: 8543:8545 transaction failed 29201/-71, size 0-0 line 2755 [ 235.348643] binder: undelivered TRANSACTION_ERROR: 29201 08:06:35 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) io_submit(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000200), 0xfffffdcc}]) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0x9c}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:06:35 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:35 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc), 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:35 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:35 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, 0x0, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x400200007fe, &(0x7f00000002c0)={0x2, 0x10084e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='yeah\x00', 0x5) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x100) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(r1, 0x0, 0x0) [ 238.010992] binder: 8560:8563 Acquire 1 refcount change on invalid ref 0 ret -22 08:06:35 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:35 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc), 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) [ 238.054686] binder: 8560:8563 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 238.062279] binder: 8560:8563 got reply transaction with no transaction stack [ 238.072899] binder: 8560:8563 transaction failed 29201/-71, size 0-0 line 2755 08:06:36 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:36 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) [ 238.143603] binder: undelivered TRANSACTION_ERROR: 29201 08:06:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:36 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 238.289141] binder: 8584:8586 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 238.331318] binder: 8584:8586 got reply transaction with no transaction stack [ 238.339507] binder: 8584:8586 transaction failed 29201/-71, size 0-0 line 2755 [ 238.364750] binder: undelivered TRANSACTION_ERROR: 29201 08:06:38 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) io_submit(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000200), 0xfffffdcc}]) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0x9c}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:06:38 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) 08:06:38 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:38 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:38 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, 0x0, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x400200007fe, &(0x7f00000002c0)={0x2, 0x10084e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='yeah\x00', 0x5) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x100) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$binfmt_elf64(r1, 0x0, 0x0) 08:06:38 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) [ 241.084460] binder: 8601:8603 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 241.115057] binder: 8601:8603 got reply transaction with no transaction stack 08:06:39 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:39 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) io_submit(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000200), 0xfffffdcc}]) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0x9c}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 241.133285] binder: 8601:8603 transaction failed 29201/-71, size 0-0 line 2755 08:06:39 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, 0x0, 0x0) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) [ 241.190022] binder: undelivered TRANSACTION_ERROR: 29201 08:06:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:39 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:39 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 241.311692] binder: 8624:8625 DecRefs 0 refcount change on invalid ref 0 ret -22 08:06:39 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) io_submit(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000200), 0xfffffdcc}]) tkill(r0, 0x13) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0x9c}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:06:39 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) [ 241.390984] binder: 8624:8625 got reply transaction with no transaction stack [ 241.428740] binder: 8624:8625 transaction failed 29201/-71, size 0-0 line 2755 08:06:39 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x0, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) [ 241.454999] binder: undelivered TRANSACTION_ERROR: 29201 08:06:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) [ 241.574336] binder: 8644:8646 ioctl c0306201 0 returned -14 [ 241.603214] binder: 8644:8646 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 241.611433] binder: 8644:8646 got reply transaction with no transaction stack 08:06:39 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x400200007fe, &(0x7f00000002c0)={0x2, 0x10084e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='lp\x00', 0x3) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x100) 08:06:39 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:39 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:39 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000d40), 0x116, &(0x7f0000000d80)}}], 0x6d7, 0x40400d4) [ 241.627365] binder: 8644:8646 transaction failed 29201/-71, size 0-0 line 2755 [ 241.657914] binder: undelivered TRANSACTION_ERROR: 29201 08:06:39 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:39 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:39 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, 0x0, 0x0, 0x40400d4) [ 241.787903] binder: 8662:8666 ioctl c0306201 0 returned -14 [ 241.845774] binder: 8662:8666 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 241.881213] binder: 8662:8666 got reply transaction with no transaction stack [ 241.893085] binder: 8662:8666 transaction failed 29201/-71, size 0-0 line 2755 [ 241.913477] binder: undelivered TRANSACTION_ERROR: 29201 08:06:42 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:42 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) io_submit(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000200), 0xfffffdcc}]) tkill(r0, 0x13) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0x9c}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:06:42 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x0, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:42 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, 0x0, 0x0, 0x40400d4) 08:06:42 executing program 4: 08:06:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:42 executing program 4: 08:06:42 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={0xffffffffffffffff, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 244.494971] binder: 8679:8687 ioctl c0306201 0 returned -14 [ 244.501662] binder: 8679:8687 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 244.534280] binder: 8679:8687 got reply transaction with no transaction stack 08:06:42 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x0, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:42 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, 0x0, 0x0, 0x40400d4) [ 244.551211] binder: 8679:8687 transaction failed 29201/-71, size 0-0 line 2755 [ 244.588876] binder: undelivered TRANSACTION_ERROR: 29201 08:06:42 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={0xffffffffffffffff, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:42 executing program 4: 08:06:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) [ 244.731125] binder: 8708:8709 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 244.747671] binder: 8708:8709 got reply transaction with no transaction stack [ 244.770667] binder: 8708:8709 transaction failed 29201/-71, size 0-0 line 2755 [ 244.791698] binder: undelivered TRANSACTION_ERROR: 29201 08:06:45 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) io_submit(0x0, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000200), 0xfffffdcc}]) tkill(r0, 0x13) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0x9c}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:06:45 executing program 4: 08:06:45 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x0, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:45 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0), 0x0, 0x40400d4) 08:06:45 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={0xffffffffffffffff, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:45 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:45 executing program 4: [ 247.577005] binder: 8720:8722 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 247.598617] binder: 8720:8722 got reply transaction with no transaction stack 08:06:45 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:45 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0), 0x0, 0x40400d4) [ 247.625370] binder: 8720:8722 transaction failed 29201/-71, size 0-0 line 2755 08:06:45 executing program 4: [ 247.668286] binder: undelivered TRANSACTION_ERROR: 29201 08:06:45 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:48 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x13) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0x9c}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:06:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:48 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:48 executing program 4: seccomp(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0xffffffff}]}) io_setup(0x770, &(0x7f0000000040)=0x0) syz_open_dev$usbmon(&(0x7f0000000300)='/dev/usbmon#\x00', 0xea31, 0x0) eventfd(0x0) io_submit(r0, 0x0, 0x0) 08:06:48 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0), 0x0, 0x40400d4) 08:06:48 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 250.613213] audit: type=1326 audit(1545638808.456:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8750 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 [ 250.643117] binder: 8748:8749 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 250.655248] binder: 8748:8749 got reply transaction with no transaction stack 08:06:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:48 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{0x0, 0x0, &(0x7f0000000d40), 0x0, &(0x7f0000000d80)}}], 0x1, 0x40400d4) 08:06:48 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) [ 250.666197] binder: 8748:8749 transaction failed 29201/-71, size 0-0 line 2755 [ 250.675763] binder: undelivered TRANSACTION_ERROR: 29201 08:06:48 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 250.755534] binder: 8766:8768 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 250.790317] binder: 8766:8768 got reply transaction with no transaction stack 08:06:48 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{0x0, 0x0, &(0x7f0000000d40), 0x0, &(0x7f0000000d80)}}], 0x1, 0x40400d4) 08:06:48 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100), 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) [ 250.803217] binder: 8766:8768 transaction failed 29201/-71, size 0-0 line 2755 [ 250.813211] binder: undelivered TRANSACTION_ERROR: 29201 [ 251.398929] audit: type=1326 audit(1545638809.246:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8750 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 08:06:51 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x13) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0x9c}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:06:51 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000100)={r0, r1}) 08:06:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:51 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100), 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 08:06:51 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{0x0, 0x0, &(0x7f0000000d40), 0x0, &(0x7f0000000d80)}}], 0x1, 0x40400d4) 08:06:51 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:06:51 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100), 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) [ 253.677635] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 253.697549] binder: 8790:8797 DecRefs 0 refcount change on invalid ref 0 ret -22 08:06:51 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg(r0, &(0x7f00000010c0)=[{{&(0x7f0000000bc0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, &(0x7f0000000d80)}}], 0x1, 0x40400d4) 08:06:51 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000100)={r0, r1}) [ 253.740774] binder: 8790:8797 got reply transaction with no transaction stack [ 253.762893] binder: 8790:8797 transaction failed 29201/-71, size 0-0 line 2755 [ 253.779908] binder: undelivered TRANSACTION_ERROR: 29201 [ 253.787034] ================================================================== [ 253.794517] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 253.801112] Write of size 832 at addr ffff8881c534ebc0 by task syz-executor4/8802 [ 253.808738] [ 253.810409] CPU: 1 PID: 8802 Comm: syz-executor4 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 253.818906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 253.828260] Call Trace: [ 253.830884] dump_stack+0x244/0x39d [ 253.834525] ? dump_stack_print_info.cold.1+0x20/0x20 [ 253.839718] ? printk+0xa7/0xcf [ 253.843002] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 253.847785] print_address_description.cold.4+0x9/0x1ff [ 253.853149] ? fpstate_init+0x50/0x160 [ 253.857043] kasan_report.cold.5+0x1b/0x39 [ 253.861275] ? fpstate_init+0x50/0x160 [ 253.865179] ? fpstate_init+0x50/0x160 [ 253.869070] check_memory_region+0x13e/0x1b0 [ 253.873478] memset+0x23/0x40 [ 253.876586] fpstate_init+0x50/0x160 [ 253.880340] kvm_arch_vcpu_init+0x3e9/0x870 [ 253.884672] kvm_vcpu_init+0x2fa/0x420 [ 253.888564] ? vcpu_stat_get+0x300/0x300 [ 253.892626] ? kmem_cache_alloc+0x33f/0x730 [ 253.896957] vmx_create_vcpu+0x1b7/0x2695 [ 253.901126] ? perf_trace_sched_process_exec+0x860/0x860 [ 253.906613] ? do_raw_spin_unlock+0xa7/0x330 [ 253.911031] ? vmx_exec_control+0x210/0x210 [ 253.915357] ? kasan_check_write+0x14/0x20 [ 253.919592] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 253.924525] ? futex_wait_queue_me+0x55d/0x840 [ 253.929113] ? wait_for_completion+0x8a0/0x8a0 [ 253.933701] ? print_usage_bug+0xc0/0xc0 [ 253.937770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 253.943318] ? get_futex_value_locked+0xcb/0xf0 [ 253.947995] kvm_arch_vcpu_create+0xe5/0x220 [ 253.952437] ? kvm_arch_vcpu_free+0x90/0x90 [ 253.956771] kvm_vm_ioctl+0x526/0x2030 [ 253.960663] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 253.965802] ? futex_wait+0x5ec/0xa50 [ 253.969604] ? kvm_unregister_device_ops+0x70/0x70 [ 253.974540] ? mark_held_locks+0x130/0x130 [ 253.978777] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 253.983971] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 253.989079] ? futex_wake+0x304/0x760 [ 253.992892] ? __lock_acquire+0x62f/0x4c20 [ 253.997145] ? mark_held_locks+0x130/0x130 [ 254.001418] ? graph_lock+0x270/0x270 [ 254.005225] ? do_futex+0x249/0x26d0 [ 254.008942] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 254.013714] ? find_held_lock+0x36/0x1c0 [ 254.017786] ? __fget+0x4aa/0x740 [ 254.021246] ? lock_downgrade+0x900/0x900 [ 254.025399] ? check_preemption_disabled+0x48/0x280 [ 254.030426] ? kasan_check_read+0x11/0x20 [ 254.034586] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 254.039869] ? rcu_read_unlock_special+0x370/0x370 [ 254.044809] ? __fget+0x4d1/0x740 [ 254.048271] ? ksys_dup3+0x680/0x680 [ 254.051991] ? __might_fault+0x12b/0x1e0 [ 254.056061] ? lock_downgrade+0x900/0x900 [ 254.060228] ? lock_release+0xa00/0xa00 [ 254.064205] ? perf_trace_sched_process_exec+0x860/0x860 [ 254.069672] ? kvm_unregister_device_ops+0x70/0x70 [ 254.074606] do_vfs_ioctl+0x1de/0x1790 [ 254.078505] ? ioctl_preallocate+0x300/0x300 [ 254.082919] ? __fget_light+0x2e9/0x430 [ 254.086901] ? fget_raw+0x20/0x20 [ 254.090354] ? _copy_to_user+0xc8/0x110 [ 254.094338] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 254.099873] ? put_timespec64+0x10f/0x1b0 [ 254.104041] ? nsecs_to_jiffies+0x30/0x30 [ 254.108195] ? do_syscall_64+0x9a/0x820 [ 254.112167] ? do_syscall_64+0x9a/0x820 [ 254.116169] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 254.120757] ? security_file_ioctl+0x94/0xc0 [ 254.125173] ksys_ioctl+0xa9/0xd0 [ 254.128633] __x64_sys_ioctl+0x73/0xb0 [ 254.132525] do_syscall_64+0x1b9/0x820 [ 254.136419] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 254.141791] ? syscall_return_slowpath+0x5e0/0x5e0 [ 254.146722] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 254.151570] ? trace_hardirqs_on_caller+0x310/0x310 [ 254.156597] ? prepare_exit_to_usermode+0x291/0x3b0 [ 254.161635] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 254.166484] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 254.171675] RIP: 0033:0x457669 [ 254.174870] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 254.193768] RSP: 002b:00007f739c6e9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 254.201476] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 254.208744] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 254.216008] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 254.223274] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f739c6ea6d4 [ 254.230538] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 254.237821] [ 254.239453] Allocated by task 8802: [ 254.243079] save_stack+0x43/0xd0 [ 254.246528] kasan_kmalloc+0xcb/0xd0 [ 254.250240] kasan_slab_alloc+0x12/0x20 [ 254.254217] kmem_cache_alloc+0x130/0x730 [ 254.258365] vmx_create_vcpu+0x110/0x2695 [ 254.262525] kvm_arch_vcpu_create+0xe5/0x220 [ 254.266931] kvm_vm_ioctl+0x526/0x2030 [ 254.270819] do_vfs_ioctl+0x1de/0x1790 [ 254.274708] ksys_ioctl+0xa9/0xd0 [ 254.278173] __x64_sys_ioctl+0x73/0xb0 [ 254.282057] do_syscall_64+0x1b9/0x820 [ 254.285944] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 254.291122] [ 254.292747] Freed by task 0: [ 254.295761] (stack is not available) [ 254.299461] [ 254.301100] The buggy address belongs to the object at ffff8881c534eb80 [ 254.301100] which belongs to the cache x86_fpu of size 832 [ 254.313435] The buggy address is located 64 bytes inside of [ 254.313435] 832-byte region [ffff8881c534eb80, ffff8881c534eec0) [ 254.325216] The buggy address belongs to the page: [ 254.330159] page:ffffea000714d380 count:1 mapcount:0 mapping:ffff8881d521d1c0 index:0x0 [ 254.338299] flags: 0x2fffc0000000200(slab) [ 254.342564] raw: 02fffc0000000200 ffff8881d4838648 ffff8881d4838648 ffff8881d521d1c0 [ 254.350453] raw: 0000000000000000 ffff8881c534e040 0000000100000004 0000000000000000 [ 254.358335] page dumped because: kasan: bad access detected [ 254.364034] [ 254.365652] Memory state around the buggy address: [ 254.370576] ffff8881c534ed80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 254.377935] ffff8881c534ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 254.385328] >ffff8881c534ee80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 254.392687] ^ [ 254.398133] ffff8881c534ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 254.405489] ffff8881c534ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 254.412836] ================================================================== [ 254.420194] Disabling lock debugging due to kernel taint 08:06:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40046307, {{0x0, 0x40486312, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 08:06:52 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x169, &(0x7f0000000180)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1040000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000140)={r0, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, 0x0) 08:06:52 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) [ 254.507661] binder: 8818:8820 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 254.526952] binder: 8818:8820 got reply transaction with no transaction stack [ 254.534339] binder: 8818:8820 transaction failed 29201/-71, size 0-0 line 2755 [ 254.542967] binder: undelivered TRANSACTION_ERROR: 29201 [ 254.562421] Kernel panic - not syncing: panic_on_warn set ... [ 254.568348] CPU: 0 PID: 8802 Comm: syz-executor4 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 254.569722] kobject: 'kvm' (00000000f27c7a68): kobject_uevent_env [ 254.578231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 254.578237] Call Trace: [ 254.578258] dump_stack+0x244/0x39d [ 254.578273] ? dump_stack_print_info.cold.1+0x20/0x20 [ 254.578292] ? fpstate_init+0x30/0x160 [ 254.578322] panic+0x2ad/0x632 [ 254.584950] kobject: 'kvm' (00000000f27c7a68): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 254.593905] ? add_taint.cold.5+0x16/0x16 [ 254.593923] ? preempt_schedule+0x4d/0x60 [ 254.593953] ? ___preempt_schedule+0x16/0x18 [ 254.593971] ? trace_hardirqs_on+0xb4/0x310 [ 254.593990] ? fpstate_init+0x50/0x160 [ 254.607227] kobject: 'loop2' (0000000072a1b08f): kobject_uevent_env [ 254.609237] end_report+0x47/0x4f [ 254.612442] kobject: 'loop2' (0000000072a1b08f): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 254.621432] kasan_report.cold.5+0xe/0x39 [ 254.621445] ? fpstate_init+0x50/0x160 [ 254.621459] ? fpstate_init+0x50/0x160 [ 254.621472] check_memory_region+0x13e/0x1b0 [ 254.621484] memset+0x23/0x40 [ 254.621497] fpstate_init+0x50/0x160 [ 254.621516] kvm_arch_vcpu_init+0x3e9/0x870 [ 254.688916] kvm_vcpu_init+0x2fa/0x420 [ 254.692797] ? vcpu_stat_get+0x300/0x300 [ 254.696847] ? kmem_cache_alloc+0x33f/0x730 [ 254.701159] vmx_create_vcpu+0x1b7/0x2695 [ 254.705299] ? perf_trace_sched_process_exec+0x860/0x860 [ 254.710759] ? do_raw_spin_unlock+0xa7/0x330 [ 254.715158] ? vmx_exec_control+0x210/0x210 [ 254.719465] ? kasan_check_write+0x14/0x20 [ 254.723687] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 254.728601] ? futex_wait_queue_me+0x55d/0x840 [ 254.733166] ? wait_for_completion+0x8a0/0x8a0 [ 254.737752] ? print_usage_bug+0xc0/0xc0 [ 254.741808] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 254.747335] ? get_futex_value_locked+0xcb/0xf0 [ 254.751992] kvm_arch_vcpu_create+0xe5/0x220 [ 254.756385] ? kvm_arch_vcpu_free+0x90/0x90 [ 254.760694] kvm_vm_ioctl+0x526/0x2030 [ 254.764565] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 254.769660] ? futex_wait+0x5ec/0xa50 [ 254.773449] ? kvm_unregister_device_ops+0x70/0x70 [ 254.778448] ? mark_held_locks+0x130/0x130 [ 254.782690] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 254.787881] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 254.792984] ? futex_wake+0x304/0x760 [ 254.796805] ? __lock_acquire+0x62f/0x4c20 [ 254.801043] ? mark_held_locks+0x130/0x130 [ 254.805263] ? graph_lock+0x270/0x270 [ 254.809050] ? do_futex+0x249/0x26d0 [ 254.812779] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 254.817532] ? find_held_lock+0x36/0x1c0 [ 254.821597] ? __fget+0x4aa/0x740 [ 254.825051] ? lock_downgrade+0x900/0x900 [ 254.829184] ? check_preemption_disabled+0x48/0x280 [ 254.834280] ? kasan_check_read+0x11/0x20 [ 254.838448] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 254.843926] ? rcu_read_unlock_special+0x370/0x370 [ 254.848860] ? __fget+0x4d1/0x740 [ 254.852322] ? ksys_dup3+0x680/0x680 [ 254.856024] ? __might_fault+0x12b/0x1e0 [ 254.860073] ? lock_downgrade+0x900/0x900 [ 254.864221] ? lock_release+0xa00/0xa00 [ 254.868182] ? perf_trace_sched_process_exec+0x860/0x860 [ 254.873618] ? kvm_unregister_device_ops+0x70/0x70 [ 254.878533] do_vfs_ioctl+0x1de/0x1790 [ 254.882407] ? ioctl_preallocate+0x300/0x300 [ 254.886818] ? __fget_light+0x2e9/0x430 [ 254.890802] ? fget_raw+0x20/0x20 [ 254.894278] ? _copy_to_user+0xc8/0x110 [ 254.898262] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 254.903784] ? put_timespec64+0x10f/0x1b0 [ 254.907915] ? nsecs_to_jiffies+0x30/0x30 [ 254.912061] ? do_syscall_64+0x9a/0x820 [ 254.916030] ? do_syscall_64+0x9a/0x820 [ 254.919997] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 254.924564] ? security_file_ioctl+0x94/0xc0 [ 254.928967] ksys_ioctl+0xa9/0xd0 [ 254.932411] __x64_sys_ioctl+0x73/0xb0 [ 254.936289] do_syscall_64+0x1b9/0x820 [ 254.940187] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 254.945554] ? syscall_return_slowpath+0x5e0/0x5e0 [ 254.950471] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 254.955304] ? trace_hardirqs_on_caller+0x310/0x310 [ 254.960328] ? prepare_exit_to_usermode+0x291/0x3b0 [ 254.965348] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 254.970195] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 254.975475] RIP: 0033:0x457669 [ 254.978678] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 254.997627] RSP: 002b:00007f739c6e9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 255.005354] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 255.012612] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 255.019869] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 255.027145] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f739c6ea6d4 [ 255.034459] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 255.042834] Kernel Offset: disabled [ 255.046462] Rebooting in 86400 seconds..