tions+0x5f/0x380 [ 920.097261] ? rcu_read_lock_sched_held+0x108/0x120 [ 920.102263] ? kmem_cache_alloc_trace+0x616/0x780 [ 920.107100] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 920.112623] ? copy_mount_options+0x285/0x380 [ 920.117131] ksys_mount+0x12d/0x140 [ 920.120750] __x64_sys_mount+0xbe/0x150 [ 920.124710] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 920.129717] do_syscall_64+0x1b1/0x800 [ 920.133591] ? finish_task_switch+0x1ca/0x840 [ 920.138074] ? syscall_return_slowpath+0x5c0/0x5c0 [ 920.142990] ? syscall_return_slowpath+0x30f/0x5c0 [ 920.148002] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 920.153360] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 920.158204] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 920.163381] RIP: 0033:0x455a09 [ 920.166553] RSP: 002b:00007fdc34d50b08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 920.174251] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 920.181505] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 920.188760] RBP: 0000000020000140 R08: 00007fdc34d50b20 R09: 0000000000000000 [ 920.196027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 2033/05/18 03:43:38 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) accept4$nfc_llcp(r0, &(0x7f0000000080), &(0x7f0000000000)=0x60, 0x80800) 2033/05/18 03:43:39 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8914, &(0x7f0000000240)="c6266f") r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) [ 920.203288] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:43:39 executing program 0: setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) bind(0xffffffffffffffff, &(0x7f0000000080)=@pppoe={0x18, 0x0, {0x1, @random="d4a8a17d3860", 'yam0\x00'}}, 0x80) sendto$inet(0xffffffffffffffff, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) 2033/05/18 03:43:39 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000500"}, 0x6e) [ 920.240455] binder: 684 invalid dec weak, ref 3801 desc 0 s 1 w 0 [ 920.246831] binder: 684:687 unknown command 0 2033/05/18 03:43:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:39 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000effdffff00"}, 0x6e) 2033/05/18 03:43:39 executing program 7: r0 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x4, 0x80) bind$ax25(r0, &(0x7f0000000080)={0x3, {"f3a3edcfb56b98"}, 0x69f}, 0x10) r1 = socket(0x2, 0x1, 0x0) syz_kvm_setup_cpu$x86(r0, r0, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f00000000c0)="b8005800000f23d00f21f835000000000f23f866baf80cb898bea28aef66bafc0ced0f07f2360f350f001966ba430066ed66baf80cb8de267986ef66bafc0c66edabc4e15959e6b8b41000000f23c80f21f835080070000f23f8", 0x5a}], 0x1, 0x32, &(0x7f0000000180)=[@vmwrite={0x8, 0x0, 0x2, 0x0, 0x283, 0x0, 0x0, 0x0, 0x5}, @cr0={0x0, 0x2}], 0x2) getpid() ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r2 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r2, 0x10d, 0x2, &(0x7f0000000000)=r2, 0x36) [ 920.316818] binder: undelivered TRANSACTION_ERROR: 29201 [ 920.322882] binder: undelivered TRANSACTION_ERROR: 29201 [ 920.401365] binder: 684:687 ioctl c0306201 20000540 returned -22 [ 920.409865] binder: 718:720 got reply transaction with no transaction stack [ 920.417067] binder: 718:720 transaction failed 29201/-71, size 0-0 line 2763 [ 920.435568] binder: BINDER_SET_CONTEXT_MGR already set [ 920.448441] binder: 718:720 ioctl 40046207 0 returned -16 [ 920.469495] binder: BINDER_SET_CONTEXT_MGR already set [ 920.475460] binder: 718:722 got reply transaction with no transaction stack [ 920.475958] binder: 684:687 ioctl 40046207 0 returned -16 [ 920.482648] binder: 718:722 transaction failed 29201/-71, size 0-0 line 2763 [ 920.489586] binder: 684 invalid dec weak, ref 3809 desc 0 s 1 w 0 [ 920.502049] binder: 684:728 unknown command 0 [ 920.506732] binder: 684:728 ioctl c0306201 20000540 returned -22 [ 920.514631] binder: undelivered TRANSACTION_ERROR: 29201 [ 920.520521] binder: undelivered TRANSACTION_ERROR: 29201 2033/05/18 03:43:39 executing program 4 (fault-call:4 fault-nth:15): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:43:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:39 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) msgget(0x3, 0x251) msgget(0x2, 0x0) msgrcv(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r3, 0xfffffffffffffff9}, 0x8) 2033/05/18 03:43:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x7a}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:39 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) r1 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x1ff, 0x28200) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) 2033/05/18 03:43:39 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_S390_VCPU_FAULT(r2, 0x4008ae52, &(0x7f00000000c0)=0x8) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuacct.usage_all\x00', 0x0, 0x0) ioctl$BLKDISCARD(r5, 0x1277, &(0x7f0000000040)=0x6a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:43:39 executing program 7: socketpair$inet_sctp(0x2, 0x1, 0x84, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) flock(r0, 0x2) r1 = socket(0x2, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r2 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r2, 0x10d, 0x2, &(0x7f0000000000)=r2, 0x36) getsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000040)={0x0, 0xc4, 0x100000001, 0x2}, &(0x7f0000000080)=0x10) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f00000000c0)={0x8b6, 0x202, 0x2, 0x2, r3}, 0x10) 2033/05/18 03:43:39 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000fffffdef00"}, 0x6e) [ 920.908073] binder: 743:746 got reply transaction with no transaction stack [ 920.915311] binder: 743:746 transaction failed 29201/-71, size 0-0 line 2763 [ 920.929789] FAULT_INJECTION: forcing a failure. [ 920.929789] name failslab, interval 1, probability 0, space 0, times 0 [ 920.941610] CPU: 1 PID: 737 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 920.945328] binder: BINDER_SET_CONTEXT_MGR already set [ 920.949350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 920.949436] Call Trace: [ 920.964898] binder: 743:746 ioctl 40046207 0 returned -16 [ 920.966647] dump_stack+0x1b9/0x294 [ 920.966671] ? dump_stack_print_info.cold.2+0x52/0x52 [ 920.966694] ? kernel_text_address+0x79/0xf0 [ 920.966715] should_fail.cold.4+0xa/0x1a [ 920.966734] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 920.987701] binder: 743:751 got reply transaction with no transaction stack [ 920.989546] ? graph_lock+0x170/0x170 [ 920.989568] ? save_stack+0x43/0xd0 [ 920.989591] ? kasan_kmalloc+0xc4/0xe0 [ 920.989606] ? __kmalloc+0x14e/0x760 [ 920.989628] ? __list_lru_init+0xdd/0x790 [ 920.994748] binder: 743:751 transaction failed 29201/-71, size 0-0 line 2763 [ 921.002255] ? find_held_lock+0x36/0x1c0 [ 921.002280] ? __lock_is_held+0xb5/0x140 [ 921.036635] ? check_same_owner+0x320/0x320 [ 921.040956] ? rcu_note_context_switch+0x710/0x710 [ 921.045963] __should_failslab+0x124/0x180 [ 921.050194] should_failslab+0x9/0x14 [ 921.053983] kmem_cache_alloc_node_trace+0x26f/0x770 [ 921.059072] ? mark_held_locks+0xc9/0x160 [ 921.063211] ? __raw_spin_lock_init+0x1c/0x100 [ 921.067786] __kmalloc_node+0x33/0x70 [ 921.071576] kvmalloc_node+0x6b/0x100 [ 921.075363] __list_lru_init+0x559/0x790 [ 921.079414] ? list_lru_destroy+0x4c0/0x4c0 [ 921.083719] ? mark_held_locks+0xc9/0x160 [ 921.087854] ? __raw_spin_lock_init+0x1c/0x100 [ 921.092422] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 921.097433] ? __lockdep_init_map+0x105/0x590 [ 921.101915] ? lockdep_init_map+0x9/0x10 [ 921.105962] sget_userns+0x73a/0xf00 [ 921.109662] ? kill_litter_super+0x90/0x90 [ 921.113896] ? ns_test_super+0x50/0x50 [ 921.117773] ? destroy_unused_super.part.11+0x110/0x110 [ 921.123121] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 921.127689] ? kasan_check_write+0x14/0x20 [ 921.131918] ? do_raw_spin_lock+0xc1/0x200 [ 921.136145] ? blkdev_get+0xc0/0xb30 [ 921.139847] ? cap_capable+0x1f9/0x260 [ 921.143729] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 921.149250] ? security_capable+0x99/0xc0 [ 921.153385] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 921.158906] ? ns_capable_common+0x13f/0x170 [ 921.163300] ? kill_litter_super+0x90/0x90 [ 921.167519] sget+0x10b/0x150 [ 921.170609] ? ns_test_super+0x50/0x50 [ 921.174484] mount_bdev+0x111/0x3e0 [ 921.178098] ? fuse_get_root_inode+0x190/0x190 [ 921.182667] fuse_mount_blk+0x34/0x40 [ 921.186455] mount_fs+0xae/0x328 [ 921.189812] vfs_kern_mount.part.34+0xd4/0x4d0 [ 921.194380] ? may_umount+0xb0/0xb0 [ 921.197993] ? _raw_read_unlock+0x22/0x30 [ 921.202138] ? __get_fs_type+0x97/0xc0 [ 921.206025] do_mount+0x564/0x3070 [ 921.209556] ? copy_mount_string+0x40/0x40 [ 921.213808] ? rcu_pm_notify+0xc0/0xc0 [ 921.217686] ? copy_mount_options+0x5f/0x380 [ 921.222087] ? rcu_read_lock_sched_held+0x108/0x120 [ 921.227090] ? kmem_cache_alloc_trace+0x616/0x780 [ 921.231929] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 921.237452] ? copy_mount_options+0x285/0x380 [ 921.241937] ksys_mount+0x12d/0x140 [ 921.245556] __x64_sys_mount+0xbe/0x150 [ 921.249522] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 921.254525] do_syscall_64+0x1b1/0x800 [ 921.258397] ? finish_task_switch+0x1ca/0x840 [ 921.262878] ? syscall_return_slowpath+0x5c0/0x5c0 [ 921.267794] ? syscall_return_slowpath+0x30f/0x5c0 [ 921.272714] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 921.278078] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 921.282910] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 921.288080] RIP: 0033:0x455a09 [ 921.291269] RSP: 002b:00007fdc34d50b08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 921.299050] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 2033/05/18 03:43:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_S390_VCPU_FAULT(r2, 0x4008ae52, &(0x7f00000000c0)=0x8) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuacct.usage_all\x00', 0x0, 0x0) ioctl$BLKDISCARD(r5, 0x1277, &(0x7f0000000040)=0x6a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:43:40 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000002000008000"}, 0x6e) 2033/05/18 03:43:40 executing program 0: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vga_arbiter\x00', 0x20800, 0x0) r0 = socket(0x1c, 0x40000000807, 0x904) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x200, 0x0) accept$inet(r1, &(0x7f0000000100)={0x0, 0x0, @remote}, &(0x7f0000000140)=0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='ip_vti0\x00', 0xfffffffffffffd63) ioctl$PPPIOCGL2TPSTATS(r0, 0x80487436, &(0x7f0000000180)="4209ab01a918ad09202e22a8c9801130e31317360186b647562781851427a0e93b2662e444067df18e046d365de2acfe59719c7439ee28e1471ed2e27d2d718ad279636eefa65034fe62abc3d0d0cc7a2456d32a03a41327e6a1b1eaf2823a22786f58e42e67520313a5d8e4ac7aef4d23ddcfb2da7882fdccd8402d82d278f6370c65bc476b6271e7a18f07678677bcc6e443d00ae6dbc291a78f80803d77495d5f5e650fc196dbaa3e1c94e73284c7fe7aa106e291a5a71a50f2344cfca7bcdab8c4d477d4cabed6209ddd0a6eef0e881da5d3728a6b02f2f83dbaa19ac21649f00b158967d1118769d1") ioctl$KDGKBSENT(r1, 0x4b48, &(0x7f0000000080)={0x7f, 0x74, 0x5e3}) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) [ 921.306307] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 921.313564] RBP: 0000000020000140 R08: 00007fdc34d50b20 R09: 0000000000000000 [ 921.320826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 921.328096] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:43:40 executing program 7: r0 = socket(0x1, 0x0, 0x1) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) 2033/05/18 03:43:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 921.397847] binder: undelivered TRANSACTION_ERROR: 29201 [ 921.404398] binder: undelivered TRANSACTION_ERROR: 29201 [ 921.419098] binder: 748:755 Acquire 1 refcount change on invalid ref 122 ret -22 [ 921.426764] binder: 748:755 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 921.434198] binder: 748:755 unknown command 0 [ 921.477901] binder: 770:772 got reply transaction with no transaction stack [ 921.485171] binder: 770:772 transaction failed 29201/-71, size 0-0 line 2763 [ 921.507619] binder: BINDER_SET_CONTEXT_MGR already set [ 921.520846] binder: 770:772 ioctl 40046207 0 returned -16 [ 921.533840] binder: 748:755 ioctl c0306201 20000540 returned -22 [ 921.538121] binder: 770:776 got reply transaction with no transaction stack [ 921.547234] binder: 770:776 transaction failed 29201/-71, size 0-0 line 2763 [ 921.593687] binder: undelivered TRANSACTION_ERROR: 29201 [ 921.595833] binder: BINDER_SET_CONTEXT_MGR already set [ 921.599623] binder: undelivered TRANSACTION_ERROR: 29201 [ 921.613949] binder: 748:755 ioctl 40046207 0 returned -16 [ 921.619937] binder: 748:781 Acquire 1 refcount change on invalid ref 122 ret -22 [ 921.627562] binder: 748:781 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 921.634970] binder: 748:781 unknown command 0 [ 921.640854] binder: 748:781 ioctl c0306201 20000540 returned -22 2033/05/18 03:43:41 executing program 4 (fault-call:4 fault-nth:16): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:43:41 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00') sendmsg$FOU_CMD_GET(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1010000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000329bd7000fbdbdf3d03000000080001004e23000004000500080001004e2400000800020000010000"], 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) 2033/05/18 03:43:41 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x101000, 0x0) ioctl$KVM_GET_MSR_INDEX_LIST(r2, 0xc004ae02, &(0x7f0000000080)={0x4, [0x0, 0x0, 0x0, 0x0]}) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) 2033/05/18 03:43:41 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000200"}, 0x6e) 2033/05/18 03:43:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:41 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000440)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) msgget(0x2, 0x0) msgrcv(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r3, 0xfffffffffffffff9}, 0x8) vmsplice(r0, &(0x7f0000000b00)=[{&(0x7f0000000480)="9f4a69ae63bcfd2ea07c80dd7742dc550ce99dfde9f2219a663aba6af076d72d9114713ad721b1732df758d7ad785b1fdadaba496bde8a261ae0930f9679f5b3b89f252cb41b321c6b13b0faa152baac0746e5745455b02f1129dd3e5b547db30c3a64b7acc5e37a37e5f6960a5f313ec87b517f921780ab696d3743f15388a9bdd13af7ec59afacff3047e34e6aea7d2799c3b93b412e572677e684adaa902e76d4bb1fd8fc51e4a84fb23d20a65ce589fcfa019810", 0xb6}, {&(0x7f0000000540)="9f54607ee516811635df92d41c833fed8f0bfc91ab427a12c4d2456b00f58f069f9754f1a391e042a213c2c7e2544c9c6676cb15ceba0ac5f5d2e505311a7298ac45ce53c1628af82799a852c41cafc8445892f8bb58b6f45f0b3cda551fcf833faa813967ebb3d7e481c34201bf253a54ceb347a1b5aed087f9c3701eb6298b85e653d20dc4ff5c9b92381c0dc85cee3ab9617b9b91e71c2676bbee531e7e1add326f47f3cd7979de9f256f10425aa6d6c3a286a63e2d2a432f9c4556b495f3f960b560", 0xc4}, {&(0x7f0000000640)="c8bdf2d06700736ae696c0d4105b4e85e62f942fe175714c0c1872e8ad979ea41f2345dc9a7dd5acdeb235756307bece249d146572f1919486e489ba2b36fefa92e7c406ca6e357a04783ce6c24b5ae37d223f9cd45a020716252637c1b0e7313618d473ed43f1332fc68dc3b674a447f2dd2c338e71280f1e18d7", 0x7b}, {&(0x7f00000006c0)="17d919d9766f50a01774ceaf33051a4ce3e150a7a8768a5e496d3bd017969df7e2c8b5bf7107c266fc16b593db9f8f4c079623f140babb33401b1b9374cf71336639d2cfa5ddff6b66b7be7b6c6cdbb5c066eef93a0b191377f24fc3eb16b212a5491447866790251eaa504d1f975e10e789cf2385637b9d0e6232ddc1e1902d92fc7e6cbe3fb46a73660828c2ea513762d9c89aa398ac19d2defd90017653e3a6d543389fceb95b9590a469772c23e24fea595027692a51efd385dbefdb13b4bf5b3b8131d8791d1eb6750fbdca7f51359630395a6315855d85b5256ee5742ab49ee38c3af37993c1b4b2b316556d1a0f1bd1af5db1982d2985208a563e73", 0xff}, {&(0x7f00000007c0)="1f347669b2e753666e7af4c768896520be35ff63726a5138286f934e88669831fa6267dd87085e7accad296023922fa32543c883434c2d67f2a6bb3273f380ef98776693547c83159468b8faea9b8601214398c577c2059c81295628b23a2e7723f0e6", 0x63}, {&(0x7f0000000840)="b46bd794a1170843a9abcefe0009a792a36b7a3d7ad48dc9189878d23ca7070626be9fce876c319094d8ce48aa4ff3b8022488298f93ada93e244526d8243636d1c9269b3beccbbad8ce7f37bd5f5f1589a7afb40fbe47aa9b6ad61c63d22fc68e9a61312d2cb2b37e995bfe8965c56074be73d34c69081d7fe0beb15fed2b2bca15f9c76c4be542f6d0783a8512216ad4ef050ec0ca26fe0305b9b33af5f43a4c1502d563d2c0cca27a063244d28bcf24d9e5fbf45f7d8294c0641b501cc36a3dd886b22ce8d0354bb1f3157885a6795c6361", 0xd3}, {&(0x7f0000000940)="d35097e44216d45b5b9cf731901e9a226c49f6296724378b5592c7e2eeab25b3818f22eab2601bfbba071518d9796b305d5c42fe1e10c8ca995cab31fdd91365b9ada63b8b7384be711069f8a0822fd156731c15202e9cc37d61c33966daba61fb3ca2c3fb11a118502cf32369dc46a5fc00895eff8a332013304f4949bb765e27027dcd7e17947f43c6ef3aa85200012e55a6bb82f4a63fe835aa639cfc930eef0d42e01195da6b47a579cae8257bfb0f535955e2b9874b0286d8449cf4f6586dc239269ca5bc7224e0dac56a80aa7738f64ae152ef1204615e1f8b3be888b153aed3", 0xe3}, {&(0x7f0000000a40)="d641b375aa04ec42905a0ab229fdd3ca579454ab7fd8f09b5e3cd79ace44600050d6a2b279200d1e171435fa29bdb2f35de884b90d35255a163e2579abbc3e8d8759aef5077a1a495c25197be919870b70951a5e2d72675002e8ff7fe5c2db3019", 0x61}, {}, {&(0x7f0000000ac0)}], 0xa, 0x4) 2033/05/18 03:43:41 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_S390_VCPU_FAULT(r2, 0x4008ae52, &(0x7f00000000c0)=0x8) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuacct.usage_all\x00', 0x0, 0x0) ioctl$BLKDISCARD(r5, 0x1277, &(0x7f0000000040)=0x6a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:43:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x4c00000000000000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 922.427477] binder: 797:799 got reply transaction with no transaction stack [ 922.429703] FAULT_INJECTION: forcing a failure. [ 922.429703] name failslab, interval 1, probability 0, space 0, times 0 [ 922.434695] binder: 797:799 transaction failed 29201/-71, size 0-0 line 2763 [ 922.443891] binder: BINDER_SET_CONTEXT_MGR already set [ 922.445976] CPU: 0 PID: 800 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 922.461057] binder: 797:799 ioctl 40046207 0 returned -16 [ 922.465513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 922.465523] Call Trace: [ 922.465553] dump_stack+0x1b9/0x294 [ 922.465580] ? dump_stack_print_info.cold.2+0x52/0x52 [ 922.465620] should_fail.cold.4+0xa/0x1a [ 922.485211] binder: 797:806 got reply transaction with no transaction stack [ 922.486672] ? is_bpf_text_address+0xd7/0x170 [ 922.486699] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 922.486727] ? __save_stack_trace+0x7e/0xd0 [ 922.491923] binder: 797:806 transaction failed 29201/-71, size 0-0 line 2763 [ 922.495973] ? graph_lock+0x170/0x170 [ 922.496003] ? find_held_lock+0x36/0x1c0 [ 922.532068] ? __lock_is_held+0xb5/0x140 [ 922.536146] ? check_same_owner+0x320/0x320 [ 922.540470] ? rcu_note_context_switch+0x710/0x710 [ 922.545400] __should_failslab+0x124/0x180 [ 922.549631] should_failslab+0x9/0x14 [ 922.553423] kmem_cache_alloc_trace+0x2cb/0x780 [ 922.558090] ? __kmalloc_node+0x33/0x70 [ 922.562064] ? __kmalloc_node+0x33/0x70 [ 922.566034] ? rcu_read_lock_sched_held+0x108/0x120 [ 922.571052] __memcg_init_list_lru_node+0x17d/0x2c0 [ 922.576062] ? kvfree_rcu+0x20/0x20 [ 922.579684] ? __kmalloc_node+0x47/0x70 [ 922.583657] __list_lru_init+0x456/0x790 [ 922.587713] ? list_lru_destroy+0x4c0/0x4c0 [ 922.592033] ? mark_held_locks+0xc9/0x160 [ 922.596178] ? __raw_spin_lock_init+0x1c/0x100 [ 922.600756] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 922.605763] ? __lockdep_init_map+0x105/0x590 [ 922.610254] ? lockdep_init_map+0x9/0x10 [ 922.614309] sget_userns+0x73a/0xf00 [ 922.618019] ? kill_litter_super+0x90/0x90 [ 922.622254] ? ns_test_super+0x50/0x50 [ 922.626145] ? destroy_unused_super.part.11+0x110/0x110 [ 922.631759] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 922.636339] ? kasan_check_write+0x14/0x20 [ 922.640567] ? do_raw_spin_lock+0xc1/0x200 [ 922.644802] ? blkdev_get+0xc0/0xb30 [ 922.648515] ? cap_capable+0x1f9/0x260 [ 922.652402] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 922.657935] ? security_capable+0x99/0xc0 [ 922.662086] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 922.667614] ? ns_capable_common+0x13f/0x170 [ 922.672105] ? kill_litter_super+0x90/0x90 [ 922.676332] sget+0x10b/0x150 [ 922.679428] ? ns_test_super+0x50/0x50 [ 922.683314] mount_bdev+0x111/0x3e0 [ 922.686935] ? fuse_get_root_inode+0x190/0x190 [ 922.691516] fuse_mount_blk+0x34/0x40 [ 922.695310] mount_fs+0xae/0x328 [ 922.698674] vfs_kern_mount.part.34+0xd4/0x4d0 [ 922.703252] ? may_umount+0xb0/0xb0 [ 922.706874] ? _raw_read_unlock+0x22/0x30 [ 922.711016] ? __get_fs_type+0x97/0xc0 [ 922.714908] do_mount+0x564/0x3070 [ 922.718449] ? copy_mount_string+0x40/0x40 [ 922.722676] ? rcu_pm_notify+0xc0/0xc0 [ 922.726567] ? copy_mount_options+0x5f/0x380 [ 922.730967] ? rcu_read_lock_sched_held+0x108/0x120 [ 922.735974] ? kmem_cache_alloc_trace+0x616/0x780 [ 922.740813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 922.746341] ? _copy_from_user+0xdf/0x150 [ 922.750486] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 922.756024] ? copy_mount_options+0x285/0x380 [ 922.760516] ksys_mount+0x12d/0x140 [ 922.764138] __x64_sys_mount+0xbe/0x150 [ 922.768105] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 922.773125] do_syscall_64+0x1b1/0x800 [ 922.777004] ? finish_task_switch+0x1ca/0x840 [ 922.781497] ? syscall_return_slowpath+0x5c0/0x5c0 [ 922.786419] ? syscall_return_slowpath+0x30f/0x5c0 [ 922.791349] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 922.796712] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 922.801557] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 922.806735] RIP: 0033:0x455a09 [ 922.809912] RSP: 002b:00007fdc34d50b08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 922.817618] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 922.824895] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 922.832162] RBP: 0000000020000140 R08: 00007fdc34d50b20 R09: 0000000000000000 [ 922.839421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 922.846681] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 922.890717] binder: undelivered TRANSACTION_ERROR: 29201 [ 922.894534] binder: 809 invalid dec weak, ref 3833 desc 0 s 1 w 0 [ 922.902538] binder: 809:810 unknown command 0 [ 922.902940] binder: undelivered TRANSACTION_ERROR: 29201 [ 922.907711] binder: 809:810 ioctl c0306201 20000540 returned -22 [ 922.930521] binder: BINDER_SET_CONTEXT_MGR already set [ 922.936647] binder: 809 invalid dec weak, ref 3834 desc 0 s 1 w 0 [ 922.943005] binder: 809:814 unknown command 0 [ 922.964738] binder: 809:814 ioctl c0306201 20000540 returned -22 [ 922.980629] binder: 809:810 ioctl 40046207 0 returned -16 2033/05/18 03:43:42 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000300"}, 0x6e) 2033/05/18 03:43:42 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x5, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x12080, 0x0) r2 = dup2(r0, r1) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r2, 0xfffffffffffffdd0) 2033/05/18 03:43:42 executing program 0: r0 = socket$bt_cmtp(0x1f, 0x3, 0x5) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f00000001c0)=0x7fff, 0x4) r1 = socket(0xf, 0x4, 0x4000000000000103) r2 = syz_open_dev$vcsa(&(0x7f0000000200)='/dev/vcsa#\x00', 0x3, 0x800) ioctl$GIO_UNIMAP(r2, 0x4b66, &(0x7f0000000280)={0x7, &(0x7f0000000240)=[{}, {}, {}, {}, {}, {}, {}]}) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) sendto$inet(r1, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00') sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x2c, r3, 0x2, 0x70bd2c, 0x25dfdbfe, {0x1}, [@FOU_ATTR_IPPROTO={0x8, 0x3, 0x5e}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e20}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e22}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x56cc6169da93f439) 2033/05/18 03:43:42 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:42 executing program 4 (fault-call:4 fault-nth:17): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:43:42 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_S390_VCPU_FAULT(r2, 0x4008ae52, &(0x7f00000000c0)=0x8) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuacct.usage_all\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:43:42 executing program 6: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000440)='/dev/urandom\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000480)={0x0, 0x8}, &(0x7f00000004c0)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000500)={r1, @in={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1d}}}, 0x2, 0x8001, 0x2, 0xdf, 0xd2}, &(0x7f00000005c0)=0x98) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x9}, &(0x7f0000000600)=0x27a) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000240)={r3, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r4 = msgget(0x1, 0x4) msgget(0x2, 0x0) msgrcv(r4, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r2, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000200)={r5, 0xfffffffffffffff9}, 0x8) 2033/05/18 03:43:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x74}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 923.540970] binder: 828:831 got reply transaction with no transaction stack [ 923.548200] binder: 828:831 transaction failed 29201/-71, size 0-0 line 2763 [ 923.568357] FAULT_INJECTION: forcing a failure. [ 923.568357] name failslab, interval 1, probability 0, space 0, times 0 [ 923.579697] CPU: 1 PID: 834 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 923.586914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 923.596265] Call Trace: [ 923.598854] dump_stack+0x1b9/0x294 [ 923.602479] ? dump_stack_print_info.cold.2+0x52/0x52 [ 923.607664] should_fail.cold.4+0xa/0x1a [ 923.611780] ? should_fail+0x21b/0xbcd [ 923.615661] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 923.620774] ? __schedule+0x809/0x1e30 [ 923.624655] ? __sched_text_start+0x8/0x8 [ 923.628790] ? find_held_lock+0x36/0x1c0 [ 923.632854] ? check_same_owner+0x320/0x320 [ 923.637164] ? rcu_note_context_switch+0x710/0x710 [ 923.642082] __should_failslab+0x124/0x180 [ 923.646304] should_failslab+0x9/0x14 [ 923.650105] kmem_cache_alloc+0x2af/0x760 [ 923.654242] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 923.659249] getname_kernel+0x54/0x370 [ 923.663125] kern_path+0x1e/0x40 [ 923.666479] lookup_bdev+0xfa/0x240 [ 923.670093] ? blkdev_open+0x280/0x280 [ 923.673972] blkdev_get_by_path+0x1f/0xe0 [ 923.678110] mount_bdev+0x5d/0x3e0 [ 923.681642] ? fuse_get_root_inode+0x190/0x190 [ 923.686214] fuse_mount_blk+0x34/0x40 [ 923.690006] mount_fs+0xae/0x328 [ 923.693406] vfs_kern_mount.part.34+0xd4/0x4d0 [ 923.697981] ? may_umount+0xb0/0xb0 [ 923.701614] ? _raw_read_unlock+0x22/0x30 [ 923.705747] ? __get_fs_type+0x97/0xc0 [ 923.709625] do_mount+0x564/0x3070 [ 923.713153] ? do_raw_spin_unlock+0x9e/0x2e0 [ 923.717553] ? copy_mount_string+0x40/0x40 [ 923.721777] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 923.726793] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 923.731539] ? retint_kernel+0x10/0x10 [ 923.735419] ? copy_mount_options+0x1f0/0x380 [ 923.739904] ? copy_mount_options+0x1fa/0x380 [ 923.744389] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 923.749912] ? copy_mount_options+0x285/0x380 [ 923.754395] ksys_mount+0x12d/0x140 [ 923.758113] __x64_sys_mount+0xbe/0x150 [ 923.762072] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 923.767090] do_syscall_64+0x1b1/0x800 [ 923.770976] ? finish_task_switch+0x1ca/0x840 [ 923.775459] ? syscall_return_slowpath+0x5c0/0x5c0 [ 923.780377] ? syscall_return_slowpath+0x30f/0x5c0 [ 923.785306] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 923.790661] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 923.795492] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 923.800674] RIP: 0033:0x455a09 [ 923.803851] RSP: 002b:00007fdc34d50b08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 923.811545] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 923.818798] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 923.826052] RBP: 0000000020000140 R08: 00007fdc34d50b20 R09: 0000000000000000 [ 923.833308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 2033/05/18 03:43:42 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000500"}, 0x6e) 2033/05/18 03:43:42 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x8}, &(0x7f0000000080)=0xc) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1, 0x3ff}, &(0x7f0000000140)=0x8) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) socketpair(0x0, 0x0, 0x800, &(0x7f0000000200)={0xffffffffffffffff}) futimesat(r2, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={{}, {0x77359400}}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0xc) [ 923.840569] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 923.858248] binder: BINDER_SET_CONTEXT_MGR already set [ 923.876669] binder: 828:831 ioctl 40046207 0 returned -16 2033/05/18 03:43:42 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000200"}, 0x6e) 2033/05/18 03:43:42 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) r2 = syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') getsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000680)={@multicast1, @multicast1, 0x0}, &(0x7f00000006c0)=0xc) getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f00000007c0)={@dev, 0x0}, &(0x7f0000000800)=0x14) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000840)={'vcan0\x00', 0x0}) getsockname$packet(r0, &(0x7f00000058c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000005900)=0x14) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000005940)={'syzkaller0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000005980)={'vcan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffff9c, 0x8933, &(0x7f0000005f40)={'rose0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000005f80)={'team0\x00', 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000005fc0)={{{@in6=@local, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@remote}}, &(0x7f00000060c0)=0xe8) accept4$packet(r0, &(0x7f0000006100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f0000006140)=0x14, 0x80000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000006180)={'tunl0\x00', 0x0}) getpeername(r0, &(0x7f00000062c0)=@can={0x0, 0x0}, &(0x7f0000006340)=0x80) accept4$packet(r0, &(0x7f0000006380)={0x0, 0x0, 0x0}, &(0x7f00000063c0)=0x14, 0x80800) getsockname$packet(r0, &(0x7f0000006400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000006440)=0x14) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000006480)={{{@in6=@mcast1, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@multicast1}}, &(0x7f0000006580)=0xe8) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000007000)={{{@in6=@dev, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@local}}, &(0x7f0000007100)=0xe8) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000007140)={{{@in6=@mcast2, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in6=@local}}, &(0x7f0000007240)=0xe8) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000007280)={'tunl0\x00', 0x0}) getpeername$packet(r0, &(0x7f0000007380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f00000073c0)=0x14) accept$packet(r0, &(0x7f0000007400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000007440)=0x14) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000007480)={{{@in6, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in6=@mcast2}}, &(0x7f0000007580)=0xe8) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000075c0)={{{@in6=@dev, @in6=@ipv4={[], [], @dev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@rand_addr}}, &(0x7f00000076c0)=0xe8) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000009c40)={0x0, @dev, @loopback}, &(0x7f0000009c80)=0xc) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000009cc0)={{{@in=@local, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@loopback}}, &(0x7f0000009dc0)=0xe8) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000009e00)={'team0\x00', 0x0}) getpeername$packet(r0, &(0x7f0000009e40)={0x0, 0x0, 0x0}, &(0x7f0000009e80)=0x14) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000009ec0)={{{@in=@multicast1, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in6=@dev}}, &(0x7f0000009fc0)=0xe8) getpeername(r0, &(0x7f000000a000)=@hci={0x0, 0x0}, &(0x7f000000a080)=0x80) accept4$packet(r0, &(0x7f000000a140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f000000a180)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f000000b900)={'team0\x00', 0x0}) getsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f000000b940)={@multicast1, @rand_addr, 0x0}, &(0x7f000000b980)=0xc) accept4$packet(r0, &(0x7f000000b9c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f000000ba00)=0x14, 0x0) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f000000ba40)={0x0, @dev, @remote}, &(0x7f000000ba80)=0xc) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f000000bc00)={0x0, @remote, @multicast2}, &(0x7f000000bc40)=0xc) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f000000bcc0)={'team0\x00', 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f000000bd00)={{{@in=@dev, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@remote}}, &(0x7f000000be00)=0xe8) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f000000be40)={{{@in6=@loopback, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@loopback}}, &(0x7f000000bf40)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f000000bf80)={{{@in6=@dev, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@loopback}}, &(0x7f000000c080)=0xe8) accept$packet(r1, &(0x7f000000c0c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f000000c100)=0x14) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f000000c200)={'team0\x00', 0x0}) recvmmsg(r1, &(0x7f000000f6c0)=[{{&(0x7f000000c240)=@hci={0x0, 0x0}, 0x80, &(0x7f000000c300)=[{&(0x7f000000c2c0)=""/55, 0x37}], 0x1, &(0x7f000000c340)=""/4096, 0x1000, 0x5}, 0x100000001}, {{&(0x7f000000d340)=@generic, 0x80, &(0x7f000000f640)=[{&(0x7f000000d3c0)=""/4096, 0x1000}, {&(0x7f000000e3c0)=""/240, 0xf0}, {&(0x7f000000e4c0)=""/189, 0xbd}, {&(0x7f000000e580)=""/4096, 0x1000}, {&(0x7f000000f580)=""/189, 0xbd}], 0x5, 0x0, 0x0, 0x9}, 0x7fffffff}], 0x2, 0x2043, &(0x7f000000f740)={0x77359400}) getpeername$packet(r0, &(0x7f0000011380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000113c0)=0x14) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000012300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x50800044}, 0xc, &(0x7f00000122c0)={&(0x7f0000011400)={0xeac, r2, 0x3a, 0x70bd29, 0x25dfdbff, {0x3}, [{{0x8, 0x1, r3}, {0x240, 0x2, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r4}}, {0x8, 0x7}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8, 0x3, 0xe}, {0x8, 0x4}}, {0x8, 0x6, r5}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x7ff}}}, {0x54, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8, 0x3, 0xb}, {0x24, 0x4, [{0x10001, 0x3, 0x40, 0x1}, {0xffffffffffffffc1, 0x8, 0x6}, {0x2, 0x1ff, 0x2, 0x4}, {0xffffffffffffff40, 0x3, 0x48b, 0x160}]}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x6}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r8}}, {0x8, 0x7}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x4}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r9}}}]}}, {{0x8, 0x1, r10}, {0x74, 0x2, [{0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0xd6}}}]}}, {{0x8, 0x1, r11}, {0x1ac, 0x2, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x3f}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r12}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x3f}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r13}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r14}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8, 0x3, 0x5}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}]}}, {{0x8, 0x1, r15}, {0x12c, 0x2, [{0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x2}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4}}, {0x8, 0x7}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x80000000}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r16}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r17}}}]}}, {{0x8, 0x1, r18}, {0x1f0, 0x2, [{0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r19}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8, 0x3, 0x5}, {0x10, 0x4, 'broadcast\x00'}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r20}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r21}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r22}}, {0x8, 0x7}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r23}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x9}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r24}}, {0x8, 0x7}}}]}}, {{0x8, 0x1, r25}, {0x174, 0x2, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x1f5}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0xe75}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r26}}, {0x8, 0x7}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4, 0x4}}, {0x8, 0x7}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8, 0x3, 0xe}, {0x8, 0x4, 0xffffffffffff0001}}, {0x8, 0x6, r27}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x1ff}}, {0x8, 0x6, r28}}}]}}, {{0x8, 0x1, r29}, {0x128, 0x2, [{0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x7}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r30}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4, 0xfffffffffffffffb}}, {0x8, 0x7}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r31}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0xbfe}}}]}}, {{0x8, 0x1, r32}, {0x124, 0x2, [{0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r33}}}, {0x74, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8, 0x3, 0xb}, {0x44, 0x4, [{0x0, 0x3, 0x6, 0xffff}, {0x8, 0x1, 0x0, 0x1f}, {0x9, 0x6d8, 0x40, 0xfffffffffffffff9}, {0x0, 0x5, 0x8, 0x7c}, {0x3, 0x7, 0x400, 0x40a}, {0x6, 0x4, 0x7, 0x9f3c}, {0x4, 0x6, 0x645c}, {0x0, 0x6, 0x80000001, 0xef8}]}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x100000001}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x1}}}]}}, {{0x8, 0x1, r34}, {0x164, 0x2, [{0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8, 0x3, 0x5}, {0x10, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x6}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0xec3}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r35}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r36}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r37}}}]}}, {{0x8, 0x1, r38}, {0x1a8, 0x2, [{0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x9}}, {0x8, 0x6, r39}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4, 0xd04}}, {0x8, 0x7}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8, 0x3, 0xe}, {0x8, 0x4}}, {0x8, 0x6, r40}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r41}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r42}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r43}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r44}}}]}}]}, 0xeac}, 0x1, 0x0, 0x0, 0x810}, 0x4004800) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) r45 = add_key(&(0x7f0000000080)='id_resolver\x00', &(0x7f00000000c0)={0x73, 0x79, 0x7a, 0x0}, &(0x7f0000000100)="780273619fc59b974cf2b7196bbba472e0dd35fd8164b7fc1193b3a25ebeabcc2f24095c48c50375fce30b4a70db1946325d9462faba9b020ee7e961a353a5c7ca44b6e017381fc7a3bd158fc9642e7d16b9daf13a7f1555288c53af94eda906995f00cb55b784c8ff40bb5527dde92a26871d22bd7933", 0x77, 0xfffffffffffffffb) keyctl$restrict_keyring(0x1d, r45, 0x0, 0x0) ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f0000000040)) [ 923.915289] binder: 828:840 got reply transaction with no transaction stack [ 923.922556] binder: 828:840 transaction failed 29201/-71, size 0-0 line 2763 [ 923.939966] binder: 839:845 Acquire 1 refcount change on invalid ref 116 ret -22 [ 923.947660] binder: 839:845 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 923.955104] binder: 839:845 unknown command 0 2033/05/18 03:43:42 executing program 4 (fault-call:4 fault-nth:18): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) [ 923.976265] binder: 839:845 ioctl c0306201 20000540 returned -22 2033/05/18 03:43:42 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000fd00"}, 0x6e) 2033/05/18 03:43:42 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='veth1_to_bridge\x00', 0x10) 2033/05/18 03:43:42 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:42 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_S390_VCPU_FAULT(r2, 0x4008ae52, &(0x7f00000000c0)=0x8) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 924.051706] binder: undelivered TRANSACTION_ERROR: 29201 [ 924.065289] binder: undelivered TRANSACTION_ERROR: 29201 [ 924.100640] binder: BINDER_SET_CONTEXT_MGR already set [ 924.124799] binder: 870:873 got reply transaction with no transaction stack [ 924.132108] binder: 839:845 ioctl 40046207 0 returned -16 [ 924.137696] binder: 870:873 transaction failed 29201/-71, size 0-0 line 2763 [ 924.152751] FAULT_INJECTION: forcing a failure. [ 924.152751] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 924.164599] CPU: 1 PID: 863 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 924.171695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 924.181046] Call Trace: [ 924.183633] dump_stack+0x1b9/0x294 [ 924.187255] ? dump_stack_print_info.cold.2+0x52/0x52 [ 924.192446] should_fail.cold.4+0xa/0x1a [ 924.196501] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 924.201616] ? debug_check_no_locks_freed+0x310/0x310 [ 924.206797] ? wait_for_completion+0x870/0x870 [ 924.211375] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 924.216910] ? find_next_zero_bit+0x111/0x140 [ 924.221413] ? perf_trace_lock+0xd6/0x900 [ 924.225548] ? rcu_pm_notify+0xc0/0xc0 [ 924.229426] ? zap_class+0x720/0x720 [ 924.233142] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 924.238669] ? should_fail+0x21b/0xbcd [ 924.242558] ? should_fail+0x21b/0xbcd [ 924.246446] __alloc_pages_nodemask+0x34e/0xd70 [ 924.251109] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 924.256115] ? find_held_lock+0x36/0x1c0 [ 924.260189] ? check_same_owner+0x320/0x320 [ 924.264504] cache_grow_begin+0x72/0x6c0 [ 924.268557] kmem_cache_alloc+0x689/0x760 [ 924.272694] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 924.277700] getname_kernel+0x54/0x370 [ 924.281578] kern_path+0x1e/0x40 [ 924.284931] lookup_bdev+0xfa/0x240 [ 924.288544] ? blkdev_open+0x280/0x280 [ 924.292429] blkdev_get_by_path+0x1f/0xe0 [ 924.296578] mount_bdev+0x5d/0x3e0 [ 924.300114] ? fuse_get_root_inode+0x190/0x190 [ 924.304694] fuse_mount_blk+0x34/0x40 [ 924.308483] mount_fs+0xae/0x328 [ 924.311842] vfs_kern_mount.part.34+0xd4/0x4d0 [ 924.316411] ? may_umount+0xb0/0xb0 [ 924.320029] ? _raw_read_unlock+0x22/0x30 [ 924.324165] ? __get_fs_type+0x97/0xc0 [ 924.328044] do_mount+0x564/0x3070 [ 924.331570] ? do_raw_spin_unlock+0x9e/0x2e0 [ 924.335968] ? copy_mount_string+0x40/0x40 [ 924.340189] ? rcu_pm_notify+0xc0/0xc0 [ 924.344086] ? copy_mount_options+0x5f/0x380 [ 924.348479] ? rcu_read_lock_sched_held+0x108/0x120 [ 924.353484] ? kmem_cache_alloc_trace+0x616/0x780 [ 924.358321] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 924.363854] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 924.369378] ? copy_mount_options+0x285/0x380 [ 924.373863] ksys_mount+0x12d/0x140 [ 924.377481] __x64_sys_mount+0xbe/0x150 [ 924.381463] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 924.386467] do_syscall_64+0x1b1/0x800 [ 924.390339] ? finish_task_switch+0x1ca/0x840 [ 924.394820] ? syscall_return_slowpath+0x5c0/0x5c0 [ 924.399739] ? syscall_return_slowpath+0x30f/0x5c0 [ 924.404666] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 924.410033] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 924.414866] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 924.420049] RIP: 0033:0x455a09 2033/05/18 03:43:43 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000100"}, 0x6e) [ 924.423221] RSP: 002b:00007fdc34d50b08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 924.430916] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 924.438180] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 924.445443] RBP: 0000000020000140 R08: 00007fdc34d50b20 R09: 0000000000000000 [ 924.452706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 924.459960] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 924.476186] binder: BINDER_SET_CONTEXT_MGR already set [ 924.500151] binder: 870:873 ioctl 40046207 0 returned -16 [ 924.503648] binder: 839:881 Acquire 1 refcount change on invalid ref 116 ret -22 [ 924.513461] binder: 839:881 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 924.520897] binder: 839:881 unknown command 0 [ 924.531163] binder: 870:883 got reply transaction with no transaction stack [ 924.538396] binder: 870:883 transaction failed 29201/-71, size 0-0 line 2763 [ 924.568005] binder: 839:881 ioctl c0306201 20000540 returned -22 [ 924.602835] binder: undelivered TRANSACTION_ERROR: 29201 [ 924.608839] binder: undelivered TRANSACTION_ERROR: 29201 2033/05/18 03:43:43 executing program 4 (fault-call:4 fault-nth:19): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:43:43 executing program 7: r0 = socket(0xfffffffffffffffc, 0x80001, 0x100008000) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") accept$inet6(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, @dev}, &(0x7f0000000080)=0x1c) r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) 2033/05/18 03:43:43 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_S390_VCPU_FAULT(r2, 0x4008ae52, &(0x7f00000000c0)=0x8) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:43:43 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x2000000000000000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:43 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) msgget(0x2, 0x0) msgrcv(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x800000000009, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r3, 0xfffffffffffffff9}, 0x8) 2033/05/18 03:43:43 executing program 0: r0 = socket(0x2, 0x3, 0x40000020000000ff) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f00000000c0)=0x5, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)="69705f76f72344070000000800", 0x5) ioctl$sock_ipx_SIOCIPXNCPCONN(r0, 0x89e3, &(0x7f0000000080)=0x4) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f0000000000)=0x3ff) 2033/05/18 03:43:43 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000ffff00"}, 0x6e) [ 924.759711] binder: 907:914 got reply transaction with no transaction stack [ 924.766945] binder: 907:914 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:43:43 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f0000000000)=@generic={0xfff, 0x2, 0x5}) ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f0000000080)={r0, 0x7, 0x5, "0fc010e2144df4aa50053ac687c3619081f348516c4e6007817fb7cd4b8b8e0b94f4c1321efe62378537208f8e0ad84dff3e2b74514483da2b52a6e817449d36a9ecd4e7556b112ef6dd4c3edc0e68bc808f"}) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) 2033/05/18 03:43:43 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000300"}, 0x6e) 2033/05/18 03:43:43 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x7, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$EVIOCSABS2F(r2, 0x401845ef, &(0x7f0000000080)={0x7fff, 0x4, 0x20, 0x7, 0x8000, 0x6}) [ 924.835099] binder: BINDER_SET_CONTEXT_MGR already set [ 924.854320] device bridge_slave_1 left promiscuous mode [ 924.859951] bridge0: port 2(bridge_slave_1) entered disabled state [ 924.865526] binder: 907:914 ioctl 40046207 0 returned -16 2033/05/18 03:43:43 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_S390_VCPU_FAULT(r2, 0x4008ae52, &(0x7f00000000c0)=0x8) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 924.902191] binder: 907:921 got reply transaction with no transaction stack [ 924.909465] binder: 907:921 transaction failed 29201/-71, size 0-0 line 2763 [ 924.925100] device bridge_slave_0 left promiscuous mode [ 924.930714] bridge0: port 1(bridge_slave_0) entered disabled state [ 925.039876] team0 (unregistering): Port device team_slave_1 removed [ 925.053709] team0 (unregistering): Port device team_slave_0 removed [ 925.078519] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 925.106394] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 925.192900] bond0 (unregistering): Released all slaves [ 925.230722] binder: 920 invalid dec weak, ref 3858 desc 0 s 1 w 0 [ 925.237114] binder: 920:933 unknown command 0 [ 925.252605] binder: undelivered TRANSACTION_ERROR: 29201 [ 925.258499] binder: undelivered TRANSACTION_ERROR: 29201 [ 925.268436] binder: 920:933 ioctl c0306201 20000540 returned -22 [ 925.303438] binder: BINDER_SET_CONTEXT_MGR already set [ 925.309805] binder: 920:933 ioctl 40046207 0 returned -16 [ 925.324791] binder: 920 invalid dec weak, ref 3859 desc 0 s 1 w 0 [ 925.331115] binder: 920:944 unknown command 0 [ 925.342826] binder: 920:944 ioctl c0306201 20000540 returned -22 [ 926.333634] IPVS: ftp: loaded support on port[0] = 21 [ 926.678592] bridge0: port 1(bridge_slave_0) entered blocking state [ 926.685004] bridge0: port 1(bridge_slave_0) entered disabled state [ 926.693225] device bridge_slave_0 entered promiscuous mode [ 926.718185] bridge0: port 2(bridge_slave_1) entered blocking state [ 926.724564] bridge0: port 2(bridge_slave_1) entered disabled state [ 926.731726] device bridge_slave_1 entered promiscuous mode [ 926.756265] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 926.783074] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 926.850403] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 926.879261] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 926.984798] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 926.991903] team0: Port device team_slave_0 added [ 927.016048] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 927.023291] team0: Port device team_slave_1 added [ 927.047771] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 927.075825] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 927.102763] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 927.109842] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 927.118318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 927.137876] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 927.144936] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 927.153402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 927.375569] bridge0: port 2(bridge_slave_1) entered blocking state [ 927.381951] bridge0: port 2(bridge_slave_1) entered forwarding state [ 927.388595] bridge0: port 1(bridge_slave_0) entered blocking state [ 927.394954] bridge0: port 1(bridge_slave_0) entered forwarding state [ 928.221356] 8021q: adding VLAN 0 to HW filter on device bond0 [ 928.301343] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 928.381565] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 928.387774] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 928.396149] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 928.473083] 8021q: adding VLAN 0 to HW filter on device team0 [ 928.942715] FAULT_INJECTION: forcing a failure. [ 928.942715] name failslab, interval 1, probability 0, space 0, times 0 [ 928.954686] CPU: 1 PID: 1210 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 928.961866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 928.971214] Call Trace: [ 928.973795] dump_stack+0x1b9/0x294 [ 928.977422] ? dump_stack_print_info.cold.2+0x52/0x52 [ 928.982698] ? kernel_text_address+0x79/0xf0 [ 928.987100] should_fail.cold.4+0xa/0x1a [ 928.991154] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 928.996251] ? graph_lock+0x170/0x170 [ 929.000045] ? save_stack+0x43/0xd0 [ 929.003658] ? kasan_kmalloc+0xc4/0xe0 [ 929.007530] ? __kmalloc+0x14e/0x760 [ 929.011238] ? __list_lru_init+0xdd/0x790 [ 929.015403] ? find_held_lock+0x36/0x1c0 [ 929.019452] ? __lock_is_held+0xb5/0x140 [ 929.023518] ? check_same_owner+0x320/0x320 [ 929.027840] ? rcu_note_context_switch+0x710/0x710 [ 929.032760] __should_failslab+0x124/0x180 [ 929.036985] should_failslab+0x9/0x14 [ 929.040781] kmem_cache_alloc_node_trace+0x26f/0x770 [ 929.045867] ? mark_held_locks+0xc9/0x160 [ 929.050013] ? __raw_spin_lock_init+0x1c/0x100 [ 929.054600] __kmalloc_node+0x33/0x70 [ 929.058407] kvmalloc_node+0x6b/0x100 [ 929.062212] __list_lru_init+0x559/0x790 [ 929.066266] ? list_lru_destroy+0x4c0/0x4c0 [ 929.070592] ? mark_held_locks+0xc9/0x160 [ 929.074730] ? __raw_spin_lock_init+0x1c/0x100 [ 929.079301] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 929.084305] ? __lockdep_init_map+0x105/0x590 [ 929.088790] ? lockdep_init_map+0x9/0x10 [ 929.092836] sget_userns+0x73a/0xf00 [ 929.096547] ? kill_litter_super+0x90/0x90 [ 929.100784] ? ns_test_super+0x50/0x50 [ 929.104657] ? destroy_unused_super.part.11+0x110/0x110 [ 929.110022] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 929.114614] ? kasan_check_write+0x14/0x20 [ 929.118834] ? do_raw_spin_lock+0xc1/0x200 [ 929.123062] ? blkdev_get+0xc0/0xb30 [ 929.126760] ? cap_capable+0x1f9/0x260 [ 929.130639] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 929.136161] ? security_capable+0x99/0xc0 [ 929.140307] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 929.145838] ? ns_capable_common+0x13f/0x170 [ 929.150252] ? kill_litter_super+0x90/0x90 [ 929.154471] sget+0x10b/0x150 [ 929.157559] ? ns_test_super+0x50/0x50 [ 929.161432] mount_bdev+0x111/0x3e0 [ 929.165049] ? fuse_get_root_inode+0x190/0x190 [ 929.169627] fuse_mount_blk+0x34/0x40 [ 929.173421] mount_fs+0xae/0x328 [ 929.176774] vfs_kern_mount.part.34+0xd4/0x4d0 [ 929.181340] ? may_umount+0xb0/0xb0 [ 929.184951] ? _raw_read_unlock+0x22/0x30 [ 929.189085] ? __get_fs_type+0x97/0xc0 [ 929.192957] do_mount+0x564/0x3070 [ 929.196484] ? copy_mount_string+0x40/0x40 [ 929.200704] ? rcu_pm_notify+0xc0/0xc0 [ 929.204591] ? copy_mount_options+0x5f/0x380 [ 929.208986] ? rcu_read_lock_sched_held+0x108/0x120 [ 929.213987] ? kmem_cache_alloc_trace+0x616/0x780 [ 929.218822] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 929.224348] ? _copy_from_user+0xdf/0x150 [ 929.228575] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 929.234096] ? copy_mount_options+0x285/0x380 [ 929.238621] ksys_mount+0x12d/0x140 [ 929.242244] __x64_sys_mount+0xbe/0x150 [ 929.246205] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 929.251227] do_syscall_64+0x1b1/0x800 [ 929.255100] ? finish_task_switch+0x1ca/0x840 [ 929.259580] ? syscall_return_slowpath+0x5c0/0x5c0 [ 929.264503] ? syscall_return_slowpath+0x30f/0x5c0 [ 929.269420] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 929.274769] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 929.279598] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 929.284779] RIP: 0033:0x455a09 2033/05/18 03:43:48 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000000000300"}, 0x6e) 2033/05/18 03:43:48 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) setsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000000)=0x4, 0x4) 2033/05/18 03:43:48 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_S390_VCPU_FAULT(r2, 0x4008ae52, &(0x7f00000000c0)=0x8) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:43:48 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:48 executing program 7: r0 = socket(0x2, 0x1, 0x0) mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x8) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) 2033/05/18 03:43:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0xe630c40}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:48 executing program 4 (fault-call:4 fault-nth:20): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:43:48 executing program 6: r0 = socket(0xa, 0x80002, 0xfffffffffffffffd) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) msgget(0x2, 0x0) msgrcv(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r3, 0xfffffffffffffff9}, 0x8) [ 929.287950] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 929.295642] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 929.302917] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 929.310198] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 929.317457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 929.324711] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 929.373051] binder: 1219:1222 got reply transaction with no transaction stack [ 929.380593] binder: 1219:1222 transaction failed 29201/-71, size 0-0 line 2763 [ 929.411556] binder: BINDER_SET_CONTEXT_MGR already set [ 929.420619] binder: 1219:1222 ioctl 40046207 0 returned -16 [ 929.427911] binder: 1228:1231 Acquire 1 refcount change on invalid ref 241372224 ret -22 [ 929.436249] binder: 1228:1231 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 929.441934] FAULT_INJECTION: forcing a failure. [ 929.441934] name failslab, interval 1, probability 0, space 0, times 0 [ 929.444045] binder: 1228:1231 unknown command 0 [ 929.455085] CPU: 0 PID: 1229 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 929.461530] binder: 1228:1231 ioctl c0306201 20000540 returned -22 [ 929.466906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 929.466916] Call Trace: [ 929.466945] dump_stack+0x1b9/0x294 [ 929.466973] ? dump_stack_print_info.cold.2+0x52/0x52 [ 929.466995] ? pcpu_next_fit_region.constprop.23+0x334/0x410 [ 929.467033] should_fail.cold.4+0xa/0x1a [ 929.473601] binder: 1219:1230 got reply transaction with no transaction stack [ 929.482693] ? kasan_check_write+0x14/0x20 [ 929.482724] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 929.482745] ? graph_lock+0x170/0x170 [ 929.482763] ? wait_for_completion+0x870/0x870 [ 929.482792] ? graph_lock+0x170/0x170 [ 929.485377] binder: 1219:1230 transaction failed 29201/-71, size 0-0 line 2763 [ 929.488977] ? find_next_zero_bit+0x111/0x140 [ 929.489006] ? find_held_lock+0x36/0x1c0 [ 929.548531] ? __lock_is_held+0xb5/0x140 [ 929.552603] ? check_same_owner+0x320/0x320 [ 929.556919] ? __might_sleep+0x95/0x190 [ 929.560890] ? rcu_note_context_switch+0x710/0x710 [ 929.565822] __should_failslab+0x124/0x180 [ 929.570054] should_failslab+0x9/0x14 [ 929.573847] __kmalloc+0x2c8/0x760 [ 929.577400] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 929.582408] ? __lockdep_init_map+0x105/0x590 [ 929.586899] ? __list_lru_init+0xdd/0x790 [ 929.591047] __list_lru_init+0xdd/0x790 [ 929.595026] ? list_lru_destroy+0x4c0/0x4c0 [ 929.599342] ? mark_held_locks+0xc9/0x160 [ 929.603499] ? __raw_spin_lock_init+0x1c/0x100 [ 929.608075] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 929.613085] ? __lockdep_init_map+0x105/0x590 [ 929.617579] ? lockdep_init_map+0x9/0x10 [ 929.621642] sget_userns+0x73a/0xf00 [ 929.625348] ? kill_litter_super+0x90/0x90 [ 929.629582] ? ns_test_super+0x50/0x50 [ 929.633465] ? destroy_unused_super.part.11+0x110/0x110 [ 929.639271] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 929.643851] ? kasan_check_write+0x14/0x20 [ 929.648088] ? do_raw_spin_lock+0xc1/0x200 [ 929.652335] ? blkdev_get+0xc0/0xb30 [ 929.656048] ? cap_capable+0x1f9/0x260 [ 929.659936] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 929.665464] ? security_capable+0x99/0xc0 [ 929.669619] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 929.675159] ? ns_capable_common+0x13f/0x170 [ 929.679561] ? kill_litter_super+0x90/0x90 [ 929.683788] sget+0x10b/0x150 [ 929.686887] ? ns_test_super+0x50/0x50 [ 929.690771] mount_bdev+0x111/0x3e0 [ 929.694393] ? fuse_get_root_inode+0x190/0x190 [ 929.698974] fuse_mount_blk+0x34/0x40 [ 929.702768] mount_fs+0xae/0x328 [ 929.706133] vfs_kern_mount.part.34+0xd4/0x4d0 [ 929.710712] ? may_umount+0xb0/0xb0 [ 929.714330] ? _raw_read_unlock+0x22/0x30 [ 929.718558] ? __get_fs_type+0x97/0xc0 [ 929.722446] do_mount+0x564/0x3070 [ 929.725980] ? do_raw_spin_unlock+0x9e/0x2e0 [ 929.730392] ? copy_mount_string+0x40/0x40 [ 929.734619] ? rcu_pm_notify+0xc0/0xc0 [ 929.738514] ? copy_mount_options+0x5f/0x380 [ 929.742913] ? rcu_read_lock_sched_held+0x108/0x120 [ 929.747921] ? kmem_cache_alloc_trace+0x616/0x780 [ 929.752763] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 929.758473] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 929.764002] ? copy_mount_options+0x285/0x380 [ 929.768500] ksys_mount+0x12d/0x140 [ 929.772138] __x64_sys_mount+0xbe/0x150 [ 929.776101] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 929.781114] do_syscall_64+0x1b1/0x800 [ 929.784994] ? finish_task_switch+0x1ca/0x840 [ 929.789489] ? syscall_return_slowpath+0x5c0/0x5c0 [ 929.794415] ? syscall_return_slowpath+0x30f/0x5c0 [ 929.799356] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 929.804717] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 929.809568] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 929.814747] RIP: 0033:0x455a09 2033/05/18 03:43:48 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000000)=@assoc_value={0x0, 0x2}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f00000000c0)={0x10000, 0x2, 0x8205, 0x3f, 0x5, 0x9, 0x6, 0x1, r1}, 0x20) 2033/05/18 03:43:48 executing program 7: r0 = socket(0x2, 0x1, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000080)={0x0, 'team_slave_0\x00', 0x1}, 0x18) r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) 2033/05/18 03:43:48 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000500"}, 0x6e) [ 929.817933] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 929.825634] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 929.832894] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 929.840252] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 929.847509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 929.854771] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 929.899653] binder: BINDER_SET_CONTEXT_MGR already set 2033/05/18 03:43:48 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 929.926768] binder: undelivered TRANSACTION_ERROR: 29201 [ 929.932744] binder: undelivered TRANSACTION_ERROR: 29201 2033/05/18 03:43:48 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x890f, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) 2033/05/18 03:43:48 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_S390_VCPU_FAULT(r2, 0x4008ae52, &(0x7f00000000c0)=0x8) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:43:48 executing program 4 (fault-call:4 fault-nth:21): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:43:48 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000000fd00"}, 0x6e) [ 930.011429] binder: 1228:1231 ioctl 40046207 0 returned -16 [ 930.012566] binder: 1248:1249 got reply transaction with no transaction stack [ 930.024750] binder: 1248:1249 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:43:48 executing program 0: setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) r0 = socket$inet_udp(0x2, 0x2, 0x0) sendto(r0, &(0x7f0000000080)="17ed5daebac9699f74ef2554e94e1d48434f00a10c0862925f98cd75ad34062eb680987f8f1416c832f7e8e8658305e1a08e27dfccdd261d137951ffe727957ec0235b426c3afbfe4a9f7fde2328134c7d3771fb2b73acf6b9b5af5e0d37dc8c7e71", 0x62, 0x4000, &(0x7f0000000140)=@nfc={0x27, 0x0, 0x1, 0x1}, 0x80) syz_open_dev$ndb(&(0x7f0000000280)='/dev/nbd#\x00', 0x0, 0x20100) sendto$inet(0xffffffffffffffff, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) recvfrom$inet(r0, &(0x7f00000001c0)=""/192, 0xc0, 0x2000, &(0x7f0000000000)={0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000380)='oom_score\x00') r2 = open(&(0x7f00000003c0)='./file0\x00', 0x80, 0x40) perf_event_open$cgroup(&(0x7f0000000300)={0x5, 0x70, 0x3, 0x1f, 0x100000000, 0x1, 0x0, 0x6, 0x10001, 0x1, 0x4, 0x7, 0x1, 0x3, 0x1, 0x4, 0x395e, 0x800, 0x5, 0x2, 0x2, 0x8, 0x7, 0x1000, 0x400, 0x65, 0x6, 0x401, 0x100, 0x3d, 0x7, 0x2, 0x5, 0x6, 0x2d9, 0x20, 0x7, 0x81, 0x0, 0x92, 0x2, @perf_bp={&(0x7f00000002c0), 0x5}, 0x100, 0x5, 0xb5c, 0x3, 0x200, 0xd04, 0x7ba4}, r1, 0x2, r2, 0x8) [ 930.100281] FAULT_INJECTION: forcing a failure. [ 930.100281] name failslab, interval 1, probability 0, space 0, times 0 [ 930.111604] CPU: 1 PID: 1267 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 930.117369] binder: 1228:1270 Acquire 1 refcount change on invalid ref 241372224 ret -22 [ 930.118818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 930.118843] Call Trace: [ 930.118869] dump_stack+0x1b9/0x294 [ 930.118894] ? dump_stack_print_info.cold.2+0x52/0x52 [ 930.127178] binder: 1228:1270 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 930.136493] ? __save_stack_trace+0x7e/0xd0 [ 930.136518] should_fail.cold.4+0xa/0x1a [ 930.136539] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 930.136563] ? save_stack+0x43/0xd0 [ 930.139162] binder: 1228:1270 unknown command 0 [ 930.143441] ? kasan_kmalloc+0xc4/0xe0 [ 930.143462] ? kmem_cache_alloc_trace+0x152/0x780 [ 930.143478] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 930.143494] ? __list_lru_init+0x456/0x790 [ 930.195941] ? sget_userns+0x73a/0xf00 [ 930.199821] ? graph_lock+0x170/0x170 [ 930.203607] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 930.208349] ? do_mount+0x564/0x3070 [ 930.212051] ? ksys_mount+0x12d/0x140 [ 930.215836] ? __x64_sys_mount+0xbe/0x150 [ 930.219970] ? do_syscall_64+0x1b1/0x800 [ 930.224038] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 930.229392] ? find_held_lock+0x36/0x1c0 [ 930.233442] ? __lock_is_held+0xb5/0x140 [ 930.237497] ? check_same_owner+0x320/0x320 [ 930.241806] ? rcu_note_context_switch+0x710/0x710 [ 930.246731] __should_failslab+0x124/0x180 [ 930.250954] should_failslab+0x9/0x14 [ 930.254742] kmem_cache_alloc_trace+0x2cb/0x780 [ 930.259411] ? __kmalloc_node+0x33/0x70 [ 930.263371] ? __kmalloc_node+0x33/0x70 [ 930.267331] ? rcu_read_lock_sched_held+0x108/0x120 [ 930.272335] __memcg_init_list_lru_node+0x17d/0x2c0 [ 930.277341] ? kvfree_rcu+0x20/0x20 [ 930.280952] ? __kmalloc_node+0x47/0x70 [ 930.284915] __list_lru_init+0x456/0x790 [ 930.288966] ? list_lru_destroy+0x4c0/0x4c0 [ 930.293274] ? mark_held_locks+0xc9/0x160 [ 930.297412] ? __raw_spin_lock_init+0x1c/0x100 [ 930.301989] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 930.307015] ? __lockdep_init_map+0x105/0x590 [ 930.311505] ? lockdep_init_map+0x9/0x10 [ 930.315553] sget_userns+0x73a/0xf00 [ 930.319251] ? kill_litter_super+0x90/0x90 [ 930.323486] ? ns_test_super+0x50/0x50 [ 930.327361] ? destroy_unused_super.part.11+0x110/0x110 [ 930.332709] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 930.337278] ? kasan_check_write+0x14/0x20 [ 930.341500] ? do_raw_spin_lock+0xc1/0x200 [ 930.345725] ? blkdev_get+0xc0/0xb30 [ 930.349425] ? cap_capable+0x1f9/0x260 [ 930.353308] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 930.358834] ? security_capable+0x99/0xc0 [ 930.362980] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 930.368513] ? ns_capable_common+0x13f/0x170 [ 930.372918] ? kill_litter_super+0x90/0x90 [ 930.377139] sget+0x10b/0x150 [ 930.380230] ? ns_test_super+0x50/0x50 [ 930.384108] mount_bdev+0x111/0x3e0 [ 930.387725] ? fuse_get_root_inode+0x190/0x190 [ 930.392299] fuse_mount_blk+0x34/0x40 [ 930.396105] mount_fs+0xae/0x328 [ 930.399464] vfs_kern_mount.part.34+0xd4/0x4d0 [ 930.404037] ? may_umount+0xb0/0xb0 [ 930.407652] ? _raw_read_unlock+0x22/0x30 [ 930.411871] ? __get_fs_type+0x97/0xc0 [ 930.415759] do_mount+0x564/0x3070 [ 930.419295] ? do_raw_spin_unlock+0x9e/0x2e0 [ 930.423697] ? copy_mount_string+0x40/0x40 [ 930.427920] ? rcu_pm_notify+0xc0/0xc0 [ 930.431806] ? copy_mount_options+0x5f/0x380 [ 930.436201] ? rcu_read_lock_sched_held+0x108/0x120 [ 930.441213] ? kmem_cache_alloc_trace+0x616/0x780 [ 930.446049] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 930.451578] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 930.457103] ? copy_mount_options+0x285/0x380 [ 930.461605] ksys_mount+0x12d/0x140 [ 930.465225] __x64_sys_mount+0xbe/0x150 [ 930.469195] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 930.474201] do_syscall_64+0x1b1/0x800 [ 930.478084] ? finish_task_switch+0x1ca/0x840 [ 930.482579] ? syscall_return_slowpath+0x5c0/0x5c0 [ 930.487496] ? syscall_return_slowpath+0x30f/0x5c0 [ 930.492417] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 930.497772] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 930.502608] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 930.507782] RIP: 0033:0x455a09 [ 930.510958] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 930.518653] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 930.525909] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 930.533162] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 930.540415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 2033/05/18 03:43:49 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") socket$kcm(0xa, 0x6, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x20) setsockopt$sock_attach_bpf(r0, 0x10d, 0x2, &(0x7f0000000080)=r1, 0x4) 2033/05/18 03:43:49 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000000000100"}, 0x6e) [ 930.547670] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 930.558438] binder: 1228:1270 ioctl c0306201 20000540 returned -22 [ 930.576237] binder: BINDER_SET_CONTEXT_MGR already set [ 930.585345] binder: 1248:1249 ioctl 40046207 0 returned -16 2033/05/18 03:43:49 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x281, 0x0) fstat(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TUNSETGROUP(r1, 0x400454ce, r2) [ 930.617756] binder: 1248:1275 got reply transaction with no transaction stack [ 930.625189] binder: 1248:1275 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:43:49 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_S390_VCPU_FAULT(r2, 0x4008ae52, &(0x7f00000000c0)=0x8) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 930.713139] binder: undelivered TRANSACTION_ERROR: 29201 [ 930.719792] binder: undelivered TRANSACTION_ERROR: 29201 2033/05/18 03:43:49 executing program 7: r0 = socket(0x1, 0x7, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") socket$kcm(0xa, 0x6, 0x0) 2033/05/18 03:43:49 executing program 4 (fault-call:4 fault-nth:22): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:43:49 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000000000200"}, 0x6e) 2033/05/18 03:43:49 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) sendmsg$kcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000140)="bfb702ce3cdc4f035d50f728da9657276a6951ab9e7051d8f95c616884ab28ba88f43d839e9488a8967f57d162ef251b28ebb0e71625b38e27c496c9cfeebf96e781f05262df9c956dbdd789ea", 0x4d}, {&(0x7f00000001c0)="3e7f1871e849105e2bdfd758adde67671c5cbbade956f573534804", 0x1b}, {&(0x7f0000000200)="13d98f6da1ae69af48afdcb440db1c6244dc86149360c86c53d48a058da2673e525fde4223c935736ca3ee9266ca66d9e81abe429b64a7f406dddbe76f09e07ee48968ab642e44796a2b44912d568d8f544c0306be6962affda9a55ab479520caf9ac3a511b78808e6df658278bf7f614d7c6fcd99ff0ce5b38b06e7e17565d23020484ce1ca83eafced0a8ca0544a532deb04f29cedc1bf16227589bcf9d923", 0xa0}], 0x3, 0x0, 0x0, 0x801}, 0x80) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) write$binfmt_elf32(r0, &(0x7f0000000340)={{0x7f, 0x45, 0x4c, 0x46, 0x40, 0x7, 0x3f08, 0x0, 0xffff, 0x3, 0x3, 0x9, 0xbf, 0x38, 0x226, 0x20, 0x5, 0x20, 0x2, 0xffffffffcedd5c20, 0x2, 0x4000000000000000}, [{0x60000006, 0x10000, 0xfffffffffffffffc, 0x1, 0x3, 0x3, 0x1, 0x6}, {0x70000001, 0x2, 0x200, 0x6, 0x1, 0x8, 0x0, 0x100000000}], "c8eaa8f2d3ff4a8a4249829963e493d45e744c93bea647e434cb677c96c16ad0f3dc528a976fac5d16fac91179a1bc31f89656b6d1271b120d166309b387942eafb8d5db8cbf20122835f25ee88279b6d8f49ed2b7ee26", [[], [], [], [], [], [], [], []]}, 0x8cf) ptrace$peek(0x3, r1, &(0x7f00000000c0)) setsockopt(r0, 0x401, 0x1, &(0x7f0000000000)="3251691fcfe95ec680ddb4be9b258f15888e6dffbf1f061bbde47e7815963e8f98a0a1", 0x23) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) 2033/05/18 03:43:49 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x74000000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:49 executing program 6: r0 = socket(0xa, 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) msgget(0x2, 0x0) msgrcv(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="0000005d1d9cc900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e8ffffff000000000000000000000000"], 0x1, 0x3, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000200)=ANY=[@ANYBLOB="5608000200ff030800d105000000"], 0x18) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000340)={r3, 0xfffffffffffffff9}, 0x8) [ 930.786658] binder: 1295:1297 got reply transaction with no transaction stack [ 930.794087] binder: 1295:1297 transaction failed 29201/-71, size 0-0 line 2763 [ 930.820404] FAULT_INJECTION: forcing a failure. [ 930.820404] name failslab, interval 1, probability 0, space 0, times 0 [ 930.831832] CPU: 1 PID: 1306 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 930.834403] binder: BINDER_SET_CONTEXT_MGR already set [ 930.839029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 930.839037] Call Trace: [ 930.839063] dump_stack+0x1b9/0x294 [ 930.839086] ? dump_stack_print_info.cold.2+0x52/0x52 [ 930.839111] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 930.870249] should_fail.cold.4+0xa/0x1a [ 930.874305] ? is_bpf_text_address+0xd7/0x170 [ 930.878790] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 930.883886] ? unwind_get_return_address+0x61/0xa0 [ 930.888805] ? __save_stack_trace+0x7e/0xd0 [ 930.893116] ? graph_lock+0x170/0x170 [ 930.896910] ? find_held_lock+0x36/0x1c0 [ 930.900962] ? __lock_is_held+0xb5/0x140 [ 930.905028] ? check_same_owner+0x320/0x320 [ 930.909342] ? rcu_note_context_switch+0x710/0x710 [ 930.914264] __should_failslab+0x124/0x180 [ 930.918490] should_failslab+0x9/0x14 [ 930.922277] kmem_cache_alloc_trace+0x2cb/0x780 [ 930.926931] ? __kmalloc_node+0x33/0x70 [ 930.930892] ? __kmalloc_node+0x33/0x70 [ 930.934856] ? rcu_read_lock_sched_held+0x108/0x120 [ 930.939861] __memcg_init_list_lru_node+0x17d/0x2c0 [ 930.944867] ? kvfree_rcu+0x20/0x20 [ 930.949043] ? __kmalloc_node+0x47/0x70 [ 930.953028] __list_lru_init+0x456/0x790 [ 930.957080] ? list_lru_destroy+0x4c0/0x4c0 [ 930.961389] ? mark_held_locks+0xc9/0x160 [ 930.965525] ? __raw_spin_lock_init+0x1c/0x100 [ 930.970103] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 930.975103] ? __lockdep_init_map+0x105/0x590 [ 930.979588] ? lockdep_init_map+0x9/0x10 [ 930.983637] sget_userns+0x73a/0xf00 [ 930.987335] ? kill_litter_super+0x90/0x90 [ 930.991558] ? ns_test_super+0x50/0x50 [ 930.995433] ? destroy_unused_super.part.11+0x110/0x110 [ 931.000782] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 931.005353] ? kasan_check_write+0x14/0x20 [ 931.009572] ? do_raw_spin_lock+0xc1/0x200 [ 931.013806] ? blkdev_get+0xc0/0xb30 [ 931.017519] ? cap_capable+0x1f9/0x260 [ 931.021399] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 931.026920] ? security_capable+0x99/0xc0 [ 931.031068] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 931.036591] ? ns_capable_common+0x13f/0x170 [ 931.040995] ? kill_litter_super+0x90/0x90 [ 931.045223] sget+0x10b/0x150 [ 931.048323] ? ns_test_super+0x50/0x50 [ 931.052198] mount_bdev+0x111/0x3e0 [ 931.055823] ? fuse_get_root_inode+0x190/0x190 [ 931.060391] fuse_mount_blk+0x34/0x40 [ 931.064178] mount_fs+0xae/0x328 [ 931.067533] vfs_kern_mount.part.34+0xd4/0x4d0 [ 931.072100] ? may_umount+0xb0/0xb0 [ 931.075714] ? _raw_read_unlock+0x22/0x30 [ 931.079848] ? __get_fs_type+0x97/0xc0 [ 931.083725] do_mount+0x564/0x3070 [ 931.087258] ? copy_mount_string+0x40/0x40 [ 931.091479] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 931.096493] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 931.101237] ? retint_kernel+0x10/0x10 [ 931.105117] ? copy_mount_options+0x1f0/0x380 [ 931.109598] ? copy_mount_options+0x206/0x380 [ 931.114090] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 931.119621] ? copy_mount_options+0x285/0x380 [ 931.124106] ksys_mount+0x12d/0x140 [ 931.127719] __x64_sys_mount+0xbe/0x150 [ 931.131681] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 931.136686] do_syscall_64+0x1b1/0x800 [ 931.140561] ? finish_task_switch+0x1ca/0x840 [ 931.145050] ? syscall_return_slowpath+0x5c0/0x5c0 [ 931.149975] ? syscall_return_slowpath+0x30f/0x5c0 [ 931.154896] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 931.160249] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 931.165080] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 931.170265] RIP: 0033:0x455a09 [ 931.173436] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 931.181130] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 2033/05/18 03:43:50 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) recvfrom(r0, &(0x7f0000000080)=""/90, 0x5a, 0x41, &(0x7f0000000140)=@in6={0xa, 0x4e23, 0xd5a, @loopback={0x0, 0x1}, 0x80}, 0x80) [ 931.188385] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 931.195639] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 931.202893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 931.210149] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 931.217938] binder: 1295:1297 ioctl 40046207 0 returned -16 [ 931.225756] binder: 1295:1314 got reply transaction with no transaction stack 2033/05/18 03:43:50 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f0000000080)={0x4, 0x9, 0x7fff}) r2 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r2, 0x10d, 0x2, &(0x7f0000000000)=r2, 0x36) 2033/05/18 03:43:50 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000002000008000"}, 0x6e) [ 931.233241] binder: 1295:1314 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:43:50 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)="69705f767469108000000000000300", 0x10) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) [ 931.275195] binder: 1313:1320 Acquire 1 refcount change on invalid ref 1946157056 ret -22 [ 931.283626] binder: 1313:1320 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 931.291322] binder: 1313:1320 unknown command 0 2033/05/18 03:43:50 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000fd00"}, 0x6e) 2033/05/18 03:43:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 931.355783] binder: undelivered TRANSACTION_ERROR: 29201 [ 931.361940] binder: undelivered TRANSACTION_ERROR: 29201 [ 931.407590] binder: 1337:1338 got reply transaction with no transaction stack [ 931.415018] binder: 1337:1338 transaction failed 29201/-71, size 0-0 line 2763 [ 931.433047] binder: BINDER_SET_CONTEXT_MGR already set [ 931.438662] binder: 1337:1338 ioctl 40046207 0 returned -16 [ 931.446422] binder: 1313:1320 ioctl c0306201 20000540 returned -22 [ 931.456200] binder: 1337:1339 got reply transaction with no transaction stack [ 931.462165] binder: BINDER_SET_CONTEXT_MGR already set [ 931.463583] binder: 1337:1339 transaction failed 29201/-71, size 0-0 line 2763 [ 931.498938] binder: 1313:1345 Acquire 1 refcount change on invalid ref 1946157056 ret -22 [ 931.500152] binder: 1313:1320 ioctl 40046207 0 returned -16 [ 931.507371] binder: 1313:1345 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 931.520834] binder: 1313:1345 unknown command 0 [ 931.526150] binder: 1313:1345 ioctl c0306201 20000540 returned -22 [ 931.526871] binder: undelivered TRANSACTION_ERROR: 29201 [ 931.545055] binder: undelivered TRANSACTION_ERROR: 29201 2033/05/18 03:43:50 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x7ff, &(0x7f0000000280)="c626262c8523bf072cf67c25d4e8b752ff7600009ab53482a38e5e277c4a9da176a5ce96d30bb0f20d5635fe22f83d29b961d6f33cc4da93a27bbb9b3054b5cbce4f28ba068a9afbb20a090000007abf378453984b012228b8aac19677607e12597ed44e174074ca889ec1baccfe11768dce19ba5a1dd2b0e42591eba561adce621299c305fcbe64db17dddef56e177d755e0e303bebaa8ef100000000000000000000000000020000000000000000000000000000") r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000080)=r1, 0x0) 2033/05/18 03:43:50 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000008000002000"}, 0x6e) 2033/05/18 03:43:50 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) getsockname$packet(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0x14) bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, r1, 0x1}, 0xc) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) sendto$inet(r0, &(0x7f0000000140), 0x22c, 0x0, &(0x7f0000000040)={0x2, 0x4e21, @loopback=0x7f000001}, 0xffffffffffffffe8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000140)={0x0, 0xfffffffffffffff9, 0x1, [0x80000001]}, &(0x7f0000000180)=0xa) setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000001c0)={r2, 0x81}, 0x8) 2033/05/18 03:43:50 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_S390_VCPU_FAULT(r2, 0x4008ae52, &(0x7f00000000c0)=0x8) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:43:50 executing program 4 (fault-call:4 fault-nth:23): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:43:50 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) msgget(0x2, 0x0) msgrcv(r2, &(0x7f0000000480)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000082ecb30c12e939e6ee0000000000000006c13c44fb951eb4ccf274afc4147ed18a89e0170f41f3e0c8722b1c63f911ae59c99ee4b72348aa0d8e6ccf18aeaf0a29c243bdcc803de2429c2c517291555223117b99b7b21033179108cd"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r3, 0xfffffffffffffff9}, 0x8) 2033/05/18 03:43:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x2}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:50 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000200"}, 0x6e) 2033/05/18 03:43:50 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") socket$kcm(0xa, 0x6, 0x0) syz_mount_image$ceph(&(0x7f0000000040)='ceph\x00', &(0x7f0000000080)='./file0\x00', 0x5, 0x8, &(0x7f0000001480)=[{&(0x7f00000000c0)="0d095deeb27f4ab58dd198e53b80dbbb9eb50d4dd906ee0ed579c4ba2a2730c3bc2559557c3ac9d47fd359de21d9279c82022d469f50eb7f6b03d1a1e23a15fc7a25864ee73a16d0a578b4c45705cff2a6ca0ee700f3ce6c410578f3dda659848a87d6b9281483178ec586c1d95ba2c94325d170d4f17a7fe9bb8fd75e1a1226ea65ac62f29a911a3f3120243f14752a74553b4740260488aafb96dc39dd0e196f57378d6fdd7eace4005c3a7ce6f1c785eccb592cb1a1eb88a937d4f316bc5a2878491c18fb209fd0dd68e3fa74da3c0fbdebe874b03ec825262addbb7112", 0xdf, 0x20}, {&(0x7f00000001c0)="f529e33dddb3963e594298c3074b3c4b8d0a77a0060cf5810ab9a1", 0x1b, 0x401}, {&(0x7f0000000200)="70054547f5b6be2e5f180e05353351b7a9f38c948e4280e1104ee90ed16b352db45a9c1414d51b50872429514e46fcbd902b107d", 0x34, 0x8}, {&(0x7f0000000280)="e4a308105454ba23a158f57096305909f275983d4cf015563afdd4cc2cf74b6240648d299673174511f619bb00205ae16a1b21d94d8de77eff92bd78bc80e9fa2bda7c147a9bc6dbfa06ae23d113f01d9aea145151c385b87045379ee21f16d2bea0a516e129cfe4f47a51d9a10e19f1596deef539", 0x75, 0x4}, {&(0x7f0000000300)="5b88223f8f2ad8a5688ab41c54a7a3fae1eb131dabc9e65d323993e264a25f4ff21aeeb25900f2259cd7556216884a634c1482d73fc48e489e7923bcaecbc921a50a4a9d138774a4612e134a7a81c7377a5e6e6d4b4c894d358f24c28b363c9922496001499b5cb55b482e062c7cddd6fe8e52750ac7f0c4e8ced5f49950d7a9eeb1d632379d1252d754e5d8041c0a283b5e0fb718cee7eaa5a004a3deb18138027af41e0b883c2b260fe4d650d716b873813a4525682e7363a25b2d426d42bad6e15a76d71c33f0a1ada76c0957262e407aeac6884b165ae7174b3ca8160f0329485862d857b0babac90688dcbe3f37dd68f00616c58c0ce61c5a1cad8a4dfedc6077c74205dc857dbac074f2733750d0805a931381a4588e23198c7b6ebacae447977510455b019d6459b822781789c4475535f380047ad0976d329cf39763d2a44b0f471c423a2d9ed65e3895bc91a691d5a4c9c429602c0a66e83d913e215ff3a78a85466d291d13f708bdff1179a8e0354976f9d925db82720cc19d8e4d82b55d489501e2e6edcb0cb2a72f8f30ec8774dd7d74e99f5d4ef4ece5fa9e14e1dcda0d79ea0c65c7d91009e926a737f731d90d2c10be6f7cddb9d862e56558395491882e343a9aa99157b5ca578217d526687e9f286a79ec5f3dd27c869044b2907a5faa2c5426ae3cd16fde010b809a59a261544ef0ee06abde5cc3da930b64d5b453467b53b6a35934a02da3a409fffdbb59325d27b5d20aa23e748530af0d506a54beeefdb9d22ae9f586821ddd9bf837b50ffa5aac5260ea122867afb66be35d28f393251b5cf967522616457004e0bd3d68b40a3774e0b7eef3c021181ac9d065cea26a91eae127ba8fe18b1f0d721053546ba4a062b0f55bab1c4f039396928e49681f76fd31e488950c00da61058d9c0c234a80601088ba7e7151343a36248765f2184ace70986f6eac3118724f49265a033742f4ec9c9b4026bfc981583323a889c619b7abe4e5543fbb64e78bc99c501ff822697f85f006a10071c8ac58a01cb27b41ced23842ef87aecba2c247922e9117f9c6b2dfb0205f3a0dfb8e78aeea917916fdea812f33d992068c9f1ad9bb75efb759fe87760d6f5d7aeb59739276654dc8627977ab969ab4702af716f39fd448e5d01e67920b96854626f35a100dc0b4157559e8c7d1679f8d1e5cea74ed80a00b37b61514dc731421d17ca80043453a88f23555aa612a10f198745de3e672faf9b4046da3294aab7066a5e82199af6d4105bc6918d4c3a5134be9cb850f4ee3ef0e6a63817c2d6fd37ead14d4b94f5e771f366ec1503b03f8c510daee4c8f5245553459d500acce900c1adace6cc72d5555ebf4599b519f67a9b6a1a91c82aea19c2ab8a683e38c3e1944d45f9d3305e5ed75312d2095d1edf83c8ad6140551d990c3be1d3c8d9c90a77ccfc17d3bf6ded2d7bcc9d6c797313fd49ba5bea900f6f4b7c3e4159831cc5b1e28490df5109848b1b451cd908633a053d812bbe1df3a28a04cf33226de6700a457c11ff4fbf621a28d459417171fa0c855af5efdaebac154b5aba164720362d3af31ef413643656b5742b8807d141e8cd6db5d6afa0c939473c92f92d91e4102c81bd1e32ccc239ef9f425462846699e5af81bf35bbfa2f0cf917f847911f7a811be1934693fe875bc8997c29d74b43cea7d89c386d357d625618171531dc19575a990b6203c267defe8b78cccdc031c6e2e3a11688f064b47a075ea5432fe3c45eb123cf8abd381b34db284beee43a7e1e182e8b365f57530b09f71c90c231dc4f0c82d4f204928322dca6ea60fdff1a229c4b57debcb6f72fcef9591198972f7442e85c3b8a1d89d1724d1fd185825ba786805187917cea1bbf2ce014fdff9f4f4c53722ad0c60e33b7be1f181294837855237edc2a90152aea5ce2512ae19763f40d713aca54384e985346bffa37dac6ba6def89042ece265b216fb686d921f4c40ab335d860a3f0a64e403031558f568f01ac8fcea8b31058aab8d4e3ac3ae67b8d009d1198bb7a0f91e11976ee11dfe3eb940a0f6fd8a99fdace46ff15d3c2dc2c34c7808ad80878b9263ec911e795c1c8aafd5409320183362fc3381eb3d07dea7526e4c6f631b631bfe9f1bc9c25439f52b061636022f7a22573d9c587c9a30e05fd39c643780eca2698e1cfe0b107f1a72a555a2fe32d999feb22abac00ff1f20ad3d7bfc80d4e8ffd3bcf2a1c14c6dd275fe3597e20fbb10f165d2c8458ab6eea06ef49fbc250c4bbfa8c6acf09f91710b370cb7e20c9187199fef80ab4c04916c09966ca28753dff64e649be35e941ce076368279982b700c71ecbc6ba61b7774141f73eaff539499bbc45a5da2e20e55bfed3fe7230434b04a76c19155cec11e99e78d1c51ca1cb2e178f730d64668bcb26ce3759056c22746b1d130c4075fda60c4d40421a7ac003fcc7389a97bdd0df0d7b76b01965b0a5ef5a3a4b3f4857d3733a87465f5ba965d1dce459fb3a67f55e1b01e2a0dc2cf5482c88db89a234147cd3bf99f218960c7986d5065eb7b3b7a9c1c5b8f23fc02b2492a89bc69f569822448bb5bea57502cf98e8fa205a82111e1f603ef7a2c1fc7714152e51be89fae096a731a4b99f53be3f0d06405fd3e07c1ffa9a341ad0df17505a973749375adba3f8488e7027518aa122ce693e35e12f0b63babe075688d7de8eecbbacf96fdf01804b6b7fcf58ecd8442fbf79318f0fe3b2317ef6882995b1396a1250cef2bbe20e795322c4744cdef16c4c49aebaeaf126779342b379478ecfb3e57813300eaab8bc8d716bc5f11789baeb38054092eeb2f25815e32e951b147946cb1b57e94d86db941c68c5fde5c32b650844415fa54012f2ecaae42980449c29040b808016bbfa01b1749bd7652bc695ca422a11066cbc46d6888769b6b498c9aa2fbc642a48514a552c514a9eeec4257674972c435dbf18bbd8f7ee0da0c6a273c8ce81823ac359f542dcc53a694e237cc59f31e3c62253fcf63bab3ad93ee7a0327044b3a0e63c9ea9edde2261d9b2a9ee8dfddad5d2e18d22520b4bb013c174110ca1f719b149bc4225b3f4f354cae30cddc95e217bfc7b962d857031f09daa7f20d90aa503f539f0149364ba338122033fbe3902d892c5bcc26d5693b2b6620a4821b51a9cb493a69ac306c4b8f4b37f779936443a738e388a91b8d2eb71637a4737d19da82ba2b19f733af642992c261a2ae7bfb61fdf21103216fa1f1776f2e3ba306a5db3bd1bc2749c8da903b5cf324fb770c1662326dfb8ea726b3c92704e785249863706d9844fa2514c559a8a3c37dbda62b6fbfa1bac85ea2e0c7c4ae8d1b38abc1bc221aad4d2679b000a6827e98264db9f86eb8b094d15f2f058914173f17cb83bea0970c2814038f59b57dc31096b9226fcc9ce7f86bd2879094211d189909478578ff2ebf445d16d43852f2b013611540ab8ba3ac822451353ddec737190c6359cce546c93777150718afb40d4a5da1ec6180765eefcf27cb97cdfe2b7829048b91647648f25fdf0eb4339548470d9a30b1c7e7951f38065ee225f781a81afba43e62462d6e89264a2f3892aea021c9eb4cc4650ada50893671fe2fc396113d9e3546eef24834769c631ddd5e0a7fe9f673762504350722116e5dedc0774fd32d2e917f742a45da441d2023d2b44a29c1a346f9f641b971771f17389beb76f7e1ec1f7006fb14f3651bea98d12c67ca9c5a64a2b186f91a00c8ae93ea57d668c1321c2f13514abbc3383a348e0aec38ec372722676190ae22557bc067a5bb6e8524e146c6e4ae39eeda06e552f48a84f514f7d008bbae844361106b166c4900797e77ef4a31746c2d8f20fd03993e4c22bd87a8f46d15f1283e1cfaee0bae278c7b3f72ac6c7ae9b6b4679b9b789641d6b0c229214a3e77101f8e4316d36b996e530cf726da6bd6371cbecbe99957e2a50716c9593c6863ce4c2cc94d0eef8558fc85fab0be0272a97a7dd1cfe11f3d895a6c1c582d639aa740f5293ef7c5c924602fb6915fc4426a08d7f142142e78c6a5c7bcfc92d15c11f890ad3dad370444dbaa8a996a7b5c33d8b1b5b4974d64ea02ff30efb8fc8c6293578daf86f793ac4871ae7b9c172466f3edaa0ae66e38ab2f3daac63a1503d2c82fbf59267e5c96847c11478c36fa56d618f98e1dc11b1e26dfa9a569c5760e9d67222dfec636b70fb23506726bbf3ad5efb8916416416f222f1cc0a96089e531a66004df2cfcecb9c9afbd07ec6fa695f13d91a73e0de4295337de8ee40b7dd7c18034a4c02bbad5df716d8e6102af73123e6677f8ac44fa06b9795b2b910415e3e5e4e5fcb1af9a5deff0d0517f7c7e003a039aa0cbe6e972d4da7fd5de0a77789959e8f59adefdd0a51eb7fc724eead63d703c92067aec47b4d5c9561334900059996d1fd2b738ebf52b85b92b7b4a8b3f4d6f7722411940a564f9e3a1de2208754bd5c4ebaa30e1f189142f98ff7060a5982f70ee17227d85e372ce2892c4e1be214ac98b674caea1d50c146920f2fbf273a340300fed7e726300fdae097e0eb4d50505b3072da6d6a4ba6d3a81f926484e85b962911bb263bbff8c6c77e969ca0067dce7738b51326e1b5523b21f66346ae108092403ec31114db61eb5226668d34d05b332d5702a1c8cc8d2e584cd2474bf29b530a2a5d82d1c02b473bfee38aaaf78622accd940fafdb749203502e78f23322f6f2733424d06c179ad9978ee35b1b23d37265c1f4155699c8272131411e02acc5b9126f1ff4d2f1c91cd3ded10ebc5f06987d37e9f419f8d3fe35be9f2f14fc4d9cdf2453193e98767a813d84e3ce4c01ed703f163776c9d2c4c03c8666b035e46064d3a1efcbed6d9e4a9afad6de8954e36d91ed5b7c528317ab623c25fc380213ef9ab44a6682651b19039afbaa7950baa7817dcde5d3186cb23c35c2269ffb5f66e968f9146cfcde986d5df362965bb02ca2dffd323e360658374b07ea07816b136177c732f37fbe1debf5ad94d9e8d902533bd48480ce4de1bf486945813da128f1583d1f2c7604cb6fb134af5e0b4e2e7ac5a98cb3d8a53787facc0e0e78459d9a9fa5b77ac8ac69507b6ac101ee938d6f05a3976781f9ec70a9573cfa6569a5e3aae2560e77453f247b8d21be5a22b028470605fce8fa40b946509881aea60315cc9cad293a313d930dfefa2ff5f37ade3159303560567d22762eef8dbb981bbee7139457704a4e55da15c05e25c16bb6be21b6efdb1a02229dc3f64638195fbbed83bdb09b841c45f80e2227ab91d241520fdd1d370ecf0eda916dcf8ae5c4fdd01b0803b538f307f99211e042097f7e7babf3a36403e8f1ef5402430882898bda0be0bb6b84213b4cf7a0a07b4c5630b2380dc402af7d452629b094d8bfc028844aaf6417af392f0f99c576f4180e923cff11c84b09684f570dcad870c675693abd6f54326f42d88d779a86472e59c47b55f8f29cbe0fafff8beb53422c569e84e00583b9a7607aa479b26f28bc6b46ab76708466c31787706e2874c9848033f908314c38e7deca643ed7bb2d7b3b12c4a8103f2c8a5fb6864021f12169289faf9d70ca0ff7e5617e9251c3ff215a0fd43dad5d7e927b8f74ddc2851737308baa90137f0baff9d4305a22fcdeb55048af067c90aed043bc740c0a70c48bb6265b90a85498b84b53f1a8de6fbcfb24db3446e5dbc776747a6eaac7f541a7dc216d46986042af9de3c7cede5627761476e6575e64d216e75e60482fa2b46be60a", 0x1000, 0xff}, {&(0x7f0000001300)="40d0a3014e7f413df66a1dc7d0caec6ef23538c0d65a0177", 0x18, 0x79}, {&(0x7f0000001340)="43baa325889c6955676cfca65a8aa68ddf787f1cf15a8fd08cad4877b1b9aa055c9365d42c448091730860d4d09b67a8e3eafbf01050aec484caa3e6893132c9bb1fcc34c3f7ff45dc86bc0af26f6ed896724d5000cb15dab87b22d9ec95dbdb2147420f84afd82d424704f2c3fb678eb8ba8cb72da40404f22a4b24a3bdb7f61d959b1ca7c8607892af8cfc7a4c684024c9dbd0a2e2cb1de45d2fb6c2ec6451bb6f3cff633e69e77f8bc608aa16dbc282e1369907d8b90befc99e562515cb4f902e09edb6", 0xc5, 0x8}, {&(0x7f0000001440)="747b45d13ba6be14176f863201faa307f9e8ef5cdf6c8270db3487ad391a5936f281af2b8ca9ada02ee6137d1159fe6dd300c4d2e6", 0x35, 0x1}], 0x210008, &(0x7f0000001540)='\x00') openat$null(0xffffffffffffff9c, &(0x7f0000001580)='/dev/null\x00', 0x201, 0x0) setsockopt$sock_attach_bpf(r0, 0x10d, 0x2, &(0x7f0000001600)=r0, 0xffffffffffffffaa) [ 931.793427] binder: 1359:1363 got reply transaction with no transaction stack [ 931.800926] binder: 1359:1363 transaction failed 29201/-71, size 0-0 line 2763 [ 931.820791] FAULT_INJECTION: forcing a failure. [ 931.820791] name failslab, interval 1, probability 0, space 0, times 0 [ 931.832160] CPU: 0 PID: 1353 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 931.839371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 931.846013] binder: 1369:1371 Acquire 1 refcount change on invalid ref 2 ret -22 [ 931.848847] Call Trace: [ 931.848879] dump_stack+0x1b9/0x294 [ 931.848910] ? dump_stack_print_info.cold.2+0x52/0x52 [ 931.848955] should_fail.cold.4+0xa/0x1a [ 931.848972] ? is_bpf_text_address+0xd7/0x170 [ 931.848994] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 931.849024] ? __save_stack_trace+0x7e/0xd0 [ 931.849045] ? graph_lock+0x170/0x170 [ 931.849074] ? find_held_lock+0x36/0x1c0 [ 931.849102] ? __lock_is_held+0xb5/0x140 [ 931.849140] ? check_same_owner+0x320/0x320 [ 931.849161] ? rcu_note_context_switch+0x710/0x710 [ 931.856735] binder: 1369:1371 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 931.859306] __should_failslab+0x124/0x180 [ 931.859335] should_failslab+0x9/0x14 [ 931.862992] binder: 1369:1371 unknown command 0 [ 931.868158] kmem_cache_alloc_trace+0x2cb/0x780 [ 931.868188] ? __kmalloc_node+0x33/0x70 [ 931.876434] binder: BINDER_SET_CONTEXT_MGR already set 2033/05/18 03:43:50 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, &(0x7f0000000140)=""/244, &(0x7f0000000000)=0xf4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) [ 931.876710] ? __kmalloc_node+0x33/0x70 [ 931.876728] ? rcu_read_lock_sched_held+0x108/0x120 [ 931.876754] __memcg_init_list_lru_node+0x17d/0x2c0 [ 931.884454] binder: 1359:1363 ioctl 40046207 0 returned -16 [ 931.886221] ? kvfree_rcu+0x20/0x20 [ 931.886243] ? __kmalloc_node+0x47/0x70 [ 931.886274] __list_lru_init+0x456/0x790 [ 931.886303] ? list_lru_destroy+0x4c0/0x4c0 [ 931.913777] binder: 1359:1372 got reply transaction with no transaction stack [ 931.914947] ? mark_held_locks+0xc9/0x160 [ 931.914975] ? __raw_spin_lock_init+0x1c/0x100 [ 931.915000] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 931.919254] binder: 1359:1372 transaction failed 29201/-71, size 0-0 line 2763 [ 931.923014] ? __lockdep_init_map+0x105/0x590 [ 931.923038] ? lockdep_init_map+0x9/0x10 [ 931.923062] sget_userns+0x73a/0xf00 [ 931.923082] ? kill_litter_super+0x90/0x90 [ 931.999249] binder: undelivered TRANSACTION_ERROR: 29201 [ 932.005738] ? ns_test_super+0x50/0x50 [ 932.005762] ? destroy_unused_super.part.11+0x110/0x110 [ 932.005783] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 932.005809] ? kasan_check_write+0x14/0x20 [ 932.005827] ? do_raw_spin_lock+0xc1/0x200 [ 932.005855] ? blkdev_get+0xc0/0xb30 [ 932.005876] ? cap_capable+0x1f9/0x260 [ 932.005903] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 932.005921] ? security_capable+0x99/0xc0 [ 932.033845] binder: undelivered TRANSACTION_ERROR: 29201 [ 932.037189] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 932.037209] ? ns_capable_common+0x13f/0x170 [ 932.037235] ? kill_litter_super+0x90/0x90 [ 932.037254] sget+0x10b/0x150 [ 932.068058] binder: 1388:1390 got reply transaction with no transaction stack [ 932.072969] ? ns_test_super+0x50/0x50 [ 932.072997] mount_bdev+0x111/0x3e0 [ 932.073017] ? fuse_get_root_inode+0x190/0x190 [ 932.073043] fuse_mount_blk+0x34/0x40 [ 932.073066] mount_fs+0xae/0x328 [ 932.073090] vfs_kern_mount.part.34+0xd4/0x4d0 [ 932.073111] ? may_umount+0xb0/0xb0 [ 932.078673] binder: 1388:1390 transaction failed 29201/-71, size 0-0 line 2763 [ 932.083034] ? _raw_read_unlock+0x22/0x30 [ 932.083051] ? __get_fs_type+0x97/0xc0 [ 932.083077] do_mount+0x564/0x3070 [ 932.083099] ? do_raw_spin_unlock+0x9e/0x2e0 [ 932.148680] ? copy_mount_string+0x40/0x40 [ 932.152911] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 932.157922] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 932.162687] ? retint_kernel+0x10/0x10 [ 932.166583] ? copy_mount_options+0x213/0x380 [ 932.171071] ? copy_mount_options+0x19c/0x380 [ 932.175568] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 932.181096] ? copy_mount_options+0x285/0x380 [ 932.185588] ksys_mount+0x12d/0x140 [ 932.189210] __x64_sys_mount+0xbe/0x150 [ 932.193176] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 932.198201] do_syscall_64+0x1b1/0x800 [ 932.202082] ? finish_task_switch+0x1ca/0x840 [ 932.206572] ? syscall_return_slowpath+0x5c0/0x5c0 [ 932.211495] ? syscall_return_slowpath+0x30f/0x5c0 [ 932.216425] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 932.221788] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 932.226633] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 932.231814] RIP: 0033:0x455a09 [ 932.234992] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 2033/05/18 03:43:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:50 executing program 0: r0 = socket(0x13, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) getsockname$netrom(r0, &(0x7f0000000000), &(0x7f0000000080)=0x10) [ 932.242702] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 932.249962] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 932.257226] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 932.264497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 932.271768] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 932.280905] binder: 1369:1371 ioctl c0306201 20000540 returned -22 [ 932.281927] ceph: device name is missing path (no : separator in /dev/loop7) 2033/05/18 03:43:51 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000300"}, 0x6e) [ 932.296006] binder: BINDER_SET_CONTEXT_MGR already set [ 932.303294] binder: BINDER_SET_CONTEXT_MGR already set [ 932.318940] binder: 1388:1390 ioctl 40046207 0 returned -16 2033/05/18 03:43:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_S390_VCPU_FAULT(r2, 0x4008ae52, &(0x7f00000000c0)=0x8) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 932.366705] binder: 1388:1394 got reply transaction with no transaction stack [ 932.374131] binder: 1388:1394 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:43:51 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x50000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x6c, r1, 0x400, 0x70bd2a, 0x25dfdbff, {0x3}, [@IPVS_CMD_ATTR_DEST={0x58, 0x2, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x7b66}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x3}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@remote={0xac, 0x14, 0x14, 0xbb}}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@broadcast=0xffffffff}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x1c}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) 2033/05/18 03:43:51 executing program 4 (fault-call:4 fault-nth:24): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:43:51 executing program 7: timerfd_create(0x0, 0x80000) r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) 2033/05/18 03:43:51 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000fd00"}, 0x6e) [ 932.466206] binder: 1369:1412 Acquire 1 refcount change on invalid ref 2 ret -22 [ 932.473857] binder: 1369:1412 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 932.481442] binder: 1369:1412 unknown command 0 2033/05/18 03:43:51 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) getsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f00000000c0)={@dev}, &(0x7f0000000100)=0xc) getsockopt$IP_VS_SO_GET_DAEMON(r1, 0x0, 0x487, &(0x7f0000000040), &(0x7f0000000080)=0x30) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) [ 932.514695] binder: undelivered TRANSACTION_ERROR: 29201 [ 932.516241] FAULT_INJECTION: forcing a failure. [ 932.516241] name failslab, interval 1, probability 0, space 0, times 0 [ 932.520701] binder: undelivered TRANSACTION_ERROR: 29201 [ 932.531502] CPU: 0 PID: 1420 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 932.531515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 932.531524] Call Trace: [ 932.531551] dump_stack+0x1b9/0x294 [ 932.531581] ? dump_stack_print_info.cold.2+0x52/0x52 2033/05/18 03:43:51 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') r1 = socket$kcm(0xa, 0x7, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x4600, 0x0) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f00000000c0)) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) 2033/05/18 03:43:51 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000000000500"}, 0x6e) [ 932.531622] should_fail.cold.4+0xa/0x1a [ 932.569134] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 932.574265] ? save_stack+0x43/0xd0 [ 932.577911] ? kmem_cache_alloc_trace+0x152/0x780 [ 932.582771] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 932.587976] ? __list_lru_init+0x456/0x790 [ 932.590849] binder: 1369:1371 ioctl 40046207 0 returned -16 [ 932.592221] ? sget_userns+0x73a/0xf00 [ 932.592247] ? graph_lock+0x170/0x170 [ 932.592268] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 932.592282] ? do_mount+0x564/0x3070 [ 932.592300] ? ksys_mount+0x12d/0x140 [ 932.617924] ? __x64_sys_mount+0xbe/0x150 [ 932.622093] ? do_syscall_64+0x1b1/0x800 [ 932.626178] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 932.631584] ? find_held_lock+0x36/0x1c0 [ 932.635679] ? __lock_is_held+0xb5/0x140 [ 932.639782] ? check_same_owner+0x320/0x320 [ 932.644139] ? rcu_note_context_switch+0x710/0x710 [ 932.649097] __should_failslab+0x124/0x180 [ 932.653357] should_failslab+0x9/0x14 [ 932.657175] kmem_cache_alloc_trace+0x2cb/0x780 [ 932.661864] ? __kmalloc_node+0x33/0x70 [ 932.665864] ? __kmalloc_node+0x33/0x70 [ 932.669899] ? rcu_read_lock_sched_held+0x108/0x120 [ 932.674951] __memcg_init_list_lru_node+0x17d/0x2c0 [ 932.679997] ? kvfree_rcu+0x20/0x20 [ 932.683649] ? __kmalloc_node+0x47/0x70 [ 932.687668] __list_lru_init+0x456/0x790 [ 932.691760] ? list_lru_destroy+0x4c0/0x4c0 [ 932.696116] ? mark_held_locks+0xc9/0x160 [ 932.700303] ? __raw_spin_lock_init+0x1c/0x100 [ 932.704912] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 932.709983] ? __lockdep_init_map+0x105/0x590 [ 932.714508] ? lockdep_init_map+0x9/0x10 [ 932.717545] binder: 1369:1412 ioctl c0306201 20000540 returned -22 [ 932.718594] sget_userns+0x73a/0xf00 [ 932.718611] ? kill_litter_super+0x90/0x90 [ 932.718638] ? ns_test_super+0x50/0x50 [ 932.718661] ? destroy_unused_super.part.11+0x110/0x110 [ 932.718680] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 932.718702] ? kasan_check_write+0x14/0x20 [ 932.751207] ? do_raw_spin_lock+0xc1/0x200 [ 932.755566] ? blkdev_get+0xc0/0xb30 [ 932.759309] ? cap_capable+0x1f9/0x260 [ 932.763229] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 932.768781] ? security_capable+0x99/0xc0 [ 932.772957] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 932.778516] ? ns_capable_common+0x13f/0x170 [ 932.782945] ? kill_litter_super+0x90/0x90 [ 932.787197] sget+0x10b/0x150 [ 932.790316] ? ns_test_super+0x50/0x50 [ 932.794220] mount_bdev+0x111/0x3e0 [ 932.797851] ? fuse_get_root_inode+0x190/0x190 [ 932.802435] fuse_mount_blk+0x34/0x40 [ 932.806234] mount_fs+0xae/0x328 [ 932.809605] vfs_kern_mount.part.34+0xd4/0x4d0 [ 932.814184] ? may_umount+0xb0/0xb0 [ 932.817834] ? _raw_read_unlock+0x22/0x30 [ 932.821972] ? __get_fs_type+0x97/0xc0 [ 932.825863] do_mount+0x564/0x3070 [ 932.829405] ? copy_mount_string+0x40/0x40 [ 932.833633] ? rcu_pm_notify+0xc0/0xc0 [ 932.837524] ? copy_mount_options+0x5f/0x380 [ 932.841934] ? rcu_read_lock_sched_held+0x108/0x120 [ 932.846943] ? kmem_cache_alloc_trace+0x616/0x780 [ 932.851794] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 932.857325] ? _copy_from_user+0xdf/0x150 [ 932.861477] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 932.867004] ? copy_mount_options+0x285/0x380 [ 932.871502] ksys_mount+0x12d/0x140 [ 932.875130] __x64_sys_mount+0xbe/0x150 [ 932.879100] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 932.884123] do_syscall_64+0x1b1/0x800 [ 932.888005] ? finish_task_switch+0x1ca/0x840 [ 932.892500] ? syscall_return_slowpath+0x5c0/0x5c0 [ 932.897425] ? syscall_return_slowpath+0x30f/0x5c0 [ 932.902351] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 932.907720] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 932.912567] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 932.917837] RIP: 0033:0x455a09 [ 932.921030] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 932.928742] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 932.936003] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 932.943270] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 932.950533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 932.957793] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:43:51 executing program 6: r0 = socket(0xa, 0x1, 0x0) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000540)={0x3, [0x5, 0xb1, 0x400]}, 0xa) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) msgget(0x2, 0x0) tee(r0, r0, 0x3ff, 0x4) msgrcv(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000440)='/dev/uinput\x00', 0x10000, 0x0) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000500)={0x6000, &(0x7f0000000480), 0xa, 0xffffffffffffffff, 0x5}) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r4, 0xfffffffffffffff9}, 0x8) 2033/05/18 03:43:51 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000000000fd00"}, 0x6e) 2033/05/18 03:43:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:51 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) 2033/05/18 03:43:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0xa}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:51 executing program 4 (fault-call:4 fault-nth:25): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:43:51 executing program 7: r0 = socket(0x2, 0x1, 0x0) getpeername$packet(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000000c0)=0x14) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0}, &(0x7f0000000140)=0xc) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100800}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=@allocspi={0x1524, 0x16, 0x101, 0x70bd2b, 0x25dfdbfd, {{{@in=@multicast1=0xe0000001, @in6, 0x4e21, 0xc69, 0x4e24, 0xabb, 0xa, 0x20, 0xa0, 0x0, r1, r2}, {@in6=@loopback={0x0, 0x1}, 0x4d4, 0x33}, @in=@multicast2=0xe0000002, {0x3ff, 0x5, 0x7ff, 0x100000001, 0x1, 0xffffffff, 0x200, 0x8}, {0x100, 0x9, 0x0, 0x4}, {0x1, 0x7, 0xfffffffffffffffd}, 0x70bd2b, 0x0, 0x2, 0x7, 0xffffffff, 0x82}, 0x0, 0x9}, [@tmpl={0x104, 0x5, [{{@in6=@mcast2={0xff, 0x2, [], 0x1}, 0x4d2, 0x3f}, 0xa, @in, 0x3505, 0x0, 0x3, 0x0, 0x4, 0xfffffffffffffffd, 0x7fff}, {{@in6=@mcast1={0xff, 0x1, [], 0x1}, 0x4d4, 0x32}, 0xa, @in6, 0x3500, 0x7, 0x0, 0x1, 0xed, 0xffffffff00000001, 0x3}, {{@in=@remote={0xac, 0x14, 0x14, 0xbb}, 0x4d5, 0x3f}, 0xa, @in6=@local={0xfe, 0x80, [], 0xaa}, 0x3500, 0x6, 0x0, 0x3, 0x100, 0x7, 0x3ff}, {{@in=@dev={0xac, 0x14, 0x14, 0x12}, 0x4d2, 0x3b}, 0xa, @in=@loopback=0x7f000001, 0x3505, 0x1, 0x2, 0xffffffff, 0x7fffffff, 0x1, 0x1000}]}, @algo_crypt={0x148, 0x2, {{'ctr(twofish)\x00'}, 0x7f8, "6bc66fe23d6747aa841ec6fc08df2d1183e6dfe08fb37c3676a458333a507ae53bca28a3a9dc946d18461a0e43a186e0e150ea581de865cbe85ce0e359a3a2dd871d71607aa2127d9fef56f12122bbdb9740896b0f0d3a54d1965480e1163dddcc7a37c5f9e75982bf94acdebe9bdff642011c522f0d5e625b05b19b78099f2aff78ec3fc33b10185f4055e743b81b19d902694b77d06981653c4503cca8684a101a1044aebac8e72f8b644dfcc85a31058583a9f7c4032b2995b6b302bb0bc84be0993043ce0f29101fe124886c903e6ff2594851a847dfa1e22bebd432bd47da9386817217eea468e6a2c3512d2350d808813160879a1fa887d76431b294"}}, @output_mark={0x8, 0x1d, 0x7}, @address_filter={0x28, 0x1a, {@in=@rand_addr, @in=@rand_addr=0x8e, 0x2, 0x5, 0x2}}, @output_mark={0x8, 0x1d, 0x2b3}, @etimer_thresh={0x8, 0xc, 0x2877}, @ipv6_hthresh={0x8, 0x4, {0x73, 0x50}}, @migrate={0x138, 0x11, [{@in6=@mcast1={0xff, 0x1, [], 0x1}, @in6=@ipv4={[], [0xff, 0xff], @loopback=0x7f000001}, 0xff, 0x2, 0x0, 0x3504, 0xa, 0xa}, {@in=@multicast1=0xe0000001, @in=@multicast2=0xe0000002, 0x2b, 0x3, 0x0, 0x3504, 0xa, 0x2}, {@in6=@dev={0xfe, 0x80, [], 0x18}, @in=@multicast2=0xe0000002, 0xff, 0x4, 0x0, 0x34ff, 0xa, 0x2}, {@in6=@local={0xfe, 0x80, [], 0xaa}, @in6=@ipv4={[], [0xff, 0xff], @multicast1=0xe0000001}, 0x33, 0x7, 0x0, 0x3506, 0xa, 0x2}, {@in6=@dev={0xfe, 0x80, [], 0x18}, @in6=@mcast2={0xff, 0x2, [], 0x1}, 0x3f, 0x2, 0x0, 0x3504, 0xa, 0xa}, {@in6=@dev={0xfe, 0x80, [], 0x18}, @in6, 0x0, 0x3, 0x0, 0x3502, 0xa, 0x2}, {@in=@dev={0xac, 0x14, 0x14, 0x20}, @in=@local={0xac, 0x14, 0x14, 0xaa}, 0x0, 0x5, 0x0, 0x3503, 0xa, 0xa}]}, @coaddr={0x14, 0xe, @in6=@local={0xfe, 0x80, [], 0xaa}}, @algo_aead={0x104c, 0x12, {{'echainiv(rfc4106(generic-gcm-aesni))\x00'}, 0x8000, 0xa0, "ebbc807bdb193c5846efc260d9762c7e3f7da72e2a325ae5e1440bd034903ee6f00be333ba0be7a2018b40d89bf39f99a26d39b910706b60afdd9d4cd8529193f642cb4b3e8e8e16d2a3b16d4c9947c64da0c8cee553a978b6f27e77d10948d5da4a841531e63dd4ff622386cbe07ffcfd7d27d136b78abb818fd69397aa40e90d466fff92a9d88362af62e021f19810af0b702affad942db00def7129371c291851944edc5a0396781fcb42251ae3d3c44dcd7282df9645956a58c7305018c3632a48c82b11aa4de9db4ed133fde550007f4d6eba400603732af3d8b9cfe546358ba81b9f0f555eccc8dd773be33eed61acbd5737d808e3d345ce0fd7fa69ee0dabcd9a7b5ff3af2abb366d3d5e4852887394e5ac8ead5f3f730cc7965e3dcefd481e135a22acf607a97af5d1bb306aacf92af0613db87254f34900f6f99550224abfd1b99745baa9a356d1d851b8171d0d4c172e6e14223a6d14fc514d9b7ef8542dbc93cbc92715a4eaa86e0d7534f210fcb0d0c263e235f76e63a92e0c47dc845248c3b12b9c302abd4c90bd883c9a4a425c07c89a2b4a77de12c21c57dbf99a9620319adb693bc76457a7827278573c6158d0d5c3253092db9e86cd46c9a715a26fc05f93aae563071bae979fca8684fe56c1b831589378cd320be151eb0f8f05f063bef19b06a690efe5ca88f6859c244a021dae72c0c37626f18e425075d162f485335e582b57c8645fb32e08d288da15eb9743497b52f76f50623532e9432a19e0e7b7f7b8e7e90d9db383aa95f45fc2d97a7f817a3693b5ecde7bfafc195cd13bfd356abae2582d7a409f5a7bfa73f1a118e9f96ee4802d7f0a30a4d49e8828316bc75b11fccdee737dccdafba08358efeeb0aa6b21751f39acf46640d644b6bbb865656d75cf0a5749c7aeb5153d63b82e12da7ace77969f22517e7e669581eb95df6dcefce52bac0ae2a47bc2697b74db13915bba3f3660ef584cc2dc52923e0daac3885418a67f05c94446cee7d9264a1b1439bbf69ec6ef80ad11f58490ff9a3b9308f558ee23a4f201f680b9059ef8eba1a9f517b92602f3a0471aeb01a406b426918b059b40d461069d4344e5d41c79f3c2841ff9b5777691331b51052795e42d24c9242a6d35b235b136b1e559e6eb2b21abc0a2dc82f9b8353d0fffd12ed94b4958adcf992bccdda7b97194a944e009b089f22f27e32ead064995ee5195c813b4a452be8bc85db817688434b7deca06cf1dc3644cb04bc9221ab4de7a9ce4b754e51646da6a16a1606ac7a5f3742aba59b775c503ec99e9f875e6f7fafee9bb7ed0a050e7573a6f8cca7ec4ef00b719dae3f836784789dbf9a97ffc463e0228364562ad44d6244b5dbf8c2255a2f0dfbaf6b7c2d48b4da5c89917aa8b52e74b3ff708875c4e2b1bf753528b599ac6860ae6081b0a7a80ec9c8ca0eb9f7a6127680e4cbe3c987a4bdda972bbd6682be5b96c2a8b69879e091c40b2044567c65e57caa0cd905542fc16317113bd58ee77a5f2fc300bbe21c1c4b72715a34a82f1d1b19aa56c65787f545a88121c80a0990ec07e9f5ddb7b41af0aaef7c7079d0c6078ee51e356eb0135e05f808694df4365ab13a220c1fa46fb4181651c6ed583edb92a6017d05ae1be82dc8d58fa1d5fede89b0325566413babc3b03a329dee59cb1e4ef05a24715e46c66880fe3f758a0fefd205b18fb0e0e14f3af2fb65cc915a8d16bb34521847b7d026febf7e96d4aac649c5a383d6421a17648dbbb085d548a000f0b9c3902ba06fccfd99d2d621ab78da8aaadcda9828cd43e2138089482f011b426ec1ffcaf050815c6b20cbce1a844adae94e43c272f3cb1c9812bb439d213a99032cce4d8031ad94f607c001a4e6966bd110253f29ac271adf9ebf66dfee01fd4fec017417ebcc50d8eec2be7e86bc1a86006c099405b2c18d0a73225145bbf74bfe21984f4ef821341fb60917f72a4c959e71f1c86e586156ac1040d89d581d8d3f6ac7cad27db4b079af72eae5b07e31188901fcd82aebc314667b79bb7342ef2340ccd2c51e54883338f6e8fe10bd334504e5e795bb81dd8f6acfdf3bc89e8b8d112779349ab8efabc2be6d90d1e1cff0e449f305b7c0bd0af3d5360f23f0670da9dcfe9476abc05756114c94f04fba5863277a1fdf7cec359ab32bb0875ffe41c59740051c33ed851e3777b268afbafc719a62e024f53c8db420244558883d3e041fcb4529154b960e5aaf194e834ded8947eefaea52b36acbcf722d6c5b4e82df9a645251b0c737ff6dc7519eb9a55eb5ca4e2695c3f6fb6543933a7a75922ace3690cfc329444b6609e509fc54712c8fe5a37f834eada9f532b324d03f90b56fe518d99a3de03e267f609bae140fa94bb63a4c3ca26cdf86ba8c954c86d5b91ddeaa7e09f2e5ccb5427363b1510a933e3167b2319ede59094085ce1c462bf36852ebef9e14cfc1c5c571196dd4be3fecc54f9f8651a647daae4113a24ee76e0cdc77bbdb377292f9d26ef6418956b8395590becea939aea1213f9b955a743bb6a9fde290ddac51bf9a930db638dfbf32a6e68b0807a9aa2678c49e6d9cf1d344396a89ded473c3625ee67e0afc0c13701e372fc2d4d5d17b46fab00a0846ee0939b7bbe88435898c67485ca80738291af867b834654140802e6ee293fd7ba519a62acf82f0f4c2c97fd7de1563c3e5fd413a5bec5b3c0f8ef32b1f930f713f7a0027410489467dab9a194990a14fb5e489814ff479ccafa5065d6298fe00011d6391f6ad15913f9e054148afc29731b2a1e46d4f86fd68ef16983f6afd5f3c3b8d706fe365ae84621137a00aa1e4ade520c14440f4c0e0129e62d926fb041907b7a7bd5446cb45bac5940191d367707009a492a7ae5bd90e739de24920bc97850c1abf0346ec72959a1f4058c8af7911ae3fa9647e6d17118ec66bac41b5e0e6abeb7133e7b36c68841996703d9de62d373f225a9bef67a8a86e1a6e7209b5e07ea2adcb833c2be2c7ebfb0fc460aa1573498728d4b9c04cb827cfbca658fdb06afd73ec21fa6f8807e0d7825ef9fd4f7c965fc4bf7ea8e2edb520565291c805b886637137f13a6a3e0c79a2e0ed0a8758fb1193c7f4024d1dc775a4ef342f5058ebe2f0bbb1cc0d6c57fc1c4e4cb5db5b9a27caa400f673213fcbce41ed65685371a79693c26362d4108483ec19ef21df0d03be910f93c7154617df9b6744830e0a6b823132f75f733a00fd26945fdf3203e46fc1265200476ad098679c755f1a77ae858d6b012b81e74f4343c3fad8fcce4c4de1afe5b31b682b9674bc17dc0d8dddce244022dc92a824405a81a2b6264b61c2da2f8e1ab9a7bbe567abaab294f31a69cd2ee94a179eafa3b53a430b712d71470531ed5d1253815573f017540355ea64c526796adfc5ddf88c558ba496e5f58b95dc20d84ca65e7474323e36a9f665343882e107d95bc02c626611e63cd8494847097c8154ee0671e9def6343f14e395c9518079857a7f8cdd084f17b801205841fc41fa7c4efbe997f3566c062b1d18bf66ca664b0f552f9237daa692af6df2c29341569df3b394051b83ff4910118cf50eab3dd06ed6c92f515bce044e0ed54ed0d7fdbce5d2ff0d27a1c37138a0f9f0f0b45741801aa33f995f273387b73582e65a27b3c1523c927fff88595cb1a1ec660206facb72dd7b12a1389d51ded28f1452c13f7bcf1f4473895a6de39fa89e1fda53aecb499f5ce81ba467379ab8b5963d5cd7f9d7d0505ccf5f162030b82377d7777c62ac4a04fd11b593acba58c1dc4808214b622fbe7d4c37900819ed4ef234b4f1e3168c025a5f6575dc410113a03b8965f3ba423618468098daa3dc7472ec347d5ffddad293e4698db63db85f99ae3891552725d5dab8ba153bfd4252a18459db43d14ad39532d2f255ffdc975859b82b7b65a7c16a3d932d062095f40cfd8f63179694811f92ecfa6ab3e971075bc8f55603b5fd4ea1a4b9f74eba971aee4445a902113bb3030d5d98f3450ae773e5971d5e6c809501a2a8db1e4af7e6593e3848553e567191de856d0b42a1802d274d12ab1e44bf95af42f8d400057673d5fb4078e5b3a442cb5e524350cef02011ce8f53a12bc247261c05cd2823c6c1bf44173d2ba44b35bc2d527e1268192af2df97f921061cc91f43616aee98e4b8eaa0558bbca151336272f1daf40cdd1cfe5cbdd88e27ad1ce46890361e2ffcea432815a77f8c7923c7be0a21a90e51c00e97feb561caf9e7f7cf781af2eec8f47dfe7f5db38b518f4fa00ac7831e7389c0f029b8457d11cbecc9678a286f88603303fba7d80dd3407a7b764e67af609e527d799980737743c1f1ddf08d4b0170e13374d2d0be4c6669b5da4f80b6d9055a9341929a14922f09287ab1b2bbd54dbef4ec4ce0946b3ba45206dde0ee494cf721ebec5a49ea70eaee96fa00515cbe0d8613dbca6f908da9ed41de22e0ed7420bbde4f761d5567c4040f4c3441835771a1d922834a7af97abdd34b401e8dee75809653dfaba3d39f18df046a886a1025be42756433a75556611233fa02fba5f8566f74d0203abba15612aa6913e720bbb9964d25763341742bf358fbb45d59b24d0ff5f7dc4bd839f7fec25510d5c93c614438ba6edcaf8ba479d0ecdf26c125c9509f0c30c7991f57b9f8068553287bb416a5baafdc8731b91a68add89b11d626ce3dddf04463e9451f42b2ea9ba50bb26b447c1457d0d1883f965016e93a12365a9aa8bb67067ba5a31ca2223b22e0ae649c762f4765115f1847590b058d793a5a840e4ad20e68aa72acd1fddbc8a01eb8806d69ecc76b45a2807b07ad15b35389d9d919114537912c0c753ddf21c9c9bdff7b391052c55d0744572bb568ee8ef035b3184c2d9255cc1e333667bc26cdd5c4aa514d7258fc2411b5eab5816d385950ba23c946a85f4522497076c1a138cf55288472f619f3a97369593408ef3b1d4778e7bd696d89e92b7cb2761c9dd98a3b9a430207f59c66012a6e4bc8a8d46a653ec727fbf2ed1f6879c19811618b551d306d642a1c0122bdf4d3925185298c94dd67ccb0efd1ff28889ab2ee49ebce4dca57140c21e376c84114ba9a4cfa67dd0f660c4fa059a33285191b573891941e160a3ab6a6866d363b25ac0c230a56ba1987fb243e78e940a6e17b389164e23291e19b4c79dee8ea4c428c2e3629a848f3e4bdbec949462fcb7c889e5938366a88157f7afb01e0acb35e4339c50b6c48041d58298b301eba002c79746ddadbe0da1e53e07f9933acfc8c836ede12aa301e84c22860ffe6347302a8c307810423c05aa17333ea3d681326e4977d7f7845728dec370a194fedb4fca0a5aac86da081e3e1381730c5393a0aa0fb9d342d59d73e16a110c490c099948e6176fb59de98e61c8e6d0521096b65778067d100254d7b1915802eab9bc1ec045e1b2b76a21b00a930ece32aeadcd5f4753b49d1c61a062f5e0410b5cbe926dde70b8133123bec1587f41a2a8001bbea41209920904edda35a1e507e73bb9e4e27b039b01169e60f3cdd48e1871941f3415f5f92b022d65574918921abc4d7f787d0916e145d5bc59f36f8df9646a4a6aad4b3c2ef15ff1bfb10ae2e92deee8123d82997d2774b826988a37777c505b9e2beb86eda2bac2cbc9ae246059ad855237d96a317a9fb4c2d7e0370514c20286c16915add4cd19fe9145ff6a2a5e258ae613b6ef37e92e0a194016da7097a559f24ab0e10c8de11738dd34f086f91b6d7b97308c7ab24a07f9d4"}}]}, 0x1524}, 0x1}, 0x40) ioctl(r0, 0x8912, &(0x7f0000000240)="810000020000000000006f") r3 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r3, 0x10d, 0x2, &(0x7f0000000000)=r3, 0x36) 2033/05/18 03:43:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_S390_VCPU_FAULT(r2, 0x4008ae52, &(0x7f00000000c0)=0x8) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:43:52 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x5, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x4, 0x4000) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r2, 0x80045400, &(0x7f00000000c0)) ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f0000000080)={0x1000, 0x4, 0x960, 0xff, 0x40}) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) ioctl$BLKGETSIZE(r2, 0x1260, &(0x7f0000000100)) [ 933.109671] binder: 1456:1460 got reply transaction with no transaction stack [ 933.117125] binder: 1456:1460 transaction failed 29201/-71, size 0-0 line 2763 [ 933.144980] binder: BINDER_SET_CONTEXT_MGR already set 2033/05/18 03:43:52 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp\x00', 0x40000, 0x0) ioctl$DRM_IOCTL_AGP_RELEASE(r1, 0x6431) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) 2033/05/18 03:43:52 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000000000100"}, 0x6e) [ 933.161989] binder: 1456:1460 ioctl 40046207 0 returned -16 [ 933.193640] FAULT_INJECTION: forcing a failure. [ 933.193640] name failslab, interval 1, probability 0, space 0, times 0 [ 933.200383] binder: 1469:1474 Acquire 1 refcount change on invalid ref 10 ret -22 [ 933.204982] CPU: 0 PID: 1467 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 933.212696] binder: 1469:1474 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 933.219975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 933.219985] Call Trace: [ 933.220015] dump_stack+0x1b9/0x294 [ 933.220043] ? dump_stack_print_info.cold.2+0x52/0x52 [ 933.220093] should_fail.cold.4+0xa/0x1a [ 933.227659] binder: 1469:1474 unknown command 0 [ 933.236965] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 933.236987] ? save_stack+0x43/0xd0 [ 933.237006] ? kmem_cache_alloc_trace+0x152/0x780 [ 933.243326] binder: 1456:1470 got reply transaction with no transaction stack [ 933.248373] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 933.248388] ? __list_lru_init+0x456/0x790 [ 933.248404] ? sget_userns+0x73a/0xf00 [ 933.248424] ? graph_lock+0x170/0x170 [ 933.248444] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 933.252523] binder: 1456:1470 transaction failed 29201/-71, size 0-0 line 2763 [ 933.257148] ? do_mount+0x564/0x3070 [ 933.257164] ? ksys_mount+0x12d/0x140 [ 933.257176] ? __x64_sys_mount+0xbe/0x150 [ 933.257198] ? do_syscall_64+0x1b1/0x800 [ 933.322891] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 933.328253] ? find_held_lock+0x36/0x1c0 [ 933.332314] ? __lock_is_held+0xb5/0x140 [ 933.336395] ? check_same_owner+0x320/0x320 [ 933.340721] ? rcu_note_context_switch+0x710/0x710 [ 933.345651] __should_failslab+0x124/0x180 [ 933.349883] should_failslab+0x9/0x14 [ 933.353764] kmem_cache_alloc_trace+0x2cb/0x780 [ 933.358423] ? __kmalloc_node+0x33/0x70 [ 933.362390] ? __kmalloc_node+0x33/0x70 [ 933.366358] ? rcu_read_lock_sched_held+0x108/0x120 [ 933.371372] __memcg_init_list_lru_node+0x17d/0x2c0 [ 933.376381] ? kvfree_rcu+0x20/0x20 [ 933.380020] ? __kmalloc_node+0x47/0x70 [ 933.384010] __list_lru_init+0x456/0x790 [ 933.388079] ? list_lru_destroy+0x4c0/0x4c0 [ 933.392394] ? mark_held_locks+0xc9/0x160 [ 933.396545] ? __raw_spin_lock_init+0x1c/0x100 [ 933.401120] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 933.406129] ? __lockdep_init_map+0x105/0x590 [ 933.410622] ? lockdep_init_map+0x9/0x10 [ 933.414678] sget_userns+0x73a/0xf00 [ 933.418389] ? kill_litter_super+0x90/0x90 [ 933.422621] ? ns_test_super+0x50/0x50 [ 933.426502] ? destroy_unused_super.part.11+0x110/0x110 [ 933.431860] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 933.436438] ? kasan_check_write+0x14/0x20 [ 933.440664] ? do_raw_spin_lock+0xc1/0x200 [ 933.444902] ? blkdev_get+0xc0/0xb30 [ 933.448623] ? cap_capable+0x1f9/0x260 [ 933.452512] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 933.458045] ? security_capable+0x99/0xc0 [ 933.462190] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 933.467719] ? ns_capable_common+0x13f/0x170 [ 933.472122] ? kill_litter_super+0x90/0x90 [ 933.476348] sget+0x10b/0x150 [ 933.479444] ? ns_test_super+0x50/0x50 [ 933.483331] mount_bdev+0x111/0x3e0 [ 933.486952] ? fuse_get_root_inode+0x190/0x190 [ 933.491531] fuse_mount_blk+0x34/0x40 [ 933.495326] mount_fs+0xae/0x328 [ 933.498866] vfs_kern_mount.part.34+0xd4/0x4d0 [ 933.503444] ? may_umount+0xb0/0xb0 [ 933.507066] ? _raw_read_unlock+0x22/0x30 [ 933.511208] ? __get_fs_type+0x97/0xc0 [ 933.515094] do_mount+0x564/0x3070 [ 933.518632] ? copy_mount_string+0x40/0x40 [ 933.522860] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 933.527879] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 933.532641] ? retint_kernel+0x10/0x10 [ 933.536533] ? copy_mount_options+0x1f0/0x380 [ 933.541046] ? copy_mount_options+0x206/0x380 [ 933.545539] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 933.551077] ? copy_mount_options+0x285/0x380 [ 933.555574] ksys_mount+0x12d/0x140 [ 933.559199] __x64_sys_mount+0xbe/0x150 [ 933.563166] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 933.568180] do_syscall_64+0x1b1/0x800 [ 933.572063] ? finish_task_switch+0x1ca/0x840 [ 933.576561] ? syscall_return_slowpath+0x5c0/0x5c0 [ 933.581485] ? syscall_return_slowpath+0x30f/0x5c0 [ 933.586420] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 933.591784] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 933.596624] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 933.601805] RIP: 0033:0x455a09 [ 933.604982] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 2033/05/18 03:43:52 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") getsockopt(r0, 0x101, 0x3, &(0x7f0000000040)=""/10, &(0x7f0000000080)=0xfffffffffffffe5d) r1 = socket$kcm(0xa, 0x6, 0x0) r2 = request_key(&(0x7f0000000280)='ceph\x00', &(0x7f00000002c0)={0x73, 0x79, 0x7a, 0x0}, &(0x7f0000000300)='system.', 0xffffffffffffffff) add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000140)={0x73, 0x79, 0x7a, 0x0}, &(0x7f0000000180)="7068b5d25dfa6fc67aa1566c4333bcdc4be81945cfbd2f2cc4c9afb050ca9f0e92c1da9dd837310d6bc6be1b2cb6dc372fec379f08bd83f1cce811cb1804b84e30094fa53b3174c7d4d016f8379595954022d7cadf41c5ea3e560af0b1a4a916e79a498418ca8b695f76b5c59175701959b9fbbf6c8f4d37af081477fff38925e4e8", 0x82, r2) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000100)=r1, 0x4) r3 = dup3(r1, r1, 0x80000) ioctl$ASHMEM_GET_SIZE(r3, 0x7704, 0x0) fremovexattr(r0, &(0x7f00000000c0)=@random={'system.', '{GPL\x00'}) [ 933.612689] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 933.619972] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 933.627232] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 933.634487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 933.641748] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:43:52 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000000ffff00"}, 0x6e) 2033/05/18 03:43:52 executing program 0: r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x8, 0x10000) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000080)=0x3, 0x4) r1 = socket(0x2, 0x7, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) sendto$inet(r1, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) 2033/05/18 03:43:52 executing program 7: r0 = socket(0x2, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x7}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)={r1, 0x2, 0x4, [0xffffffffffff87cb, 0x5, 0xd4, 0xe0]}, 0x10) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x5, 0x4, 0x1, 0x2, 0x1, 0x2, 0x3f, 0x7, 0xc0, 0x40, 0x2b0, 0x8, 0x0, 0x38, 0x1, 0x6, 0x0, 0x6}, [{0x2, 0x3, 0x8001, 0xfffffffffffffffd, 0x5, 0x9, 0x1, 0x6}, {0x2, 0x80, 0xc508, 0x6, 0xfc, 0x80000000, 0x800, 0x80}], "0c16734c03aba1791d2e4fe8e6496786eda5925f802df33ba714abf6a73cfd1e5fa8a943036ce2936f184cabfe7451086c020e1f37c530554a44d59d1c1602bc1c6444f353361b788a208490249d0c154a142b8a0210c7b0ce3715b7f50b9fdfe6f791531e3ac2743fe3198669302a7cbd6edf56fa22ecdf6b3ce4c0605317358fdf7d9f3e7ac7be9644e58ae198b3e2ae9a099aecb48476844c9a8a392713fd020ec74312f9b28b496ae17ffcb39bb29ebdc63bbec0750356277d138fb1d83405683264b331af30a6d2e5422a6f38793b0b1c8bd4e66d9a67e7ce274dd4fe51f522a6563a40b3467c4ccbe019f481bb28a38035485baaa8e0d3a89880ecd4fbea958f7b6b8637a55c1e803294e3837c393c02aaec0c69246ae91660b4ff4d20d51daee105bb5e68037ce5c1efded193b4a0cb800de3ada87dad6f569caf19fa1e549d57a34f8fbbbeaabb8a63ad8c73d6761d40b3bfc668b0392898082491963a2efd27f2c3069154ca0a034fa8b6562a6f5df9757282b7f49c066a61caff091950113223c4d12aa1d8c661a1ce201c2a4a9f2d8cbc6860a1bcbc22ad7c0d98e414b1c20adbeffbaaed9b030d166abc96e876a29e68a358244884d98034576cbc38f08dc18e50816c20d4bf428fcbd8b47092e042993689a641c7b6df6a00107f0325f63979f74a0c7ba071241fcf15f5f0101822ede383719dbadcc57f9c1fc36f9bb48cbc1cc6c9cb497c2a196a8e830b65d3f08585e38f9022d128278b8ab40f97da6779b7e169287fae96e071ff5d7686919adc7130928d29960fed2a292bd0a3576d8697bb88667d0b61f78b1cc8bf224b58189f43753322725603af988a4ac221ec5439e396ff210ee170aa7e3bcc8e7d54e6ffaea6ffc1b1404dc716ffd4b361655705f1d0404704dfb2d36b0c276f48f853191c6e7776e278a38a3d816e3df264a735f281254de1c0b99257ac0f9eb3d3d28cbd33bfa4900eacf650b4283c95dd61dce23b3dcfed0aaab015da9b8eeab0ae6ebcbe50e1341359c45bb8320fd05a0a57cdcd8ccba84e934dafaa889d11aabef07c97a606d998371cd123bc332211d4782ded531cb79060313adc89ab5a7401bf73ee47ded82e024e6ff6b66f18059fb52cb674d34d4161a0c795d19a6bc1d5141fc93850cc839432662103cdc0d14e22ee7c5d6d428b91a852ccac05ebb3172e778e30fffdf735f375b1583a8dd18fbdfb61f665b756d980e8d58df4ae2d5578a4cdad60d60d2f907f9ceaae9439b34e022b8bc1b09012e07bb7cb55c1441200839f3f97e3b4f8acf1c0a97e1397880fd8c62901d98f041761b39eaff1b22b0fe52ca9be5505514fcc86a9379176da64e0883dc3f439c50321c01221b1075f19d07f42a830b809b4c965eccdb2ae82d8109584b282023376eea558609c8dc36bf8898aae78255c2c31c35c4ba8ed9aba9a6932aa13ef03f4b3ba995fd28ab52d9d76722d9cece7cdee73cd176ce9c5822b94c2072168f9db03df8996b2b23b295c6d7d2ab3b842721fcabac7d4e5b820219b69a974ec52aa2756321cf0aeb5d1948b373933c228b06cc2686091a7d0def843d8ac291662c37681162b2a1357734c8c84c88edee16435f86c685c28e537e2cc4c5bf6b67f2fedf6227b4971abe4e18f5422d19dba3c0b4b5a22c347dccd88ea1c4bf8db3f1575b1e2f5d62b36cb850be99c58dd3e9da1ab76c09b45ec0fa6e44eb89fc6afd08a9914278c7775890ae04aef044100db02f5737386090d51e911c74688e28b75c0f1d534c506c89e46870b662b268d71f75de34bc443c2b5ec1ed66b6f31b7b3d940620f1f7a7958ed5a0ec3b8c0e554a9dbf62f3c33679768db465f37469cfca88902b7c71a5881407c75f71a7b2c559436ef59f0bc0908f7e83926794605f11ca868cc7293d535b7c8a24342ac0823cde48a542ec526e3bfe8a8efca93f3638df56dc3d4936643cc3f22b0da2c65d2ba2cf02f31cac98329c15fd20af07fa9f90693d829313d04011b1d19df8be8e651f1c4e24d97939a603efd97ae62460d08b75046d6da76535cb9e919432eceb5c6ceec70c666e9322c7c70a0f2325d27732fa025eef0be90dc534424c6cf562e6c7447a9603fc677b496a1fa8016217b92cd4b35b8980a91f029a8aafb818f7d356a70e9cc4d16a0647089e5f6303def24960cd4fdef53a8e295dc2c71c181833a8378f386f9df5ae12a1e03fd7ec30615bbfda8369c4c3717aa84761841fa66629457b4654af26916c52ff7f94ef21bfaec968ce7b42702918197b24bd57337b478f410b90d4d709fea72b53246a0bcdd67435cdfe3f2c35a311544dbb261e2d65a0cdaad991592d88f474318d40868b243c3a2e26cf426f1a7ec138a4c629f74b4ce68bee2515e9f6ac591053135103d830db4900269282598783059d713b2cf7118e2eea7b86e9634651330a5f14536ddfa17841dda36bfb144ff7fd496921fdf97fd4ed328a15d29af3bdb46fe43258ff0911a0c24a70709b973983a522dc6edf00e7c9566927b0c75a0863a96042e185f461403199bab4d0ce2c234cedf9a9b57a81ae9fef98c304e7cf220910c1d4faa046afb83e93b2b1a2245fe59c6fc892f83b144ed3648def10c59a4b7bb5737c81dbb2de839f0222b5a1e87bfea78de375ad0aa69132068ed07e402894c781788138b33653acbaeae2b76189a4998d496808f467b5a9ea0914d8a78ae096bd911d4f5051b560e4d8661bf45299c9fa19db45fec75eb0e2bcd6559903d7f48dc8041fb9417092641ad073e0e5503f4c7d73b79b7e62910ce8743c44d3ba0a83d35ec7555eb85aeb8e540409577ac72260d2be14ea103f71f834ef0fe7d8f99b3b8c02e8bd729bc7a428ec6c42c5035e9713d28aea684e504a067d5df475be51733c7e8f2e8c34b6526b8ce54ef5dd31b8926adfe3646171ceeff14205c410e3bc14598d97adb4dd155154c494ffe8165f80b4430733780dd269a396779ec9348bee81cbbd5de5ff189ec8de921ed25c721956bd1ce4da97a07228b5b76e48185b3354a23524ca9fd955ec86586c3cff00a0e0d6b8e4765e9b2aba93a1fb005957ccd1cdc7e92052317aa8f85de119dc38d771ee86e311c3d4580b0b1602488352e846886ee076ca6dd193bcdc7f2f83ced3a4e4804b7f399f7e04edeca336a3824b61e6b7b405b261263f5252f12fbb517e2868be7c314f5fcfe1448fe29ef35c9f098d57493abe4320d9b529ef244671b76a280ea7794810c47c0fbd46ad3429d024092d6cc1d5e34fa3fe99217cdfdfa216ea1617ff7b179565ec09a253acd320d448734f5f75c1b6dd3aab37b21a6380f18c17ad704fc0c305b4a8d748d71f6121768d77a413950bfd58c9440d984563a7d834e51ebd5910f2624ee5006850e3698846c799bb65cca56593b117fd82dcd1f491ddf7df87a887e5a71a4127af4750a9054c972800cf7aa03001c3934192d120a12c670f62f704e4640364966e049a507215f54489863086f9bd902bf90fe2fd29a0f6f59adc11cc41a3f098150796db483cf65a2c56ef9e928630701b8b4fd9ac61ae0ec739ddba42e9beb0d890ce8a1e2f6109b57bc433ee49dcb8ce928dc0dc083be784a8c9ed8d2e6cfc4a8160aba8911b942894a5615ffc932ab7e16ba26bbe79aa5a1f9477a8a3a5402ea707659270f38dcf1b9ebd56c0c4c48f8145be68b2c147aab0b6c513a4c2ed966679bf0eb3751468bd3f5889bc25effae1fc1bdedbd7ee2a0259f1de779580d4b3f2d664699b7118d60641681c16b8fabbc34ceca849689b571ebb29a4a4c401dc6a799246bb0d20dc6d1ce59f2090b8539a67dc8d4a6991a455e24ef9464f71d36e9e8e872b8f9e3bd596f3466fe6afb4b1a7354cbda5b6a23bf7e531c5eb5f4da22811e440d05b77626a388ea2f148f5ee4fcfbe8b9174e6ea819992ef883cfd4907b2ccb3df7970322bab5cc5e7984a8f456d3ff34551c076da3636dd2fa1151afca142d299b91855965cbca22bcfef75f0f717dabb123d72920486a0156629c823667160eac08961f778c85f06be570fc5e1d3c0435db0601e9ff5c41163890ead07936104688465e0a437eb44a5009e786687fb85d8e4bcecaf26e04fb02efb298890a1cb3dce00f3234b576522eb9e18ee63e4b3067eb21fe3cbc8e9e9df04468c4c1e1b1f6881b9e2ebbf08550368821702867bd0369115e43e664001e9ca17ef7090ef759f0d2f364c918bb329aba3739d447490909e147c03aeb0ca094cf87edef823726c07dfa90d3f48c83132340609b3d878d36d198479b64248a99ee39c56e68c50ef871a935d26312b1e1dfa2429cc16d68e54963f0fe323fc22aaf16b62847cdb82477097c662d62f840234ada8486d75cad4a73a5d44b73366cabe3dfd720701f1cc15183506bba0b5f3648514703824ae33a4e1378927978cd12de542dd75cf11e45e687cbe92a3e149dab5338af5ad2271f31f012435d605bc4719721c242a8e460ce9324198212bd166d7f23afbdad245a996d89b860c2a513089d1e1b3ce953c18e0a880486b2f9d6cf95d83c8cbd63da56eb5d9557eceb267359c16ff390f8f1ac20a1e61320df5a8f3c76ebae1cf80dba6cbcd664fb5f0000d1f1e5d4aa6d2062082cca97c9d4639a0c837837a811731845dc1412522bad47ab116e4a4d5f042a8b51a6ea5e3016b70e6c07830b6d1c613d9ac980489bc9c714fa96a52ac1547ec9ee692e8bdd9e03e19083b1f078a2ca25db1c223d1bc2428fe8893e4d8350d35dd5e9dbd11a68a6cc99ee6edec8355a7f7cd33b8f9bda63138e3f9a856c9df01a71f117226d24e6de8983f3645ec2a85459c5fa7ceedfb2d87dd341df2c8ceafb13cf4254c06a35ef42d3e51ad105a938957b7c1f94f37d848ed0b754cc9ce71e5df59dd1be033044a254f643eb3dc0ea4b9e3d179dc94f06a51fc5d31c6d1dd59fa7e561d3718ff3121ffe3e5fc2e31b259ce802d277e49a582ac88f2c2a426fe30f051dddeee63f1c224dc0cc6b5c1e97ca67870d3d275ced356fc0c3b0a2d336616449da4c1d7013cf72b35fbd4711ef51c486ffae0ec11c636174de60812a5656fc1a02d3039b5b449faf0c0915b8b5fb09c35a648bf363c7aa726e72339d1a67a036605b23ddcc6f17741e1c986ec2f97374bf532e14355efd6650726b2ce38e851c6e3e1c00d5fca77fcfd08dee4db1b441d283da0e25563c17db673f0f81bcbe3b9f39ba365f5430ef2aa031bf478605aeffa34a0d0fb2f201db2389f9a45087db56dc44c588101a9b8f1aaf5fb1d76d6be49d585e1cff451589d2c48cd376dd52b5481c88b5fff2ecf34d5d3018fc0840254509b1b554c7e29f2d560835a8afa61940f7074916d8ede9c598cb2844d1aa31e68c055a590ca0815a76e5231e7d605dddd300987af3d39a1a9b00698d4e506f4da6dfe0065f6ba40bdee9f70372a4e18feb85accb805a8198cd3e00ba525c1b03a4f58130ee0ccf6f1241834cc4de27f5700f6c9b6fbbe586b810b12db9cbe3a807354c17bd767948a7e915ac58a38b77629b1cb86a6b83b1b005f663d721e5365216967a2769d44d9a7c577c3c91e0d5656b92d647b4baa68d1a2ba3f9d9fde1c8a2c09ea1b440fdfe06a823572017a66fe3fb7d91bb3736a305cddfdf22b6baf0d304229587387f352151c8f9da8fca7be1e10f63a4d732261e51cef2cc326821995bf7df1e79dd4970ff5a51c8ab5b354c849a6f98e84865ec84b1c7449996c485d7016ba489d1e3f5c0c6", [[], [], [], [], [], [], [], []]}, 0x18b0) socket$kcm(0xa, 0x6, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x0, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000001b40)='/dev/snd/pcmC#D#p\x00', 0x5, 0x0) setsockopt$sock_attach_bpf(r0, 0x10d, 0x2, &(0x7f0000000200)=r2, 0x11e) 2033/05/18 03:43:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 933.725116] binder: 1469:1474 ioctl c0306201 20000540 returned -22 [ 933.731625] binder: undelivered TRANSACTION_ERROR: 29201 [ 933.737739] binder: undelivered TRANSACTION_ERROR: 29201 [ 933.813076] binder: BINDER_SET_CONTEXT_MGR already set [ 933.838564] binder: 1469:1474 ioctl 40046207 0 returned -16 [ 933.846528] binder: 1500:1505 got reply transaction with no transaction stack [ 933.853886] binder: 1500:1505 transaction failed 29201/-71, size 0-0 line 2763 [ 933.872529] binder: BINDER_SET_CONTEXT_MGR already set [ 933.878988] binder: 1500:1505 ioctl 40046207 0 returned -16 [ 933.886190] binder: 1469:1514 Acquire 1 refcount change on invalid ref 10 ret -22 [ 933.893932] binder: 1469:1514 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 933.901504] binder: 1469:1514 unknown command 0 [ 933.906267] binder: 1500:1510 got reply transaction with no transaction stack [ 933.913121] binder: 1469:1514 ioctl c0306201 20000540 returned -22 [ 933.913584] binder: 1500:1510 transaction failed 29201/-71, size 0-0 line 2763 [ 933.940726] binder: undelivered TRANSACTION_ERROR: 29201 [ 933.948094] binder: undelivered TRANSACTION_ERROR: 29201 2033/05/18 03:43:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x40046307}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:52 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_S390_VCPU_FAULT(r2, 0x4008ae52, &(0x7f00000000c0)=0x8) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:43:52 executing program 6: r0 = socket(0x1, 0x4, 0x4) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) msgget(0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) msgrcv(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0xffff, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x80000000003, 0x80000000}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r3, 0xfffffffffffffff9}, 0x8) 2033/05/18 03:43:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:52 executing program 7: r0 = syz_open_dev$admmidi(&(0x7f00000000c0)='/dev/admmidi#\x00', 0x7, 0x202) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000100)={0x0, 0x3}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000180)=r1, 0x4) r2 = socket(0xb, 0x1, 0x4) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r3 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r3, 0x10d, 0x2, &(0x7f0000000000)=r3, 0x36) setsockopt$inet6_opts(r2, 0x29, 0x3b, &(0x7f00000001c0)=@srh={0x87, 0x6, 0x4, 0x3, 0x7fff, 0xffffffffffffffff, 0x5, [@mcast2={0xff, 0x2, [], 0x1}, @loopback={0x0, 0x1}, @mcast2={0xff, 0x2, [], 0x1}]}, 0x38) r4 = shmget(0x0, 0x4000, 0x80, &(0x7f0000ffa000/0x4000)=nil) shmctl$SHM_STAT(r4, 0xd, &(0x7f0000000280)=""/245) r5 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x5b1d, 0x200) ioctl$SG_SET_COMMAND_Q(r5, 0x2271, &(0x7f0000000080)=0xfffffffffffffffd) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r5, 0x2405, r0) 2033/05/18 03:43:52 executing program 4 (fault-call:4 fault-nth:26): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:43:52 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000fd00"}, 0x6e) 2033/05/18 03:43:52 executing program 0: setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x8000, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10) [ 934.104111] FAULT_INJECTION: forcing a failure. [ 934.104111] name failslab, interval 1, probability 0, space 0, times 0 [ 934.107967] binder: 1540:1542 got reply transaction with no transaction stack [ 934.115785] CPU: 0 PID: 1543 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 934.123118] binder: 1540:1542 transaction failed 29201/-71, size 0-0 line 2763 [ 934.130228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 934.130239] Call Trace: [ 934.130267] dump_stack+0x1b9/0x294 [ 934.130294] ? dump_stack_print_info.cold.2+0x52/0x52 [ 934.158663] should_fail.cold.4+0xa/0x1a [ 934.162762] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 934.167888] ? save_stack+0x43/0xd0 [ 934.171536] ? kmem_cache_alloc_trace+0x152/0x780 [ 934.176395] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 934.181597] ? __list_lru_init+0x456/0x790 [ 934.185840] ? sget_userns+0x73a/0xf00 [ 934.189727] ? graph_lock+0x170/0x170 [ 934.193522] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 934.198268] ? do_mount+0x564/0x3070 [ 934.201974] ? ksys_mount+0x12d/0x140 [ 934.205772] ? __x64_sys_mount+0xbe/0x150 [ 934.209910] ? do_syscall_64+0x1b1/0x800 [ 934.213966] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 934.219336] ? find_held_lock+0x36/0x1c0 [ 934.223396] ? __lock_is_held+0xb5/0x140 [ 934.227481] ? check_same_owner+0x320/0x320 [ 934.231799] ? rcu_note_context_switch+0x710/0x710 [ 934.236726] __should_failslab+0x124/0x180 [ 934.240959] should_failslab+0x9/0x14 [ 934.244763] kmem_cache_alloc_trace+0x2cb/0x780 [ 934.249422] ? __kmalloc_node+0x33/0x70 [ 934.253385] ? __kmalloc_node+0x33/0x70 [ 934.257352] ? rcu_read_lock_sched_held+0x108/0x120 [ 934.262366] __memcg_init_list_lru_node+0x17d/0x2c0 [ 934.267376] ? kvfree_rcu+0x20/0x20 [ 934.271001] ? __kmalloc_node+0x47/0x70 [ 934.274984] __list_lru_init+0x456/0x790 [ 934.279043] ? list_lru_destroy+0x4c0/0x4c0 [ 934.283384] ? mark_held_locks+0xc9/0x160 [ 934.287527] ? __raw_spin_lock_init+0x1c/0x100 [ 934.292112] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 934.297123] ? __lockdep_init_map+0x105/0x590 [ 934.301614] ? lockdep_init_map+0x9/0x10 [ 934.305674] sget_userns+0x73a/0xf00 [ 934.309397] ? kill_litter_super+0x90/0x90 [ 934.313628] ? ns_test_super+0x50/0x50 [ 934.317510] ? destroy_unused_super.part.11+0x110/0x110 [ 934.322874] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 934.327451] ? kasan_check_write+0x14/0x20 [ 934.331676] ? do_raw_spin_lock+0xc1/0x200 [ 934.335919] ? blkdev_get+0xc0/0xb30 [ 934.339631] ? cap_capable+0x1f9/0x260 [ 934.343517] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 934.349046] ? security_capable+0x99/0xc0 [ 934.353191] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 934.358721] ? ns_capable_common+0x13f/0x170 [ 934.363123] ? kill_litter_super+0x90/0x90 [ 934.367351] sget+0x10b/0x150 [ 934.370448] ? ns_test_super+0x50/0x50 [ 934.374341] mount_bdev+0x111/0x3e0 [ 934.377971] ? fuse_get_root_inode+0x190/0x190 [ 934.382548] fuse_mount_blk+0x34/0x40 [ 934.386345] mount_fs+0xae/0x328 [ 934.389709] vfs_kern_mount.part.34+0xd4/0x4d0 [ 934.394285] ? may_umount+0xb0/0xb0 [ 934.397903] ? _raw_read_unlock+0x22/0x30 [ 934.402045] ? __get_fs_type+0x97/0xc0 [ 934.405930] do_mount+0x564/0x3070 [ 934.409469] ? copy_mount_string+0x40/0x40 [ 934.413694] ? rcu_pm_notify+0xc0/0xc0 [ 934.417586] ? copy_mount_options+0x5f/0x380 [ 934.421988] ? rcu_read_lock_sched_held+0x108/0x120 [ 934.427000] ? kmem_cache_alloc_trace+0x616/0x780 [ 934.431862] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 934.437396] ? _copy_from_user+0xdf/0x150 [ 934.441541] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 934.447069] ? copy_mount_options+0x285/0x380 [ 934.451573] ksys_mount+0x12d/0x140 [ 934.455194] __x64_sys_mount+0xbe/0x150 [ 934.459161] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 934.464171] do_syscall_64+0x1b1/0x800 [ 934.468048] ? finish_task_switch+0x1ca/0x840 [ 934.472538] ? syscall_return_slowpath+0x5c0/0x5c0 [ 934.477464] ? syscall_return_slowpath+0x30f/0x5c0 [ 934.482392] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 934.487755] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 934.492605] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 934.497784] RIP: 0033:0x455a09 [ 934.500969] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 934.508673] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 934.515934] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 934.523198] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 934.530455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 934.537715] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:43:53 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cuse\x00', 0x0, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f00000000c0)={0x6, 0x68}) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) ioctl$DRM_IOCTL_CONTROL(r1, 0x40086414, &(0x7f0000000140)={0x3, 0x20}) pwrite64(r0, &(0x7f0000000000)="f177fed298dfd223a591", 0xa, 0x0) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) 2033/05/18 03:43:53 executing program 7: r0 = socket(0x20000000000000, 0x1, 0xffffffffffffffff) getsockopt$EBT_SO_GET_INIT_INFO(r0, 0x0, 0x82, &(0x7f0000000100)={'broute\x00'}, &(0x7f0000000080)=0x78) ioctl(r0, 0x8912, &(0x7f0000000180)="c626262c8523bf012cf66f0e96eaa1c3d56c777ed2e2e59a326d4bd4e80673cd8f5f1e8f412607bdb146b44e2521f6dcd864c28f32d3815e770fe81b2e42d811b2606f2b79d57af459825ec509c1c4aae8a25793443e58f0c120e82a2ee65383e091905730c41ea60ee86288783a6f9d1734917c5fa92c5270160d737920b54998a575c52dec15") r1 = socket$kcm(0xa, 0x5, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x1}, 0x5) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x400, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f00000000c0)=r1, 0x4) [ 934.558239] binder: BINDER_SET_CONTEXT_MGR already set [ 934.563379] binder: 1550:1553 Acquire 1 refcount change on invalid ref 1074029319 ret -22 [ 934.571978] binder: 1550:1553 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 934.579588] binder: 1550:1553 unknown command 0 [ 934.584799] binder: 1550:1553 ioctl c0306201 20000540 returned -22 [ 934.593467] binder: 1540:1542 ioctl 40046207 0 returned -16 2033/05/18 03:43:53 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000effdffff00"}, 0x6e) [ 934.607253] binder: BINDER_SET_CONTEXT_MGR already set 2033/05/18 03:43:53 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_S390_VCPU_FAULT(r2, 0x4008ae52, &(0x7f00000000c0)=0x8) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 934.629663] binder: 1540:1554 got reply transaction with no transaction stack [ 934.637072] binder: 1540:1554 transaction failed 29201/-71, size 0-0 line 2763 [ 934.647844] binder: 1550:1568 Acquire 1 refcount change on invalid ref 1074029319 ret -22 [ 934.656412] binder: 1550:1568 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 934.664016] binder: 1550:1568 unknown command 0 2033/05/18 03:43:53 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) connect$unix(r0, &(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) [ 934.743139] binder: undelivered TRANSACTION_ERROR: 29201 [ 934.749115] binder: undelivered TRANSACTION_ERROR: 29201 [ 934.774843] binder: 1550:1553 ioctl 40046207 0 returned -16 [ 934.796714] binder: 1550:1568 ioctl c0306201 20000540 returned -22 2033/05/18 03:43:54 executing program 4 (fault-call:4 fault-nth:27): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:43:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:54 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000200"}, 0x6e) 2033/05/18 03:43:54 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000000)={0x0, 0x7}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f00000000c0)={r1, 0x33, "950c015ba64c06343608cee8d331524b6d3118b9dbb99cdbe3e915b0bdaabfadac49ed6584821a258a1240f07d6d751b83d9ef"}, &(0x7f0000000140)=0x3b) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) 2033/05/18 03:43:54 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) msgget(0x2, 0x0) msgrcv(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$netrom_NETROM_T2(r0, 0x103, 0x2, &(0x7f0000000440)=0x3, &(0x7f0000000480)=0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r3, 0xfffffffffffffff9}, 0x8) 2033/05/18 03:43:54 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") socket$kcm(0xa, 0x6, 0x0) listxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/126, 0x7e) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000280)={0x1fb1ea3e, {{0x2, 0x4e21, @broadcast=0xffffffff}}, 0x1, 0x7, [{{0x2, 0x4e21}}, {{0x2, 0x4e21, @rand_addr=0xffff}}, {{0x2, 0x4e24, @loopback=0x7f000001}}, {{0x2, 0x4e24, @local={0xac, 0x14, 0x14, 0xaa}}}, {{0x2, 0x4e21, @remote={0xac, 0x14, 0x14, 0xbb}}}, {{0x2, 0x4e21, @rand_addr=0x7}}, {{0x2, 0x4e23, @broadcast=0xffffffff}}]}, 0x410) 2033/05/18 03:43:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x100000000000000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:54 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_S390_VCPU_FAULT(r2, 0x4008ae52, &(0x7f00000000c0)=0x8) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 935.230874] binder: 1596:1602 got reply transaction with no transaction stack [ 935.238398] binder: 1596:1602 transaction failed 29201/-71, size 0-0 line 2763 [ 935.249393] FAULT_INJECTION: forcing a failure. [ 935.249393] name failslab, interval 1, probability 0, space 0, times 0 [ 935.260719] CPU: 0 PID: 1603 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 935.262594] binder: BINDER_SET_CONTEXT_MGR already set [ 935.267926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 935.267937] Call Trace: [ 935.267966] dump_stack+0x1b9/0x294 [ 935.267994] ? dump_stack_print_info.cold.2+0x52/0x52 [ 935.294050] should_fail.cold.4+0xa/0x1a [ 935.298153] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 935.303286] ? save_stack+0x43/0xd0 [ 935.306942] ? kmem_cache_alloc_trace+0x152/0x780 [ 935.311808] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 935.312117] binder: 1596:1602 ioctl 40046207 0 returned -16 [ 935.317017] ? __list_lru_init+0x456/0x790 [ 935.317038] ? sget_userns+0x73a/0xf00 [ 935.317062] ? graph_lock+0x170/0x170 [ 935.317084] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 935.335322] binder: 1605 invalid dec weak, ref 3931 desc 0 s 1 w 0 [ 935.339440] ? do_mount+0x564/0x3070 [ 935.339457] ? ksys_mount+0x12d/0x140 [ 935.339474] ? __x64_sys_mount+0xbe/0x150 [ 935.339489] ? do_syscall_64+0x1b1/0x800 [ 935.339508] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 935.345833] binder: 1605:1608 unknown command 0 [ 935.349519] ? find_held_lock+0x36/0x1c0 [ 935.349549] ? __lock_is_held+0xb5/0x140 [ 935.379676] ? check_same_owner+0x320/0x320 [ 935.381719] binder: 1596:1614 got reply transaction with no transaction stack [ 935.384018] ? rcu_note_context_switch+0x710/0x710 [ 935.384049] __should_failslab+0x124/0x180 [ 935.384076] should_failslab+0x9/0x14 [ 935.391357] binder: 1596:1614 transaction failed 29201/-71, size 0-0 line 2763 [ 935.396256] kmem_cache_alloc_trace+0x2cb/0x780 [ 935.396273] ? __kmalloc_node+0x33/0x70 [ 935.396292] ? __kmalloc_node+0x33/0x70 [ 935.424251] ? rcu_read_lock_sched_held+0x108/0x120 [ 935.429296] __memcg_init_list_lru_node+0x17d/0x2c0 [ 935.434333] ? kvfree_rcu+0x20/0x20 [ 935.437981] ? __kmalloc_node+0x47/0x70 [ 935.441988] __list_lru_init+0x456/0x790 [ 935.444189] binder: 1605:1608 ioctl c0306201 20000540 returned -22 [ 935.446067] ? list_lru_destroy+0x4c0/0x4c0 [ 935.446088] ? mark_held_locks+0xc9/0x160 [ 935.446114] ? __raw_spin_lock_init+0x1c/0x100 [ 935.446133] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 935.446152] ? __lockdep_init_map+0x105/0x590 [ 935.474970] ? lockdep_init_map+0x9/0x10 [ 935.479038] sget_userns+0x73a/0xf00 [ 935.482745] ? kill_litter_super+0x90/0x90 [ 935.486979] ? ns_test_super+0x50/0x50 [ 935.490862] ? destroy_unused_super.part.11+0x110/0x110 [ 935.496247] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 935.500825] ? kasan_check_write+0x14/0x20 [ 935.505050] ? do_raw_spin_lock+0xc1/0x200 [ 935.509284] ? blkdev_get+0xc0/0xb30 [ 935.512995] ? cap_capable+0x1f9/0x260 [ 935.516896] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 935.522426] ? security_capable+0x99/0xc0 [ 935.526573] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 935.532103] ? ns_capable_common+0x13f/0x170 [ 935.536505] ? kill_litter_super+0x90/0x90 [ 935.540730] sget+0x10b/0x150 [ 935.543837] ? ns_test_super+0x50/0x50 [ 935.547721] mount_bdev+0x111/0x3e0 [ 935.551338] ? fuse_get_root_inode+0x190/0x190 [ 935.555916] fuse_mount_blk+0x34/0x40 [ 935.559710] mount_fs+0xae/0x328 [ 935.563076] vfs_kern_mount.part.34+0xd4/0x4d0 [ 935.567662] ? may_umount+0xb0/0xb0 [ 935.571284] ? _raw_read_unlock+0x22/0x30 [ 935.575421] ? __get_fs_type+0x97/0xc0 [ 935.579306] do_mount+0x564/0x3070 [ 935.582850] ? copy_mount_string+0x40/0x40 [ 935.587089] ? rcu_pm_notify+0xc0/0xc0 [ 935.590980] ? copy_mount_options+0x5f/0x380 [ 935.595381] ? rcu_read_lock_sched_held+0x108/0x120 [ 935.600389] ? kmem_cache_alloc_trace+0x616/0x780 [ 935.605238] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 935.610771] ? _copy_from_user+0xdf/0x150 [ 935.614919] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 935.620455] ? copy_mount_options+0x285/0x380 [ 935.624957] ksys_mount+0x12d/0x140 [ 935.628578] __x64_sys_mount+0xbe/0x150 [ 935.632542] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 935.637553] do_syscall_64+0x1b1/0x800 [ 935.641430] ? finish_task_switch+0x1ca/0x840 [ 935.645918] ? syscall_return_slowpath+0x5c0/0x5c0 [ 935.650841] ? syscall_return_slowpath+0x30f/0x5c0 [ 935.655774] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 935.661135] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 935.665977] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 935.671155] RIP: 0033:0x455a09 [ 935.674332] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 2033/05/18 03:43:54 executing program 7: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x4002, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000300)={0x0, 0x1f}, &(0x7f0000000340)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000380)={r1, 0x2}, &(0x7f00000003c0)=0x8) r2 = socket(0x2, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r3 = socket$kcm(0xa, 0x6, 0x0) r4 = accept(r2, &(0x7f0000000040)=@pppoe={0x0, 0x0, {0x0, @link_local}}, &(0x7f00000000c0)=0x80) setsockopt$sock_attach_bpf(r3, 0x10d, 0x2, &(0x7f0000000000)=r3, 0x36) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000100)={0x0, 0x8}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r4, 0x84, 0xf, &(0x7f0000000180)={r5, @in={{0x2, 0x4e21, @local={0xac, 0x14, 0x14, 0xaa}}}, 0x2, 0x8f5, 0x8, 0x0, 0x100000001}, &(0x7f0000000280)=0x98) openat$zero(0xffffffffffffff9c, &(0x7f0000000400)='/dev/zero\x00', 0x2000, 0x0) 2033/05/18 03:43:54 executing program 0: r0 = dup(0xffffffffffffff9c) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000000)={0x0, 0x6}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000180)={r1, @in6={{0xa, 0x4e24, 0x80, @ipv4={[], [0xff, 0xff], @broadcast=0xffffffff}, 0x7}}}, 0x84) getpeername$netlink(r0, &(0x7f00000000c0), &(0x7f0000000080)=0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000240)=0xff, 0x4) r2 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) sendto$inet(r2, &(0x7f0000000280), 0x0, 0x40010, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) [ 935.682036] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 935.689294] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 935.696574] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 935.703832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 935.711094] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 935.730866] binder: BINDER_SET_CONTEXT_MGR already set [ 935.753417] binder: undelivered TRANSACTION_ERROR: 29201 [ 935.760789] binder: undelivered TRANSACTION_ERROR: 29201 [ 935.760972] binder: 1605:1608 ioctl 40046207 0 returned -16 [ 935.773791] binder: 1605 invalid dec weak, ref 3934 desc 0 s 1 w 0 [ 935.780290] binder: 1605:1622 unknown command 0 [ 935.803723] binder: 1605:1622 ioctl c0306201 20000540 returned -22 2033/05/18 03:43:55 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ftruncate(r0, 0x1b7) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000040)={r0}) r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r0, 0x10d, 0x2, &(0x7f0000000080)=r1, 0x4) 2033/05/18 03:43:55 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:55 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x80000, 0x2) ioctl$IOC_PR_RELEASE(r1, 0x401070ca, &(0x7f0000000080)={0x5, 0x8}) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) 2033/05/18 03:43:55 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000100"}, 0x6e) 2033/05/18 03:43:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0xb630000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:55 executing program 4 (fault-call:4 fault-nth:28): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:43:55 executing program 6: ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000440)=0x0) r1 = getpid() setpgid(r0, r1) r2 = socket(0xa, 0x1, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r2, 0x89e1, &(0x7f0000000080)={r2}) ioctl(r2, 0x8912, &(0x7f0000000340)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000380)={0x0, 0x5}, &(0x7f0000000000)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000240)={r3, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r4 = msgget(0x1, 0x10) msgget(0x2, 0x0) kcmp(r1, r1, 0x7, r2, r2) msgrcv(r4, &(0x7f0000000640)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bbedaf4612471300000000000000000000ff000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000079be86302866140c07b9828a505900004becdab484e76b8cc18ca37fbb6efec291ca919636d8797c4d1d2af8a249aeb52ca3d26adaabf62b76478ef43a81bc8563c1979743e02aa6f491f4199eebbba4aaebc09429c549f261fb851d12c2de61e6fda8351c03000000000000002663f3685b92ed0563e02229526d024a6444d4ec25a40f6c2eec17f6011184c11e62d35770626874b298a66428ee6b998eab60bf0643c8796986707e0704738e277c3f214624fe2e6438427a9c24282cf5e002bcd1d840a8fe4833f92cf9507a2fbc250334a4b6b3a564f35b75ff65b4fecf38f36656b625fbde27529c04b5e07e074f8c0e688d355943ed6d4b33a7379e95e7d191cb433a0dbd0f18e530970fa4b58ba0985d58a4a421d8c2d1aa0c68c867b1d1c0870a4a58fb0fafc69158c2bb10a183895a0055388b4cc1babe9fc800eee809d4357dca050d8ed150fcefbb3bf38dbecfa21a40aa46f4ccf6dce4c9917e05f19c417dbeafb309ee7e500000000000000000000000007bdfb8feeaed96ac36d0f8e3087b8ba00b555d62878223acfd8ea9c5e28318935848427895006cc934677d2ec0f90973ee48380e9d36514bc6bd3b3d3403b2621e63af9d4993927d4bb7f97526727e29038ef9aea7730ec3cb0d66acf3620d47a69ae54f86e45804f8497469dea46fb98675146500d44681dcd5223ac61179c633825a7b99f94fad1499b5e248ce7f9e6ad81839b32eec84ee17f15a35ce3a5069513c4acac425efedafbb1d4dfe943279"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r2, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000200)={r5, 0xfffffffffffffff9}, 0x8) 2033/05/18 03:43:55 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_S390_VCPU_FAULT(r2, 0x4008ae52, &(0x7f00000000c0)=0x8) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:43:55 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000ffff00"}, 0x6e) [ 936.307726] binder: 1635:1637 got reply transaction with no transaction stack [ 936.315151] binder: 1635:1637 transaction failed 29201/-71, size 0-0 line 2763 [ 936.331885] FAULT_INJECTION: forcing a failure. [ 936.331885] name failslab, interval 1, probability 0, space 0, times 0 [ 936.343180] CPU: 1 PID: 1642 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 936.350372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 936.359727] Call Trace: [ 936.362338] dump_stack+0x1b9/0x294 [ 936.366000] ? dump_stack_print_info.cold.2+0x52/0x52 [ 936.369701] binder: BINDER_SET_CONTEXT_MGR already set [ 936.371205] ? __save_stack_trace+0x7e/0xd0 [ 936.371233] should_fail.cold.4+0xa/0x1a [ 936.371254] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 936.389990] ? save_stack+0x43/0xd0 [ 936.393629] ? kasan_kmalloc+0xc4/0xe0 [ 936.397536] ? kmem_cache_alloc_trace+0x152/0x780 [ 936.400181] binder: 1635:1637 ioctl 40046207 0 returned -16 2033/05/18 03:43:55 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000fd00"}, 0x6e) [ 936.402387] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 936.402402] ? __list_lru_init+0x456/0x790 [ 936.402420] ? sget_userns+0x73a/0xf00 [ 936.402439] ? graph_lock+0x170/0x170 [ 936.425200] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 936.429964] ? do_mount+0x564/0x3070 [ 936.433681] ? ksys_mount+0x12d/0x140 [ 936.434414] binder: 1635:1649 got reply transaction with no transaction stack [ 936.437478] ? __x64_sys_mount+0xbe/0x150 [ 936.437494] ? do_syscall_64+0x1b1/0x800 [ 936.437513] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 936.444806] binder: 1635:1649 transaction failed 29201/-71, size 0-0 line 2763 [ 936.448925] ? find_held_lock+0x36/0x1c0 [ 936.448946] ? __lock_is_held+0xb5/0x140 [ 936.448974] ? check_same_owner+0x320/0x320 [ 936.478118] ? rcu_note_context_switch+0x710/0x710 [ 936.483044] __should_failslab+0x124/0x180 [ 936.487269] should_failslab+0x9/0x14 [ 936.491062] kmem_cache_alloc_trace+0x2cb/0x780 [ 936.495719] ? __kmalloc_node+0x33/0x70 [ 936.499693] ? __kmalloc_node+0x33/0x70 [ 936.503671] ? rcu_read_lock_sched_held+0x108/0x120 [ 936.508689] __memcg_init_list_lru_node+0x17d/0x2c0 [ 936.513691] ? kvfree_rcu+0x20/0x20 [ 936.517315] ? __kmalloc_node+0x47/0x70 [ 936.521282] __list_lru_init+0x456/0x790 [ 936.525340] ? list_lru_destroy+0x4c0/0x4c0 [ 936.529650] ? mark_held_locks+0xc9/0x160 [ 936.533791] ? __raw_spin_lock_init+0x1c/0x100 [ 936.538371] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 936.543374] ? __lockdep_init_map+0x105/0x590 [ 936.547868] ? lockdep_init_map+0x9/0x10 [ 936.551919] sget_userns+0x73a/0xf00 [ 936.555617] ? kill_litter_super+0x90/0x90 [ 936.559841] ? ns_test_super+0x50/0x50 [ 936.563733] ? destroy_unused_super.part.11+0x110/0x110 [ 936.569081] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 936.573660] ? kasan_check_write+0x14/0x20 [ 936.577879] ? do_raw_spin_lock+0xc1/0x200 [ 936.582106] ? blkdev_get+0xc0/0xb30 [ 936.585810] ? cap_capable+0x1f9/0x260 [ 936.590215] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 936.595740] ? security_capable+0x99/0xc0 [ 936.599886] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 936.605409] ? ns_capable_common+0x13f/0x170 [ 936.609808] ? kill_litter_super+0x90/0x90 [ 936.614031] sget+0x10b/0x150 [ 936.617121] ? ns_test_super+0x50/0x50 [ 936.621009] mount_bdev+0x111/0x3e0 [ 936.624626] ? fuse_get_root_inode+0x190/0x190 [ 936.629195] fuse_mount_blk+0x34/0x40 [ 936.632985] mount_fs+0xae/0x328 [ 936.636346] vfs_kern_mount.part.34+0xd4/0x4d0 [ 936.640916] ? may_umount+0xb0/0xb0 [ 936.644533] ? _raw_read_unlock+0x22/0x30 [ 936.648664] ? __get_fs_type+0x97/0xc0 [ 936.652549] do_mount+0x564/0x3070 [ 936.656074] ? do_raw_spin_unlock+0x9e/0x2e0 [ 936.660471] ? copy_mount_string+0x40/0x40 [ 936.664694] ? rcu_pm_notify+0xc0/0xc0 [ 936.668572] ? copy_mount_options+0x5f/0x380 [ 936.672965] ? rcu_read_lock_sched_held+0x108/0x120 [ 936.677971] ? kmem_cache_alloc_trace+0x616/0x780 [ 936.682802] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 936.688328] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 936.693850] ? copy_mount_options+0x285/0x380 [ 936.698345] ksys_mount+0x12d/0x140 [ 936.701961] __x64_sys_mount+0xbe/0x150 [ 936.705920] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 936.710933] do_syscall_64+0x1b1/0x800 [ 936.714804] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 936.719644] ? syscall_return_slowpath+0x5c0/0x5c0 [ 936.724569] ? syscall_return_slowpath+0x30f/0x5c0 [ 936.729489] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 936.735436] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 936.740300] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 936.745502] RIP: 0033:0x455a09 [ 936.748680] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 2033/05/18 03:43:55 executing program 7: r0 = socket(0xe, 0x1, 0x8000) fcntl$getownex(r0, 0x10, &(0x7f0000000040)={0x0, 0x0}) syz_open_procfs(r1, &(0x7f0000000080)='stack\x00') ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r2 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r2, 0x10d, 0x2, &(0x7f0000000000)=r2, 0x36) 2033/05/18 03:43:55 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000000)={'nr0\x00', {0x2, 0x4e23, @broadcast=0xffffffff}}) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) 2033/05/18 03:43:55 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_S390_VCPU_FAULT(r2, 0x4008ae52, &(0x7f00000000c0)=0x8) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 936.756373] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 936.763627] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 936.770882] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 936.778146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 936.785403] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:43:55 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 936.842819] binder: undelivered TRANSACTION_ERROR: 29201 [ 936.854881] binder: undelivered TRANSACTION_ERROR: 29201 [ 936.858223] binder: 1646:1656 Acquire 1 refcount change on invalid ref 191037440 ret -22 [ 936.868808] binder: 1646:1656 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 936.876422] binder: 1646:1656 unknown command 0 2033/05/18 03:43:55 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000008000002000"}, 0x6e) [ 936.914767] binder: 1667:1669 got reply transaction with no transaction stack [ 936.922241] binder: 1667:1669 transaction failed 29201/-71, size 0-0 line 2763 [ 936.968261] binder: BINDER_SET_CONTEXT_MGR already set [ 936.987213] binder: 1667:1669 ioctl 40046207 0 returned -16 [ 936.997202] binder: 1646:1656 ioctl c0306201 20000540 returned -22 [ 937.004843] binder: 1667:1680 got reply transaction with no transaction stack 2033/05/18 03:43:55 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_S390_VCPU_FAULT(r2, 0x4008ae52, &(0x7f00000000c0)=0x8) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:43:55 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) 2033/05/18 03:43:55 executing program 0: r0 = socket(0x2, 0xa, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) ioctl$sock_netrom_TIOCINQ(r0, 0x541b, &(0x7f0000000000)) sendto$inet(r0, &(0x7f00000000c0)="8c2df2a03ca51629bb45ed91136900872d00000000000000000000000046000000", 0x21, 0x0, &(0x7f0000000080)={0x2, 0xfffffffffffffffc, @loopback=0x7f000001}, 0x10) [ 937.012295] binder: 1667:1680 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:43:55 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 937.083655] binder: undelivered TRANSACTION_ERROR: 29201 [ 937.089666] binder: undelivered TRANSACTION_ERROR: 29201 [ 937.127139] binder: 1697:1698 got reply transaction with no transaction stack [ 937.133331] binder: BINDER_SET_CONTEXT_MGR already set [ 937.134587] binder: 1697:1698 transaction failed 29201/-71, size 0-0 line 2763 [ 937.186446] binder: 1646:1656 ioctl 40046207 0 returned -16 [ 937.217540] binder: 1646:1703 Acquire 1 refcount change on invalid ref 191037440 ret -22 [ 937.219180] binder: BINDER_SET_CONTEXT_MGR already set [ 937.225886] binder: 1646:1703 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 937.231674] binder: 1697:1698 ioctl 40046207 0 returned -16 [ 937.238741] binder: 1646:1703 unknown command 0 [ 937.242742] binder: 1646:1703 ioctl c0306201 20000540 returned -22 [ 937.258837] binder: 1697:1704 got reply transaction with no transaction stack [ 937.266249] binder: 1697:1704 transaction failed 29201/-71, size 0-0 line 2763 [ 937.289698] binder: undelivered TRANSACTION_ERROR: 29201 [ 937.295244] binder: undelivered TRANSACTION_ERROR: 29201 2033/05/18 03:43:56 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000002000008000"}, 0x6e) 2033/05/18 03:43:56 executing program 4 (fault-call:4 fault-nth:29): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:43:56 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x400000, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r2, 0xd) 2033/05/18 03:43:56 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x200}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000180)={r1, 0x80000001}, &(0x7f00000001c0)=0x8) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000000)={'eql\x00', {0x2, 0x4e23, @local={0xac, 0x14, 0x14, 0xaa}}}) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/autofs\x00', 0x40000, 0x0) ioctl$PIO_FONT(r2, 0x4b61, &(0x7f00000002c0)="9b36ad16d25ac071495f7a6d60a05d284291a5f0162ce0f1d7cd4b7e8e234f0cc368705e27f3d0bd05c2c6aa4e872b7e63ff000200000000000000606369e2c66600b430a18d3a55885f83581b172990d65ec1f94ca8ed5af3f96fdad3f2857f8deb02a062a656dd57ce41c1890fd6cd61f9f245228478bf345569f205bd2afd586e715cd668c92ea630e876dd0f81df1b0afaf6b76719e4b7334dc83f24ac9135f8732088eafec05f7cdf46aff26a01ff3f161a4846f34e0d46836f11cfc50d90e4") setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) sendto$inet(r0, &(0x7f00000002c0), 0x0, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0206434, &(0x7f0000000240)={0xdc, 0x0, 0x2, 0x5}) ioctl$DRM_IOCTL_AGP_BIND(r2, 0x40106436, &(0x7f0000000280)={r3, 0xfffffffffffffbff}) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, &(0x7f00000003c0)={0x77359400}, 0x10) sysinfo(&(0x7f0000000400)=""/4096) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000080)={'yam0\x00', {0x2, 0x4e21}}) 2033/05/18 03:43:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x300}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_S390_VCPU_FAULT(r2, 0x4008ae52, &(0x7f00000000c0)=0x8) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:43:56 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r3 = msgget(0x1, 0x4) msgget(0x2, 0x0) msgrcv(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000f6efc2ec90349010d38200000000000000000000000000000000000000ff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001789d95250e0bbb8783140d4926c50e3809a44020ee38c52fafe3597c88c689a4fb427d0bc9dc30f1bc65de996179aa511e79b961fb2e2df4da1319f791465c1210ab1f551a2285b390e757a6c7f339c161b25a66a303554188df1b8a766a028173f4319a6a758efc657561f7200de9bd67edb4af56a1d6aa0f6695fc540ddfe76fdf79fc126443304a91c41141b26feeb82dfb45dadb1492f7924bf26a3227303239010a0499ee32094bfa6248f32dd803f4194bb645caf"], 0x1, 0x5, 0x2000) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={r2, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r4, 0xfffffffffffffff9}, 0x8) 2033/05/18 03:43:56 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 937.420115] FAULT_INJECTION: forcing a failure. [ 937.420115] name failslab, interval 1, probability 0, space 0, times 0 [ 937.421159] binder: 1711:1724 got reply transaction with no transaction stack [ 937.431514] CPU: 0 PID: 1714 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 937.431530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 937.438877] binder: 1711:1724 transaction failed 29201/-71, size 0-0 line 2763 [ 937.445990] Call Trace: [ 937.446027] dump_stack+0x1b9/0x294 [ 937.446057] ? dump_stack_print_info.cold.2+0x52/0x52 [ 937.446094] should_fail.cold.4+0xa/0x1a [ 937.446121] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 937.446141] ? save_stack+0x43/0xd0 [ 937.446157] ? kmem_cache_alloc_trace+0x152/0x780 [ 937.446172] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 937.446184] ? __list_lru_init+0x456/0x790 [ 937.446198] ? sget_userns+0x73a/0xf00 [ 937.446216] ? graph_lock+0x170/0x170 [ 937.446232] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 937.446248] ? do_mount+0x564/0x3070 2033/05/18 03:43:56 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000fffffdef00"}, 0x6e) [ 937.446266] ? ksys_mount+0x12d/0x140 [ 937.446281] ? __x64_sys_mount+0xbe/0x150 [ 937.446295] ? do_syscall_64+0x1b1/0x800 [ 937.446310] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 937.446331] ? find_held_lock+0x36/0x1c0 [ 937.478895] binder: 1725:1726 Acquire 1 refcount change on invalid ref 768 ret -22 [ 937.483587] ? __lock_is_held+0xb5/0x140 [ 937.483633] ? check_same_owner+0x320/0x320 [ 937.483656] ? rcu_note_context_switch+0x710/0x710 [ 937.483681] __should_failslab+0x124/0x180 [ 937.487329] binder: 1725:1726 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 937.492135] should_failslab+0x9/0x14 [ 937.492152] kmem_cache_alloc_trace+0x2cb/0x780 [ 937.492189] __memcg_init_list_lru_node+0x17d/0x2c0 [ 937.497372] binder: 1725:1726 unknown command 0 [ 937.501570] ? kvfree_rcu+0x20/0x20 [ 937.501589] ? __kmalloc_node+0x47/0x70 [ 937.501616] __list_lru_init+0x456/0x790 [ 937.505796] binder: 1725:1726 ioctl c0306201 20000540 returned -22 [ 937.509270] ? list_lru_destroy+0x4c0/0x4c0 [ 937.509290] ? mark_held_locks+0xc9/0x160 2033/05/18 03:43:56 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 937.509314] ? __raw_spin_lock_init+0x1c/0x100 [ 937.509336] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 937.509355] ? __lockdep_init_map+0x105/0x590 [ 937.509378] ? lockdep_init_map+0x9/0x10 [ 937.517770] binder: BINDER_SET_CONTEXT_MGR already set [ 937.517830] sget_userns+0x73a/0xf00 [ 937.524299] binder: 1711:1724 ioctl 40046207 0 returned -16 [ 937.525752] ? kill_litter_super+0x90/0x90 [ 937.525780] ? ns_test_super+0x50/0x50 [ 937.525803] ? destroy_unused_super.part.11+0x110/0x110 [ 937.525824] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 937.525852] ? kasan_check_write+0x14/0x20 [ 937.545886] binder: 1711:1728 got reply transaction with no transaction stack [ 937.546993] ? do_raw_spin_lock+0xc1/0x200 [ 937.547026] ? blkdev_get+0xc0/0xb30 [ 937.547050] ? cap_capable+0x1f9/0x260 [ 937.547078] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 937.551146] binder: 1711:1728 transaction failed 29201/-71, size 0-0 line 2763 [ 937.555427] ? security_capable+0x99/0xc0 [ 937.555454] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 937.555475] ? ns_capable_common+0x13f/0x170 [ 937.595744] binder: BINDER_SET_CONTEXT_MGR already set [ 937.597839] ? kill_litter_super+0x90/0x90 [ 937.597858] sget+0x10b/0x150 [ 937.597876] ? ns_test_super+0x50/0x50 [ 937.597903] mount_bdev+0x111/0x3e0 [ 937.597922] ? fuse_get_root_inode+0x190/0x190 [ 937.597947] fuse_mount_blk+0x34/0x40 [ 937.597973] mount_fs+0xae/0x328 [ 937.602696] binder: 1725:1726 ioctl 40046207 0 returned -16 [ 937.608340] vfs_kern_mount.part.34+0xd4/0x4d0 [ 937.608365] ? may_umount+0xb0/0xb0 [ 937.608387] ? _raw_read_unlock+0x22/0x30 2033/05/18 03:43:56 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000000000200"}, 0x6e) [ 937.608404] ? __get_fs_type+0x97/0xc0 [ 937.608434] do_mount+0x564/0x3070 [ 937.608454] ? do_raw_spin_unlock+0x9e/0x2e0 [ 937.608482] ? copy_mount_string+0x40/0x40 [ 937.608499] ? rcu_pm_notify+0xc0/0xc0 [ 937.608529] ? copy_mount_options+0x5f/0x380 [ 937.629835] binder: undelivered TRANSACTION_ERROR: 29201 [ 937.631029] ? rcu_read_lock_sched_held+0x108/0x120 [ 937.631052] ? kmem_cache_alloc_trace+0x616/0x780 [ 937.631080] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 937.631112] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 2033/05/18 03:43:56 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10d, 0x2, &(0x7f0000000000), 0x36) [ 937.631131] ? copy_mount_options+0x285/0x380 [ 937.631160] ksys_mount+0x12d/0x140 [ 937.631189] __x64_sys_mount+0xbe/0x150 [ 937.635780] binder: undelivered TRANSACTION_ERROR: 29201 [ 937.640503] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 937.640528] do_syscall_64+0x1b1/0x800 [ 937.640548] ? finish_task_switch+0x1ca/0x840 [ 937.640571] ? syscall_return_slowpath+0x5c0/0x5c0 [ 937.640594] ? syscall_return_slowpath+0x30f/0x5c0 [ 937.640624] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 937.640653] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 937.640682] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 937.659886] binder: 1725:1737 Acquire 1 refcount change on invalid ref 768 ret -22 [ 937.663527] RIP: 0033:0x455a09 [ 937.663538] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 937.663559] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 937.663571] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 937.663583] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 2033/05/18 03:43:56 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000fffffdef00"}, 0x6e) 2033/05/18 03:43:56 executing program 4 (fault-call:4 fault-nth:30): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) [ 937.663594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 937.663605] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 937.865647] binder: 1741:1745 got reply transaction with no transaction stack [ 937.866862] binder: 1725:1737 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 937.866878] binder: 1725:1737 unknown command 0 [ 937.871742] binder: 1741:1745 transaction failed 29201/-71, size 0-0 line 2763 [ 937.878183] binder: BINDER_SET_CONTEXT_MGR already set [ 938.012344] binder: 1741:1745 ioctl 40046207 0 returned -16 [ 938.028598] FAULT_INJECTION: forcing a failure. [ 938.028598] name failslab, interval 1, probability 0, space 0, times 0 [ 938.039943] CPU: 1 PID: 1760 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 938.040358] binder: 1725:1737 ioctl c0306201 20000540 returned -22 [ 938.047129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 938.047135] Call Trace: [ 938.047168] dump_stack+0x1b9/0x294 [ 938.047190] ? dump_stack_print_info.cold.2+0x52/0x52 [ 938.060242] binder: 1741:1751 got reply transaction with no transaction stack [ 938.062850] ? __save_stack_trace+0x7e/0xd0 [ 938.062876] should_fail.cold.4+0xa/0x1a [ 938.062896] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 938.065496] binder: 1741:1751 transaction failed 29201/-71, size 0-0 line 2763 [ 938.069091] ? save_stack+0x43/0xd0 [ 938.069106] ? kasan_kmalloc+0xc4/0xe0 [ 938.069128] ? kmem_cache_alloc_trace+0x152/0x780 [ 938.109796] binder: undelivered TRANSACTION_ERROR: 29201 [ 938.109837] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 938.115630] binder: undelivered TRANSACTION_ERROR: 29201 [ 938.120105] ? __list_lru_init+0x456/0x790 [ 938.120120] ? sget_userns+0x73a/0xf00 [ 938.120137] ? graph_lock+0x170/0x170 [ 938.120157] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 938.120172] ? do_mount+0x564/0x3070 [ 938.151101] ? ksys_mount+0x12d/0x140 [ 938.154891] ? __x64_sys_mount+0xbe/0x150 [ 938.159032] ? do_syscall_64+0x1b1/0x800 [ 938.163081] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 938.168435] ? find_held_lock+0x36/0x1c0 [ 938.172486] ? __lock_is_held+0xb5/0x140 [ 938.176543] ? check_same_owner+0x320/0x320 [ 938.180854] ? rcu_note_context_switch+0x710/0x710 [ 938.185772] __should_failslab+0x124/0x180 [ 938.190000] should_failslab+0x9/0x14 [ 938.193802] kmem_cache_alloc_trace+0x2cb/0x780 [ 938.198456] ? __kmalloc_node+0x33/0x70 [ 938.202418] ? __kmalloc_node+0x33/0x70 [ 938.206377] ? rcu_read_lock_sched_held+0x108/0x120 [ 938.211385] __memcg_init_list_lru_node+0x17d/0x2c0 [ 938.216391] ? kvfree_rcu+0x20/0x20 [ 938.220009] ? __kmalloc_node+0x47/0x70 [ 938.223979] __list_lru_init+0x456/0x790 [ 938.228032] ? list_lru_destroy+0x4c0/0x4c0 [ 938.232341] ? mark_held_locks+0xc9/0x160 [ 938.236475] ? __raw_spin_lock_init+0x1c/0x100 [ 938.241046] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 938.246048] ? __lockdep_init_map+0x105/0x590 [ 938.250531] ? lockdep_init_map+0x9/0x10 [ 938.254588] sget_userns+0x73a/0xf00 [ 938.258288] ? kill_litter_super+0x90/0x90 [ 938.262520] ? ns_test_super+0x50/0x50 [ 938.266394] ? destroy_unused_super.part.11+0x110/0x110 [ 938.271752] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 938.276322] ? kasan_check_write+0x14/0x20 [ 938.280541] ? do_raw_spin_lock+0xc1/0x200 [ 938.284778] ? blkdev_get+0xc0/0xb30 [ 938.288480] ? cap_capable+0x1f9/0x260 [ 938.292364] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 938.297886] ? security_capable+0x99/0xc0 [ 938.302029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 938.307551] ? ns_capable_common+0x13f/0x170 [ 938.311948] ? kill_litter_super+0x90/0x90 [ 938.316169] sget+0x10b/0x150 [ 938.319258] ? ns_test_super+0x50/0x50 [ 938.323133] mount_bdev+0x111/0x3e0 [ 938.326750] ? fuse_get_root_inode+0x190/0x190 [ 938.331323] fuse_mount_blk+0x34/0x40 [ 938.335110] mount_fs+0xae/0x328 [ 938.338469] vfs_kern_mount.part.34+0xd4/0x4d0 [ 938.343041] ? may_umount+0xb0/0xb0 [ 938.346659] ? _raw_read_unlock+0x22/0x30 [ 938.350792] ? __get_fs_type+0x97/0xc0 [ 938.354686] do_mount+0x564/0x3070 [ 938.358217] ? copy_mount_string+0x40/0x40 [ 938.362437] ? rcu_pm_notify+0xc0/0xc0 [ 938.366316] ? copy_mount_options+0x5f/0x380 [ 938.370710] ? rcu_read_lock_sched_held+0x108/0x120 [ 938.375716] ? kmem_cache_alloc_trace+0x616/0x780 [ 938.380547] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 938.386075] ? _copy_from_user+0xdf/0x150 [ 938.390212] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 938.395734] ? copy_mount_options+0x285/0x380 [ 938.400218] ksys_mount+0x12d/0x140 [ 938.403833] __x64_sys_mount+0xbe/0x150 [ 938.407792] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 938.412796] do_syscall_64+0x1b1/0x800 [ 938.416672] ? finish_task_switch+0x1ca/0x840 [ 938.421154] ? syscall_return_slowpath+0x5c0/0x5c0 [ 938.426071] ? syscall_return_slowpath+0x30f/0x5c0 [ 938.431013] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 938.436371] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 938.441205] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 938.446379] RIP: 0033:0x455a09 [ 938.449561] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 938.457258] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 938.464511] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 938.471765] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 938.479022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 938.486285] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:43:57 executing program 7: r0 = socket(0xfffffffffffffffe, 0x1, 0xffff) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") getsockopt$sock_buf(r0, 0x1, 0x3f, &(0x7f0000000040)=""/189, &(0x7f0000000100)=0xbd) r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$DRM_IOCTL_GET_STATS(r2, 0x80f86406, &(0x7f0000000280)=""/201) 2033/05/18 03:43:57 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000002000008000"}, 0x6e) 2033/05/18 03:43:57 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:57 executing program 0: r0 = socket(0x2, 0x3, 0x40000000000000ff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) sendto$inet(r0, &(0x7f00000002c0), 0x2e2, 0x0, &(0x7f0000000040)={0x2, 0x0, @loopback=0x7f000001}, 0x10) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f00000000c0)=0xc) r2 = geteuid() ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000140)=0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000340)=0x80000000, 0x4) sendmsg$nl_netfilter(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="100100000c0702002bbd7000ffdbdf250700000ae4009000c6b741da49006d0e1e81f1670553dc98f58b09a346a1bfa469fe9e2edee836874ef271e5fad6015a7e0287d4ff722a600d95f9511d1bec2a08f5c32ca8bfd96b9f65cee99b84f04f7a8834ff55347528e906399ecf577ac7487dda573f863c25926e2a1a241d7132ba1b0e22cc7b9ac43f58c935c9352db3080021000800000010c87988aa7a4b64ea23389f750bc8759e1fb1fb63506c9d7fe0e088b2bacd3ed54407c8625124788560d1a92a2324c804f135c6c53cca24fe5e50f4b67a99fdfa09b9060f59f81667153bee35c47c65ad8445c649860a8c025c99b48e55b65708009100", @ANYRES32=r1, @ANYBLOB="f5ff7800", @ANYRES32=r2, @ANYBLOB='\b\x008\x00', @ANYRES32=r3], 0x110}, 0x1, 0x0, 0x0, 0x4804}, 0x20000000) socket(0x15, 0x80000, 0x1) 2033/05/18 03:43:57 executing program 4 (fault-call:4 fault-nth:31): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:43:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x1200000000000000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:57 executing program 6: r0 = socket(0xa, 0x1, 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f0000594000)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) write(r1, &(0x7f0000000000)="1f0000000104fffffd3b54c007110000f30501000b000200000000000200cf", 0x1f) ioctl(r0, 0x7, &(0x7f0000000400)="c646910f990000c901b808cad13ca1486ef4bbd7c4ae80cfcae1ba1e3ac8233d13f517d830214901ac9510406b55eadf36298408788023d518e9") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r2, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r3 = msgget(0x1, 0x4) ioctl$sock_bt_bnep_BNEPCONNDEL(r0, 0x400442c9, &(0x7f00000003c0)={0x5, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x20}}) msgget(0x2, 0x0) msgrcv(r3, &(0x7f0000000440)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c22c918a69fe2fda9e8a9a3aca4071848475"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000340)=ANY=[@ANYRES32=r2, @ANYBLOB='\x00v\x00\x00'], &(0x7f0000000380)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r4, 0xfffffffffffffff9}, 0x8) 2033/05/18 03:43:57 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 938.795452] binder: 1785:1787 got reply transaction with no transaction stack [ 938.802847] binder: 1785:1787 transaction failed 29201/-71, size 0-0 line 2763 [ 938.807728] netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. [ 938.822371] FAULT_INJECTION: forcing a failure. [ 938.822371] name failslab, interval 1, probability 0, space 0, times 0 [ 938.833824] CPU: 0 PID: 1793 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 938.841041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 938.847962] binder: 1798 invalid dec weak, ref 3977 desc 0 s 1 w 0 [ 938.850512] Call Trace: [ 938.850542] dump_stack+0x1b9/0x294 [ 938.850572] ? dump_stack_print_info.cold.2+0x52/0x52 [ 938.850618] should_fail.cold.4+0xa/0x1a [ 938.856953] binder: 1798:1799 unknown command 0 [ 938.859520] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 938.859550] ? save_stack+0x43/0xd0 [ 938.863320] binder: 1798:1799 ioctl c0306201 20000540 returned -22 [ 938.868347] ? kmem_cache_alloc_trace+0x152/0x780 [ 938.868367] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 938.868384] ? __list_lru_init+0x456/0x790 [ 938.868406] ? sget_userns+0x73a/0xf00 [ 938.874318] binder: BINDER_SET_CONTEXT_MGR already set [ 938.877113] ? graph_lock+0x170/0x170 [ 938.877132] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 938.877148] ? do_mount+0x564/0x3070 [ 938.877163] ? ksys_mount+0x12d/0x140 [ 938.877176] ? __x64_sys_mount+0xbe/0x150 [ 938.877195] ? do_syscall_64+0x1b1/0x800 [ 938.882630] binder: 1798:1799 ioctl 40046207 0 returned -16 [ 938.885902] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 938.885929] ? find_held_lock+0x36/0x1c0 [ 938.885959] ? __lock_is_held+0xb5/0x140 [ 938.885999] ? check_same_owner+0x320/0x320 [ 938.893084] binder: 1798 invalid dec weak, ref 3978 desc 0 s 1 w 0 [ 938.897137] ? rcu_note_context_switch+0x710/0x710 [ 938.897166] __should_failslab+0x124/0x180 [ 938.897191] should_failslab+0x9/0x14 [ 938.897213] kmem_cache_alloc_trace+0x2cb/0x780 [ 938.902416] binder: 1798:1801 unknown command 0 [ 938.906623] ? __kmalloc_node+0x33/0x70 [ 938.906645] ? __kmalloc_node+0x33/0x70 [ 938.910758] binder: 1798:1801 ioctl c0306201 20000540 returned -22 [ 938.915798] ? rcu_read_lock_sched_held+0x108/0x120 [ 938.915827] __memcg_init_list_lru_node+0x17d/0x2c0 [ 938.915851] ? kvfree_rcu+0x20/0x20 [ 938.915878] ? __kmalloc_node+0x47/0x70 [ 938.926866] binder: BINDER_SET_CONTEXT_MGR already set [ 938.928133] __list_lru_init+0x456/0x790 [ 938.928161] ? list_lru_destroy+0x4c0/0x4c0 [ 938.928185] ? mark_held_locks+0xc9/0x160 2033/05/18 03:43:57 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, &(0x7f00000002c0)=',') r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x20000, 0x0) ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f00000000c0)) 2033/05/18 03:43:57 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000300"}, 0x6e) 2033/05/18 03:43:57 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) sigaltstack(&(0x7f0000ffd000/0x2000)=nil, &(0x7f00000000c0)) bind$nfc_llcp(r0, &(0x7f0000000100)={0x27, 0x0, 0x0, 0x0, 0x0, 0x6, "8811e78754a539d39c2bd6a40fa8c8aa024d86cdc834bc921c0525fec2541e21ccf67e1d7b55cabe9e068dd58ce565aa9a9d325ebac7627ffe7a54cdbd77b3", 0x2b}, 0x60) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "b76cc1e4610fc97fa2891d72f844b3dec851256099ddf72155373c1434d8c52b0cec26bd101439bc9e51139b794df75e816890d82446c2a6a85f227fcd8d05"}, 0x60) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) ioctl$EVIOCGSW(r1, 0x8040451b, &(0x7f0000001180)=""/4096) 2033/05/18 03:43:57 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000500"}, 0x6e) 2033/05/18 03:43:57 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000500"}, 0x6e) [ 938.943115] binder: 1785:1787 ioctl 40046207 0 returned -16 [ 938.945872] ? __raw_spin_lock_init+0x1c/0x100 [ 938.945896] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 938.945920] ? __lockdep_init_map+0x105/0x590 [ 938.989323] binder: 1785:1809 got reply transaction with no transaction stack [ 938.992933] ? lockdep_init_map+0x9/0x10 [ 938.992960] sget_userns+0x73a/0xf00 [ 938.992974] ? kill_litter_super+0x90/0x90 [ 938.992996] ? ns_test_super+0x50/0x50 [ 938.996980] binder: 1785:1809 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:43:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x48000000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:57 executing program 7: socketpair$inet_sctp(0x2, 0x1, 0x84, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_DEL(r1, 0x0, 0x484, &(0x7f0000000080)={0x27, @empty, 0x4e21, 0x2, 'ovf\x00', 0x8, 0x0, 0x80}, 0x2c) r2 = socket(0x2, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") socket$kcm(0xa, 0x2, 0x0) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/expire_nodest_conn\x00', 0x2, 0x0) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000000)=0x1000000010000000, &(0x7f0000000140)=0x1) setsockopt$sock_attach_bpf(r0, 0x10d, 0x2, &(0x7f00000000c0)=r3, 0x4) 2033/05/18 03:43:58 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000000000300"}, 0x6e) [ 939.000920] ? destroy_unused_super.part.11+0x110/0x110 [ 939.000938] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 939.000961] ? kasan_check_write+0x14/0x20 [ 939.107297] ? do_raw_spin_lock+0xc1/0x200 [ 939.111563] ? blkdev_get+0xc0/0xb30 [ 939.115305] ? cap_capable+0x1f9/0x260 [ 939.119226] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 939.124781] ? security_capable+0x99/0xc0 [ 939.128956] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 939.134515] ? ns_capable_common+0x13f/0x170 [ 939.138949] ? kill_litter_super+0x90/0x90 [ 939.143204] sget+0x10b/0x150 2033/05/18 03:43:58 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000040)={0x3, [0x0, 0x0, 0x0]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f00000000c0)={r2, 0x73, "22248a35bf409146a5436a82a4abecfc069ad7b4dfaaaa9db70bb481d28c32e12e3b40089f36206364048a54ae719bdd29d46439b9adf48242249a4c183e782c5f9ee02932e0f2fd84337e19eae2842258ab4fb235ef1568d36e905d9c97e7d16d4cd54fcf59802f8e6bc533999fc84083a26f"}, &(0x7f0000000140)=0x7b) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) [ 939.146337] ? ns_test_super+0x50/0x50 [ 939.150250] mount_bdev+0x111/0x3e0 [ 939.153901] ? fuse_get_root_inode+0x190/0x190 [ 939.158510] fuse_mount_blk+0x34/0x40 [ 939.162335] mount_fs+0xae/0x328 [ 939.165728] vfs_kern_mount.part.34+0xd4/0x4d0 [ 939.170332] ? may_umount+0xb0/0xb0 [ 939.173972] ? _raw_read_unlock+0x22/0x30 [ 939.178133] ? __get_fs_type+0x97/0xc0 [ 939.182129] do_mount+0x564/0x3070 [ 939.185691] ? do_raw_spin_unlock+0x9e/0x2e0 [ 939.190131] ? copy_mount_string+0x40/0x40 2033/05/18 03:43:58 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000300"}, 0x6e) [ 939.194383] ? rcu_pm_notify+0xc0/0xc0 [ 939.198298] ? copy_mount_options+0x5f/0x380 [ 939.202723] ? rcu_read_lock_sched_held+0x108/0x120 [ 939.207760] ? kmem_cache_alloc_trace+0x616/0x780 [ 939.212626] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 939.218198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 939.223752] ? copy_mount_options+0x285/0x380 [ 939.228273] ksys_mount+0x12d/0x140 [ 939.231926] __x64_sys_mount+0xbe/0x150 [ 939.235914] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 939.240950] do_syscall_64+0x1b1/0x800 [ 939.244851] ? finish_task_switch+0x1ca/0x840 [ 939.249368] ? syscall_return_slowpath+0x5c0/0x5c0 [ 939.254328] ? syscall_return_slowpath+0x30f/0x5c0 [ 939.259261] binder: 1829:1834 Acquire 1 refcount change on invalid ref 1207959552 ret -22 [ 939.259288] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 939.267674] binder: 1829:1834 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 939.272954] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 939.272985] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 939.280538] binder: 1829:1834 unknown command 0 [ 939.285343] RIP: 0033:0x455a09 [ 939.285354] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 939.299686] binder: 1829:1834 ioctl c0306201 20000540 returned -22 [ 939.306093] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 939.306105] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 939.306117] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 939.306128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 939.306139] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:43:58 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:58 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") finit_module(r0, &(0x7f0000000040)='(\x00', 0x3) r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) [ 939.378278] binder: undelivered TRANSACTION_ERROR: 29201 [ 939.384517] binder: undelivered TRANSACTION_ERROR: 29201 [ 939.424664] binder: 1845:1846 got reply transaction with no transaction stack [ 939.432068] binder: 1845:1846 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:43:58 executing program 4 (fault-call:4 fault-nth:32): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:43:58 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000500"}, 0x6e) [ 939.480774] binder: BINDER_SET_CONTEXT_MGR already set [ 939.491880] binder: 1845:1846 ioctl 40046207 0 returned -16 [ 939.502494] binder: BINDER_SET_CONTEXT_MGR already set [ 939.524658] binder: 1829:1834 ioctl 40046207 0 returned -16 [ 939.531150] binder: 1845:1859 got reply transaction with no transaction stack [ 939.535674] FAULT_INJECTION: forcing a failure. [ 939.535674] name failslab, interval 1, probability 0, space 0, times 0 [ 939.538510] binder: 1845:1859 transaction failed 29201/-71, size 0-0 line 2763 [ 939.549707] CPU: 1 PID: 1858 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 939.560581] binder: 1829:1860 Acquire 1 refcount change on invalid ref 1207959552 ret -22 [ 939.564309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 939.564317] Call Trace: [ 939.564343] dump_stack+0x1b9/0x294 [ 939.564368] ? dump_stack_print_info.cold.2+0x52/0x52 [ 939.564389] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 939.564410] should_fail.cold.4+0xa/0x1a [ 939.564426] ? is_bpf_text_address+0xd7/0x170 [ 939.564445] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 939.572786] binder: 1829:1860 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 939.582099] ? unwind_get_return_address+0x61/0xa0 [ 939.582117] ? __save_stack_trace+0x7e/0xd0 [ 939.582132] ? graph_lock+0x170/0x170 [ 939.582152] ? find_held_lock+0x36/0x1c0 [ 939.584739] binder: 1829:1860 unknown command 0 [ 939.588332] ? __lock_is_held+0xb5/0x140 [ 939.588361] ? check_same_owner+0x320/0x320 [ 939.588384] ? rcu_note_context_switch+0x710/0x710 [ 939.594110] binder: 1829:1860 ioctl c0306201 20000540 returned -22 [ 939.598727] __should_failslab+0x124/0x180 [ 939.598748] should_failslab+0x9/0x14 [ 939.598765] kmem_cache_alloc_trace+0x2cb/0x780 [ 939.598780] ? __kmalloc_node+0x33/0x70 [ 939.598794] ? __kmalloc_node+0x33/0x70 [ 939.598808] ? rcu_read_lock_sched_held+0x108/0x120 [ 939.598828] __memcg_init_list_lru_node+0x17d/0x2c0 [ 939.626471] binder: undelivered TRANSACTION_ERROR: 29201 [ 939.629170] ? kvfree_rcu+0x20/0x20 [ 939.629189] ? __kmalloc_node+0x47/0x70 [ 939.629211] __list_lru_init+0x456/0x790 [ 939.629230] ? list_lru_destroy+0x4c0/0x4c0 [ 939.629244] ? mark_held_locks+0xc9/0x160 [ 939.629266] ? __raw_spin_lock_init+0x1c/0x100 [ 939.636859] binder: undelivered TRANSACTION_ERROR: 29201 [ 939.637109] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 939.637131] ? lockdep_init_map+0x9/0x10 [ 939.637150] sget_userns+0x767/0xf00 [ 939.726192] netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'. [ 939.727480] ? kill_litter_super+0x90/0x90 [ 939.727501] ? ns_test_super+0x50/0x50 [ 939.727519] ? destroy_unused_super.part.11+0x110/0x110 [ 939.727533] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 939.727553] ? kasan_check_write+0x14/0x20 [ 939.770847] ? do_raw_spin_lock+0xc1/0x200 [ 939.775085] ? blkdev_get+0xc0/0xb30 [ 939.778786] ? cap_capable+0x1f9/0x260 [ 939.782666] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 939.788209] ? security_capable+0x99/0xc0 [ 939.792356] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 939.797875] ? ns_capable_common+0x13f/0x170 [ 939.802268] ? kill_litter_super+0x90/0x90 [ 939.806488] sget+0x10b/0x150 [ 939.809588] ? ns_test_super+0x50/0x50 [ 939.813463] mount_bdev+0x111/0x3e0 [ 939.817086] ? fuse_get_root_inode+0x190/0x190 [ 939.821659] fuse_mount_blk+0x34/0x40 [ 939.825448] mount_fs+0xae/0x328 [ 939.828801] vfs_kern_mount.part.34+0xd4/0x4d0 [ 939.833365] ? may_umount+0xb0/0xb0 [ 939.836979] ? _raw_read_unlock+0x22/0x30 [ 939.841117] ? __get_fs_type+0x97/0xc0 [ 939.844991] do_mount+0x564/0x3070 [ 939.848525] ? copy_mount_string+0x40/0x40 [ 939.852745] ? rcu_pm_notify+0xc0/0xc0 [ 939.856629] ? copy_mount_options+0x5f/0x380 [ 939.861052] ? rcu_read_lock_sched_held+0x108/0x120 [ 939.866062] ? kmem_cache_alloc_trace+0x616/0x780 [ 939.870891] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 939.876424] ? _copy_from_user+0xdf/0x150 [ 939.880562] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 939.886102] ? copy_mount_options+0x285/0x380 [ 939.890613] ksys_mount+0x12d/0x140 [ 939.894250] __x64_sys_mount+0xbe/0x150 [ 939.898244] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 939.903267] do_syscall_64+0x1b1/0x800 [ 939.907160] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 939.912020] ? syscall_return_slowpath+0x5c0/0x5c0 [ 939.916958] ? syscall_return_slowpath+0x30f/0x5c0 [ 939.921890] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 939.927242] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 939.932083] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 939.937254] RIP: 0033:0x455a09 [ 939.940424] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 939.948114] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 939.955366] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 939.962628] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 939.969881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 2033/05/18 03:43:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0xd63}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:58 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:43:58 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x6}, 0x1c) sendmmsg(r0, &(0x7f0000000100)=[{{&(0x7f0000000080)=@un=@file={0x0, './file0\x00'}, 0x80, &(0x7f0000001600), 0x0, &(0x7f0000000180)}}, {{0x0, 0x0, &(0x7f0000002bc0), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x10}}], 0x2, 0x0) 2033/05/18 03:43:58 executing program 4 (fault-call:4 fault-nth:33): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:43:58 executing program 7: r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f00000001c0)={0x303, 0x33}, 0x4) r1 = socket(0x2, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000100)=@assoc_value={0x0, 0xe33}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000180)=@sack_info={r2, 0x1f, 0x5}, 0xc) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000040)={0x0, 0x5, 0x30, 0x5, 0x1}, &(0x7f0000000080)=0x18) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f00000000c0)={0x5, 0x200, 0x800a, 0x8, 0xb3a7, 0x6, 0x4, 0x8, r3}, 0x20) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0x2000, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r4, 0x40045402, &(0x7f0000000280)=0x1) r5 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r5, 0x10d, 0x2, &(0x7f0000000000)=r5, 0x36) 2033/05/18 03:43:58 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:58 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000000000000500"}, 0x6e) 2033/05/18 03:43:58 executing program 6: socketpair$inet6_dccp(0xa, 0x6, 0x0, &(0x7f0000000580)={0xffffffffffffffff}) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000700)='/dev/dsp\x00', 0x12880, 0x0) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000740)={0x0, 0x6c00000}, &(0x7f0000000780)=0x8) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f00000007c0)={r2, 0x8}, &(0x7f0000000800)=0x8) getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f00000005c0), &(0x7f0000000640)=0x68) r3 = socket(0xa, 0x1, 0x0) ioctl(r3, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000240)={r4, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f00000001c0)=0x98) r6 = msgget(0x1, 0x4) msgget(0x2, 0x0) msgrcv(r6, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000300)={r5, 0x8}, 0x8) setsockopt$inet6_tcp_TLS_RX(r3, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r3, 0x84, 0xc, &(0x7f0000000680), &(0x7f00000006c0)=0x4) getsockopt$inet_sctp_SCTP_STATUS(r3, 0x84, 0xe, &(0x7f0000000100)={0x0, 0x6d, 0x28, 0x40, 0x6, 0x8f, 0x100, 0x6, {0x0, @in6={{0xa, 0x4e24, 0x7, @empty, 0x8}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f0000000540)=0xb0) sendmsg$nl_route_sched(r3, &(0x7f0000000ac0)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000880)=@deltaction={0x1c8, 0x31, 0xc00, 0x70bd2b, 0x25dfdbfd, {0x0, 0x5, 0x4}, [@TCA_ACT_TAB={0x68, 0x1, [{0x10, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0x10, 0x20, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0x10, 0x15, @TCA_ACT_INDEX={0x8, 0x3, 0xffffffff}}, {0x14, 0x11, @TCA_ACT_KIND={0xc, 0x1, 'csum\x00'}}, {0x10, 0x10, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0x10, 0x13, @TCA_ACT_INDEX={0x8, 0x3, 0x5655}}]}, @TCA_ACT_TAB={0x6c, 0x1, [{0x14, 0xa, @TCA_ACT_KIND={0xc, 0x1, 'vlan\x00'}}, {0x10, 0x12, @TCA_ACT_INDEX={0x8, 0x3, 0x7ff}}, {0x14, 0x1f, @TCA_ACT_KIND={0xc, 0x1, 'pedit\x00'}}, {0x10, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xe3}}, {0x10, 0xe, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0x10, 0x1a, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}]}, @TCA_ACT_TAB={0x88, 0x1, [{0x10, 0x19, @TCA_ACT_INDEX={0x8, 0x3, 0x8ca}}, {0x10, 0x5, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0x14, 0x16, @TCA_ACT_KIND={0xc, 0x1, 'gact\x00'}}, {0x14, 0x16, @TCA_ACT_KIND={0xc, 0x1, 'pedit\x00'}}, {0x18, 0x9, @TCA_ACT_KIND={0x10, 0x1, 'connmark\x00'}}, {0x14, 0xd, @TCA_ACT_KIND={0xc, 0x1, 'police\x00'}}, {0x10, 0xc, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}]}, @TCA_ACT_TAB={0x58, 0x1, [{0x14, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'pedit\x00'}}, {0x10, 0x7, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0x10, 0xe, @TCA_ACT_INDEX={0x8, 0x3, 0x858f}}, {0x10, 0xa, @TCA_ACT_INDEX={0x8, 0x3, 0x7ff}}, {0x10, 0xe, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}]}]}, 0x1c8}, 0x1, 0x0, 0x0, 0x8010}, 0x10) getsockopt$inet_sctp_SCTP_STATUS(r3, 0x84, 0xe, &(0x7f0000000440)={r4, 0x1400000000000, 0x400, 0x4, 0x1, 0x6, 0x881, 0x9, {r5, @in={{0x2, 0x4e24, @local={0xac, 0x14, 0x14, 0xaa}}}, 0x1, 0x7f, 0x4, 0x1, 0xfffffffffffff801}}, &(0x7f0000000500)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000200)={r7, 0xfffffffffffffff9}, 0x8) [ 939.977139] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:43:58 executing program 0: r0 = userfaultfd(0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x4031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x3}) r1 = dup(r0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f0000004000)=0x1000, 0x4) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000003ff0)={&(0x7f0000013000/0x3000)=nil, 0x20014000}) [ 940.038355] binder: 1875:1876 got reply transaction with no transaction stack [ 940.045779] binder: 1875:1876 transaction failed 29201/-71, size 0-0 line 2763 [ 940.109112] FAULT_INJECTION: forcing a failure. [ 940.109112] name failslab, interval 1, probability 0, space 0, times 0 [ 940.120513] CPU: 1 PID: 1890 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 940.127714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 940.129382] binder: BINDER_SET_CONTEXT_MGR already set [ 940.137067] Call Trace: [ 940.137097] dump_stack+0x1b9/0x294 [ 940.137121] ? dump_stack_print_info.cold.2+0x52/0x52 [ 940.137148] ? __save_stack_trace+0x7e/0xd0 [ 940.145809] binder: 1883:1885 Acquire 1 refcount change on invalid ref 3427 ret -22 [ 940.148678] should_fail.cold.4+0xa/0x1a [ 940.148701] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 940.148726] ? save_stack+0x43/0xd0 [ 940.153935] binder: 1883:1885 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 940.158211] ? kasan_kmalloc+0xc4/0xe0 [ 940.158230] ? kmem_cache_alloc_trace+0x152/0x780 [ 940.158247] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 940.158264] ? __list_lru_init+0x456/0x790 [ 940.166070] binder: 1883:1885 unknown command 0 [ 940.170086] ? sget_userns+0x767/0xf00 [ 940.170104] ? graph_lock+0x170/0x170 [ 940.170123] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 940.221444] ? do_mount+0x564/0x3070 [ 940.225141] ? ksys_mount+0x12d/0x140 [ 940.228927] ? __x64_sys_mount+0xbe/0x150 [ 940.233061] ? do_syscall_64+0x1b1/0x800 [ 940.237109] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 940.242463] ? find_held_lock+0x36/0x1c0 [ 940.246515] ? __lock_is_held+0xb5/0x140 [ 940.250576] ? check_same_owner+0x320/0x320 [ 940.254887] ? rcu_note_context_switch+0x710/0x710 [ 940.259803] __should_failslab+0x124/0x180 [ 940.264035] should_failslab+0x9/0x14 [ 940.267824] kmem_cache_alloc_trace+0x2cb/0x780 [ 940.272476] ? __kmalloc_node+0x33/0x70 [ 940.276438] ? __kmalloc_node+0x33/0x70 [ 940.280403] __memcg_init_list_lru_node+0x17d/0x2c0 [ 940.285408] ? kvfree_rcu+0x20/0x20 [ 940.289026] ? __kmalloc_node+0x47/0x70 [ 940.292997] __list_lru_init+0x456/0x790 [ 940.297051] ? list_lru_destroy+0x4c0/0x4c0 [ 940.301361] ? mark_held_locks+0xc9/0x160 [ 940.305583] ? __raw_spin_lock_init+0x1c/0x100 [ 940.310162] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 940.315165] ? lockdep_init_map+0x9/0x10 [ 940.319213] sget_userns+0x767/0xf00 [ 940.322913] ? kill_litter_super+0x90/0x90 [ 940.327139] ? ns_test_super+0x50/0x50 [ 940.331019] ? destroy_unused_super.part.11+0x110/0x110 [ 940.336373] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 940.340941] ? kasan_check_write+0x14/0x20 [ 940.345161] ? do_raw_spin_lock+0xc1/0x200 [ 940.349404] ? blkdev_get+0xc0/0xb30 [ 940.353107] ? cap_capable+0x1f9/0x260 [ 940.356989] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 940.362515] ? security_capable+0x99/0xc0 [ 940.366651] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 940.372173] ? ns_capable_common+0x13f/0x170 [ 940.376567] ? kill_litter_super+0x90/0x90 [ 940.380789] sget+0x10b/0x150 [ 940.383878] ? ns_test_super+0x50/0x50 [ 940.387754] mount_bdev+0x111/0x3e0 [ 940.391369] ? fuse_get_root_inode+0x190/0x190 [ 940.395938] fuse_mount_blk+0x34/0x40 [ 940.399728] mount_fs+0xae/0x328 [ 940.403086] vfs_kern_mount.part.34+0xd4/0x4d0 [ 940.407654] ? may_umount+0xb0/0xb0 [ 940.411268] ? _raw_read_unlock+0x22/0x30 [ 940.415400] ? __get_fs_type+0x97/0xc0 [ 940.419292] do_mount+0x564/0x3070 [ 940.422822] ? copy_mount_string+0x40/0x40 [ 940.427044] ? rcu_pm_notify+0xc0/0xc0 [ 940.430928] ? copy_mount_options+0x5f/0x380 [ 940.435323] ? rcu_read_lock_sched_held+0x108/0x120 [ 940.440323] ? kmem_cache_alloc_trace+0x616/0x780 [ 940.445156] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 940.450680] ? _copy_from_user+0xdf/0x150 [ 940.454916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 940.461221] ? copy_mount_options+0x285/0x380 [ 940.465705] ksys_mount+0x12d/0x140 [ 940.469323] __x64_sys_mount+0xbe/0x150 [ 940.473282] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 940.478285] do_syscall_64+0x1b1/0x800 [ 940.482169] ? syscall_return_slowpath+0x5c0/0x5c0 [ 940.487086] ? syscall_return_slowpath+0x30f/0x5c0 [ 940.492019] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 940.497377] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 940.502226] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 940.507398] RIP: 0033:0x455a09 [ 940.510570] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 940.518264] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 940.525517] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 940.532772] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 940.540031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 940.547287] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 940.566788] binder: 1875:1876 ioctl 40046207 0 returned -16 [ 940.575127] binder: 1883:1885 ioctl c0306201 20000540 returned -22 [ 940.581698] binder: 1875:1892 got reply transaction with no transaction stack [ 940.589195] binder: 1875:1892 transaction failed 29201/-71, size 0-0 line 2763 [ 940.601396] binder: BINDER_SET_CONTEXT_MGR already set [ 940.607184] binder: 1883:1885 ioctl 40046207 0 returned -16 [ 940.628005] binder: undelivered TRANSACTION_ERROR: 29201 [ 940.633868] binder: undelivered TRANSACTION_ERROR: 29201 [ 940.644123] binder: 1883:1898 Acquire 1 refcount change on invalid ref 3427 ret -22 [ 940.652174] binder: 1883:1898 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 940.659765] binder: 1883:1898 unknown command 0 [ 940.664745] binder: 1883:1898 ioctl c0306201 20000540 returned -22 2033/05/18 03:43:59 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000200"}, 0x6e) 2033/05/18 03:43:59 executing program 7: r0 = open(&(0x7f0000000200)='./file0\x00', 0x90004, 0x40) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4301}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r1, 0x100, 0x70bd2b, 0x25dfdbfe, {0xb}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8001}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x20000010) r2 = socket(0x2, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000080)="c626262c8523bf012cf66f") r3 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r3, 0x10d, 0x2, &(0x7f0000000000)=r3, 0x36) 2033/05/18 03:43:59 executing program 0: r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x800) msgget$private(0x0, 0x22) ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0) 2033/05/18 03:43:59 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:43:59 executing program 4 (fault-call:4 fault-nth:34): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:43:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:43:59 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) msgget(0x2, 0x0) msgrcv(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003867533f0000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r3, 0xfffffffffffffff9}, 0x8) 2033/05/18 03:43:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x12000000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 940.880403] binder: 1907:1909 got reply transaction with no transaction stack [ 940.887769] binder: 1907:1909 transaction failed 29201/-71, size 0-0 line 2763 [ 940.920971] FAULT_INJECTION: forcing a failure. [ 940.920971] name failslab, interval 1, probability 0, space 0, times 0 [ 940.932377] CPU: 0 PID: 1914 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 940.934162] binder: BINDER_SET_CONTEXT_MGR already set [ 940.939599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 940.939610] Call Trace: [ 940.939641] dump_stack+0x1b9/0x294 [ 940.939667] ? dump_stack_print_info.cold.2+0x52/0x52 [ 940.945749] binder: 1921:1922 Acquire 1 refcount change on invalid ref 301989888 ret -22 [ 940.954473] should_fail.cold.4+0xa/0x1a [ 940.954494] ? is_bpf_text_address+0xd7/0x170 [ 940.954516] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 940.957226] binder: 1921:1922 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 940.960820] ? __save_stack_trace+0x7e/0xd0 [ 940.960844] ? graph_lock+0x170/0x170 [ 940.960878] ? find_held_lock+0x36/0x1c0 [ 940.966074] binder: 1921:1922 unknown command 0 [ 940.974274] ? __lock_is_held+0xb5/0x140 [ 940.974316] ? check_same_owner+0x320/0x320 [ 940.974337] ? rcu_note_context_switch+0x710/0x710 [ 940.974363] __should_failslab+0x124/0x180 [ 940.985104] binder: 1907:1909 ioctl 40046207 0 returned -16 [ 940.987996] should_failslab+0x9/0x14 [ 940.988017] kmem_cache_alloc_trace+0x2cb/0x780 [ 940.988034] ? __kmalloc_node+0x33/0x70 [ 940.988053] ? __kmalloc_node+0x33/0x70 [ 941.016690] binder: 1907:1923 got reply transaction with no transaction stack [ 941.020758] ? rcu_read_lock_sched_held+0x108/0x120 [ 941.020794] __memcg_init_list_lru_node+0x17d/0x2c0 [ 941.026276] binder: 1907:1923 transaction failed 29201/-71, size 0-0 line 2763 [ 941.029938] ? kvfree_rcu+0x20/0x20 [ 941.029964] ? __kmalloc_node+0x47/0x70 [ 941.038057] binder: 1921:1922 ioctl c0306201 20000540 returned -22 [ 941.039460] __list_lru_init+0x456/0x790 [ 941.039488] ? list_lru_destroy+0x4c0/0x4c0 [ 941.039509] ? mark_held_locks+0xc9/0x160 [ 941.087428] binder: undelivered TRANSACTION_ERROR: 29201 [ 941.090617] ? __raw_spin_lock_init+0x1c/0x100 [ 941.090641] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 941.090670] ? lockdep_init_map+0x9/0x10 [ 941.090693] sget_userns+0x767/0xf00 [ 941.100258] binder: undelivered TRANSACTION_ERROR: 29201 [ 941.103197] ? kill_litter_super+0x90/0x90 [ 941.103225] ? ns_test_super+0x50/0x50 [ 941.103247] ? destroy_unused_super.part.11+0x110/0x110 [ 941.103267] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 941.149453] ? kasan_check_write+0x14/0x20 [ 941.153683] ? do_raw_spin_lock+0xc1/0x200 [ 941.157923] ? blkdev_get+0xc0/0xb30 [ 941.161637] ? cap_capable+0x1f9/0x260 [ 941.165528] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 941.171057] ? security_capable+0x99/0xc0 [ 941.175204] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 941.180733] ? ns_capable_common+0x13f/0x170 [ 941.185139] ? kill_litter_super+0x90/0x90 [ 941.189413] sget+0x10b/0x150 [ 941.192519] ? ns_test_super+0x50/0x50 [ 941.196409] mount_bdev+0x111/0x3e0 [ 941.200034] ? fuse_get_root_inode+0x190/0x190 [ 941.204611] fuse_mount_blk+0x34/0x40 [ 941.208419] mount_fs+0xae/0x328 [ 941.211800] vfs_kern_mount.part.34+0xd4/0x4d0 [ 941.216378] ? may_umount+0xb0/0xb0 [ 941.220015] ? _raw_read_unlock+0x22/0x30 [ 941.224161] ? __get_fs_type+0x97/0xc0 [ 941.228049] do_mount+0x564/0x3070 [ 941.231582] ? do_raw_spin_unlock+0x9e/0x2e0 [ 941.235989] ? copy_mount_string+0x40/0x40 [ 941.240219] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 941.245229] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 941.249984] ? retint_kernel+0x10/0x10 [ 941.253876] ? copy_mount_options+0x1f0/0x380 [ 941.258364] ? copy_mount_options+0x1f6/0x380 [ 941.262858] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 941.268394] ? copy_mount_options+0x285/0x380 [ 941.272886] ksys_mount+0x12d/0x140 [ 941.276518] __x64_sys_mount+0xbe/0x150 [ 941.280480] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 941.285490] do_syscall_64+0x1b1/0x800 [ 941.289367] ? finish_task_switch+0x1ca/0x840 [ 941.293862] ? syscall_return_slowpath+0x5c0/0x5c0 [ 941.298786] ? syscall_return_slowpath+0x30f/0x5c0 [ 941.303719] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 941.309079] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 941.313923] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 941.319102] RIP: 0033:0x455a09 2033/05/18 03:44:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:00 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@mcast2, @in6=@ipv4={[], [], @multicast2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in=@loopback}}, &(0x7f00000003c0)=0xe8) fcntl$notify(r0, 0x402, 0x0) sendto(r0, &(0x7f0000000080)="2cd725958dc3a38d49632fe88a1c3a6a8db777c87c3dc3023dd23bb648b23c", 0x1f, 0x84, &(0x7f0000000400)=@can={0x1d, r1}, 0x80) getsockopt(r0, 0x0, 0xcd, &(0x7f00000002c0)=""/203, &(0x7f0000000040)=0xcb) getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f00000000c0), &(0x7f0000000140)=0x68) r2 = getpid() r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/mixer\x00', 0x20100, 0x0) ptrace$setregs(0xd, r2, 0x5, &(0x7f0000000480)="e5e712fcb8316847efd2a7a337151aec63eda5664a7c875508e9538b1fe0b2f5a1a1b457230cb0317c1344d99204a13175cfb5a25ef4cf260533187378d5e450b3eeeeb84edd673a4a697c66ad2a5912e2a82f219269c846effa318c66589eb722c03c1f990adebb2cf30b3838736a") write$fuse(r3, &(0x7f0000000980)=ANY=[@ANYBLOB="28020000010000080a214be513f56db5732e7ef0f2c469a33e15c4c6ae5258b30c00000002000000872beabdf5901749029ea2abd0af6d5e0254553158e932c66be4882d2f21809605ed821f97cc7453171bcf5ef2000000000700000000000000000000b3c343ee5e00bfc9ad265bb041cca10c3ae28be55520186f9975a5766e16a2052c92e49dbbb230fd294ee7ed26629a3fa87e79025591fd64d7ffbe0ca15d355d0f38a406217b02e3992c9d1a04bbb5e58b821c5a6415965ace708ff3fd774957c690e3d8c72ecee42d928c8790da71482a9235623793de1a94c8f4db4389eb69d3c56f6fa237916ec5df8dc983e7ab47d658fbe4d3a4db4eb110b5ec2fe07cbf860f57a6ba914fa8607d335def69156b98cc0ed539750eeef3d792b90399ef2c9b997d2e0c22e2603d48452e21d78130119aa5f8b3dea98d0f2b03a9409823d2dd3779c2f7796930a0e388e0f6976c8168e2917a145b4f0c419e5e61a5be2e1aa3c48af89dfb392eea6148bcd8995960eba93c5c327d764b4ee354817e64783629fbf14f1b6634f3536b5edd85d155657da0d15b97695be7df3e17a83050187302116fd4841ad5248606c792080c10c52e1087f081580a41a249328aab241e72fdd9572c5fd47401fb708f3ff64a22f094ca59cb90bafa67abfc3c9d0c8de4e9eeb913a58f6a06ca8df25b1ebb821daa1fcc18bbeee89de63607ee2b16b12917b876de6c8efa4faf517e0abb8fc92a569e04df6c848e91885a552122ee9d462b0445b60224e724f88a0f5ca365ee6aaaf74b676a86e2cd50d5a2f2eba23c57705f806c16eaf34b1d4fd8c698e10f25b2a95e455d28f1c22e4cf4ec0422f49761816dd8"], 0x28) syz_open_procfs(r2, &(0x7f0000000000)='numa_maps\x00') 2033/05/18 03:44:00 executing program 7: r0 = socket(0x2, 0x1, 0x0) getsockname(r0, &(0x7f0000000180), &(0x7f0000000140)=0xffffff66) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x7, 0x624001) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000280)={0x6, &(0x7f0000000200)=[{}, {}, {}, {}, {}, {0x0}]}) ioctl$DRM_IOCTL_GET_SAREA_CTX(r1, 0xc010641d, &(0x7f0000000300)={r2, &(0x7f00000002c0)=""/56}) setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000100)={0x8, 0xfffffffffffffff7, 0x6, 0x1}, 0x10) r3 = socket$kcm(0xa, 0x6, 0x0) r4 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x2cd, 0x2002) ioctl$DRM_IOCTL_INFO_BUFS(r4, 0xc0106418, &(0x7f0000000080)={0x5, 0x3ff, 0x600000000000000, 0x1, 0xa, 0x2}) setsockopt$sock_attach_bpf(r3, 0x10d, 0x2, &(0x7f0000000000)=r3, 0x36) 2033/05/18 03:44:00 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000fd00"}, 0x6e) 2033/05/18 03:44:00 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 941.322279] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 941.329979] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 941.337241] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 941.344499] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 941.351757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 941.359020] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:44:00 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000100"}, 0x6e) 2033/05/18 03:44:00 executing program 7: r0 = socket(0x2, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000040)={{0x2, 0x4e24, @loopback=0x7f000001}, {0x6, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x19}}, 0x10, {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x1e}}, 'veth1_to_bond\x00'}) [ 941.406777] binder: 1929:1935 got reply transaction with no transaction stack [ 941.414191] binder: 1929:1935 transaction failed 29201/-71, size 0-0 line 2763 [ 941.428313] binder: BINDER_SET_CONTEXT_MGR already set 2033/05/18 03:44:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) r3 = socket(0xa, 0x1, 0x0) ioctl(r3, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r4 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x10000, 0x4000) ioctl$VHOST_SET_VRING_NUM(r4, 0x4008af10, &(0x7f0000000080)={0x1, 0x3f}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 941.476469] binder: BINDER_SET_CONTEXT_MGR already set [ 941.492676] binder: 1929:1935 ioctl 40046207 0 returned -16 2033/05/18 03:44:00 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000300"}, 0x6e) 2033/05/18 03:44:00 executing program 4 (fault-call:4 fault-nth:35): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) [ 941.521772] binder: 1929:1944 got reply transaction with no transaction stack [ 941.529183] binder: 1929:1944 transaction failed 29201/-71, size 0-0 line 2763 [ 941.529420] binder: 1921:1922 ioctl 40046207 0 returned -16 [ 941.559814] binder: 1921:1960 Acquire 1 refcount change on invalid ref 301989888 ret -22 [ 941.568275] binder: 1921:1960 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 941.575873] binder: 1921:1960 unknown command 0 2033/05/18 03:44:00 executing program 0: r0 = open(&(0x7f00000001c0)='./file0\x00', 0x20000, 0x0) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000200)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}) timer_create(0xfffffffffffffffd, &(0x7f000014b000)={0x0, 0x1f, 0x0, @thr={&(0x7f0000000040), &(0x7f0000000140)}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f00007a3fe0)={{0x77359400}}, &(0x7f0000000000)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000140)=0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000300)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}, &(0x7f0000000240)=0xe8) connect$can_bcm(r0, &(0x7f0000000280)={0x1d, r2}, 0x10) ptrace$setregs(0xf, r1, 0x9, &(0x7f0000000180)="8a361300d74961230996e89d200c818855e238f4aa605f8f73792c5692ca5f331d79bb35ad7da913d998f5aa0fe4b095b75fba2ea9be8a18") set_mempolicy(0x0, &(0x7f0000000000), 0x80) getresgid(&(0x7f0000000040), &(0x7f00000000c0), &(0x7f0000000100)) [ 941.613486] FAULT_INJECTION: forcing a failure. [ 941.613486] name failslab, interval 1, probability 0, space 0, times 0 [ 941.614757] binder: 1921:1960 ioctl c0306201 20000540 returned -22 [ 941.624900] CPU: 1 PID: 1968 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 941.638767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 941.648132] Call Trace: [ 941.650739] dump_stack+0x1b9/0x294 [ 941.654369] ? dump_stack_print_info.cold.2+0x52/0x52 [ 941.659558] ? __save_stack_trace+0x7e/0xd0 [ 941.663881] should_fail.cold.4+0xa/0x1a [ 941.667940] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 941.673094] ? save_stack+0x43/0xd0 [ 941.676712] ? kasan_kmalloc+0xc4/0xe0 [ 941.680596] ? kmem_cache_alloc_trace+0x152/0x780 [ 941.685423] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 941.690596] ? __list_lru_init+0x456/0x790 [ 941.694816] ? sget_userns+0x767/0xf00 [ 941.698689] ? graph_lock+0x170/0x170 [ 941.702476] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 941.707216] ? do_mount+0x564/0x3070 [ 941.710923] ? ksys_mount+0x12d/0x140 [ 941.714707] ? __x64_sys_mount+0xbe/0x150 [ 941.718840] ? do_syscall_64+0x1b1/0x800 [ 941.722898] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 941.728263] ? find_held_lock+0x36/0x1c0 [ 941.732323] ? __lock_is_held+0xb5/0x140 [ 941.736380] ? check_same_owner+0x320/0x320 [ 941.740690] ? rcu_note_context_switch+0x710/0x710 [ 941.745618] __should_failslab+0x124/0x180 [ 941.749841] should_failslab+0x9/0x14 [ 941.753629] kmem_cache_alloc_trace+0x2cb/0x780 [ 941.758292] ? __kmalloc_node+0x33/0x70 [ 941.762252] ? __kmalloc_node+0x33/0x70 [ 941.766214] ? rcu_read_lock_sched_held+0x108/0x120 [ 941.771219] __memcg_init_list_lru_node+0x17d/0x2c0 [ 941.776221] ? kvfree_rcu+0x20/0x20 [ 941.779834] ? __kmalloc_node+0x47/0x70 [ 941.783801] __list_lru_init+0x456/0x790 [ 941.787852] ? list_lru_destroy+0x4c0/0x4c0 [ 941.792169] ? mark_held_locks+0xc9/0x160 [ 941.796308] ? __raw_spin_lock_init+0x1c/0x100 [ 941.800876] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 941.805883] ? lockdep_init_map+0x9/0x10 [ 941.810227] sget_userns+0x767/0xf00 [ 941.813926] ? kill_litter_super+0x90/0x90 [ 941.818151] ? ns_test_super+0x50/0x50 [ 941.822035] ? destroy_unused_super.part.11+0x110/0x110 [ 941.827388] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 941.831959] ? kasan_check_write+0x14/0x20 [ 941.836188] ? do_raw_spin_lock+0xc1/0x200 [ 941.840414] ? blkdev_get+0xc0/0xb30 [ 941.844117] ? cap_capable+0x1f9/0x260 [ 941.847996] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 941.853520] ? security_capable+0x99/0xc0 [ 941.857658] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 941.863184] ? ns_capable_common+0x13f/0x170 [ 941.867604] ? kill_litter_super+0x90/0x90 [ 941.871833] sget+0x10b/0x150 [ 941.875479] ? ns_test_super+0x50/0x50 [ 941.879356] mount_bdev+0x111/0x3e0 [ 941.882968] ? fuse_get_root_inode+0x190/0x190 [ 941.887539] fuse_mount_blk+0x34/0x40 [ 941.891329] mount_fs+0xae/0x328 [ 941.894685] vfs_kern_mount.part.34+0xd4/0x4d0 [ 941.899254] ? may_umount+0xb0/0xb0 [ 941.902878] ? _raw_read_unlock+0x22/0x30 [ 941.907019] ? __get_fs_type+0x97/0xc0 [ 941.910907] do_mount+0x564/0x3070 [ 941.914433] ? interrupt_entry+0xb1/0xf0 [ 941.918494] ? copy_mount_string+0x40/0x40 [ 941.922715] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 941.927459] ? retint_kernel+0x10/0x10 [ 941.931337] ? copy_mount_options+0x1e3/0x380 [ 941.935829] ? write_comp_data+0x11/0x70 [ 941.939886] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 941.945408] ? copy_mount_options+0x285/0x380 [ 941.949893] ksys_mount+0x12d/0x140 [ 941.953508] __x64_sys_mount+0xbe/0x150 [ 941.957470] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 941.962476] do_syscall_64+0x1b1/0x800 [ 941.966348] ? finish_task_switch+0x1ca/0x840 [ 941.970836] ? syscall_return_slowpath+0x5c0/0x5c0 [ 941.975752] ? syscall_return_slowpath+0x30f/0x5c0 [ 941.980669] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 941.986027] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 941.990859] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 941.996035] RIP: 0033:0x455a09 [ 941.999207] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 942.006903] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 2033/05/18 03:44:00 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000effdffff00"}, 0x6e) 2033/05/18 03:44:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 942.014157] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 942.021411] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 942.028663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 942.035918] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 942.053646] binder: undelivered TRANSACTION_ERROR: 29201 2033/05/18 03:44:00 executing program 0: recvmsg(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f00000000c0)=@pppol2tpv3={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @multicast2}}}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000040)=""/35, 0x23}, {&(0x7f00000001c0)=""/172, 0xac}, {&(0x7f0000000280)=""/129, 0x81}, {&(0x7f0000000340)=""/250, 0xfa}, {&(0x7f0000000440)=""/12, 0xc}], 0x5, &(0x7f0000000500)=""/204, 0xcc, 0x3}, 0x40000142) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000640), &(0x7f0000000680)=0x4) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r1, &(0x7f0000000080)={&(0x7f0000de2ff4)={0x10}, 0xc, &(0x7f0000aa4ff0)={&(0x7f0000000000)={0x14, 0xfffffff0, 0x7, 0x400800000001}, 0x14}, 0x1}, 0x0) [ 942.084993] binder: undelivered TRANSACTION_ERROR: 29201 [ 942.121370] binder: 1980:1981 got reply transaction with no transaction stack [ 942.128770] binder: 1980:1981 transaction failed 29201/-71, size 0-0 line 2763 [ 942.173234] binder: BINDER_SET_CONTEXT_MGR already set [ 942.194884] binder: 1980:1981 ioctl 40046207 0 returned -16 [ 942.210929] binder: 1980:1988 got reply transaction with no transaction stack [ 942.218337] binder: 1980:1988 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:01 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10d, 0x2, &(0x7f0000000000), 0x36) 2033/05/18 03:44:01 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) msgget(0x2, 0x0) msgrcv(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) msgctl$IPC_RMID(r2, 0x0) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r3, 0xfffffffffffffff9}, 0x8) 2033/05/18 03:44:01 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 2033/05/18 03:44:01 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000000000000300"}, 0x6e) 2033/05/18 03:44:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x6800}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:01 executing program 4 (fault-call:4 fault-nth:36): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:01 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x7d, &(0x7f0000000000), &(0x7f00000002c0)=0x4) uselib(&(0x7f0000000040)='./file0\x00') [ 942.250922] binder: undelivered TRANSACTION_ERROR: 29201 [ 942.262425] binder: undelivered TRANSACTION_ERROR: 29201 [ 942.316496] binder: 2008:2013 got reply transaction with no transaction stack [ 942.323898] binder: 2008:2013 transaction failed 29201/-71, size 0-0 line 2763 [ 942.347070] FAULT_INJECTION: forcing a failure. [ 942.347070] name failslab, interval 1, probability 0, space 0, times 0 [ 942.358414] CPU: 1 PID: 2014 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 942.365612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 942.374968] Call Trace: [ 942.377553] dump_stack+0x1b9/0x294 [ 942.381183] ? dump_stack_print_info.cold.2+0x52/0x52 [ 942.386370] should_fail.cold.4+0xa/0x1a [ 942.390422] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 942.395513] ? save_stack+0x43/0xd0 [ 942.399130] ? kasan_kmalloc+0xc4/0xe0 [ 942.403012] ? kmem_cache_alloc_trace+0x152/0x780 [ 942.407845] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 942.413023] ? __list_lru_init+0x456/0x790 [ 942.417242] ? sget_userns+0x767/0xf00 [ 942.421117] ? graph_lock+0x170/0x170 [ 942.424902] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 942.429660] ? do_mount+0x564/0x3070 [ 942.433357] ? ksys_mount+0x12d/0x140 [ 942.437147] ? __x64_sys_mount+0xbe/0x150 [ 942.441288] ? do_syscall_64+0x1b1/0x800 [ 942.445358] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 942.450713] ? find_held_lock+0x36/0x1c0 [ 942.454765] ? __lock_is_held+0xb5/0x140 [ 942.458826] ? check_same_owner+0x320/0x320 [ 942.463136] ? rcu_note_context_switch+0x710/0x710 [ 942.468057] __should_failslab+0x124/0x180 [ 942.472284] should_failslab+0x9/0x14 [ 942.476074] kmem_cache_alloc_trace+0x2cb/0x780 [ 942.480727] ? __kmalloc_node+0x33/0x70 [ 942.484685] ? __kmalloc_node+0x33/0x70 [ 942.488648] ? rcu_read_lock_sched_held+0x108/0x120 [ 942.493653] __memcg_init_list_lru_node+0x17d/0x2c0 [ 942.498660] ? kvfree_rcu+0x20/0x20 [ 942.502282] ? __kmalloc_node+0x47/0x70 [ 942.506247] __list_lru_init+0x456/0x790 [ 942.510298] ? list_lru_destroy+0x4c0/0x4c0 [ 942.514604] ? mark_held_locks+0xc9/0x160 [ 942.518740] ? __raw_spin_lock_init+0x1c/0x100 [ 942.523317] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 942.528322] ? lockdep_init_map+0x9/0x10 [ 942.532372] sget_userns+0x767/0xf00 [ 942.536079] ? kill_litter_super+0x90/0x90 [ 942.540300] ? ns_test_super+0x50/0x50 [ 942.544177] ? destroy_unused_super.part.11+0x110/0x110 [ 942.549525] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 942.554096] ? kasan_check_write+0x14/0x20 [ 942.558314] ? do_raw_spin_lock+0xc1/0x200 [ 942.562539] ? blkdev_get+0xc0/0xb30 [ 942.566250] ? cap_capable+0x1f9/0x260 [ 942.570131] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 942.575652] ? security_capable+0x99/0xc0 [ 942.579803] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 942.585325] ? ns_capable_common+0x13f/0x170 [ 942.589728] ? kill_litter_super+0x90/0x90 [ 942.593948] sget+0x10b/0x150 [ 942.597039] ? ns_test_super+0x50/0x50 [ 942.600913] mount_bdev+0x111/0x3e0 [ 942.604524] ? fuse_get_root_inode+0x190/0x190 [ 942.609096] fuse_mount_blk+0x34/0x40 [ 942.612885] mount_fs+0xae/0x328 [ 942.616251] vfs_kern_mount.part.34+0xd4/0x4d0 [ 942.620818] ? may_umount+0xb0/0xb0 [ 942.624430] ? _raw_read_unlock+0x22/0x30 [ 942.628562] ? __get_fs_type+0x97/0xc0 [ 942.632439] do_mount+0x564/0x3070 [ 942.635970] ? copy_mount_string+0x40/0x40 [ 942.640194] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 942.644938] ? retint_kernel+0x10/0x10 [ 942.648854] ? copy_mount_options+0x213/0x380 [ 942.653336] ? __sanitizer_cov_trace_pc+0x14/0x50 [ 942.658177] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 942.663701] ? copy_mount_options+0x285/0x380 [ 942.668200] ksys_mount+0x12d/0x140 [ 942.671814] __x64_sys_mount+0xbe/0x150 [ 942.675788] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 942.680806] do_syscall_64+0x1b1/0x800 [ 942.684679] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 942.689508] ? syscall_return_slowpath+0x5c0/0x5c0 [ 942.694423] ? syscall_return_slowpath+0x30f/0x5c0 [ 942.699343] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 942.704698] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 942.709529] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 942.714703] RIP: 0033:0x455a09 [ 942.717879] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 942.725573] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 942.732836] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 942.740092] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 942.747520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 942.754787] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:44:01 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000ffff00"}, 0x6e) 2033/05/18 03:44:01 executing program 0: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)=0x7) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={0x0, 0xfffffffffffffff8}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000100)={r1, 0x4}, &(0x7f0000000140)=0x8) 2033/05/18 03:44:01 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x2, 0x0) write$binfmt_elf64(r1, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x64, 0x38fa, 0x400, 0x2, 0xe6, 0x3, 0x3, 0x9, 0x30b, 0x40, 0xb3, 0xff, 0x2, 0x38, 0x2, 0x8, 0x80, 0x7}, [{0x5, 0xdc8, 0xbb, 0x8, 0x19c, 0x2, 0x7fffffff, 0x10001}], "ff112d72911f4d13e82e5030c56f295d1211f8a39661beded4f6a6feb2ca40607eca82700aab6548be2138d38750daf03ce8ce44f0f22b3e0d025068921a98ba3abb59b0078005c3080b6a9392e7dbd7b52d4278d97f872115f437f8d62a452db70506315e1e198191c9b2899d2b545e4cd33b6124fb18ff0feaa627a6fd1c17191212486c161ae37edc8d7adfc8e4aa654ff62f25c2b66868e9f0ae88e7e2249ccccd35c3293e658fae2d24747103bbe409f27e8a3f503ae416ea1435e2489c12dff68ba35a2446578b732f0631420950bb420f449a4458f78bf05c2039fb284a2b4bcb206888e3db3c4bfc8048c1", [[], [], []]}, 0x467) getsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000140), &(0x7f0000000180)=0x4) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x9, 0x3, 0x458, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x388, 0xffffffff, 0xffffffff, 0x388, 0xffffffff, 0x3, &(0x7f0000000080), {[{{@ipv6={@ipv4={[], [0xff, 0xff], @loopback=0x7f000001}, @dev={0xfe, 0x80, [], 0x21}, [0xff0000ff, 0xff, 0x0, 0xffffffff], [0xffffffff, 0xffffff00, 0xff0000ff, 0xff], 'bridge_slave_0\x00', 'ifb0\x00', {0xff}, {}, 0xff, 0x3ff, 0x5, 0x8}, 0x0, 0x230, 0x298, 0x0, {}, [@common=@frag={0x30, 'frag\x00', 0x0, {0x6, 0x8, 0xbc5, 0x4, 0x2}}, @common=@rt={0x138, 'rt\x00', 0x0, {0x1ff, 0x8, 0x7f, 0x3, 0x10, 0x4, [@remote={0xfe, 0x80, [], 0xbb}, @dev={0xfe, 0x80, [], 0x16}, @dev={0xfe, 0x80, [], 0x1d}, @loopback={0x0, 0x1}, @remote={0xfe, 0x80, [], 0xbb}, @mcast1={0xff, 0x1, [], 0x1}, @mcast1={0xff, 0x1, [], 0x1}, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, @loopback={0x0, 0x1}, @ipv4={[], [0xff, 0xff], @rand_addr=0xeb}, @ipv4={[], [0xff, 0xff]}, @local={0xfe, 0x80, [], 0xaa}, @remote={0xfe, 0x80, [], 0xbb}, @local={0xfe, 0x80, [], 0xaa}], 0x6}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x80, 0xb00, 0x6, 'pptp\x00', 'syz1\x00', 0x9}}}, {{@ipv6={@mcast2={0xff, 0x2, [], 0x1}, @mcast1={0xff, 0x1, [], 0x1}, [0xffffffff, 0x0, 0xff, 0xff000000], [0x0, 0x0, 0xff], 'veth1\x00', 'rose0\x00', {}, {0xff}, 0x88, 0x0, 0x5, 0x2}, 0x0, 0xc8, 0xf0}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x3, 0x1f}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x4b8) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x14) r2 = dup(r1) getsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f00000000c0)={@loopback, @rand_addr}, &(0x7f0000000100)=0xc) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r2, 0x4) [ 942.766768] binder: BINDER_SET_CONTEXT_MGR already set [ 942.774868] binder: 2008:2013 ioctl 40046207 0 returned -16 2033/05/18 03:44:01 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'rfc3686(ctr-aes-aesni)\x00'}, 0x66) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="d179f2060000000000000008a230e7a657f9cc6e", 0x14) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000000c0), 0x4924ad8, 0x0) recvmsg(r1, &(0x7f0000001440)={&(0x7f0000000280)=@sco, 0x80, &(0x7f0000000000)=[{&(0x7f00000003c0)=""/4096, 0x1000}], 0x1, &(0x7f0000001400)=""/6, 0x6}, 0x0) [ 942.818554] binder: 2020:2022 Acquire 1 refcount change on invalid ref 26624 ret -22 [ 942.826624] binder: 2020:2022 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 942.834240] binder: 2020:2022 unknown command 0 [ 942.848652] binder: 2008:2021 got reply transaction with no transaction stack [ 942.856089] binder: 2008:2021 transaction failed 29201/-71, size 0-0 line 2763 [ 942.880466] binder: 2020:2022 ioctl c0306201 20000540 returned -22 [ 942.910848] binder: undelivered TRANSACTION_ERROR: 29201 [ 942.917476] binder: undelivered TRANSACTION_ERROR: 29201 [ 942.942691] binder: BINDER_SET_CONTEXT_MGR already set [ 942.954749] binder: 2020:2022 ioctl 40046207 0 returned -16 [ 942.962289] binder: 2020:2049 Acquire 1 refcount change on invalid ref 26624 ret -22 [ 942.970322] binder: 2020:2049 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 942.977905] binder: 2020:2049 unknown command 0 [ 942.985959] binder: 2020:2049 ioctl c0306201 20000540 returned -22 2033/05/18 03:44:02 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000300"}, 0x6e) 2033/05/18 03:44:02 executing program 7: r0 = socket(0x2, 0x1, 0x1000) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) 2033/05/18 03:44:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7400, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:02 executing program 4 (fault-call:4 fault-nth:37): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:02 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r0, 0xae80, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) 2033/05/18 03:44:02 executing program 0: r0 = creat(&(0x7f0000000700)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6100) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r0, r1, &(0x7f0000d83ff8), 0x8000fffffffe) 2033/05/18 03:44:02 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) msgget(0x2, 0x0) msgrcv(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000005729585a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000fffffffffffff078000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r3, 0xfffffffffffffff9}, 0x8) 2033/05/18 03:44:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x6000000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 943.134874] binder: 2062:2064 got reply transaction with no transaction stack [ 943.142290] binder: 2062:2064 transaction failed 29201/-71, size 0-0 line 2763 [ 943.164620] FAULT_INJECTION: forcing a failure. [ 943.164620] name failslab, interval 1, probability 0, space 0, times 0 [ 943.175970] CPU: 1 PID: 2067 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 943.183160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 943.192502] Call Trace: [ 943.195082] dump_stack+0x1b9/0x294 [ 943.198700] ? dump_stack_print_info.cold.2+0x52/0x52 [ 943.203878] ? __save_stack_trace+0x7e/0xd0 [ 943.208192] should_fail.cold.4+0xa/0x1a [ 943.212245] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 943.217335] ? save_stack+0x43/0xd0 [ 943.220968] ? kasan_kmalloc+0xc4/0xe0 [ 943.224843] ? kmem_cache_alloc_trace+0x152/0x780 [ 943.229678] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 943.234854] ? __list_lru_init+0x456/0x790 [ 943.239242] ? sget_userns+0x767/0xf00 [ 943.243196] ? graph_lock+0x170/0x170 [ 943.246995] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 943.251740] ? do_mount+0x564/0x3070 [ 943.255437] ? ksys_mount+0x12d/0x140 [ 943.259222] ? __x64_sys_mount+0xbe/0x150 [ 943.263357] ? do_syscall_64+0x1b1/0x800 [ 943.267404] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 943.272757] ? find_held_lock+0x36/0x1c0 [ 943.276808] ? __lock_is_held+0xb5/0x140 [ 943.280865] ? check_same_owner+0x320/0x320 [ 943.285179] ? rcu_note_context_switch+0x710/0x710 [ 943.290257] __should_failslab+0x124/0x180 [ 943.294485] should_failslab+0x9/0x14 [ 943.298277] kmem_cache_alloc_trace+0x2cb/0x780 [ 943.302933] ? __kmalloc_node+0x33/0x70 [ 943.306896] ? __kmalloc_node+0x33/0x70 [ 943.310859] ? rcu_read_lock_sched_held+0x108/0x120 [ 943.315869] __memcg_init_list_lru_node+0x17d/0x2c0 [ 943.320873] ? kvfree_rcu+0x20/0x20 [ 943.324489] ? __kmalloc_node+0x47/0x70 [ 943.328457] __list_lru_init+0x456/0x790 [ 943.332506] ? list_lru_destroy+0x4c0/0x4c0 [ 943.336814] ? mark_held_locks+0xc9/0x160 [ 943.340954] ? __raw_spin_lock_init+0x1c/0x100 [ 943.345523] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 943.350529] ? lockdep_init_map+0x9/0x10 [ 943.354588] sget_userns+0x767/0xf00 [ 943.358287] ? kill_litter_super+0x90/0x90 [ 943.362510] ? ns_test_super+0x50/0x50 [ 943.366395] ? destroy_unused_super.part.11+0x110/0x110 [ 943.371747] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 943.376317] ? kasan_check_write+0x14/0x20 [ 943.380546] ? do_raw_spin_lock+0xc1/0x200 [ 943.384773] ? blkdev_get+0xc0/0xb30 [ 943.388475] ? cap_capable+0x1f9/0x260 [ 943.392356] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 943.397887] ? security_capable+0x99/0xc0 [ 943.402033] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 943.407557] ? ns_capable_common+0x13f/0x170 [ 943.411952] ? kill_litter_super+0x90/0x90 [ 943.416171] sget+0x10b/0x150 [ 943.419262] ? ns_test_super+0x50/0x50 [ 943.423137] mount_bdev+0x111/0x3e0 [ 943.426754] ? fuse_get_root_inode+0x190/0x190 [ 943.431332] fuse_mount_blk+0x34/0x40 [ 943.435120] mount_fs+0xae/0x328 [ 943.438476] vfs_kern_mount.part.34+0xd4/0x4d0 [ 943.443047] ? may_umount+0xb0/0xb0 [ 943.446662] ? _raw_read_unlock+0x22/0x30 [ 943.450796] ? __get_fs_type+0x97/0xc0 [ 943.454673] do_mount+0x564/0x3070 [ 943.458211] ? copy_mount_string+0x40/0x40 [ 943.462449] ? rcu_pm_notify+0xc0/0xc0 [ 943.466339] ? copy_mount_options+0x5f/0x380 [ 943.470734] ? rcu_read_lock_sched_held+0x108/0x120 [ 943.475739] ? kmem_cache_alloc_trace+0x616/0x780 [ 943.480578] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 943.486107] ? _copy_from_user+0xdf/0x150 [ 943.490246] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 943.496050] ? copy_mount_options+0x285/0x380 [ 943.500534] ksys_mount+0x12d/0x140 [ 943.504151] __x64_sys_mount+0xbe/0x150 [ 943.508111] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 943.513114] do_syscall_64+0x1b1/0x800 [ 943.516988] ? finish_task_switch+0x1ca/0x840 [ 943.521474] ? syscall_return_slowpath+0x5c0/0x5c0 [ 943.526393] ? syscall_return_slowpath+0x30f/0x5c0 [ 943.531311] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 943.536665] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 943.541496] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 943.546668] RIP: 0033:0x455a09 [ 943.549845] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 943.557543] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 943.564797] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 943.572050] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 943.579306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 2033/05/18 03:44:02 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000fffffdef00"}, 0x6e) [ 943.586558] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 943.623914] binder: BINDER_SET_CONTEXT_MGR already set 2033/05/18 03:44:02 executing program 7: r0 = socket(0x6, 0x3, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) 2033/05/18 03:44:02 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000540)={0x0, 0x6, 0x101, 0xffffffff, 0x20000000004, 0x2}, &(0x7f0000000580)=0x14) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={r1, 0x3ff}, &(0x7f00000000c0)=0x6) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r2, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r3 = msgget(0x1, 0x4) msgget(0x2, 0x0) msgrcv(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r4, 0xfffffffffffffff9}, 0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000004c0)={r2, 0xc8, 0x80000001, 0x100000001, 0xfffffffeffffffff, 0x81}, &(0x7f0000000500)=0x14) [ 943.624591] binder: 2073:2075 Acquire 1 refcount change on invalid ref 100663296 ret -22 [ 943.633864] binder: 2062:2064 ioctl 40046207 0 returned -16 [ 943.637860] binder: 2073:2075 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 943.637872] binder: 2073:2075 unknown command 0 2033/05/18 03:44:02 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000300"}, 0x6e) 2033/05/18 03:44:02 executing program 7: r0 = socket(0x2, 0x1, 0x4000000000000) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) setsockopt$inet_opts(r0, 0x0, 0xd, &(0x7f0000000040)="508e8d12f956bd5275f88e0aff2384ed6c2687678c526be18e1d064c2c5e42f07cde050a811c3db0798f7d6496f1f4e1c9821af8a4bcc1e7a96003ded1d86a18b14204e77978ea3bfbfcb22daa614813bfe3b4b1fd9d0434dc4ae19572126229ad02afa143a63fb266d29b220779be7e365b2e2d3dd3df7df558a65c43b49151e4f7cf4c10f3d2e522a190cb330c883e3619bd256b4a8ca45a2ab8213709f8a8d82a68dec60aaeb53e76d6cc655b449590d2efc3a49592b9925da98fc1ed90fad384d0", 0xc3) 2033/05/18 03:44:02 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/4\x00') getsockname$netrom(r0, &(0x7f0000000240), &(0x7f0000000280)=0x10) r1 = socket(0x400800000000011, 0x2, 0x0) r2 = syz_open_dev$tun(&(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) bind$netrom(r1, &(0x7f00000002c0)=@ax25={0x3, {"0a840deda85b42"}, 0x7f}, 0x10) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={"69666230000800ffffffffffff00", 0x201012}) ioctl$TUNSETLINK(r2, 0x400454cd, 0x308) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'ifb0\x00\x00\x00\x00\x00\x00\x00!\x00', 0xa201}) getpid() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000100)) fcntl$getownex(r1, 0x10, &(0x7f0000000140)) r3 = getpgrp(0xffffffffffffffff) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000180), &(0x7f00000001c0)=0x4) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000300)={{0x2, 0x4e21, @multicast1=0xe0000001}, {0x6, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x24, {0x2, 0x4e21, @multicast1=0xe0000001}, 'lo\x00'}) fcntl$setown(r1, 0x8, r3) r4 = getpgid(r3) syz_open_procfs$namespace(r4, &(0x7f0000000080)='ns/user\x00') [ 943.716508] binder: 2062:2076 got reply transaction with no transaction stack [ 943.723958] binder: 2062:2076 transaction failed 29201/-71, size 0-0 line 2763 [ 943.736148] binder: 2073:2075 ioctl c0306201 20000540 returned -22 2033/05/18 03:44:02 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) msgget(0x2, 0x0) msgrcv(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r3, 0xfffffffffffffff9}, 0x8) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000440), 0x4) 2033/05/18 03:44:02 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000fd00"}, 0x6e) 2033/05/18 03:44:02 executing program 4 (fault-call:4 fault-nth:38): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 943.840539] binder: undelivered TRANSACTION_ERROR: 29201 [ 943.851124] binder: undelivered TRANSACTION_ERROR: 29201 [ 943.907969] binder: BINDER_SET_CONTEXT_MGR already set [ 943.927463] binder: 2118:2119 got reply transaction with no transaction stack [ 943.935055] binder: 2118:2119 transaction failed 29201/-71, size 0-0 line 2763 [ 943.944446] binder: BINDER_SET_CONTEXT_MGR already set [ 943.950385] binder: 2118:2119 ioctl 40046207 0 returned -16 [ 943.975178] binder: 2118:2121 got reply transaction with no transaction stack [ 943.982588] binder: 2118:2121 transaction failed 29201/-71, size 0-0 line 2763 [ 943.992650] binder: 2073:2075 ioctl 40046207 0 returned -16 [ 943.999864] binder: 2073:2128 Acquire 1 refcount change on invalid ref 100663296 ret -22 [ 944.008232] binder: 2073:2128 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 944.015848] binder: 2073:2128 unknown command 0 [ 944.036296] FAULT_INJECTION: forcing a failure. [ 944.036296] name failslab, interval 1, probability 0, space 0, times 0 [ 944.042080] binder: undelivered TRANSACTION_ERROR: 29201 [ 944.047650] CPU: 1 PID: 2126 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 944.060354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 944.069716] Call Trace: [ 944.072319] dump_stack+0x1b9/0x294 [ 944.072754] binder: undelivered TRANSACTION_ERROR: 29201 [ 944.075964] ? dump_stack_print_info.cold.2+0x52/0x52 [ 944.075984] ? __save_stack_trace+0x7e/0xd0 [ 944.076009] should_fail.cold.4+0xa/0x1a [ 944.076031] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 944.092053] binder: 2073:2128 ioctl c0306201 20000540 returned -22 [ 944.095012] ? save_stack+0x43/0xd0 [ 944.095031] ? kasan_kmalloc+0xc4/0xe0 [ 944.095051] ? kmem_cache_alloc_trace+0x152/0x780 [ 944.095067] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 944.095083] ? __list_lru_init+0x456/0x790 [ 944.128218] ? sget_userns+0x767/0xf00 [ 944.132114] ? graph_lock+0x170/0x170 [ 944.135927] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 944.140692] ? do_mount+0x564/0x3070 [ 944.144409] ? ksys_mount+0x12d/0x140 [ 944.148217] ? __x64_sys_mount+0xbe/0x150 [ 944.152365] ? do_syscall_64+0x1b1/0x800 [ 944.156414] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 944.161763] ? find_held_lock+0x36/0x1c0 [ 944.165822] ? __lock_is_held+0xb5/0x140 [ 944.169877] ? check_same_owner+0x320/0x320 [ 944.174184] ? rcu_note_context_switch+0x710/0x710 [ 944.179107] __should_failslab+0x124/0x180 [ 944.183328] should_failslab+0x9/0x14 [ 944.187113] kmem_cache_alloc_trace+0x2cb/0x780 [ 944.191774] ? __kmalloc_node+0x33/0x70 [ 944.195745] ? __kmalloc_node+0x33/0x70 [ 944.199722] ? rcu_read_lock_sched_held+0x108/0x120 [ 944.204728] __memcg_init_list_lru_node+0x17d/0x2c0 [ 944.209728] ? kvfree_rcu+0x20/0x20 [ 944.213347] ? __kmalloc_node+0x47/0x70 [ 944.217321] __list_lru_init+0x456/0x790 [ 944.221454] ? list_lru_destroy+0x4c0/0x4c0 [ 944.225770] ? mark_held_locks+0xc9/0x160 [ 944.229915] ? __raw_spin_lock_init+0x1c/0x100 [ 944.234594] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 944.239600] ? lockdep_init_map+0x9/0x10 [ 944.243653] sget_userns+0x767/0xf00 [ 944.247366] ? kill_litter_super+0x90/0x90 [ 944.251592] ? ns_test_super+0x50/0x50 [ 944.255464] ? destroy_unused_super.part.11+0x110/0x110 [ 944.260823] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 944.265390] ? kasan_check_write+0x14/0x20 [ 944.269606] ? do_raw_spin_lock+0xc1/0x200 [ 944.273845] ? blkdev_get+0xc0/0xb30 [ 944.277567] ? cap_capable+0x1f9/0x260 [ 944.281452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 944.286971] ? security_capable+0x99/0xc0 [ 944.291109] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 944.296631] ? ns_capable_common+0x13f/0x170 [ 944.301041] ? kill_litter_super+0x90/0x90 [ 944.305263] sget+0x10b/0x150 [ 944.308358] ? ns_test_super+0x50/0x50 [ 944.312230] mount_bdev+0x111/0x3e0 [ 944.315843] ? fuse_get_root_inode+0x190/0x190 [ 944.320411] fuse_mount_blk+0x34/0x40 [ 944.324199] mount_fs+0xae/0x328 [ 944.327553] vfs_kern_mount.part.34+0xd4/0x4d0 [ 944.332128] ? may_umount+0xb0/0xb0 [ 944.335748] ? _raw_read_unlock+0x22/0x30 [ 944.339889] ? __get_fs_type+0x97/0xc0 [ 944.343775] do_mount+0x564/0x3070 [ 944.347303] ? copy_mount_string+0x40/0x40 [ 944.351552] ? rcu_pm_notify+0xc0/0xc0 [ 944.355428] ? copy_mount_options+0x5f/0x380 [ 944.359821] ? rcu_read_lock_sched_held+0x108/0x120 [ 944.364852] ? kmem_cache_alloc_trace+0x616/0x780 [ 944.369689] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 944.375218] ? _copy_from_user+0xdf/0x150 [ 944.379357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 944.384876] ? copy_mount_options+0x285/0x380 [ 944.389371] ksys_mount+0x12d/0x140 [ 944.392994] __x64_sys_mount+0xbe/0x150 [ 944.396966] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 944.401967] do_syscall_64+0x1b1/0x800 [ 944.405849] ? finish_task_switch+0x1ca/0x840 [ 944.410346] ? syscall_return_slowpath+0x5c0/0x5c0 [ 944.415261] ? syscall_return_slowpath+0x30f/0x5c0 [ 944.420189] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 944.425551] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 944.430381] entry_SYSCALL_64_after_hwframe+0x49/0xbe 2033/05/18 03:44:03 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r0, 0xae80, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) 2033/05/18 03:44:03 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r3 = msgget(0x1, 0x4) msgget(0x2, 0x0) setsockopt$ipx_IPX_TYPE(r0, 0x100, 0x1, &(0x7f0000000200)=0x401, 0x4) msgrcv(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000440)={r2, 0xfffffffffffffffb}, 0x8) 2033/05/18 03:44:03 executing program 7: socketpair$inet6_udp(0xa, 0x2, 0x0, &(0x7f0000000080)) r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) socket$kcm(0x29, 0x5, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000040)) 2033/05/18 03:44:03 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000000000000100"}, 0x6e) 2033/05/18 03:44:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:03 executing program 4 (fault-call:4 fault-nth:39): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:03 executing program 0: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") setsockopt$inet6_tcp_int(r0, 0x6, 0x1f, &(0x7f0000000000)=0x3, 0x4) r1 = getpid() r2 = syz_open_procfs(r1, &(0x7f0000000200)="47cef19a7575fdb7f7c911000000000000003700") ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000040)) listen(r2, 0x5) syz_open_procfs(0x0, &(0x7f0000000140)="6e65742fae6f75746500") 2033/05/18 03:44:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x60000000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 944.436507] RIP: 0033:0x455a09 [ 944.439676] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 944.447368] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 944.454620] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 944.461876] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 944.469127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 944.476390] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 944.526090] binder: 2139:2142 got reply transaction with no transaction stack [ 944.533460] binder: 2139:2142 transaction failed 29201/-71, size 0-0 line 2763 [ 944.584224] FAULT_INJECTION: forcing a failure. [ 944.584224] name failslab, interval 1, probability 0, space 0, times 0 [ 944.586288] binder: BINDER_SET_CONTEXT_MGR already set [ 944.595657] CPU: 1 PID: 2153 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 944.608083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 944.617424] Call Trace: [ 944.620002] dump_stack+0x1b9/0x294 [ 944.623632] ? dump_stack_print_info.cold.2+0x52/0x52 [ 944.628811] ? __save_stack_trace+0x7e/0xd0 [ 944.633130] should_fail.cold.4+0xa/0x1a [ 944.637181] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 944.642271] ? save_stack+0x43/0xd0 [ 944.645888] ? kasan_kmalloc+0xc4/0xe0 [ 944.649765] ? kmem_cache_alloc_trace+0x152/0x780 [ 944.654596] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 944.659774] ? __list_lru_init+0x456/0x790 [ 944.664014] ? sget_userns+0x767/0xf00 [ 944.667910] ? graph_lock+0x170/0x170 [ 944.671706] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 944.676456] ? do_mount+0x564/0x3070 [ 944.680151] ? ksys_mount+0x12d/0x140 [ 944.683949] ? __x64_sys_mount+0xbe/0x150 [ 944.688094] ? do_syscall_64+0x1b1/0x800 [ 944.692144] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 944.697499] ? find_held_lock+0x36/0x1c0 [ 944.701548] ? __lock_is_held+0xb5/0x140 [ 944.705594] ? __irqentry_text_end+0x18c618/0x1f98a8 [ 944.710696] ? check_same_owner+0x320/0x320 [ 944.715024] ? rcu_note_context_switch+0x710/0x710 [ 944.719945] __should_failslab+0x124/0x180 [ 944.724168] should_failslab+0x9/0x14 [ 944.727965] kmem_cache_alloc_trace+0x2cb/0x780 [ 944.732640] ? __kmalloc_node+0x33/0x70 [ 944.736607] ? __kmalloc_node+0x33/0x70 [ 944.740587] ? rcu_read_lock_sched_held+0x108/0x120 [ 944.745604] __memcg_init_list_lru_node+0x17d/0x2c0 [ 944.750614] ? kvfree_rcu+0x20/0x20 [ 944.754237] ? __kmalloc_node+0x47/0x70 [ 944.758203] __list_lru_init+0x456/0x790 [ 944.762250] ? list_lru_destroy+0x4c0/0x4c0 [ 944.766569] ? mark_held_locks+0xc9/0x160 [ 944.770704] ? __raw_spin_lock_init+0x1c/0x100 [ 944.775284] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 944.780292] ? lockdep_init_map+0x9/0x10 [ 944.784339] sget_userns+0x767/0xf00 [ 944.788040] ? kill_litter_super+0x90/0x90 [ 944.792272] ? ns_test_super+0x50/0x50 [ 944.796149] ? destroy_unused_super.part.11+0x110/0x110 [ 944.801497] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 944.806066] ? kasan_check_write+0x14/0x20 [ 944.810291] ? do_raw_spin_lock+0xc1/0x200 [ 944.814515] ? blkdev_get+0xc0/0xb30 [ 944.818216] ? cap_capable+0x1f9/0x260 [ 944.822099] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 944.827621] ? security_capable+0x99/0xc0 [ 944.831756] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 944.837277] ? ns_capable_common+0x13f/0x170 [ 944.841673] ? kill_litter_super+0x90/0x90 [ 944.845902] sget+0x10b/0x150 [ 944.848992] ? ns_test_super+0x50/0x50 [ 944.852875] mount_bdev+0x111/0x3e0 [ 944.856486] ? fuse_get_root_inode+0x190/0x190 [ 944.861067] fuse_mount_blk+0x34/0x40 [ 944.864864] mount_fs+0xae/0x328 [ 944.868220] vfs_kern_mount.part.34+0xd4/0x4d0 [ 944.872799] ? may_umount+0xb0/0xb0 [ 944.876417] ? _raw_read_unlock+0x22/0x30 [ 944.880550] ? __get_fs_type+0x97/0xc0 [ 944.884426] do_mount+0x564/0x3070 [ 944.887973] ? copy_mount_string+0x40/0x40 [ 944.892203] ? rcu_pm_notify+0xc0/0xc0 [ 944.896081] ? copy_mount_options+0x5f/0x380 [ 944.900475] ? rcu_read_lock_sched_held+0x108/0x120 [ 944.905477] ? kmem_cache_alloc_trace+0x616/0x780 [ 944.910306] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 944.915832] ? _copy_from_user+0xdf/0x150 [ 944.919977] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 944.925501] ? copy_mount_options+0x285/0x380 [ 944.929986] ksys_mount+0x12d/0x140 [ 944.933607] __x64_sys_mount+0xbe/0x150 [ 944.937564] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 944.942570] do_syscall_64+0x1b1/0x800 [ 944.946450] ? finish_task_switch+0x1ca/0x840 [ 944.951572] ? syscall_return_slowpath+0x5c0/0x5c0 [ 944.956633] ? syscall_return_slowpath+0x30f/0x5c0 [ 944.961555] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 944.966907] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 944.971741] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 944.976914] RIP: 0033:0x455a09 2033/05/18 03:44:03 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) msgget(0x2, 0x0) msgrcv(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000095993d6400000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r3, 0xfffffffffffffff9}, 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000440)={0x7}, 0x1) [ 944.980097] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 944.987794] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 944.995050] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 945.002303] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 945.009556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 945.016814] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:44:03 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000000000ffff00"}, 0x6e) [ 945.039446] binder: 2150:2158 Acquire 1 refcount change on invalid ref 1610612736 ret -22 [ 945.047897] binder: 2150:2158 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 945.055490] binder: 2150:2158 unknown command 0 2033/05/18 03:44:03 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = memfd_create(&(0x7f0000000080)='wlan0wlan0[proc{\x00', 0x3) ioctl$KDMKTONE(r1, 0x4b30, 0x9) r2 = socket$kcm(0xa, 0x9, 0x0) setsockopt$sock_attach_bpf(r2, 0x10d, 0x2, &(0x7f0000000000)=r2, 0x36) syz_extract_tcp_res$synack(&(0x7f0000000040), 0x1, 0x0) 2033/05/18 03:44:03 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xc, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2, 0x25}, [], {0x95}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x7fffffff, 0x200000) ioctl$VHOST_SET_VRING_NUM(r0, 0x4008af10, &(0x7f0000000040)={0x1, 0x7}) 2033/05/18 03:44:04 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000440)={r1, 0x35f3}, &(0x7f0000000480)=0x8) msgget(0x2, 0x0) msgrcv(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f00000004c0)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r3, 0xfffffffffffffff9}, 0x8) [ 945.081973] binder: 2139:2142 ioctl 40046207 0 returned -16 [ 945.104497] binder: 2139:2156 got reply transaction with no transaction stack [ 945.111947] binder: 2139:2156 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:04 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000000000000fd00"}, 0x6e) 2033/05/18 03:44:04 executing program 0: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f00004f7000/0x4000)=nil, 0x4000}, 0x5}) syz_mount_image$minix(&(0x7f0000000040)='minix\x00', &(0x7f00000000c0)='./file0\x00', 0x6, 0x5, &(0x7f0000000440)=[{&(0x7f0000000100)="c8bfd8ce2b2a698e6071fcb7e62456808358730ff833b552009ac2afd99cbd5ff89af5f9bfc572ca2a612da2ab54aa4d6a13d8e45bda06b30646536b61069e8066e5952eb3d8a7feea40d0542a82135f5c2deca8b8e382eedcb01e5a2a108b13b95c5f342e7fe3da720afda58f2781fc81f2ff448f8fb7567cdbb63ce4783d70d687f9d0dfdec92cf348c5d471451d0c2ccc1dd479eee3eea571bf88ebc69d184b734a1978cb9a89669be896d3fbddf0ef6be26117351fbbbc4f320a037e1a6bd6385707e780", 0xc6, 0x5}, {&(0x7f0000000200)="0951d2266d2425b6ee88df87f2928156fe1d20e65c64011d8c80d97f092799542068afd4162e63dfef760b2d775a56d88e2e1faf629ceb39e2c6b4f3384c61205360c7b6a375655133b15b984750f314cd9cb4c754596e93f614889f8d0eba283136b098c18a8f33bf965a3587f8ecd950d55952928e94a5", 0x78, 0xade}, {&(0x7f0000000280)="c4f69b2f84787e21d626fe1dd5dbe0a1845bafc567b2f995603fc590f927d8cb8dd0cf821004cd03d5e69816938057e1d0e27e08a327aa54b4759255f322cf7c586c60cb7e7686746e98350f83e510c6d652078604602bfae76727077d60d4251a5bd9225ed3030472d20d5baf3b09cbe72386d70cd5c9", 0x77, 0x4}, {&(0x7f0000000300)="62221cc43f1b0449768d90fddb31beb59db507d56e3fde61fed4a91162bebf3f36882810f9f781f4f70587d0f6e5dd3342354ae70ab55683834a79929163f57664057f35df5dd6bc953eac8cc4fcc22ae6d7955117be80b4cf8975ab1224bcab515add7a09a3f256d8433cf602089daba20a0996e0615d67f9f47e0daccbe93869bf9d12d2a74bb8", 0x88, 0x3}, {&(0x7f00000003c0)="97d9536f83208bbe5a0753a3a88b6486701a8cc105f804de083976aa2c4ab23f5f53a8017589ecc969780ac39375a010fa43362bab8b1d4d91e08783845b687bd9a85e83d61ad8d24660ac295f1c6d83", 0x50, 0xe30e}], 0x800000, 0x0) 2033/05/18 03:44:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 945.202808] binder: undelivered TRANSACTION_ERROR: 29201 [ 945.208870] binder: undelivered TRANSACTION_ERROR: 29201 [ 945.211146] binder: 2150:2158 ioctl c0306201 20000540 returned -22 2033/05/18 03:44:04 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r0, 0xae80, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) 2033/05/18 03:44:04 executing program 4 (fault-call:4 fault-nth:40): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:04 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000002000008000"}, 0x6e) 2033/05/18 03:44:04 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000440)={r1, 0xcc3}, 0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) msgget(0x2, 0x0) msgrcv(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r3, 0xfffffffffffffff9}, 0x8) [ 945.262756] binder: 2191:2192 got reply transaction with no transaction stack [ 945.270180] binder: 2191:2192 transaction failed 29201/-71, size 0-0 line 2763 [ 945.276817] binder: BINDER_SET_CONTEXT_MGR already set [ 945.315705] FAULT_INJECTION: forcing a failure. [ 945.315705] name failslab, interval 1, probability 0, space 0, times 0 [ 945.327252] CPU: 0 PID: 2206 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 945.334465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 945.343840] Call Trace: [ 945.346468] dump_stack+0x1b9/0x294 [ 945.349745] binder: 2150:2158 ioctl 40046207 0 returned -16 [ 945.350127] ? dump_stack_print_info.cold.2+0x52/0x52 [ 945.350167] should_fail.cold.4+0xa/0x1a [ 945.365132] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 945.370271] ? save_stack+0x43/0xd0 [ 945.373923] ? kmem_cache_alloc_trace+0x152/0x780 [ 945.378799] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 945.384017] ? __list_lru_init+0x456/0x790 [ 945.388278] ? sget_userns+0x767/0xf00 [ 945.392194] ? graph_lock+0x170/0x170 [ 945.396013] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 945.400794] ? do_mount+0x564/0x3070 [ 945.404528] ? ksys_mount+0x12d/0x140 [ 945.408347] ? __x64_sys_mount+0xbe/0x150 [ 945.411368] binder: 2150:2220 Acquire 1 refcount change on invalid ref 1610612736 ret -22 [ 945.412506] ? do_syscall_64+0x1b1/0x800 [ 945.412527] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 945.412555] ? find_held_lock+0x36/0x1c0 [ 945.412588] ? __lock_is_held+0xb5/0x140 [ 945.420904] binder: 2150:2220 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 945.424958] ? check_same_owner+0x320/0x320 [ 945.430327] binder: 2150:2220 unknown command 0 [ 945.434353] ? rcu_note_context_switch+0x710/0x710 [ 945.434381] __should_failslab+0x124/0x180 [ 945.442844] binder: 2150:2220 ioctl c0306201 20000540 returned -22 [ 945.445947] should_failslab+0x9/0x14 [ 945.445968] kmem_cache_alloc_trace+0x2cb/0x780 [ 945.445986] ? __kmalloc_node+0x33/0x70 [ 945.446003] ? __kmalloc_node+0x33/0x70 [ 945.446024] ? rcu_read_lock_sched_held+0x108/0x120 [ 945.446056] __memcg_init_list_lru_node+0x17d/0x2c0 [ 945.446077] ? kvfree_rcu+0x20/0x20 [ 945.456381] binder: BINDER_SET_CONTEXT_MGR already set [ 945.459972] ? __kmalloc_node+0x47/0x70 [ 945.460005] __list_lru_init+0x456/0x790 [ 945.460029] ? list_lru_destroy+0x4c0/0x4c0 [ 945.460054] ? mark_held_locks+0xc9/0x160 [ 945.522185] ? __raw_spin_lock_init+0x1c/0x100 [ 945.526765] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 945.531782] ? lockdep_init_map+0x9/0x10 [ 945.535842] sget_userns+0x767/0xf00 [ 945.539635] ? kill_litter_super+0x90/0x90 [ 945.543893] ? ns_test_super+0x50/0x50 [ 945.547786] ? destroy_unused_super.part.11+0x110/0x110 [ 945.553142] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 945.557721] ? kasan_check_write+0x14/0x20 [ 945.561965] ? do_raw_spin_lock+0xc1/0x200 [ 945.566205] ? blkdev_get+0xc0/0xb30 [ 945.569918] ? cap_capable+0x1f9/0x260 [ 945.573806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 945.579334] ? security_capable+0x99/0xc0 [ 945.583482] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 945.589022] ? ns_capable_common+0x13f/0x170 [ 945.593433] ? kill_litter_super+0x90/0x90 [ 945.597659] sget+0x10b/0x150 [ 945.600757] ? ns_test_super+0x50/0x50 [ 945.604642] mount_bdev+0x111/0x3e0 [ 945.608262] ? fuse_get_root_inode+0x190/0x190 [ 945.612842] fuse_mount_blk+0x34/0x40 [ 945.616638] mount_fs+0xae/0x328 [ 945.620010] vfs_kern_mount.part.34+0xd4/0x4d0 [ 945.624596] ? may_umount+0xb0/0xb0 [ 945.628224] ? _raw_read_unlock+0x22/0x30 [ 945.632361] ? __get_fs_type+0x97/0xc0 [ 945.636247] do_mount+0x564/0x3070 [ 945.639787] ? copy_mount_string+0x40/0x40 [ 945.644029] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 945.648792] ? retint_kernel+0x10/0x10 [ 945.652951] ? copy_mount_options+0x1e3/0x380 [ 945.657450] ? __sanitizer_cov_trace_pc+0x11/0x50 [ 945.662286] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 945.667812] ? copy_mount_options+0x285/0x380 [ 945.672307] ksys_mount+0x12d/0x140 [ 945.675929] __x64_sys_mount+0xbe/0x150 [ 945.679894] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 945.684905] do_syscall_64+0x1b1/0x800 [ 945.688789] ? finish_task_switch+0x1ca/0x840 [ 945.693279] ? syscall_return_slowpath+0x5c0/0x5c0 [ 945.698204] ? syscall_return_slowpath+0x30f/0x5c0 [ 945.703130] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 945.708495] ? trace_hardirqs_off_thunk+0x1a/0x1c 2033/05/18 03:44:04 executing program 0: r0 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x80000000, 0x40000) accept$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, &(0x7f0000000100)=0x14) connect$packet(r0, &(0x7f0000000140)={0x11, 0x1f, r1, 0x1, 0x40, 0x6, @random="566b592acf79"}, 0x14) syz_emit_ethernet(0x6e, &(0x7f0000000000)={@random="d7380b151bf2", @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x38, 0x3a, 0x0, @ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@dest_unreach={0x1, 0x0, 0x0, 0x0, [], {0x0, 0x6, "0b8bca", 0x0, 0x29, 0x0, @mcast1={0xff, 0x1, [], 0x1}, @mcast2={0xff, 0x2, [], 0x1}, [], "bdc7c7119afd4396"}}}}}}}, 0x0) 2033/05/18 03:44:04 executing program 0: syz_emit_ethernet(0x46, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "055679", 0x10, 0x0, 0x0, @local={0xfe, 0x80, [0x0, 0x2], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d298dc", 0x0, "7f5147"}}}}}}}, &(0x7f00000000c0)={0x0, 0xfffffffffffffffe, [0x0, 0x1000]}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r0, 0x800442d2, &(0x7f0000000240)={0x5, &(0x7f0000000180)=[{0x0, 0x0, 0x0, @random}, {0x0, 0x0, 0x0, @random}, {}, {0x0, 0x0, 0x0, @dev}, {0x0, 0x0, 0x0, @broadcast}]}) socketpair(0x2, 0x80000, 0x40, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, &(0x7f0000000080)=r2) 2033/05/18 03:44:04 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000500)={0x0, 0x37, "78751d215352385a3422a7000cf8d1feed04cc1105da72649d7700bab153ca5fe4e6f0751d95b5159a7b7d05065f0f66b6d8cfb0889ba2"}, &(0x7f0000000540)=0x3f) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={r1, 0x25}, &(0x7f0000000580)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r2, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r3 = msgget(0x1, 0x4) signalfd(r0, &(0x7f00000000c0)={0x10001}, 0x8) msgget(0x2, 0x0) msgrcv(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r4, 0xfffffffffffffff9}, 0x8) [ 945.713338] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 945.718526] RIP: 0033:0x455a09 [ 945.721727] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 945.729432] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 945.736700] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 945.743970] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 945.751229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 945.758488] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 945.808621] binder: 2191:2192 ioctl 40046207 0 returned -16 [ 945.830649] binder: 2191:2224 got reply transaction with no transaction stack [ 945.838141] binder: 2191:2224 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:04 executing program 5: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r0, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r1, 0xae80, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) 2033/05/18 03:44:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_KVMCLOCK_CTRL(r2, 0xaead) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x414}]}) 2033/05/18 03:44:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x4c000000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:04 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f00000000c0)="c722c04908262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bind(r1, &(0x7f0000000040)=@un=@file={0x0, './file0\x00'}, 0x80) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) 2033/05/18 03:44:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:04 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") msgget(0x3, 0x185) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) r3 = syz_open_dev$mice(&(0x7f0000000440)='/dev/input/mice\x00', 0x0, 0x80040) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000004c0)={0x0, 0x7, 0x8, &(0x7f0000000480)=0x5}) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000500)={r1}, 0x8) msgget(0x2, 0x0) msgrcv(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r4, 0xfffffffffffffff9}, 0x8) 2033/05/18 03:44:04 executing program 4 (fault-call:4 fault-nth:41): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:04 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000200"}, 0x6e) [ 945.902984] binder: undelivered TRANSACTION_ERROR: 29201 [ 945.908872] binder: undelivered TRANSACTION_ERROR: 29201 [ 945.975007] binder: 2249:2252 got reply transaction with no transaction stack [ 945.982407] binder: 2249:2252 transaction failed 29201/-71, size 0-0 line 2763 [ 945.996658] binder: BINDER_SET_CONTEXT_MGR already set [ 946.022190] binder: 2249:2252 ioctl 40046207 0 returned -16 [ 946.032414] FAULT_INJECTION: forcing a failure. [ 946.032414] name failslab, interval 1, probability 0, space 0, times 0 [ 946.043711] CPU: 0 PID: 2251 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 946.050913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 946.053444] binder: 2249:2255 got reply transaction with no transaction stack [ 946.060269] Call Trace: [ 946.060302] dump_stack+0x1b9/0x294 [ 946.060332] ? dump_stack_print_info.cold.2+0x52/0x52 [ 946.067627] binder: 2249:2255 transaction failed 29201/-71, size 0-0 line 2763 [ 946.070193] should_fail.cold.4+0xa/0x1a [ 946.070221] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 946.095489] ? save_stack+0x43/0xd0 [ 946.099109] ? kmem_cache_alloc_trace+0x152/0x780 [ 946.103942] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 946.109143] ? __list_lru_init+0x456/0x790 [ 946.113371] ? sget_userns+0x767/0xf00 [ 946.117628] ? graph_lock+0x170/0x170 [ 946.121422] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 946.126164] ? do_mount+0x564/0x3070 [ 946.129875] ? ksys_mount+0x12d/0x140 [ 946.133667] ? __x64_sys_mount+0xbe/0x150 [ 946.137804] ? do_syscall_64+0x1b1/0x800 [ 946.141858] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 946.147216] ? find_held_lock+0x36/0x1c0 [ 946.151277] ? __lock_is_held+0xb5/0x140 [ 946.155350] ? check_same_owner+0x320/0x320 [ 946.160027] ? rcu_note_context_switch+0x710/0x710 [ 946.165302] __should_failslab+0x124/0x180 [ 946.169534] should_failslab+0x9/0x14 [ 946.173328] kmem_cache_alloc_trace+0x2cb/0x780 [ 946.177990] ? __kmalloc_node+0x33/0x70 [ 946.181960] ? __kmalloc_node+0x33/0x70 [ 946.185928] ? rcu_read_lock_sched_held+0x108/0x120 [ 946.190945] __memcg_init_list_lru_node+0x17d/0x2c0 [ 946.195965] ? kvfree_rcu+0x20/0x20 [ 946.199594] ? __kmalloc_node+0x47/0x70 [ 946.203568] __list_lru_init+0x456/0x790 [ 946.207629] ? list_lru_destroy+0x4c0/0x4c0 [ 946.212034] ? mark_held_locks+0xc9/0x160 [ 946.216180] ? __raw_spin_lock_init+0x1c/0x100 [ 946.220758] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 946.225781] ? lockdep_init_map+0x9/0x10 [ 946.229839] sget_userns+0x767/0xf00 [ 946.233542] ? kill_litter_super+0x90/0x90 [ 946.237776] ? ns_test_super+0x50/0x50 [ 946.241655] ? destroy_unused_super.part.11+0x110/0x110 [ 946.247014] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 946.251604] ? kasan_check_write+0x14/0x20 [ 946.255829] ? do_raw_spin_lock+0xc1/0x200 [ 946.260066] ? blkdev_get+0xc0/0xb30 [ 946.263774] ? cap_capable+0x1f9/0x260 [ 946.267662] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 946.273191] ? security_capable+0x99/0xc0 [ 946.277336] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 946.282865] ? ns_capable_common+0x13f/0x170 [ 946.287271] ? kill_litter_super+0x90/0x90 [ 946.291499] sget+0x10b/0x150 [ 946.294595] ? ns_test_super+0x50/0x50 [ 946.298482] mount_bdev+0x111/0x3e0 [ 946.302104] ? fuse_get_root_inode+0x190/0x190 [ 946.306682] fuse_mount_blk+0x34/0x40 [ 946.310480] mount_fs+0xae/0x328 [ 946.313847] vfs_kern_mount.part.34+0xd4/0x4d0 [ 946.318423] ? may_umount+0xb0/0xb0 [ 946.322045] ? _raw_read_unlock+0x22/0x30 [ 946.326183] ? __get_fs_type+0x97/0xc0 [ 946.330069] do_mount+0x564/0x3070 [ 946.333611] ? copy_mount_string+0x40/0x40 [ 946.337834] ? rcu_pm_notify+0xc0/0xc0 [ 946.341725] ? copy_mount_options+0x5f/0x380 [ 946.346123] ? rcu_read_lock_sched_held+0x108/0x120 [ 946.351134] ? kmem_cache_alloc_trace+0x616/0x780 [ 946.355977] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 946.361511] ? _copy_from_user+0xdf/0x150 [ 946.365658] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 946.371187] ? copy_mount_options+0x285/0x380 [ 946.375680] ksys_mount+0x12d/0x140 [ 946.379305] __x64_sys_mount+0xbe/0x150 [ 946.383269] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 946.388280] do_syscall_64+0x1b1/0x800 [ 946.392167] ? finish_task_switch+0x1ca/0x840 [ 946.396658] ? syscall_return_slowpath+0x5c0/0x5c0 [ 946.401587] ? syscall_return_slowpath+0x30f/0x5c0 [ 946.406516] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 946.411875] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 946.416715] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 946.421896] RIP: 0033:0x455a09 [ 946.425076] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 946.432777] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 946.440036] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 946.447294] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 946.454555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 946.461815] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 946.501188] binder: 2260:2262 Acquire 1 refcount change on invalid ref 1275068416 ret -22 [ 946.509632] binder: 2260:2262 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 946.517259] binder: 2260:2262 unknown command 0 [ 946.545548] binder: undelivered TRANSACTION_ERROR: 29201 [ 946.551447] binder: undelivered TRANSACTION_ERROR: 29201 [ 946.558174] binder: 2260:2262 ioctl c0306201 20000540 returned -22 [ 946.566726] binder: BINDER_SET_CONTEXT_MGR already set [ 946.585574] binder: 2260:2262 ioctl 40046207 0 returned -16 2033/05/18 03:44:05 executing program 7: r0 = socket(0xffffffffffffffff, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$sock_ifreq(r0, 0x891e, &(0x7f0000000040)={'veth0_to_bridge\x00', @ifru_map={0xfffffffffffff16a, 0x8000, 0x4, 0x4, 0x21, 0x3}}) r1 = socket$kcm(0xa, 0x0, 0x0) connect$l2tp(r0, &(0x7f0000000080)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e22, @multicast1=0xe0000001}, 0x2, 0x1, 0x0, 0x4}}, 0x26) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) 2033/05/18 03:44:05 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x2ecf, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000180)=0x8) recvfrom$unix(r0, &(0x7f0000000040)=""/36, 0x24, 0x10000, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r1, 0x4188aea7, &(0x7f0000000080)={0x0, 0x0, [0x0, 0x7]}) 2033/05/18 03:44:05 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000fd00"}, 0x6e) 2033/05/18 03:44:05 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) msgget(0x3, 0x0) msgrcv(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="000000000000000000000000704b7be2ad8a5cd5b1150d98aa1a410000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r3, 0xfffffffffffffff9}, 0x8) r4 = syz_open_dev$audion(&(0x7f0000000440)='/dev/audio#\x00', 0x80000000, 0x800) ioctl$KVM_SET_CPUID2(r4, 0x4008ae90, &(0x7f0000000480)={0x7, 0x0, [{0x0, 0x34e, 0x3, 0x0, 0x4, 0x40, 0x4}, {0x7, 0x6, 0x7, 0xcfa3, 0x3, 0x800, 0x400}, {0xc000000b, 0xffff, 0x2, 0x8, 0x0, 0x1, 0x4}, {0x8000000d, 0x8, 0x1, 0x80000001, 0x6, 0x5, 0x1ff}, {0x80000000, 0x3, 0x2, 0x2, 0x9, 0x7, 0x100}, {0x4, 0x400, 0x2, 0x2a8, 0xe40, 0xe63f, 0x1}, {0x40000001, 0x0, 0x2, 0xfff, 0x2, 0x3dcd, 0xa87b}]}) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f00000005c0), &(0x7f0000000600)=0x4) 2033/05/18 03:44:05 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0xb63000000000000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:05 executing program 4 (fault-call:4 fault-nth:42): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) [ 946.592554] binder: 2260:2268 Acquire 1 refcount change on invalid ref 1275068416 ret -22 [ 946.601120] binder: 2260:2268 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 946.608704] binder: 2260:2268 unknown command 0 [ 946.614340] binder: 2260:2268 ioctl c0306201 20000540 returned -22 [ 946.664583] binder: 2274:2276 got reply transaction with no transaction stack [ 946.672272] binder: 2274:2276 transaction failed 29201/-71, size 0-0 line 2763 [ 946.703181] FAULT_INJECTION: forcing a failure. [ 946.703181] name failslab, interval 1, probability 0, space 0, times 0 [ 946.714914] CPU: 0 PID: 2283 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 946.722125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 946.731490] Call Trace: [ 946.734108] dump_stack+0x1b9/0x294 [ 946.737773] ? dump_stack_print_info.cold.2+0x52/0x52 [ 946.743014] should_fail.cold.4+0xa/0x1a [ 946.747112] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 946.752264] ? graph_lock+0x170/0x170 [ 946.756093] ? save_stack+0xa9/0xd0 [ 946.759758] ? find_held_lock+0x36/0x1c0 [ 946.763852] ? __lock_is_held+0xb5/0x140 [ 946.767972] ? check_same_owner+0x320/0x320 [ 946.772316] ? trace_hardirqs_off+0xd/0x10 [ 946.776569] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 946.781320] binder: 2295 invalid dec weak, ref 4070 desc 0 s 1 w 0 [ 946.781691] ? rcu_note_context_switch+0x710/0x710 [ 946.788080] binder: 2295:2300 unknown command 0 [ 946.792952] ? debug_check_no_obj_freed+0x2ff/0x584 [ 946.792985] __should_failslab+0x124/0x180 [ 946.806877] should_failslab+0x9/0x14 [ 946.810696] __kmalloc+0x2c8/0x760 [ 946.814267] ? match_strdup+0x5e/0xa0 [ 946.818091] match_strdup+0x5e/0xa0 [ 946.821734] fuse_match_uint+0x1a/0x60 [ 946.825639] fuse_fill_super+0x455/0x1e20 [ 946.829816] ? fuse_get_root_inode+0x190/0x190 [ 946.834421] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 946.839981] ? vsnprintf+0x242/0x1b40 [ 946.843813] ? pointer+0xa10/0xa10 [ 946.847395] ? vsprintf+0x40/0x40 [ 946.850872] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 946.855909] ? set_blocksize+0x2c4/0x350 [ 946.860008] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 946.865574] mount_bdev+0x30c/0x3e0 [ 946.869221] ? fuse_get_root_inode+0x190/0x190 [ 946.873827] fuse_mount_blk+0x34/0x40 [ 946.877660] mount_fs+0xae/0x328 [ 946.881052] vfs_kern_mount.part.34+0xd4/0x4d0 [ 946.885640] ? may_umount+0xb0/0xb0 [ 946.889267] ? _raw_read_unlock+0x22/0x30 [ 946.893424] ? __get_fs_type+0x97/0xc0 [ 946.897335] do_mount+0x564/0x3070 [ 946.900892] ? copy_mount_string+0x40/0x40 [ 946.905121] ? rcu_pm_notify+0xc0/0xc0 [ 946.909022] ? copy_mount_options+0x5f/0x380 [ 946.913430] ? rcu_read_lock_sched_held+0x108/0x120 [ 946.918443] ? kmem_cache_alloc_trace+0x616/0x780 [ 946.923288] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 946.928824] ? _copy_from_user+0xdf/0x150 [ 946.932974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 946.938507] ? copy_mount_options+0x285/0x380 [ 946.943006] ksys_mount+0x12d/0x140 [ 946.946652] __x64_sys_mount+0xbe/0x150 [ 946.950629] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 946.955649] do_syscall_64+0x1b1/0x800 [ 946.959533] ? finish_task_switch+0x1ca/0x840 [ 946.964547] ? syscall_return_slowpath+0x5c0/0x5c0 [ 946.969476] ? syscall_return_slowpath+0x30f/0x5c0 [ 946.974410] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 946.979785] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 946.984642] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 946.989851] RIP: 0033:0x455a09 [ 946.993036] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 947.000759] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 947.008028] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 2033/05/18 03:44:05 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCXONC(r0, 0x540a, 0xfffffffffffffffe) ioctl$KDSKBMODE(r0, 0x4b45, &(0x7f0000000000)=0x1) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x420000, 0x0) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000080)=0x1, 0x4) ioctl$VT_OPENQRY(r1, 0x5600, &(0x7f0000000100)) 2033/05/18 03:44:05 executing program 7: r0 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x5, 0x80000) getsockopt$netrom_NETROM_T1(r0, 0x103, 0x1, &(0x7f0000000080), &(0x7f00000000c0)=0x4) r1 = socket(0x2, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r2 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r2, 0x10d, 0x2, &(0x7f0000000000)=r2, 0x36) 2033/05/18 03:44:05 executing program 0: r0 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x2, 0x0) fcntl$getflags(r0, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x7, 0x200000) ioctl$LOOP_GET_STATUS(r1, 0x4c03, &(0x7f0000000080)) 2033/05/18 03:44:05 executing program 0: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x40d2f29b, 0x20001) ioctl$sock_ipx_SIOCIPXCFGDATA(r0, 0x89e2, &(0x7f0000000140)) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_nanosleep(0x9, 0x0, &(0x7f0000000040)={0x0, 0x1c9c380}, &(0x7f0000000000)) r1 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$sock_int(r1, 0x1, 0x13, &(0x7f0000000080), &(0x7f00000000c0)=0x4) 2033/05/18 03:44:05 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x4, &(0x7f0000000140)="c626262c8523bf012cf66f0052549966141cda4b507dc49ac3e253850c4896c8883e31239e023613a99e5bd6a2738100781598e08d9928cf73d0a5d738665ac169014089b1cf9919cfa681023af70eed56f0cd3825bdd1334f369a6065bccc8402e1f147a33c9e2609864fa174825d2810d4a7f3efec3552502c944a7985077c77569017d34cdfbd7c548740120cb7e2a6b35129a8f454aa2baa1689198c33") r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) 2033/05/18 03:44:05 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000000fffffdef00"}, 0x6e) [ 947.015292] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 947.022554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 947.029817] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 947.042015] binder: 2295:2300 ioctl c0306201 20000540 returned -22 [ 947.048231] binder: BINDER_SET_CONTEXT_MGR already set 2033/05/18 03:44:05 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000440)=[@in={0x2, 0x4e24, @multicast2=0xe0000002}, @in6={0xa, 0x4e24, 0x209, @mcast2={0xff, 0x2, [], 0x1}, 0xd87}, @in6={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}, 0x200}, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x21}}, @in6={0xa, 0x4e20, 0xfffffffffffffff8, @local={0xfe, 0x80, [], 0xaa}, 0xfff}, @in6={0xa, 0x4e24, 0x6, @loopback={0x0, 0x1}, 0xb975}, @in6={0xa, 0x4e23, 0xffffffffffff7fff, @dev={0xfe, 0x80, [], 0x13}, 0x3}, @in={0x2, 0x4e24, @loopback=0x7f000001}, @in={0x2, 0x4e22, @multicast2=0xe0000002}], 0xcc) r2 = msgget(0x1, 0x4) msgget(0x2, 0x0) msgrcv(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r3, 0xfffffffffffffff9}, 0x8) [ 947.078118] binder: 2274:2276 ioctl 40046207 0 returned -16 [ 947.114901] binder: 2274:2310 got reply transaction with no transaction stack 2033/05/18 03:44:06 executing program 7: r0 = socket(0x2, 0x1, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) [ 947.122323] binder: 2274:2310 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:06 executing program 4 (fault-call:4 fault-nth:43): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) [ 947.194664] binder: BINDER_SET_CONTEXT_MGR already set [ 947.237413] FAULT_INJECTION: forcing a failure. [ 947.237413] name failslab, interval 1, probability 0, space 0, times 0 [ 947.249286] CPU: 0 PID: 2333 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 947.256501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 947.265866] Call Trace: [ 947.268483] dump_stack+0x1b9/0x294 [ 947.272141] ? dump_stack_print_info.cold.2+0x52/0x52 [ 947.277354] ? lock_downgrade+0x8e0/0x8e0 [ 947.281540] should_fail.cold.4+0xa/0x1a [ 947.282333] binder: undelivered TRANSACTION_ERROR: 29201 [ 947.285628] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 947.291412] binder: undelivered TRANSACTION_ERROR: 29201 [ 947.296203] ? print_usage_bug+0xc0/0xc0 [ 947.296228] ? print_usage_bug+0xc0/0xc0 [ 947.296248] ? graph_lock+0x170/0x170 [ 947.311659] binder: 2295:2300 ioctl 40046207 0 returned -16 [ 947.313604] ? find_held_lock+0x36/0x1c0 [ 947.313631] ? __lock_is_held+0xb5/0x140 [ 947.327462] ? check_same_owner+0x320/0x320 [ 947.331804] ? lockdep_init_map+0x9/0x10 [ 947.335897] ? rcu_note_context_switch+0x710/0x710 [ 947.340834] ? kasan_check_write+0x14/0x20 [ 947.345079] ? __init_rwsem+0x1c4/0x290 [ 947.349070] __should_failslab+0x124/0x180 [ 947.350076] binder: 2295 invalid dec weak, ref 4073 desc 0 s 1 w 0 [ 947.353316] should_failslab+0x9/0x14 [ 947.353335] __kmalloc+0x2c8/0x760 [ 947.353355] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 947.359681] binder: 2295:2327 unknown command 0 [ 947.363450] ? prealloc_shrinker+0xcf/0x130 [ 947.363474] prealloc_shrinker+0xcf/0x130 [ 947.363494] sget_userns+0x9b2/0xf00 [ 947.387508] binder: 2295:2327 ioctl c0306201 20000540 returned -22 [ 947.388831] ? kill_litter_super+0x90/0x90 [ 947.388858] ? ns_test_super+0x50/0x50 [ 947.388879] ? destroy_unused_super.part.11+0x110/0x110 [ 947.408666] ? kasan_check_write+0x14/0x20 [ 947.412943] ? do_raw_spin_lock+0xc1/0x200 [ 947.417206] ? blkdev_get+0xc0/0xb30 [ 947.420940] ? cap_capable+0x1f9/0x260 [ 947.424835] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 947.430360] ? security_capable+0x99/0xc0 [ 947.434500] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 947.440036] ? ns_capable_common+0x13f/0x170 [ 947.444435] ? kill_litter_super+0x90/0x90 [ 947.448654] sget+0x10b/0x150 [ 947.451747] ? ns_test_super+0x50/0x50 [ 947.455625] mount_bdev+0x111/0x3e0 [ 947.459239] ? fuse_get_root_inode+0x190/0x190 [ 947.463811] fuse_mount_blk+0x34/0x40 [ 947.467602] mount_fs+0xae/0x328 [ 947.470961] vfs_kern_mount.part.34+0xd4/0x4d0 [ 947.475531] ? may_umount+0xb0/0xb0 [ 947.479147] ? _raw_read_unlock+0x22/0x30 [ 947.483279] ? __get_fs_type+0x97/0xc0 [ 947.487159] do_mount+0x564/0x3070 [ 947.490691] ? copy_mount_string+0x40/0x40 [ 947.494917] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 947.499665] ? retint_kernel+0x10/0x10 [ 947.503549] ? copy_mount_options+0x1a1/0x380 [ 947.508047] ? __sanitizer_cov_trace_pc+0x48/0x50 [ 947.512887] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 947.518409] ? copy_mount_options+0x285/0x380 [ 947.522901] ksys_mount+0x12d/0x140 [ 947.526518] __x64_sys_mount+0xbe/0x150 [ 947.530482] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 947.535507] do_syscall_64+0x1b1/0x800 [ 947.539385] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 947.544231] ? syscall_return_slowpath+0x5c0/0x5c0 [ 947.549156] ? syscall_return_slowpath+0x30f/0x5c0 [ 947.554079] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 947.559434] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 947.564276] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 947.569452] RIP: 0033:0x455a09 [ 947.572626] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 947.580323] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 2033/05/18 03:44:06 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x680, 0x0) ioctl$PIO_SCRNMAP(r1, 0x4b41, &(0x7f0000000100)="45902dcd1a99f0d9749ec55a3c3bbc83d18ff8e80957e30348ce326828e15728be0cd5675db3af11b90963c1bc87ecf024857018877f164dec2ad706b8946072a6b99ad3ad296833f5114199e0d41099f164f6d38b0f0faa62875a640c8ba4e412c67298cd91348c92988c2c8da1b9e401742d057fe92930fde20b78797ba60ec45cc1b9605dcccf24") getsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f00000000c0), &(0x7f0000000080)=0x234) 2033/05/18 03:44:06 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:06 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000002000008000"}, 0x6e) 2033/05/18 03:44:06 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) msgget(0x2, 0x0) msgrcv(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r3, 0xfffffffffffffff9}, 0x8) 2033/05/18 03:44:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:06 executing program 4 (fault-call:4 fault-nth:44): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:06 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f00000000c0)="c626262e8523bf012cf66fd41557f58a5e9a65e3bec2fa9d494528349197c5c6115b88b827b0ea00fd19e36b95fc34a09c401c5d418aa3d236bc01bd7ea0225debbbfbaa45b949e7ba9bb348d56fc8d78d7b36613ec3b8be4a27e504f4f884b7b5f722540ba5349fda8384420352a998c87dc40dbc4b5b1fd59484011396ad58ad20057df86de6fff857a7a57a1ae3eef298ff4bb1636714fba5ea38a56fa85cd149d6ad84d2162ea3e96e026faf751076317961d1752e72ccd45889377f66e8d77a8b7c16f5172c70e4797b409747cd69af8f39957ad51df970c492fcece91b599a4dea96097c24aba81505d790dfd23b853f26798b83f9142ccf55") r1 = socket$kcm(0xa, 0x3, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rtc0\x00', 0x2000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x0, 0x2, &(0x7f0000000240)=@raw=[@exit={0x95}], &(0x7f0000000280)='GPL\x00', 0x4e, 0xd6, &(0x7f00000002c0)=""/214, 0x40f00, 0x1}, 0x48) r2 = openat$full(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/full\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000480)=r2, 0x3897e224) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x20180, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f0000000080)={0x5, 0x0, 0x10001, 0x9}) ioctl$DRM_IOCTL_AGP_ALLOC(r3, 0xc0206434, &(0x7f00000001c0)={0x2, r4, 0x1, 0xffffffff}) 2033/05/18 03:44:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x200000000000000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 947.587579] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 947.594841] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 947.602100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 947.609356] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 947.669941] binder: 2347:2352 got reply transaction with no transaction stack [ 947.677349] binder: 2347:2352 transaction failed 29201/-71, size 0-0 line 2763 [ 947.708206] FAULT_INJECTION: forcing a failure. [ 947.708206] name failslab, interval 1, probability 0, space 0, times 0 [ 947.719527] CPU: 0 PID: 2357 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 947.722449] binder: BINDER_SET_CONTEXT_MGR already set [ 947.726724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 947.726733] Call Trace: [ 947.726763] dump_stack+0x1b9/0x294 [ 947.726790] ? dump_stack_print_info.cold.2+0x52/0x52 [ 947.726830] should_fail.cold.4+0xa/0x1a [ 947.750594] binder: 2360 invalid dec weak, ref 4079 desc 0 s 1 w 0 [ 947.752837] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 947.752869] ? save_stack+0x43/0xd0 [ 947.752888] ? kmem_cache_alloc_trace+0x152/0x780 [ 947.752909] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 947.756974] binder: 2360:2361 unknown command 0 [ 947.763265] ? __list_lru_init+0x456/0x790 [ 947.763284] ? sget_userns+0x767/0xf00 [ 947.763308] ? graph_lock+0x170/0x170 [ 947.775708] binder: 2347:2352 ioctl 40046207 0 returned -16 [ 947.776857] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 947.776874] ? do_mount+0x564/0x3070 [ 947.776890] ? ksys_mount+0x12d/0x140 [ 947.776906] ? __x64_sys_mount+0xbe/0x150 [ 947.776922] ? do_syscall_64+0x1b1/0x800 [ 947.776940] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 947.787131] binder: 2360:2361 ioctl c0306201 20000540 returned -22 [ 947.791013] ? find_held_lock+0x36/0x1c0 [ 947.791044] ? __lock_is_held+0xb5/0x140 [ 947.791062] ? intel_enable_ipc+0xb0/0xc0 [ 947.791106] ? check_same_owner+0x320/0x320 [ 947.791129] ? rcu_note_context_switch+0x710/0x710 [ 947.797221] binder: 2347:2362 got reply transaction with no transaction stack [ 947.798801] __should_failslab+0x124/0x180 [ 947.798823] should_failslab+0x9/0x14 [ 947.798844] kmem_cache_alloc_trace+0x2cb/0x780 [ 947.804557] binder: 2347:2362 transaction failed 29201/-71, size 0-0 line 2763 [ 947.809306] __memcg_init_list_lru_node+0x17d/0x2c0 [ 947.868185] binder: BINDER_SET_CONTEXT_MGR already set [ 947.869713] ? kvfree_rcu+0x20/0x20 [ 947.869737] ? __kmalloc_node+0x47/0x70 [ 947.869766] __list_lru_init+0x456/0x790 [ 947.869788] ? list_lru_destroy+0x4c0/0x4c0 [ 947.884755] binder: undelivered TRANSACTION_ERROR: 29201 [ 947.885585] ? mark_held_locks+0xc9/0x160 [ 947.885611] ? __raw_spin_lock_init+0x1c/0x100 [ 947.885630] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 947.891450] binder: undelivered TRANSACTION_ERROR: 29201 [ 947.895911] ? lockdep_init_map+0x9/0x10 [ 947.895938] sget_userns+0x767/0xf00 [ 947.895954] ? kill_litter_super+0x90/0x90 [ 947.895978] ? ns_test_super+0x50/0x50 [ 947.952280] binder: 2374:2376 got reply transaction with no transaction stack [ 947.952457] ? destroy_unused_super.part.11+0x110/0x110 [ 947.959788] binder: 2374:2376 transaction failed 29201/-71, size 0-0 line 2763 [ 947.965095] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 947.965126] ? kasan_check_write+0x14/0x20 [ 947.973165] binder: 2360:2361 ioctl 40046207 0 returned -16 [ 947.977043] ? do_raw_spin_lock+0xc1/0x200 [ 947.977076] ? blkdev_get+0xc0/0xb30 [ 947.977100] ? cap_capable+0x1f9/0x260 [ 947.977131] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 948.002123] binder: 2360 invalid dec weak, ref 4087 desc 0 s 1 w 0 [ 948.004399] ? security_capable+0x99/0xc0 [ 948.004427] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 948.004447] ? ns_capable_common+0x13f/0x170 [ 948.004472] ? kill_litter_super+0x90/0x90 [ 948.004489] sget+0x10b/0x150 [ 948.004506] ? ns_test_super+0x50/0x50 [ 948.010835] binder: 2360:2380 unknown command 0 [ 948.014962] mount_bdev+0x111/0x3e0 [ 948.014979] ? fuse_get_root_inode+0x190/0x190 [ 948.015002] fuse_mount_blk+0x34/0x40 [ 948.024295] binder: BINDER_SET_CONTEXT_MGR already set [ 948.024930] mount_fs+0xae/0x328 [ 948.034805] binder: 2374:2376 ioctl 40046207 0 returned -16 [ 948.036147] vfs_kern_mount.part.34+0xd4/0x4d0 [ 948.036172] ? may_umount+0xb0/0xb0 [ 948.036194] ? _raw_read_unlock+0x22/0x30 [ 948.036209] ? __get_fs_type+0x97/0xc0 [ 948.036234] do_mount+0x564/0x3070 [ 948.051612] binder: 2374:2381 got reply transaction with no transaction stack [ 948.052885] ? do_raw_spin_unlock+0x9e/0x2e0 [ 948.052915] ? copy_mount_string+0x40/0x40 [ 948.052932] ? rcu_pm_notify+0xc0/0xc0 [ 948.052962] ? copy_mount_options+0x5f/0x380 [ 948.058238] binder: 2374:2381 transaction failed 29201/-71, size 0-0 line 2763 [ 948.061574] ? rcu_read_lock_sched_held+0x108/0x120 [ 948.061594] ? kmem_cache_alloc_trace+0x616/0x780 [ 948.061620] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 948.096141] binder: 2360:2380 ioctl c0306201 20000540 returned -22 [ 948.098727] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 948.098747] ? copy_mount_options+0x285/0x380 [ 948.098775] ksys_mount+0x12d/0x140 [ 948.098800] __x64_sys_mount+0xbe/0x150 [ 948.098816] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 948.098843] do_syscall_64+0x1b1/0x800 [ 948.134719] binder: undelivered TRANSACTION_ERROR: 29201 [ 948.140779] ? finish_task_switch+0x1ca/0x840 [ 948.140805] ? syscall_return_slowpath+0x5c0/0x5c0 [ 948.140832] ? syscall_return_slowpath+0x30f/0x5c0 [ 948.140857] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 948.159737] binder: undelivered TRANSACTION_ERROR: 29201 [ 948.163501] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 948.163534] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 948.163550] RIP: 0033:0x455a09 [ 948.211194] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 2033/05/18 03:44:06 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000000000000200"}, 0x6e) 2033/05/18 03:44:06 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000500"}, 0x6e) 2033/05/18 03:44:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:06 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000500"}, 0x6e) 2033/05/18 03:44:06 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000500"}, 0x6e) 2033/05/18 03:44:07 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000008000002000"}, 0x6e) [ 948.218934] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 948.226219] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 948.233500] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 948.240777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 948.248063] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 948.288251] QAT: Invalid ioctl 2033/05/18 03:44:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:07 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000500"}, 0x6e) 2033/05/18 03:44:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x6c000000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = fcntl$dupfd(r0, 0x406, r0) epoll_wait(r2, &(0x7f0000000000)=[{}, {}, {}], 0x3, 0x2) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000100)={0x100}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x2, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x81}, {}, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x290, 0x0, 0x0, 0x2, 0x0, 0x7}]}) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000140)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) 2033/05/18 03:44:07 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:07 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x3) msgget(0x2, 0x0) msgrcv(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r3, 0xfffffffffffffff9}, 0x8) 2033/05/18 03:44:07 executing program 7: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$KVM_TRANSLATE(r0, 0xc018ae85, &(0x7f0000000040)={0xd000, 0x107000, 0x3ff, 0x1, 0x3}) ioctl$KVM_SET_VAPIC_ADDR(r0, 0x4008ae93, &(0x7f0000000080)) r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) 2033/05/18 03:44:07 executing program 4 (fault-call:4 fault-nth:45): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) [ 948.337838] QAT: Invalid ioctl 2033/05/18 03:44:07 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000440)={r0}) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) socket$netlink(0x10, 0x3, 0x4) msgget(0x2, 0x0) msgrcv(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d00000000ff000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000a08f64b000000000000090000000000000000e7ff00000000000000000000000000000000000000000000000000000000000000000000000000836e0b717631f4212e5800000000000000000000000000000061a1cd9acf8b4f7882ce6cf8d9bf7644b03916a3d5e2f97b67481c336f4cf9a075fcf0f17805debb5d981c0b21df5cfcfcaa84cdf298074a95f9632bf8b5e5ad1c58ecde2048986d17f15c5fdeb050fe34da4307385506fe3b0360701a220c39277fa9f4803af24bf1304dc4b67eec79fc1d16cc20dd43490d76a95c3e43acf02af23c32d3b90eba2f6c39e0310cb423c84f846d26c59235324e52c2e3baf2c7fcc031cc7f2ba2f32a4ed66ae0748f6291541805edbc71a2b1b146fddf75ffbd3230ec0600db944fea055b1bdc5fbf07a2fbf3302790edc185df41e618efeeb8b5"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r3, 0xfffffffffffffff9}, 0x8) setsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000480)=@assoc_id=r3, 0x4) 2033/05/18 03:44:07 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000000000000000100"}, 0x6e) [ 948.396677] binder: 2405:2416 got reply transaction with no transaction stack [ 948.404124] binder: 2405:2416 transaction failed 29201/-71, size 0-0 line 2763 [ 948.454698] binder: BINDER_SET_CONTEXT_MGR already set 2033/05/18 03:44:07 executing program 0: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f00000001c0)="c626262c8523bf012cf66f") syz_mount_image$nfs(&(0x7f00000000c0)='nfs\x00', &(0x7f0000000140)='./file0/file0\x00', 0x8, 0x1, &(0x7f0000000180)=[{&(0x7f0000000200)="b0c6b556335d1abeb5c85f72faf7716decfd4ec25a22666cde205878360a36cc66a722767d1fd8ccecbeecb4963edb0f18405d3756b4112aded4716a94755c08f15f5b6c8b51ba2b7ccd0a40c2afcd01bfcf6831b88b7e10e4efd33f708032f1050700f9524d766cdbbc35be399a4eb3d3e1d5fa57cfb59f8362c295c5619f693c82528b63953eb88f660b1c82c9117f31c0400f426ac6bce055dba60318b2161149488dfe83ee9aaa8b2d0233ef1e1be50e1ccd19bb7b93bfe0c0992215aece43c908fd7229271dd59e6adcfceeb2606e7228a8272c3edebeca2ef40a8afb10d11f774cb76853d701d2c5f94abf90d45ba07c78536d4e452438e99d85f321307d85ff021e84acb620b5a4b91d8de17384bd8209d0ce4e2ed8cc0a0938929fc754ce786291ce3559b0cbe783d9a800182666a01eac371b2c0b5d2b365e13ad9d892b4c1eb253a041c4671a02976290f5f8cbd4f932e58df6e7009f9939aab824e4c318376420b360670daedf14d8dee5a116c10a5c130afe58cce0ba2e5122cdca21cd00d15d874a00f5097c2f990ec8d26f7863ccfd7513c828586f125655218edc22c769a7775161c568a1189ce5434a9edbe1192a1090538f8ca22f396e0744150bfed99135f639cea41d5bdb750b9b13ee0dfff3730c471bd8673874c8b3c2b0b50d5459b343f8ea39571d25865dec1ca5adf9ebd6e0055fedfe98b47f64a192e1ce728355965587beeb7f67ee4ab7d5df5b1fbb7193fabc128ab17e673a179e20a9b87438b9c77cf147d8dfc452187127b602614a78cbbdd9fd74635f61c68dd66b3c3d4e974513e5c9a9e08b3c99e7dad8787b9d409ae058e32d65e640bcad2108574da442be46729991aa17a5223285725aca8d9280c086e4ea4ba4448dc38d3f2935e0f6bd448077f80a603b0e275824b4e287651e725f9df28ca100282ddc04b58728f2e1d3691a1edf5714f0f70eda53e8b75c413504d9224b8eeb4b4b972e2e9097ec4d884ec53d7ded42e91a1062cd8f31b859fc636a7ffb45b28eed9e52a33eab027252385b3149f3fa7402bff7771a169499d3903c6fcf3b98a735a9a330e885816b336121edb6d06473be60fb8aed1614771520e1002d363114bfd3528546d9463265980f7964dfd5ac3f4748d5f652f683f570fcd2d4ef957290bddf1e56384b4a91b624bd0437bb02430629d88a8273cf2fb06abdca1109c298eaf95c2432bef63e9a76710ed96bfd3eb7f1d6a67c7c0fc950aa2b30716c749a9517418f233e5d6743608cea64cbaa2de23a764462ec54e87bdf8ba6a7ea675a450b7855244ccd3974f70082829acbfd270eea427d10f2806ca2c4d7043cd8082e72fb07481e6aef1519b100312f020c56f441388ef0b92d437d17604bb764b71ae1c055d931ad637893048dc3172206516b4f1851742bcbc24ab1866b82d696ca299eef6c78590174a9d9551286368216c3ce4179d911f8d6915a5cbe147a7ebc398cc0e44fe31c327cbc7638d14502cdd346f85220620bcdd1834118a185614c9ba2893a4be0bc4c8d225831dcb2173eb7cbf5363eab38904fd93c69d94de41279ac2d21d8fb8e1a2fd2ab15c8dea2f309b4cdb82d7a09c94bf4d848f00a1ee870660e5f43f90011288af0838add9b5097788b07effb3764b8c3ec4c2a5881981e77c5dba8ff39b124bf16e240d14132be861595bf2d261da15de7c33e48ed057f5c8e853c56651afe4cdc7d266f5d7b883c889ac9def0d4ff645644bef3904c7f2a222f4b3539a53c87789b5adfbcdccec448bbf8a30d016b1fa68eec45fe0b06f3770a334894e6e12a099b5b7ae5711d12554badae5eda97f467415dd2ceb14453662dc6625fbe130f479fa82e8ae189c8bd783e4b4687b1770128c7bfe3557011f2fac5739a66fe1b773c8ca34559c4b5b81dd31e70f9bb5d5ef1d8115cbb6e9f5076a2720d597d05a9a0dd97aedf9c67c34298ed1c6f1a5d08dd2988b2f578508e14eb92131842afd3adf5305166bd67b904e23969fde3fc7a85f61b9b7b6feeb1d75281b25b21bcfba74e6d5fab71a9fa38abd7b0a46eefd01fa5d9bc3a8ee3b9d38bfdc79d8eb03652c17dffdfdb25d80b9406a610452ebe49f1c10474bc1860c6f731215160e9c821efecd5cbc2c48c0e8333b11930e22e6202b424c85423e9948831170401eea1405ae96c0df5497187fdb3b536abb92f457364a9576c255b74b59dc3778c972696446a28c2f27de157e6f3a5dcd6735aff035f496ca1dea2ef26a1c4da8b3f3b194bce114fa4896367269136e5188586fa13226d6ff8b3213177d49319d2116fe5285b271f8ab0182a889b489eb4dac4be1b5b54e76c5c4b1325b41f982c9096da222c55853c71a3af76f660e49b84c77433567ced0847a104e59f85f7203b2e56380e5952466524ef828a1101345e26d4f5327fd8589fcad23439f2e0771a0599fe47cdc5ef5c9be64d94c6129166f9275ddf657046e9841c049517cf9a36b249268d129cec48204fc12f95da144d36f37a7185f34387a0340ebde5d6d846c56f3443e7e24f69b9a8c1af4fb961e8b1e08847eeeb6a83ceadde62ceb383873656b5d0e03293f5bf2452a671c3dbe2dce489d4b6a8ed15ac2d8c2099e2634e0eb4dec03c1730e99a9a9234a230fa31ce275e49d917431c9496afba7717102120e275f8948b824effcfe0d5af2a0e3a52cdb8f60c6c73f0dede8ce7595cadfc796deda63dddb02ad58a5e6c3bd10f2db95d9a0681c6972e6c6922105c5eff13c0541879b041a3c1647423569941547e2d076795cac8f297dcc7628fe48e07ddff036ca3121c3f1be162c050a80c3d80f72e22b03d46167d70877960ad09c26514ee57ae4523d700ee67556d92facb14bca964c209828a9d1f72d0748ab7960ff48460d91cf69c3dc04b0bbe6254c6a9666a49f07e75c5083d45a5884cdd6a983b735e8827ca11428e62b3857213e242d02817ba459d4bf3bcb75574f7d2aca403cbd05e9f796d792430613d39c9c492b110690388903b1a7e23ccaa38a41e9c722811cb57ce60b4a4914a64f122d03f6793471e4f01b0ddc2b46ca34d3bc134d09638e0b9ffea5547c5d231c32fcf08fb7ccd3612debc5319fc2c2347c7114b47042cab56254ffb9692fa59f575e3860dd37685e8a8f5c5f2dc49b6706c52c36455628fb554780ac16462aa2d9869cb9c1a5fc08b7e798b2e0717e0e9d49dd35a1a5a783679b7b92ce67dd945498d8ada4745d49c4d6a7904d406db64b336fa6af4b7bd154fe7af8da2fde275bf16bde4e9b7e0b274956710f485fd9ed96ecb4364b216b66dd261ee8ada6c9bde4364bf9852c3f86db3965f93f7cb540d49948bf7b6295632e56b437ee7eb4e0b1fe3977e3d5652e2000dad32ed461412108a02e65450e5d7faf4c23fd21b649a8ccf7cfb7000b7c1522f6282f3181775aa07951d642751e2f67002145bde66291e9e195a6bef89a6159782d4e56b14277edebcd93d094e43c756edac30ce5341f9df72a54e05c39942e392454d72700697036883cb0b106bf6f495d2b2f9e17ea6a5911c4b6ffc284456e84d4bbb06db94e23989c09c9e3ca84e158d7353b1f8025731f421dc3ecda723224ff7da38455c4ddef2c0f515400fcfee282aa01db8326301d28a818507e6c376ef31e2717c9d15c1518dc9fdf18f77c9d0452e0adb5966f96515ef5ccdeb42e867eb87765e435753174798e7d06da2fdb5008ac52021053eefbabface1cf05de14f271a3e51b1467f858594cef20c159b9f04f9bdabb76f44bd7d2c6abe0373968c81ff9ce33c842da8397cac804e0911607662cfab77b30add7a9c49cd6b228578952b013cd216ae9b90a68f61f39c7e3121f34d9b92fee26dcc69a895d4579ba56687371dd6b078470a6d4244de675dcaa3e954145fe97b0a11a0cc148b9a90276ff34a3b3773bcafd056fe77d8c1bbb7f0febd6e3905f06bfd37a5a8fc24a41b1ba1ac2444a5c5da077018ec83eb51da8ed4f1bcb6a205578a99e0a0501ab37df9a0c707c96b864623fd6fd12a727d99a5f7bda48392f20111847767cbd7ee1b12e03a8afb48154dd4b6813861729664131d003e81e9f98ebe4e6514a72760490653dfb1a8cfaf5acd00f93915da7dbf66731b9a2fffd1ed90acde25631b5dfb68f2909a5fedba7618d40980dcec213d563fd3c33f361959e7c057e5e647388e15c74768f4273e7d72ddbaa0719300f43d75ed0f664a0a73f0ced6904cd6bb52a26314563bb154376c29e957e20854cd5bb0300415a66788528682653b06869f5c2b44049db1bfbd7f3fd03324acd04e0dd285341ccd2a6b986ab847eff60012693366ab4a0699c0f0d1642b17d6e7a1004fc13a1b7efab63631144725a83039019f3e61f34edeb60891594fe9bd45e30c019b2150eb204d35f671a54fbf47394a13b10bc81c2f0bdb054f0c4924bf23462270600e1a8a2301b181037a967214079762d51c610608e0124f521389aa1a4ad1e6f5f1b5f847731d8f556074dd9be67e4cece64508be8d6fb5c592002fb0dc16b83709f63f097be5b2bdbf636ae9b4bc24194860aa82d854c73215c197413a67c957ccd322ea7830fabafe62e2281e6bc79e45e5df8008cfb0e2a5d865c05c500edbc5806ec153d6e7ecdb7884e6bcf8a36c88434ea104ff06d06e4c670cf22bc6bbc7988f3a59c8fd4b55ba2565791f0f675abb68bb1227dcbbd46e372205b6cf099a3c64663aa9774882a37c5e38376d97fa93b605237875f2ae7372e41255b39e5b7e48f066d4a5d4da89d4b5d6564cc2a51d8af094346e5a76fb6748280771ea01c8782c3370ae4b20fd4fcad4f256b505c3f481a32aae14eedc7100e8f944298711c880a2c0b2af7cc6f7a3bb01d9b06177fc1c44d2fea9d7ee0e73839422c07fe8462a32f4c781ad801b329116a1b37f1f3413c00d2e143045c77df6b4faa5f341ef58c13d796e59760aad950a2962277c2defeb616a00956c2248ab2a05f78e27d3602cd6f513fe03c3deb2ecfa6ec97ff687a55d67c4d8fcb5eb2690cbd292919d36615ce4fd17a6da7cc43984bae2f616020814697eee66ae52eb662e75b1552f5979f8b819829fb0e9952a0cfabafe63d08013f15940e760d80e783b833e521c088ba5dda0f93502cf0f565a41401b3bc8304707da81bac7d2886b8a599fcf79236b5c7c4e50770dd07b9ea2bbe09b9978fd97abc61208ae501a963c7224008a2ac2b761c3cd2f0572a0175b477865d7d121fc10ac5cb2ba03a556333a9b81c53202c6883e592f275887449feaecaee4112f81f110b66ca361551176afce093245c5511098baa269cf05699a0717095adf7b108f8ce80380458f8c001b281fc3a10d6ac6da8562f808c6e816fc3c96d650cfe2ac87142dc4afe57b13f4550889626d581b172843e66aa74aba04334d24759b389efabebef804d49d91518e05d08e3302cf67d1c09eccceb2f4645b80d538292aeb6df1e8500d39a405c27b29cfc7b767f0ccd1d5ce2dc0b1e4c3c68d03110792764bfd504204fad61211e9df4585912d826d84b72040f187d2d514f87a9b4b381850ac87a913874a984cf854f1c41274d03e698e66d687782e2705ea05ada338ba1037300327c853b5b6b5b1664ea5d7d0fb3621688059f218d848268259667110ff39b0674f60092e91b364cb1791ddcd221df6278863bbc67c73c29ae5707365ff652bb342c859831128df99fda03dbffc53efb74b57693c6193143c08840c049ec893e68b9ce9a896d482b1194", 0x1000, 0x8}], 0x803400, &(0x7f0000001200)='vfat\x00') syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x100000000000e002, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="eb64c86d4f66732e66617400020441000500077008f80000d8c32d8cbe59628cf9d9ed7b2c", 0x25}], 0x0, &(0x7f0000000240)=ANY=[]) 2033/05/18 03:44:07 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") signalfd4(r0, &(0x7f0000000080)={0x80000001}, 0x8, 0x80800) r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) ioctl$sock_SIOCDELDLCI(r0, 0x8981, &(0x7f0000000040)={'ip6_vti0\x00', 0x10000}) get_thread_area(&(0x7f00000000c0)={0x8, 0x20001000, 0xffffffff, 0x498, 0x5, 0x100000000, 0x7, 0xbb, 0xb53, 0x7fff}) [ 948.476775] binder: 2405:2416 ioctl 40046207 0 returned -16 [ 948.499153] FAULT_INJECTION: forcing a failure. [ 948.499153] name failslab, interval 1, probability 0, space 0, times 0 [ 948.510465] CPU: 1 PID: 2418 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 948.517661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 948.527025] Call Trace: [ 948.529626] dump_stack+0x1b9/0x294 [ 948.533269] ? dump_stack_print_info.cold.2+0x52/0x52 [ 948.537467] binder: 2421:2424 Acquire 1 refcount change on invalid ref 1811939328 ret -22 [ 948.538473] ? finish_task_switch+0x1ca/0x840 [ 948.538492] ? finish_task_switch+0x182/0x840 [ 948.538522] should_fail.cold.4+0xa/0x1a [ 948.546934] binder: 2421:2424 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 948.551340] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 948.551367] ? __schedule+0x809/0x1e30 2033/05/18 03:44:07 executing program 6: r0 = socket(0xa, 0x1, 0x0) exit_group(0x3000000000) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) recvmmsg(r0, &(0x7f00000068c0)=[{{&(0x7f0000000480)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000000540)=[{&(0x7f0000000500)=""/13, 0xd}], 0x1, &(0x7f0000000580)=""/151, 0x97, 0x8001}, 0x5}, {{&(0x7f0000000640)=@nfc, 0x80, &(0x7f00000009c0)=[{&(0x7f00000006c0)=""/155, 0x9b}, {&(0x7f0000000780)=""/43, 0x2b}, {&(0x7f00000007c0)=""/214, 0xd6}, {&(0x7f0000000e00)=""/4096, 0x1000}, {&(0x7f00000008c0)=""/17, 0x11}, {&(0x7f0000000900)=""/189, 0xbd}], 0x6, &(0x7f0000000a40)=""/83, 0x53, 0x4}, 0x2}, {{&(0x7f0000000ac0)=@pppol2tpin6, 0x80, &(0x7f0000000c00)=[{&(0x7f0000000b40)=""/157, 0x9d}], 0x1, &(0x7f0000000c40)=""/238, 0xee, 0x3}, 0x18b5}, {{0x0, 0x0, &(0x7f0000002fc0)=[{&(0x7f0000001e00)=""/145, 0x91}, {&(0x7f0000001ec0)=""/39, 0x27}, {&(0x7f0000001f00)=""/4096, 0x1000}, {&(0x7f0000002f00)=""/190, 0xbe}], 0x4, &(0x7f0000003000)=""/4096, 0x1000, 0x3}, 0x80}, {{0x0, 0x0, &(0x7f0000005280)=[{&(0x7f0000004000)=""/169, 0xa9}, {&(0x7f00000040c0)=""/65, 0x41}, {&(0x7f0000004140)}, {&(0x7f0000004180)=""/172, 0xac}, {&(0x7f0000004240)=""/51, 0x33}, {&(0x7f0000004280)=""/4096, 0x1000}], 0x6, &(0x7f0000005300)=""/158, 0x9e, 0x9c00000000000000}, 0x7fd}, {{0x0, 0x0, &(0x7f00000054c0)=[{&(0x7f00000053c0)=""/251, 0xfb}], 0x1, 0x0, 0x0, 0x452}, 0x4}, {{&(0x7f0000005500)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, &(0x7f0000006740)=[{&(0x7f0000005580)=""/22, 0x16}, {&(0x7f00000055c0)=""/71, 0x47}, {&(0x7f0000005640)=""/112, 0x70}, {&(0x7f00000056c0)=""/4096, 0x1000}, {&(0x7f00000066c0)=""/105, 0x69}], 0x5, &(0x7f00000067c0)=""/228, 0xe4, 0x1}}], 0x7, 0x20, &(0x7f0000006a80)) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000006ac0)={'vcan0\x00', r2}) r3 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r4 = msgget(0x1, 0x4) msgget(0x2, 0x0) msgrcv(r4, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000d40)={@loopback, 0x0}, &(0x7f0000000d80)=0x14) connect$can_bcm(r0, &(0x7f0000000dc0)={0x1d, r5}, 0x10) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r6, 0xfffffffffffffff9}, 0x8) 2033/05/18 03:44:07 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000ffff00"}, 0x6e) [ 948.551385] ? perf_trace_lock+0xd6/0x900 [ 948.555893] binder: 2421:2424 unknown command 0 [ 948.559914] ? __sched_text_start+0x8/0x8 [ 948.559929] ? find_held_lock+0x36/0x1c0 [ 948.559948] ? __lock_is_held+0xb5/0x140 [ 948.572949] binder: 2405:2435 got reply transaction with no transaction stack [ 948.576435] ? check_same_owner+0x320/0x320 [ 948.576456] ? simple_strtoull+0xde/0x150 [ 948.576479] __should_failslab+0x124/0x180 [ 948.580642] binder: 2405:2435 transaction failed 29201/-71, size 0-0 line 2763 [ 948.585263] should_failslab+0x9/0x14 [ 948.585279] __kmalloc+0x2c8/0x760 [ 948.585299] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 948.636850] ? match_number.isra.0+0xb6/0x260 [ 948.641373] match_number.isra.0+0xb6/0x260 [ 948.645705] ? match_strdup+0xa0/0xa0 [ 948.649518] ? match_wildcard+0x3c0/0x3c0 [ 948.653683] match_int+0x23/0x30 [ 948.657059] fuse_fill_super+0x812/0x1e20 [ 948.661224] ? fuse_get_root_inode+0x190/0x190 [ 948.665816] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 948.671017] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 948.676559] ? vsnprintf+0x242/0x1b40 [ 948.680383] ? pointer+0xa10/0xa10 [ 948.683920] ? vsprintf+0x40/0x40 [ 948.687363] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 948.692366] ? set_blocksize+0x2c4/0x350 [ 948.696418] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 948.701957] mount_bdev+0x30c/0x3e0 [ 948.705572] ? fuse_get_root_inode+0x190/0x190 [ 948.710144] fuse_mount_blk+0x34/0x40 [ 948.713935] mount_fs+0xae/0x328 [ 948.717298] vfs_kern_mount.part.34+0xd4/0x4d0 [ 948.721867] ? may_umount+0xb0/0xb0 [ 948.725491] ? _raw_read_unlock+0x22/0x30 [ 948.729629] ? __get_fs_type+0x97/0xc0 [ 948.733545] do_mount+0x564/0x3070 [ 948.737113] ? copy_mount_string+0x40/0x40 [ 948.741338] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 948.746092] ? retint_kernel+0x10/0x10 [ 948.749982] ? copy_mount_options+0x213/0x380 [ 948.754474] ? copy_mount_options+0x1a1/0x380 [ 948.758958] ? __sanitizer_cov_trace_pc+0x20/0x50 [ 948.763790] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 948.769312] ? copy_mount_options+0x285/0x380 [ 948.773795] ksys_mount+0x12d/0x140 [ 948.777418] __x64_sys_mount+0xbe/0x150 [ 948.781380] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 948.786385] do_syscall_64+0x1b1/0x800 [ 948.790257] ? finish_task_switch+0x1ca/0x840 [ 948.794751] ? syscall_return_slowpath+0x5c0/0x5c0 [ 948.799677] ? syscall_return_slowpath+0x30f/0x5c0 [ 948.804597] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 948.809948] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 948.814782] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 948.819957] RIP: 0033:0x455a09 2033/05/18 03:44:07 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000300"}, 0x6e) 2033/05/18 03:44:07 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 948.823130] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 948.830824] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 948.838076] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 948.845333] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 948.852585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 948.859840] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 948.869534] binder: 2421:2424 ioctl c0306201 20000540 returned -22 [ 948.916341] binder: undelivered TRANSACTION_ERROR: 29201 [ 948.919426] binder: BINDER_SET_CONTEXT_MGR already set [ 948.922408] binder: undelivered TRANSACTION_ERROR: 29201 2033/05/18 03:44:07 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x5, &(0x7f0000000280)="9cdad1c606262c8f0700012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) r1 = msgget(0x2, 0x101) msgget(0x2, 0x0) msgrcv(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="00002b1c04170a88875500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff0000000000000000000000000000000000000000000df000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000356c9897000000000000000000000000000000001a8d521f1e75a406000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r2, 0xfffffffffffffff9}, 0x8) 2033/05/18 03:44:07 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETAW(r0, 0x5407, &(0x7f00000001c0)={0xfffffffffffffffd, 0x0, 0x0, 0x5a5, 0x0, 0x5}) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x2, 0x0) pipe(&(0x7f0000000100)) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x1f000, 0x18000}) ioctl$TCSETA(r1, 0x5406, &(0x7f0000000140)={0x8, 0x6, 0x7, 0x235, 0x0, 0x81, 0x1, 0x5, 0xe021, 0x10001}) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x891b, &(0x7f0000000080)={'veth0_to_bond\x00', {0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}}) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) r2 = syz_open_pts(r0, 0x0) ioctl$TCSETAF(r2, 0x5412, &(0x7f00000000c0)={0x5}) 2033/05/18 03:44:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:07 executing program 7: r0 = socket(0x10, 0xa, 0x101) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0x8000, 0x0) ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f0000000080)) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r2 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r2, 0x10d, 0x2, &(0x7f0000000000)=r2, 0x36) 2033/05/18 03:44:07 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000fd00"}, 0x6e) 2033/05/18 03:44:07 executing program 4 (fault-call:4 fault-nth:46): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x7a00}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:07 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 949.043607] binder: 2421:2424 ioctl 40046207 0 returned -16 [ 949.043944] binder: 2421:2463 Acquire 1 refcount change on invalid ref 1811939328 ret -22 [ 949.057927] binder: 2421:2463 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 949.065520] binder: 2421:2463 unknown command 0 [ 949.070203] binder: 2421:2463 ioctl c0306201 20000540 returned -22 2033/05/18 03:44:08 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000000000000ffff00"}, 0x6e) [ 949.120392] binder: 2466:2480 got reply transaction with no transaction stack [ 949.127786] binder: 2466:2480 transaction failed 29201/-71, size 0-0 line 2763 [ 949.160086] FAULT_INJECTION: forcing a failure. 2033/05/18 03:44:08 executing program 7: socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='teql0\x00', 0x10) r1 = socket(0x2, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r2 = socket$kcm(0xa, 0x3, 0x0) setsockopt$sock_attach_bpf(r2, 0x10d, 0x2, &(0x7f0000000000)=r2, 0x36) [ 949.160086] name failslab, interval 1, probability 0, space 0, times 0 [ 949.171395] CPU: 1 PID: 2479 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 949.172392] binder: BINDER_SET_CONTEXT_MGR already set [ 949.178582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 949.178589] Call Trace: [ 949.178616] dump_stack+0x1b9/0x294 [ 949.178642] ? dump_stack_print_info.cold.2+0x52/0x52 [ 949.178662] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 949.209776] should_fail.cold.4+0xa/0x1a [ 949.213864] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 949.218988] ? memset+0x31/0x40 [ 949.222283] ? graph_lock+0x170/0x170 [ 949.226098] ? get_random_bytes+0x34/0x40 [ 949.230266] ? crng_backtrack_protect+0x80/0x80 [ 949.234952] ? find_held_lock+0x36/0x1c0 [ 949.239030] ? __lock_is_held+0xb5/0x140 [ 949.243120] ? check_same_owner+0x320/0x320 [ 949.246524] binder: 2466:2480 ioctl 40046207 0 returned -16 [ 949.247453] ? fuse_conn_init+0x744/0x900 [ 949.247475] ? rcu_note_context_switch+0x710/0x710 [ 949.247500] __should_failslab+0x124/0x180 [ 949.247519] should_failslab+0x9/0x14 2033/05/18 03:44:08 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000000000000000300"}, 0x6e) 2033/05/18 03:44:08 executing program 0: personality(0x800010) r0 = accept4$ipx(0xffffffffffffffff, &(0x7f0000000040), &(0x7f00000000c0)=0x10, 0x800) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'veth0_to_bridge\x00', &(0x7f0000000100)=@ethtool_link_settings={0x4c}}) [ 949.247537] kmem_cache_alloc_trace+0x2cb/0x780 [ 949.274969] fuse_dev_alloc+0xb5/0x4e0 [ 949.278857] ? __lock_is_held+0xb5/0x140 [ 949.282916] ? sched_set_stop_task+0xf8/0x270 [ 949.287418] ? process_init_reply+0x1460/0x1460 [ 949.292101] ? rcu_read_lock_sched_held+0x108/0x120 [ 949.297126] ? kmem_cache_alloc_trace+0x616/0x780 [ 949.301987] fuse_fill_super+0xce0/0x1e20 [ 949.302569] binder: 2466:2484 got reply transaction with no transaction stack [ 949.306144] ? fuse_get_root_inode+0x190/0x190 2033/05/18 03:44:08 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) msgget(0x2, 0x0) msgrcv(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="0002000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r3, 0xfffffffffffffff9}, 0x8) [ 949.306168] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 949.306187] ? vsnprintf+0x242/0x1b40 [ 949.306210] ? pointer+0xa10/0xa10 [ 949.306237] ? vsprintf+0x40/0x40 [ 949.313525] binder: 2466:2484 transaction failed 29201/-71, size 0-0 line 2763 [ 949.318060] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 949.318076] ? set_blocksize+0x2c4/0x350 [ 949.318094] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 949.318113] mount_bdev+0x30c/0x3e0 [ 949.359923] ? fuse_get_root_inode+0x190/0x190 [ 949.364514] fuse_mount_blk+0x34/0x40 [ 949.368322] mount_fs+0xae/0x328 [ 949.371706] vfs_kern_mount.part.34+0xd4/0x4d0 [ 949.376296] ? may_umount+0xb0/0xb0 [ 949.379935] ? _raw_read_unlock+0x22/0x30 [ 949.384088] ? __get_fs_type+0x97/0xc0 [ 949.387988] do_mount+0x564/0x3070 [ 949.391541] ? copy_mount_string+0x40/0x40 [ 949.395774] ? rcu_pm_notify+0xc0/0xc0 [ 949.399659] ? copy_mount_options+0x5f/0x380 [ 949.404058] ? rcu_read_lock_sched_held+0x108/0x120 [ 949.409062] ? kmem_cache_alloc_trace+0x616/0x780 [ 949.413900] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 949.419424] ? _copy_from_user+0xdf/0x150 [ 949.423564] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 949.429088] ? copy_mount_options+0x285/0x380 [ 949.433572] ksys_mount+0x12d/0x140 [ 949.437188] __x64_sys_mount+0xbe/0x150 [ 949.441149] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 949.446153] do_syscall_64+0x1b1/0x800 [ 949.450042] ? finish_task_switch+0x1ca/0x840 [ 949.454527] ? syscall_return_slowpath+0x5c0/0x5c0 [ 949.459442] ? syscall_return_slowpath+0x30f/0x5c0 [ 949.464370] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 949.469726] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 949.474557] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 949.479732] RIP: 0033:0x455a09 [ 949.482915] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 949.490612] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 949.497866] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 949.505119] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 949.512376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 949.519629] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:44:08 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0405519, &(0x7f000035dffc)) r1 = memfd_create(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x1) openat$cgroup_type(r1, &(0x7f0000000040)='cgroup.type\x00', 0x2, 0x0) ioctl$VT_ACTIVATE(r1, 0x5606, 0x7) 2033/05/18 03:44:08 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000000fd00"}, 0x6e) [ 949.545437] binder: 2492:2506 Acquire 1 refcount change on invalid ref 31232 ret -22 [ 949.553581] binder: 2492:2506 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 949.561166] binder: 2492:2506 unknown command 0 [ 949.584568] binder: undelivered TRANSACTION_ERROR: 29201 2033/05/18 03:44:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 949.590556] binder: undelivered TRANSACTION_ERROR: 29201 2033/05/18 03:44:08 executing program 4 (fault-call:4 fault-nth:47): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) [ 949.641394] binder: 2517:2518 got reply transaction with no transaction stack [ 949.648791] binder: 2517:2518 transaction failed 29201/-71, size 0-0 line 2763 [ 949.699964] FAULT_INJECTION: forcing a failure. [ 949.699964] name failslab, interval 1, probability 0, space 0, times 0 [ 949.711307] CPU: 1 PID: 2524 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 949.718502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 949.727860] Call Trace: [ 949.730466] dump_stack+0x1b9/0x294 [ 949.734151] ? dump_stack_print_info.cold.2+0x52/0x52 [ 949.739621] ? rcu_is_watching+0x85/0x140 [ 949.743789] should_fail.cold.4+0xa/0x1a [ 949.745983] binder: 2492:2506 ioctl c0306201 20000540 returned -22 [ 949.747863] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 949.747883] ? kernel_text_address+0x79/0xf0 [ 949.747903] ? __unwind_start+0x166/0x330 [ 949.747920] ? __kernel_text_address+0xd/0x40 [ 949.757807] binder: BINDER_SET_CONTEXT_MGR already set [ 949.759333] ? graph_lock+0x170/0x170 [ 949.759355] ? __save_stack_trace+0x7e/0xd0 [ 949.759386] ? find_held_lock+0x36/0x1c0 [ 949.767959] binder: BINDER_SET_CONTEXT_MGR already set [ 949.772406] ? __lock_is_held+0xb5/0x140 [ 949.772442] ? check_same_owner+0x320/0x320 [ 949.772465] ? rcu_note_context_switch+0x710/0x710 [ 949.780754] binder: 2517:2518 ioctl 40046207 0 returned -16 [ 949.781536] __should_failslab+0x124/0x180 [ 949.781555] should_failslab+0x9/0x14 [ 949.781568] __kmalloc+0x2c8/0x760 [ 949.781591] ? match_number.isra.0+0xb6/0x260 [ 949.786473] binder: 2492:2506 ioctl 40046207 0 returned -16 [ 949.789942] match_number.isra.0+0xb6/0x260 [ 949.789960] ? match_strdup+0xa0/0xa0 [ 949.789979] ? match_wildcard+0x3c0/0x3c0 [ 949.789995] ? trace_hardirqs_on+0xd/0x10 [ 949.790015] match_octal+0x26/0x30 [ 949.790033] fuse_fill_super+0x615/0x1e20 [ 949.790057] ? fuse_get_root_inode+0x190/0x190 [ 949.799938] binder: 2517:2528 got reply transaction with no transaction stack [ 949.803680] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 949.803697] ? vsnprintf+0x242/0x1b40 [ 949.803721] ? pointer+0xa10/0xa10 [ 949.803750] ? vsprintf+0x40/0x40 [ 949.809219] binder: 2517:2528 transaction failed 29201/-71, size 0-0 line 2763 [ 949.814886] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 949.814903] ? set_blocksize+0x2c4/0x350 [ 949.814928] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 949.910589] mount_bdev+0x30c/0x3e0 [ 949.914227] ? fuse_get_root_inode+0x190/0x190 [ 949.918799] fuse_mount_blk+0x34/0x40 [ 949.922604] mount_fs+0xae/0x328 [ 949.925962] vfs_kern_mount.part.34+0xd4/0x4d0 [ 949.930538] ? may_umount+0xb0/0xb0 [ 949.934151] ? _raw_read_unlock+0x22/0x30 [ 949.938285] ? __get_fs_type+0x97/0xc0 [ 949.942162] do_mount+0x564/0x3070 [ 949.945700] ? copy_mount_string+0x40/0x40 [ 949.949924] ? rcu_pm_notify+0xc0/0xc0 [ 949.953805] ? copy_mount_options+0x5f/0x380 [ 949.958201] ? rcu_read_lock_sched_held+0x108/0x120 [ 949.963205] ? kmem_cache_alloc_trace+0x616/0x780 [ 949.968126] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 949.973652] ? _copy_from_user+0xdf/0x150 [ 949.977791] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 949.983312] ? copy_mount_options+0x285/0x380 [ 949.987797] ksys_mount+0x12d/0x140 [ 949.991419] __x64_sys_mount+0xbe/0x150 [ 949.995382] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 950.000387] do_syscall_64+0x1b1/0x800 [ 950.004271] ? finish_task_switch+0x1ca/0x840 [ 950.008759] ? syscall_return_slowpath+0x5c0/0x5c0 [ 950.013675] ? syscall_return_slowpath+0x30f/0x5c0 [ 950.018605] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 950.023962] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 950.028802] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 950.033975] RIP: 0033:0x455a09 [ 950.037148] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 950.044849] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 950.052103] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 950.059357] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 950.066611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 950.075352] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 950.084737] binder: 2492:2527 Acquire 1 refcount change on invalid ref 31232 ret -22 [ 950.092712] binder: 2492:2527 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 950.100316] binder: 2492:2527 unknown command 0 2033/05/18 03:44:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x1200}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:09 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000000300"}, 0x6e) 2033/05/18 03:44:09 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x1000009, &(0x7f0000000440)="c626262c850000012cf66f") getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e21, 0x9c7, @remote={0xfe, 0x80, [], 0xbb}, 0x800}}, 0xba7, 0x7, 0x5, 0xfffffffffffffff7, 0x50}, &(0x7f0000000300)=0x98) r2 = msgget(0x1, 0x4) msgget(0x2, 0x0) msgrcv(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1, 0x5, 0x2000) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000100)={0x0, 0xffff, 0x27, 0x3f, 0x6, 0x8f, 0x100, 0x245, {0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x5, 0x800, 0x9, 0x3, 0x3}}, &(0x7f00000001c0)=0xb0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r3, 0xfffffffffffffff9}, 0x8) 2033/05/18 03:44:09 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:09 executing program 7: r0 = socket(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3d, &(0x7f00000000c0)=0x2, 0x4) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$llc_int(r0, 0x10c, 0x1, &(0x7f0000000040)=0x5, 0x4) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000280)=@security={'security\x00', 0xe, 0x4, 0x3c0, 0xffffffff, 0x138, 0x0, 0x1f8, 0xffffffff, 0xffffffff, 0x328, 0x328, 0x328, 0xffffffff, 0x4, &(0x7f0000000080), {[{{@uncond, 0x0, 0xd8, 0x138, 0x0, {}, [@common=@set={0x40, 'set\x00', 0x0, {{0x4, [0x4, 0x6, 0x100000000, 0x800, 0x0, 0xfffffffffffffc00], 0x8001, 0x5, 0x401}}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @random="ca59b9f70922", 0x30c8, 0xa, [0x3b, 0x0, 0x30, 0x30, 0x2d, 0x1d, 0x34, 0x3f, 0x21, 0x12, 0x16, 0xe, 0x40, 0x2, 0x3c, 0xc], 0x0, 0x1, 0xa016}}}, {{@ip={@multicast1=0xe0000001, @dev={0xac, 0x14, 0x14, 0x17}, 0x0, 0xff, 'syzkaller0\x00', '\x00', {}, {0xff}, 0x5e, 0x2, 0x21}, 0x0, 0x98, 0xc0}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x4, 0x9, 0x1}}}, {{@uncond, 0x0, 0xe8, 0x130, 0x0, {}, [@common=@osf={0x50, 'osf\x00', 0x0, {'syz0\x00', 0xe6, 0x4, 0x2}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@dev={0xac, 0x14, 0x14, 0x1d}, 'teql0\x00', 0x5}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x420) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) 2033/05/18 03:44:09 executing program 4 (fault-call:4 fault-nth:48): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:09 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x200000010, &(0x7f0000000040)=0x1, 0x4) sendmmsg(r0, &(0x7f000000d8c0)=[{{0x0, 0x0, &(0x7f00000018c0), 0x9, 0x0, 0xfffffe78, 0xffffffffffffffff}, 0x3}], 0x1, 0x0) recvfrom(r0, &(0x7f0000000800)=""/196, 0xc4, 0xfffffffffffffffe, &(0x7f00000001c0)=@in6={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}}, 0x80) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x200, 0x0) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r2, 0x84, 0x20, &(0x7f0000000240)=0x1, 0x4) accept$inet(r2, &(0x7f0000000140)={0x0, 0x0, @remote}, &(0x7f0000000180)=0x10) setsockopt$bt_hci_HCI_FILTER(r2, 0x0, 0x2, &(0x7f0000000100)={0x2, 0x9, 0x10001, 0x1000000000}, 0x10) io_setup(0xfffffffffffffff7, &(0x7f0000000000)) [ 950.133986] binder: undelivered TRANSACTION_ERROR: 29201 [ 950.139818] binder: undelivered TRANSACTION_ERROR: 29201 [ 950.146518] binder: 2492:2527 ioctl c0306201 20000540 returned -22 [ 950.208969] binder: 2540:2546 got reply transaction with no transaction stack [ 950.216536] binder: 2540:2546 transaction failed 29201/-71, size 0-0 line 2763 [ 950.235122] FAULT_INJECTION: forcing a failure. [ 950.235122] name failslab, interval 1, probability 0, space 0, times 0 [ 950.246465] CPU: 1 PID: 2542 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 950.253759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 950.263124] Call Trace: [ 950.265735] dump_stack+0x1b9/0x294 [ 950.269380] ? dump_stack_print_info.cold.2+0x52/0x52 [ 950.274579] should_fail.cold.4+0xa/0x1a [ 950.278636] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 950.283749] ? graph_lock+0x170/0x170 [ 950.287540] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 950.292636] ? find_held_lock+0x36/0x1c0 [ 950.296693] ? __lock_is_held+0xb5/0x140 [ 950.300752] ? check_same_owner+0x320/0x320 [ 950.305062] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 950.310674] ? rcu_note_context_switch+0x710/0x710 [ 950.315593] __should_failslab+0x124/0x180 [ 950.319816] should_failslab+0x9/0x14 [ 950.323602] kmem_cache_alloc_trace+0x2cb/0x780 [ 950.328257] ? __raw_spin_lock_init+0x1c/0x100 [ 950.332832] device_create_groups_vargs+0xa7/0x270 [ 950.337750] device_create_vargs+0x46/0x60 [ 950.341977] bdi_register_va.part.10+0xbb/0x9b0 [ 950.346634] ? cgwb_kill+0x630/0x630 [ 950.350340] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 950.355860] ? bdi_init+0x416/0x510 [ 950.359476] ? wb_init+0x9e0/0x9e0 [ 950.363010] ? bdi_alloc_node+0x67/0xe0 [ 950.366974] ? bdi_alloc_node+0x67/0xe0 [ 950.370938] ? rcu_read_lock_sched_held+0x108/0x120 [ 950.375942] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 950.381213] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 950.386758] ? refcount_sub_and_test+0x212/0x330 [ 950.391502] bdi_register_va+0x68/0x80 [ 950.395379] super_setup_bdi_name+0x123/0x220 [ 950.399860] ? kill_block_super+0x100/0x100 [ 950.404171] ? kmem_cache_alloc_trace+0x616/0x780 [ 950.409009] fuse_fill_super+0xe6e/0x1e20 [ 950.413160] ? fuse_get_root_inode+0x190/0x190 [ 950.417731] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 950.423257] ? vsnprintf+0x242/0x1b40 [ 950.427053] ? pointer+0xa10/0xa10 [ 950.430599] ? vsprintf+0x40/0x40 [ 950.434051] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 950.439054] ? set_blocksize+0x2c4/0x350 [ 950.443107] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 950.448638] mount_bdev+0x30c/0x3e0 [ 950.452253] ? fuse_get_root_inode+0x190/0x190 [ 950.456823] fuse_mount_blk+0x34/0x40 [ 950.460611] mount_fs+0xae/0x328 [ 950.463978] vfs_kern_mount.part.34+0xd4/0x4d0 [ 950.468561] ? may_umount+0xb0/0xb0 [ 950.472177] ? _raw_read_unlock+0x22/0x30 [ 950.476319] ? __get_fs_type+0x97/0xc0 [ 950.480197] do_mount+0x564/0x3070 [ 950.483731] ? copy_mount_string+0x40/0x40 [ 950.487951] ? rcu_pm_notify+0xc0/0xc0 [ 950.491830] ? copy_mount_options+0x5f/0x380 [ 950.496224] ? rcu_read_lock_sched_held+0x108/0x120 [ 950.501227] ? kmem_cache_alloc_trace+0x616/0x780 [ 950.506074] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 950.511619] ? _copy_from_user+0xdf/0x150 [ 950.515759] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 950.521282] ? copy_mount_options+0x285/0x380 [ 950.525768] ksys_mount+0x12d/0x140 [ 950.529386] __x64_sys_mount+0xbe/0x150 [ 950.533347] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 950.538352] do_syscall_64+0x1b1/0x800 [ 950.542227] ? finish_task_switch+0x1ca/0x840 [ 950.546719] ? syscall_return_slowpath+0x5c0/0x5c0 [ 950.551635] ? syscall_return_slowpath+0x30f/0x5c0 [ 950.556552] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 950.561908] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 950.566743] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 950.571927] RIP: 0033:0x455a09 [ 950.575101] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 950.582797] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 950.590054] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 950.597317] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 2033/05/18 03:44:09 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000300"}, 0x6e) [ 950.604570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 950.611829] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:44:09 executing program 7: r0 = socket(0x2, 0x1, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000100)={{{@in=@loopback, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@broadcast}}, &(0x7f0000000200)=0xe8) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000280)={r1, 0x1, 0x6, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x13}}, 0x10) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0}, &(0x7f0000000080)=0xc) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f00000000c0)=r2) r3 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r3, 0x10d, 0x2, &(0x7f0000000000)=r3, 0x36) 2033/05/18 03:44:09 executing program 0: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer\x00', 0x10003, 0x0) getpeername$ax25(r0, &(0x7f0000000040), &(0x7f0000000280)=0x10) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000000240)={0x4, 0x5, 0x2, 0x4, "92f5b181d765fbd543f00f03d8f8c0d7d8192ddba4cc733d482ab909646e27e63319266a71fda56bcdd3f568", 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fafff7)='/dev/kvm\x00', 0x0, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0x400080, 0x0) ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r2, 0x404c534a, &(0x7f0000000180)={0x1f, 0x4, 0x7fffffff}) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000480)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000a5f000/0x1000)=nil}) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x200, 0x0) getsockopt$nfc_llcp(r4, 0x118, 0x3, &(0x7f0000000080)=""/144, 0x90) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 2033/05/18 03:44:09 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000effdffff00"}, 0x6e) 2033/05/18 03:44:09 executing program 6: r0 = socket(0x4, 0x842, 0x1) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000140)={0x0, 0x100000000, 0x10}, &(0x7f0000000180)=0xc) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000001c0)={r1, 0x8000}, &(0x7f0000000200)=0x8) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/uinput\x00', 0x4000000101, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) ioctl$UFFDIO_COPY(r2, 0xc00c55ca, &(0x7f0000000080)={&(0x7f0000ffd000/0x2000)=nil, 0x2000}) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000000280)=0x14) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e20, 0x8000, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0x14}}, 0x7}}, 0x20, 0x101, 0x61c, 0x5, 0x7}, &(0x7f00000000c0)=0x98) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000100)=r3, 0x4) write(r0, &(0x7f000067c000)="220000002100070700be0000090007010a00001e00003c0000ff040405000c000000", 0x22) setsockopt$IP_VS_SO_SET_EDITDEST(r0, 0x0, 0x489, &(0x7f0000000300)={{0x62, @loopback=0x7f000001, 0x4e22, 0x2, 'nq\x00', 0x0, 0x7, 0x35}, {@multicast2=0xe0000002, 0x4e21, 0x3, 0x7ff, 0x2, 0x6}}, 0x44) [ 950.659856] binder: BINDER_SET_CONTEXT_MGR already set [ 950.671852] binder: 2540:2558 got reply transaction with no transaction stack [ 950.679267] binder: 2540:2558 transaction failed 29201/-71, size 0-0 line 2763 [ 950.681089] binder: 2540:2546 ioctl 40046207 0 returned -16 2033/05/18 03:44:09 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = fcntl$dupfd(r0, 0x406, r0) ioctl$BLKIOMIN(r1, 0x1278, &(0x7f0000000040)) r2 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r2, 0x10d, 0x2, &(0x7f0000000000)=r2, 0x36) ioctl$ASHMEM_GET_SIZE(r1, 0x7704, 0x0) 2033/05/18 03:44:09 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:09 executing program 4 (fault-call:4 fault-nth:49): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) [ 950.783227] binder: 2556:2562 Acquire 1 refcount change on invalid ref 4608 ret -22 [ 950.791197] binder: 2556:2562 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 950.798786] binder: 2556:2562 unknown command 0 [ 950.806208] binder: 2556:2562 ioctl c0306201 20000540 returned -22 [ 950.899710] FAULT_INJECTION: forcing a failure. [ 950.899710] name failslab, interval 1, probability 0, space 0, times 0 [ 950.904536] binder: undelivered TRANSACTION_ERROR: 29201 [ 950.911018] CPU: 1 PID: 2583 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 950.916744] binder: undelivered TRANSACTION_ERROR: 29201 [ 950.923625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 950.923631] Call Trace: [ 950.923657] dump_stack+0x1b9/0x294 [ 950.923678] ? dump_stack_print_info.cold.2+0x52/0x52 [ 950.923701] ? is_bpf_text_address+0xd7/0x170 [ 950.954764] should_fail.cold.4+0xa/0x1a [ 950.958817] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 950.963916] ? graph_lock+0x170/0x170 [ 950.967713] ? save_stack+0xa9/0xd0 [ 950.971339] ? save_stack+0x43/0xd0 [ 950.974952] ? kasan_kmalloc+0xc4/0xe0 [ 950.978832] ? find_held_lock+0x36/0x1c0 [ 950.982887] ? __lock_is_held+0xb5/0x140 [ 950.986946] ? check_same_owner+0x320/0x320 [ 950.991258] ? rcu_note_context_switch+0x710/0x710 [ 950.996179] __should_failslab+0x124/0x180 [ 951.000405] should_failslab+0x9/0x14 [ 951.004201] kmem_cache_alloc_trace+0x2cb/0x780 [ 951.008860] ? refcount_add_not_zero+0x320/0x320 [ 951.013613] device_private_init+0x98/0x230 [ 951.017921] ? virtual_device_parent+0x60/0x60 [ 951.022496] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 951.028034] ? refcount_inc+0x29/0x70 [ 951.031825] device_add+0xe98/0x16d0 [ 951.035620] ? device_private_init+0x230/0x230 [ 951.040195] ? kfree+0x1e9/0x260 [ 951.043565] ? kfree_const+0x5e/0x70 [ 951.047270] device_create_groups_vargs+0x1ff/0x270 [ 951.052720] device_create_vargs+0x46/0x60 [ 951.056942] bdi_register_va.part.10+0xbb/0x9b0 [ 951.061601] ? cgwb_kill+0x630/0x630 [ 951.065303] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 951.070824] ? bdi_init+0x416/0x510 [ 951.074435] ? wb_init+0x9e0/0x9e0 [ 951.077966] ? bdi_alloc_node+0x67/0xe0 [ 951.081935] ? bdi_alloc_node+0x67/0xe0 [ 951.085896] ? rcu_read_lock_sched_held+0x108/0x120 [ 951.090904] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 951.096171] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 951.101695] ? refcount_sub_and_test+0x212/0x330 [ 951.106452] bdi_register_va+0x68/0x80 [ 951.110332] super_setup_bdi_name+0x123/0x220 [ 951.114814] ? kill_block_super+0x100/0x100 [ 951.119134] ? kmem_cache_alloc_trace+0x616/0x780 [ 951.123972] fuse_fill_super+0xe6e/0x1e20 [ 951.128111] ? fuse_get_root_inode+0x190/0x190 [ 951.132683] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 951.138217] ? vsnprintf+0x242/0x1b40 [ 951.142012] ? pointer+0xa10/0xa10 [ 951.145553] ? vsprintf+0x40/0x40 [ 951.148996] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 951.154007] ? set_blocksize+0x2c4/0x350 [ 951.158077] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 951.163602] mount_bdev+0x30c/0x3e0 [ 951.167215] ? fuse_get_root_inode+0x190/0x190 [ 951.171783] fuse_mount_blk+0x34/0x40 [ 951.175582] mount_fs+0xae/0x328 [ 951.178939] vfs_kern_mount.part.34+0xd4/0x4d0 [ 951.183507] ? may_umount+0xb0/0xb0 [ 951.187127] ? _raw_read_unlock+0x22/0x30 [ 951.191262] ? __get_fs_type+0x97/0xc0 [ 951.195153] do_mount+0x564/0x3070 [ 951.198686] ? copy_mount_string+0x40/0x40 [ 951.202918] ? rcu_pm_notify+0xc0/0xc0 [ 951.206807] ? copy_mount_options+0x5f/0x380 [ 951.211212] ? rcu_read_lock_sched_held+0x108/0x120 [ 951.216217] ? kmem_cache_alloc_trace+0x616/0x780 [ 951.221049] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 951.226578] ? _copy_from_user+0xdf/0x150 [ 951.230718] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 951.236238] ? copy_mount_options+0x285/0x380 [ 951.240723] ksys_mount+0x12d/0x140 [ 951.244338] __x64_sys_mount+0xbe/0x150 [ 951.248298] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 951.253303] do_syscall_64+0x1b1/0x800 [ 951.257196] ? syscall_return_slowpath+0x5c0/0x5c0 [ 951.262114] ? syscall_return_slowpath+0x30f/0x5c0 [ 951.267038] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 951.272397] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 951.277229] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 951.282401] RIP: 0033:0x455a09 [ 951.285582] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 951.293285] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 951.300583] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 951.307838] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 951.315092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 951.322356] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 951.345649] binder: BINDER_SET_CONTEXT_MGR already set [ 951.359164] binder: 2556:2562 ioctl 40046207 0 returned -16 [ 951.365480] binder: 2556:2590 Acquire 1 refcount change on invalid ref 4608 ret -22 [ 951.373467] binder: 2556:2590 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 951.381066] binder: 2556:2590 unknown command 0 [ 951.388148] binder: 2556:2590 ioctl c0306201 20000540 returned -22 2033/05/18 03:44:10 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000000000000000500"}, 0x6e) 2033/05/18 03:44:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:10 executing program 4 (fault-call:4 fault-nth:50): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:10 executing program 6: r0 = socket(0xa, 0x2, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="c626262c8523bf012cf66f") readv(0xffffffffffffffff, &(0x7f00000013c0)=[{&(0x7f0000000040)=""/20, 0x14}, {&(0x7f0000000080)}, {&(0x7f0000000100)=""/88, 0x58}, {&(0x7f00000011c0)=""/150, 0x6e}, {&(0x7f0000001280)=""/57, 0x39}, {&(0x7f00000012c0)=""/16, 0x10}, {&(0x7f0000001300)=""/92, 0x5c}, {&(0x7f0000001380)=""/20, 0x14}], 0x8) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f00000000c0)='cgroup.subtree_control\x00', 0x2, 0x0) pwritev(r2, &(0x7f0000000200), 0x100000000000033a, 0x0) 2033/05/18 03:44:10 executing program 0: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x0, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") mprotect(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) pread64(r0, &(0x7f00000002c0)=""/5, 0x5, 0x0) 2033/05/18 03:44:10 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x210200, 0x0) ioctl$SG_SET_COMMAND_Q(r2, 0x2271, &(0x7f0000000080)=0x1) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) 2033/05/18 03:44:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x7}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 951.478324] binder: 2596:2605 got reply transaction with no transaction stack [ 951.485702] binder: 2596:2605 transaction failed 29201/-71, size 0-0 line 2763 [ 951.501763] FAULT_INJECTION: forcing a failure. [ 951.501763] name failslab, interval 1, probability 0, space 0, times 0 [ 951.513075] CPU: 1 PID: 2606 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 951.520270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 951.529748] Call Trace: [ 951.532353] dump_stack+0x1b9/0x294 [ 951.536027] ? dump_stack_print_info.cold.2+0x52/0x52 [ 951.541251] should_fail.cold.4+0xa/0x1a [ 951.545329] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 951.550451] ? graph_lock+0x170/0x170 [ 951.554272] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 951.559390] ? find_held_lock+0x36/0x1c0 [ 951.563478] ? __lock_is_held+0xb5/0x140 [ 951.567552] ? cayman_startup+0x37d0/0x7ed0 [ 951.571903] ? check_same_owner+0x320/0x320 [ 951.576243] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 951.581789] ? rcu_note_context_switch+0x710/0x710 [ 951.586718] __should_failslab+0x124/0x180 [ 951.590954] should_failslab+0x9/0x14 [ 951.594745] kmem_cache_alloc_trace+0x2cb/0x780 [ 951.599424] ? __raw_spin_lock_init+0x1c/0x100 [ 951.604000] device_create_groups_vargs+0xa7/0x270 [ 951.608930] device_create_vargs+0x46/0x60 [ 951.613159] bdi_register_va.part.10+0xbb/0x9b0 [ 951.617816] ? cgwb_kill+0x630/0x630 [ 951.621523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 951.627052] ? bdi_init+0x416/0x510 [ 951.630665] ? wb_init+0x9e0/0x9e0 [ 951.634201] ? bdi_alloc_node+0x67/0xe0 [ 951.638161] ? bdi_alloc_node+0x67/0xe0 [ 951.642126] ? rcu_read_lock_sched_held+0x108/0x120 [ 951.647137] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 951.652408] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 951.657937] ? refcount_sub_and_test+0x212/0x330 [ 951.662683] bdi_register_va+0x68/0x80 [ 951.666565] super_setup_bdi_name+0x123/0x220 [ 951.671051] ? kill_block_super+0x100/0x100 [ 951.675359] ? kmem_cache_alloc_trace+0x616/0x780 [ 951.680196] fuse_fill_super+0xe6e/0x1e20 [ 951.684343] ? fuse_get_root_inode+0x190/0x190 [ 951.688915] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 951.694442] ? vsnprintf+0x242/0x1b40 [ 951.698255] ? pointer+0xa10/0xa10 [ 951.701789] ? vsprintf+0x40/0x40 [ 951.705233] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 951.710239] ? set_blocksize+0x2c4/0x350 [ 951.714292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 951.719829] mount_bdev+0x30c/0x3e0 [ 951.723453] ? fuse_get_root_inode+0x190/0x190 [ 951.728037] fuse_mount_blk+0x34/0x40 [ 951.732009] mount_fs+0xae/0x328 [ 951.735381] vfs_kern_mount.part.34+0xd4/0x4d0 [ 951.739954] ? may_umount+0xb0/0xb0 [ 951.743571] ? _raw_read_unlock+0x22/0x30 [ 951.747702] ? __get_fs_type+0x97/0xc0 [ 951.751580] do_mount+0x564/0x3070 [ 951.755110] ? interrupt_entry+0xb1/0xf0 [ 951.759167] ? copy_mount_string+0x40/0x40 [ 951.763390] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 951.768144] ? retint_kernel+0x10/0x10 [ 951.772051] ? copy_mount_options+0x1e3/0x380 [ 951.776535] ? write_comp_data+0x11/0x70 [ 951.780587] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 951.786109] ? copy_mount_options+0x285/0x380 [ 951.790602] ksys_mount+0x12d/0x140 [ 951.794215] __x64_sys_mount+0xbe/0x150 [ 951.798175] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 951.803178] do_syscall_64+0x1b1/0x800 [ 951.807068] ? finish_task_switch+0x1ca/0x840 [ 951.811549] ? syscall_return_slowpath+0x5c0/0x5c0 [ 951.816469] ? syscall_return_slowpath+0x30f/0x5c0 [ 951.821386] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 951.826740] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 951.831571] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 951.836753] RIP: 0033:0x455a09 [ 951.839927] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 951.847633] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 951.854901] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 951.862163] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 951.869420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 2033/05/18 03:44:10 executing program 0: r0 = epoll_create1(0x0) r1 = getpgrp(0xffffffffffffffff) r2 = msgget(0x1, 0x100) msgsnd(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="030000000000000013be0e40553aa497b9344df8d11fa1025e6fa6a7f7c5343f55807a977ebafa398aecaf0c47dc163ce36723a8cf6bd693e1087f6017b997e68e3094a5354dee51299223e7048ec26b29a27a7d8c6a3bbbaec25acf0b0e6c357bfaec09d8d7969856c8eb66511255068df7a23fa4e0dcb271bf1e6058652e394f316f0a8776913d96a6da8ac52d99b1989c0e9040ba0a1e7d3f6e190b5a94055c713ff118ffa37c8624400994c159c484663c504362d621e22189a219a62faad3853779f7f4171bbbef81d6f3bfe0bd4c"], 0xd1, 0x800) fcntl$lock(r0, 0x26, &(0x7f0000000040)={0x0, 0x1, 0xfffffffffffffffd, 0x3f, r1}) 2033/05/18 03:44:10 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000000000000fd00"}, 0x6e) 2033/05/18 03:44:10 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r2, 0x10d, 0x2, &(0x7f0000000000)=r2, 0x36) r3 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={0x73, 0x79, 0x7a, 0x2}, &(0x7f00000000c0)="4d3002391d22afe41cf7bb36fe37050a8c3a703955856c4b3cd290b68a6e937b7cd06d30815596e3efbdce84da24923ebecbaaa36361570bf5bf9a81e455f0db8f85237d4abb373cc07c26e98e668751879507", 0x53, 0xfffffffffffffffd) r4 = add_key$keyring(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000200)={0x73, 0x79, 0x7a, 0x0}, 0x0, 0x0, 0xfffffffffffffffd) add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000180)={0x73, 0x79, 0x7a, 0x0}, 0x0, 0x0, r4) keyctl$get_keyring_id(0x0, r3, 0x9) [ 951.876675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:44:10 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f00000002c0)={'filter\x00', 0x7, 0x4, 0x480, 0x280, 0x0, 0x0, 0x398, 0x398, 0x398, 0x4, &(0x7f0000000040), {[{{@arp={@broadcast=0xffffffff, @dev={0xac, 0x14, 0x14, 0xc}, 0x0, 0x0, @empty, {[0xff, 0xff, 0x0, 0x0, 0xff, 0xff]}, @mac=@remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, {[0xff, 0x0, 0x0, 0xff, 0xff, 0xff]}, 0x6, 0x0, 0xffffffff00000001, 0x3, 0x7, 0x0, 'teql0\x00', 'bcsf0\x00', {0xff}, {}, 0x0, 0x1c0}, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, @empty, @rand_addr=0x3, @rand_addr=0x30, 0x1, 0x1}}}, {{@arp={@broadcast=0xffffffff, @loopback=0x7f000001, 0xffffffff, 0x0, @empty, {[0x0, 0xff, 0xff, 0x0, 0xff, 0xff]}, @empty, {[0x0, 0xff, 0xff, 0x0, 0xff, 0xff]}, 0x401, 0x0, 0x1ff, 0x20, 0x101, 0x6, 'veth0_to_team\x00', 'yam0\x00', {}, {}, 0x0, 0x380}, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @loopback=0x7f000001, @loopback=0x7f000001, 0x8, 0xffffffff}}}, {{@arp={@remote={0xac, 0x14, 0x14, 0xbb}, @remote={0xac, 0x14, 0x14, 0xbb}, 0xff000000, 0xffffffff, @empty, {[0xff, 0x0, 0x0, 0xff]}, @empty, {[0x0, 0x0, 0xff, 0x0, 0xff]}, 0x5, 0x80000001, 0x1, 0x2, 0x0, 0x3, 'syzkaller0\x00', 'gre0\x00', {0xff}, {0xff}, 0x0, 0x100}, 0xf0, 0x118}, @unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x8001, 0x5}}}], {{[], 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x4d0) r1 = syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0x401, 0x101940) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000ffe000/0x1000)=nil, 0x1000}, 0x2}) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000000)=@dstopts, 0x8) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000007c0)=@filter={'filter\x00', 0xe, 0x4, 0x490, 0xffffffff, 0x148, 0x288, 0x288, 0xffffffff, 0xffffffff, 0x3c0, 0x3c0, 0x3c0, 0xffffffff, 0x4, &(0x7f0000000080), {[{{@ipv6={@local={0xfe, 0x80, [], 0xaa}, @mcast1={0xff, 0x1, [], 0x1}, [0xffffff00, 0xffffffff, 0xff, 0xffffffff], [0xffffffff, 0xffffff00, 0xffffffff, 0xffffffff], 'bridge_slave_0\x00', 'bond_slave_1\x00', {0xff}, {0xff}, 0x2f, 0x6, 0x5, 0x6c}, 0x0, 0x120, 0x148, 0x0, {}, [@common=@frag={0x30, 'frag\x00', 0x0, {0x1, 0xfff, 0xdf4, 0x20, 0x3}}, @common=@hl={0x28, 'hl\x00', 0x0, {0x0, 0x8}}]}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x1c, 0x9, 0x401}}}, {{@uncond, 0x0, 0x118, 0x140, 0x0, {}, [@common=@inet=@set3={0x50, 'set\x00', 0x3, {{0x7, 0x1, 0x2}, {0x100000000, 0x2}, {0x1000, 0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0x1}}}, {{@ipv6={@mcast2={0xff, 0x2, [], 0x1}, @remote={0xfe, 0x80, [], 0xbb}, [0xffffff00, 0xffffff00, 0xffffffff, 0xffffffff], [0x276667faddaeb4f8, 0xff, 0xffffff00, 0xffffffff], 'sit0\x00', 'vcan0\x00', {0xff}, {0xff}, 0x3a, 0x5, 0x4, 0x51}, 0x0, 0x110, 0x138, 0x0, {}, [@common=@dst={0x48, 'dst\x00', 0x0, {0x9, 0x4, 0x0, [0x5, 0x6, 0x1e, 0x40, 0xe0, 0x66a, 0xc9, 0x100000001, 0x6, 0x7, 0xfff, 0x4, 0x7fff, 0xfffffffffffffff9, 0x8, 0x3], 0x8}}]}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x4f0) getsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f00000001c0)=""/101, &(0x7f0000000280)=0x65) [ 951.916182] binder: BINDER_SET_CONTEXT_MGR already set [ 951.927790] binder: 2596:2605 ioctl 40046207 0 returned -16 [ 951.943787] binder: 2596:2622 got reply transaction with no transaction stack [ 951.951188] binder: 2596:2622 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:10 executing program 0: perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$void(0x20) 2033/05/18 03:44:10 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000000fffffdef00"}, 0x6e) 2033/05/18 03:44:10 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x100000000, &(0x7f0000000300)="c626bf012c374e0000000000000004f3f11a712cdba9013a3bf8c9d6fec3c12f3054705621b38ade39cbc6a53b5baf53d7bdafb2137ea6d1cb0adfb836bad7c8d7057b52a01b19d53e4670") r1 = socket$kcm(0xa, 0x6, 0x0) r2 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={0x73, 0x79, 0x7a, 0x1}, &(0x7f00000000c0)="0cacd7ca9b2f3e55eb67e30d1aa726dfc2ba39ebea05c884539aaa63f3aad3daf90679ba24fe3b36a96ed3de3e1e7cad8146e027b525b24d60dd8633b79b44ee8578ef8abaf165f2ae08a18da87b58d8e52df0ffbffeb3229b8d04d6662338f05fe790d6448909b44a7302d72a5ca5018905da1a254cb63c7d28afea9c63c624ac742f70f3bd4af04388c85672c6909f59a83958dc", 0x95, 0xfffffffffffffffb) r3 = request_key(&(0x7f0000000180)='rxrpc\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x0}, &(0x7f0000000200)=',mime_typeuserbdevtrusted@securitybdev!\x00', 0xffffffffffffffff) keyctl$reject(0x13, r2, 0x200, 0x80, r3) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={0x0, @in={{0x2, 0x4e22}}, 0x7, 0x8, 0x1000, 0x317d, 0x20}, &(0x7f0000000380)=0x98) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f00000003c0)={r4, @in6={{0xa, 0x4e23, 0x88cc, @loopback={0x0, 0x1}, 0x3}}, 0xfff, 0xd0}, &(0x7f0000000480)=0x90) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) [ 951.959201] binder: 2620:2624 Acquire 1 refcount change on invalid ref 7 ret -22 [ 951.959218] binder: 2620:2624 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 951.959227] binder: 2620:2624 unknown command 0 2033/05/18 03:44:10 executing program 4 (fault-call:4 fault-nth:51): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 951.959238] binder: 2620:2624 ioctl c0306201 20000540 returned -22 2033/05/18 03:44:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 951.967732] binder: BINDER_SET_CONTEXT_MGR already set [ 951.967746] binder: 2620:2624 ioctl 40046207 0 returned -16 2033/05/18 03:44:11 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000002000008000"}, 0x6e) 2033/05/18 03:44:11 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rfkill\x00', 0x20400, 0x0) ioctl$KVM_SET_FPU(r2, 0x41a0ae8d, &(0x7f0000000280)={[], 0x6, 0x2, 0x3, 0x0, 0x3, 0x4, 0x12004, [], 0x6}) getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x42, &(0x7f0000000040)={'icmp6\x00'}, &(0x7f0000000080)=0x1e) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000140)={0x0, 0xf5, "56fe42c2c77af7a10adb3a96305d08f2c8e88984af1baf20d742c3547ffb34e14124c01ac17ae1f44f6e01868bbd7032ec3abf1d7581ebe53f1b39d7daa2512d7d9d54ed3d10eda079d2effcb0a1a4c7954792070581b004c9ff8e5c7efc73865ded7186ea6ecb9f959f870e1be0f31fc6be1d0f1ed013473113aacb60e1ae67d77681b823f0c2be3e2c83bdfe03e6b0987e5d591fcc19ace9c02f4f3df83c65bec8483d0532c53f885bcc025660bdb1cac457c3eff5f742a723382803655851063d00e14035a80e4fd95bd59bd29270c3de16803ecc81f1d25adec130400b873616c64341a6c5925c06555f4510ac9a239a0bb0e8"}, &(0x7f0000000440)=0xfd) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000480)={r3, 0x2, 0x20, 0xfff, 0x9}, &(0x7f00000004c0)=0x18) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x2}) setsockopt$l2tp_PPPOL2TP_SO_DEBUG(r0, 0x111, 0x1, 0x4, 0x4) [ 951.969626] binder: 2620:2631 Acquire 1 refcount change on invalid ref 7 ret -22 [ 951.969642] binder: 2620:2631 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 951.969653] binder: 2620:2631 unknown command 0 2033/05/18 03:44:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x630b}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:11 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000dfdfee)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r0, &(0x7f000004d000)=[{{}, 0x0, 0x1}, {{0x2}}], 0x30) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000040)=0x7) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000000)) socket$inet_dccp(0x2, 0x6, 0x0) 2033/05/18 03:44:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:11 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000000200"}, 0x6e) [ 951.969666] binder: 2620:2631 ioctl c0306201 20000540 returned -22 2033/05/18 03:44:11 executing program 4 (fault-call:4 fault-nth:52): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) [ 952.072168] binder: undelivered TRANSACTION_ERROR: 29201 [ 952.072361] binder: undelivered TRANSACTION_ERROR: 29201 2033/05/18 03:44:11 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x2) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000340)='/dev/mixer\x00', 0x40002, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000000c0)={{{@in=@dev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in6=@mcast1}}, &(0x7f0000000000)=0xe8) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchown(r0, r2, r3) [ 952.113416] binder: 2645:2646 got reply transaction with no transaction stack [ 952.113432] binder: 2645:2646 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:11 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000040)={{{@in6=@remote, @in6=@ipv4={[], [], @multicast2}}}, {{@in=@multicast2}, 0x0, @in6=@dev}}, &(0x7f0000000140)=0xe8) socket(0x9, 0x334fa28970b5eb94, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cpuacct.stat\x00', 0x0, 0x0) ioctl$KVM_GET_EMULATED_CPUID(r2, 0xc008ae09, &(0x7f0000000280)=""/196) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000200)=0x40) [ 952.113860] binder: BINDER_SET_CONTEXT_MGR already set [ 952.113882] binder: 2645:2646 ioctl 40046207 0 returned -16 [ 952.132172] binder: 2645:2647 got reply transaction with no transaction stack [ 952.132190] binder: 2645:2647 transaction failed 29201/-71, size 0-0 line 2763 [ 952.156267] FAULT_INJECTION: forcing a failure. [ 952.156267] name failslab, interval 1, probability 0, space 0, times 0 [ 952.156287] CPU: 1 PID: 2650 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 952.156296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 952.156302] Call Trace: [ 952.156327] dump_stack+0x1b9/0x294 [ 952.156349] ? dump_stack_print_info.cold.2+0x52/0x52 [ 952.156375] should_fail.cold.4+0xa/0x1a [ 952.156395] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 952.156412] ? zap_class+0x720/0x720 [ 952.156427] ? trace_hardirqs_on+0xd/0x10 [ 952.156445] ? graph_lock+0x170/0x170 [ 952.156462] ? graph_lock+0x170/0x170 [ 952.156482] ? find_held_lock+0x36/0x1c0 [ 952.156505] ? __lock_is_held+0xb5/0x140 [ 952.156525] ? get_victim_by_default+0x1570/0x3550 [ 952.156554] ? check_same_owner+0x320/0x320 [ 952.156574] ? rcu_note_context_switch+0x710/0x710 [ 952.156593] __should_failslab+0x124/0x180 [ 952.156616] should_failslab+0x9/0x14 [ 952.156634] kmem_cache_alloc_trace+0x2cb/0x780 [ 952.156649] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 952.156667] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 952.156687] wb_congested_get_create+0x1ca/0x450 [ 952.156707] ? wb_wakeup_delayed+0xf0/0xf0 [ 952.156725] ? __lockdep_init_map+0x105/0x590 [ 952.156744] wb_init+0x62e/0x9e0 [ 952.156763] ? bdi_put+0x180/0x180 [ 952.156780] ? mark_held_locks+0xc9/0x160 [ 952.156793] ? do_mount+0x564/0x3070 [ 952.156812] ? __raw_spin_lock_init+0x1c/0x100 [ 952.156833] ? mark_held_locks+0xc9/0x160 [ 952.156851] ? __raw_spin_lock_init+0x1c/0x100 [ 952.156868] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 952.156888] ? lockdep_init_map+0x9/0x10 [ 952.156905] bdi_init+0x353/0x510 [ 952.156919] ? wb_init+0x9e0/0x9e0 [ 952.156936] ? bdi_alloc_node+0x67/0xe0 [ 952.156949] ? bdi_alloc_node+0x67/0xe0 [ 952.156965] ? rcu_read_lock_sched_held+0x108/0x120 [ 952.156982] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 952.157020] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 952.157041] ? refcount_sub_and_test+0x212/0x330 [ 952.157064] bdi_alloc_node+0x81/0xe0 [ 952.157083] super_setup_bdi_name+0x8b/0x220 [ 952.157099] ? kill_block_super+0x100/0x100 [ 952.157114] ? rcu_read_lock_sched_held+0x108/0x120 [ 952.157130] ? kmem_cache_alloc_trace+0x616/0x780 [ 952.157156] fuse_fill_super+0xe6e/0x1e20 [ 952.157179] ? fuse_get_root_inode+0x190/0x190 [ 952.157201] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 952.157218] ? vsnprintf+0x242/0x1b40 [ 952.157240] ? pointer+0xa10/0xa10 [ 952.157269] ? vsprintf+0x40/0x40 [ 952.157287] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 952.157303] ? set_blocksize+0x2c4/0x350 [ 952.157322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 952.157341] mount_bdev+0x30c/0x3e0 [ 952.157355] ? fuse_get_root_inode+0x190/0x190 [ 952.157373] fuse_mount_blk+0x34/0x40 [ 952.157390] mount_fs+0xae/0x328 [ 952.157410] vfs_kern_mount.part.34+0xd4/0x4d0 [ 952.157427] ? may_umount+0xb0/0xb0 [ 952.157443] ? _raw_read_unlock+0x22/0x30 [ 952.157457] ? __get_fs_type+0x97/0xc0 [ 952.157478] do_mount+0x564/0x3070 [ 952.157496] ? copy_mount_string+0x40/0x40 [ 952.157509] ? rcu_pm_notify+0xc0/0xc0 [ 952.157532] ? copy_mount_options+0x5f/0x380 [ 952.157547] ? rcu_read_lock_sched_held+0x108/0x120 [ 952.157562] ? kmem_cache_alloc_trace+0x616/0x780 [ 952.157583] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 952.157598] ? _copy_from_user+0xdf/0x150 [ 952.157618] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 952.157632] ? copy_mount_options+0x285/0x380 [ 952.157651] ksys_mount+0x12d/0x140 [ 952.157669] __x64_sys_mount+0xbe/0x150 [ 952.157683] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 952.157701] do_syscall_64+0x1b1/0x800 [ 952.157717] ? finish_task_switch+0x1ca/0x840 [ 952.157734] ? syscall_return_slowpath+0x5c0/0x5c0 [ 952.157752] ? syscall_return_slowpath+0x30f/0x5c0 [ 952.157770] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 952.157791] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 952.157815] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 952.157826] RIP: 0033:0x455a09 [ 952.157837] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 952.157852] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 952.157862] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 952.157873] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 952.157883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 952.157892] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 952.205777] binder: undelivered TRANSACTION_ERROR: 29201 [ 952.206051] binder: undelivered TRANSACTION_ERROR: 29201 [ 952.267419] binder: 2664:2665 got reply transaction with no transaction stack [ 952.267436] binder: 2664:2665 transaction failed 29201/-71, size 0-0 line 2763 [ 952.267929] binder: BINDER_SET_CONTEXT_MGR already set [ 952.267946] binder: 2664:2665 ioctl 40046207 0 returned -16 [ 952.272339] binder: 2664:2671 got reply transaction with no transaction stack [ 952.272356] binder: 2664:2671 transaction failed 29201/-71, size 0-0 line 2763 [ 952.353392] binder: undelivered TRANSACTION_ERROR: 29201 [ 952.353989] FAULT_INJECTION: forcing a failure. [ 952.353989] name failslab, interval 1, probability 0, space 0, times 0 [ 952.354013] CPU: 0 PID: 2676 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 952.354026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 952.354035] Call Trace: [ 952.354061] dump_stack+0x1b9/0x294 [ 952.354088] ? dump_stack_print_info.cold.2+0x52/0x52 [ 952.354129] should_fail.cold.4+0xa/0x1a [ 952.354153] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 952.354186] ? graph_lock+0x170/0x170 [ 952.354205] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 952.354232] ? find_held_lock+0x36/0x1c0 [ 952.354261] ? __lock_is_held+0xb5/0x140 [ 952.354280] ? nfs_fh_to_dentry+0x290/0x390 [ 952.354322] ? check_same_owner+0x320/0x320 [ 952.354344] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 952.354365] ? rcu_note_context_switch+0x710/0x710 [ 952.354394] __should_failslab+0x124/0x180 [ 952.354413] should_failslab+0x9/0x14 [ 952.354430] kmem_cache_alloc_trace+0x2cb/0x780 [ 952.354452] ? __raw_spin_lock_init+0x1c/0x100 [ 952.354495] device_create_groups_vargs+0xa7/0x270 [ 952.354525] device_create_vargs+0x46/0x60 [ 952.354553] bdi_register_va.part.10+0xbb/0x9b0 [ 952.354574] ? cgwb_kill+0x630/0x630 [ 952.354598] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 952.354613] ? bdi_init+0x416/0x510 [ 952.354628] ? wb_init+0x9e0/0x9e0 [ 952.354651] ? bdi_alloc_node+0x67/0xe0 [ 952.354667] ? bdi_alloc_node+0x67/0xe0 [ 952.354684] ? rcu_read_lock_sched_held+0x108/0x120 [ 952.354704] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 952.354729] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 952.354750] ? refcount_sub_and_test+0x212/0x330 [ 952.354772] bdi_register_va+0x68/0x80 [ 952.354794] super_setup_bdi_name+0x123/0x220 [ 952.354813] ? kill_block_super+0x100/0x100 [ 952.354834] ? kmem_cache_alloc_trace+0x616/0x780 [ 952.354871] fuse_fill_super+0xe6e/0x1e20 [ 952.354903] ? fuse_get_root_inode+0x190/0x190 [ 952.354929] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 952.354949] ? vsnprintf+0x242/0x1b40 [ 952.354978] ? pointer+0xa10/0xa10 [ 952.355019] ? vsprintf+0x40/0x40 [ 952.355043] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 952.355059] ? set_blocksize+0x2c4/0x350 [ 952.355081] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 952.355107] mount_bdev+0x30c/0x3e0 [ 952.355124] ? fuse_get_root_inode+0x190/0x190 [ 952.355146] fuse_mount_blk+0x34/0x40 [ 952.355170] mount_fs+0xae/0x328 [ 952.355197] vfs_kern_mount.part.34+0xd4/0x4d0 [ 952.355215] ? may_umount+0xb0/0xb0 [ 952.355232] ? _raw_read_unlock+0x22/0x30 [ 952.355249] ? __get_fs_type+0x97/0xc0 [ 952.355276] do_mount+0x564/0x3070 [ 952.355301] ? copy_mount_string+0x40/0x40 [ 952.355320] ? rcu_pm_notify+0xc0/0xc0 [ 952.355351] ? copy_mount_options+0x5f/0x380 [ 952.355367] ? rcu_read_lock_sched_held+0x108/0x120 [ 952.355386] ? kmem_cache_alloc_trace+0x616/0x780 [ 952.355411] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 952.355426] ? _copy_from_user+0xdf/0x150 [ 952.355449] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 952.355472] ? copy_mount_options+0x285/0x380 [ 952.355508] ksys_mount+0x12d/0x140 [ 952.355539] __x64_sys_mount+0xbe/0x150 [ 952.355558] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 952.355586] do_syscall_64+0x1b1/0x800 [ 952.355605] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 952.355630] ? syscall_return_slowpath+0x5c0/0x5c0 [ 952.355651] ? syscall_return_slowpath+0x30f/0x5c0 [ 952.355676] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 952.355704] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 952.355732] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 952.355745] RIP: 0033:0x455a09 [ 952.355755] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 952.355776] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 952.355788] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 952.355799] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 952.355810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 952.355823] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 952.358760] binder: undelivered TRANSACTION_ERROR: 29201 [ 952.497758] binder: 2688:2690 Acquire 1 refcount change on invalid ref 25355 ret -22 [ 953.280049] binder: BINDER_SET_CONTEXT_MGR already set [ 953.283006] binder: 2688:2690 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 953.291453] binder: 2688:2694 ioctl 40046207 0 returned -16 [ 953.298046] binder: 2688:2690 unknown command 0 2033/05/18 03:44:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x1063084000000000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:12 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:12 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000500"}, 0x6e) 2033/05/18 03:44:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:12 executing program 7: r0 = add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000280)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xfffffffffffffffb) r1 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, 0x0, 0x0, r0) syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) keyctl$unlink(0x9, r1, 0xfffffffffffffffd) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x4002, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r2, 0x80dc5521, &(0x7f0000001500)=""/26) r3 = msgget$private(0x0, 0x43) msgctl$MSG_INFO(r3, 0xc, &(0x7f0000000200)=""/24) r4 = socket(0x2, 0x1, 0x8000000) syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f00000000c0)='./file0\x00', 0x100000000, 0x4, &(0x7f0000000180)=[{&(0x7f0000000100)="e99183755d93d36de6c917aaf0181bee3cd555ae3462059a7a2004f5da34bc72e04be5579bed7fcd2121fa3fb5317a6abfc50d71d3db50dac5925cba78ec9ac343c8c70fea66767f83e27cd8274d8cad45f2b32f2563701eeee95aa9d6203b6621451e32d2281c4fd3f13a9dbc5a245d5d6d0eca", 0x74, 0x6}, {&(0x7f0000000280)="112c635ddf9a6775fc0a39bec1b9e2fbc65a06e10064117b87760c5cb433b88150d7c1c0c023c2cf02f2562a7009d610994134b4b67a701908b56ef805a33890f57ccf5e78706420c0029c2cf026ed7c0aacad4f3408dfaf33e268099029210f5c17c466cf667d7e35e4796f21aa2cac544a0a1f02518562b179f70c0a1d8081d0e901936b94ef2bf4227022c6cb94b650a0cc9ab232b305cb5b4f00e401eb841e05e70105bb680fc4525fd506cc2fc1b20cfa5be5c13cdfda42d59760062b0e93802923fc1aff5f4d1c8cb3ce6fa183", 0xd0, 0x4}, {&(0x7f0000000380)="f556729270cc14dd57f96335fb18104beb7176712e294a21b76c46b4c9a239e74fe2756e6fca65820e9b3a78a3ee1f63e6b93a1020acb3d1255527d51b585522418bae250d9e1613bf1ffba89b3c8a0eb3ebd65d12dfef24f69697d1168d41b1f61caec3239736f740ecd6dd83db7948d7776f68fa7ea59fc7d39ca565c36cb89ec31797ccc5350d6cc78b6e49d157b2fb5362c8e9e640281d3bcfcd0ae1521c293be54db37592cfd8502431a577ea6584da4c469980e8f6357c7d59dbc78a9f295eb3cce74250a79e80e899921cfd78f4be71002984caf61b40820addac74a8b5", 0xe1, 0x3}, {&(0x7f0000000480)="ca98f51db55f2c0a05ae6057eb1811d6bd17fb4eab09cac3b90d9a43b273255b4b0124dac83326bde97279cbd025433afba76ea4534d16064d21411faad434c3c441bb6221e886151a333539105bef9886a408dbefa91e59df29f42b0deb70867963820fa0c1b51c98ea089b998b841d9af53cf823f528eacf01671bfcc082fedd0e51406df151f463f7144f80ec40e609e97b8a9337a739d7b6e641bb5d1bd93670d9ffff03455ed32d9bce50558e7e1809332292504a36692d83ca6f259d1af9a96e12908eca0514ec2b2d3c78247e69e0729159e55bf15b7e8c90ba3f9f2421872af94db85438eec0ea6150f8d7683e24a92c95e8c725dc2828a0da0ab9aeeb0677574771ac12f127eb9bd1468ec26676ed3f28d4627d8f675fd94ef7222e573ee8e44f3f745fb3e402bcb4d43af1ef0152c4a662e65870ee3ed41bd10a44257fc5738b5453d26f5ce6937f80db01f286f3c85d7dce4751fa0d780fa8bcf6c39537880513a538583e7611b8c1bae027fc13ede8e9c09611ef5d9b0b669f6275935871f43b0673d64077d849250aa3b54a54060a102b3943456c82bf4b51c2f4a523f32d82570b1f90f1f6616711ecff8c98ae1a5858679f5fdcc0dcee6ca13e3804dbbdcedb58e95404e0dc4f15c21190403f291dcf7cfb319bef51d3ae1cbf56b64f14345ea4c9d2eef48a39e53fecf423d05e11240cd6b2d7812d152ee5d505af177667407921308bf089c14ae1cc26d5456228c3c93c2d0d384f46d95d9ab69b1ee49fbfc8016ab3a673cfe01863d3bc41c017c914891297cea4f625e1906fe9ec57c35f5e4d2f5f3efd9f9b015f6501cf5038c8fb8826b3bd0096baa69ae8a3a9278987d3f6b252f890217f790dbee4e392cfd75f46f3822884de1c05e24cd6db210ea6a9098aba2ec14fa09a09e338acbe0b425395186022ad7ee9cfe571ac75ef9025466c797f7ddeaee3d766fd81139c4cdb363414bcffe2d2ee8b50819b386fd074f152a8fb764b600c06977a3028d1e5b9aa5a516f00a15e4ef3d062d0ae317a1233730f801bdb91b9b8053ae14a87bc6d355baf13a952a6131cafc5f323d4a36ff83a728028d7bb9446ef08274168c09ea9a7a4fafb1627db448a3a3966d32d2dd7b5685b49b173c5423e0c48f40340911a468efa6ee612f3019f8ecd09f9144fb8d47373e7c77c5f6305399c7fd41ee83c8675cf3948b74d8707d7bd4940fd4aba2373c185038e58201c8727cb7d8a06163a568ba1f0b250d6b8f5a33322072e8b4349b037fdbecf0c0734117d3e07671798475fd5ffcc94c51ace57c40011ddb2af7bacdfa28980dc55d9390af2bdd8774079f18f259aa4a76d9e85862642843474ab2574c09db21687646f8422306685e0af4407dceac2819aefec2563d7598febd12ab926ac02043d2568dbbe5db45679e09240672d54ae5e292d0fcddec78dc64da57511649212a847740e7b2d0b0f5816325c17435dd27ff3e4e410431987fdab84d64a2ce9ecd4cb7a6284a3aa29095158ac1c5f8f8499f55c5c2862e55aec358385a8cc51dff5c35f2c1a1e21266aacf5a1fdf6623568b45113e71598096c126659fa939819aedd1d207104c687e830ac11cbdcecf3d7b8a50c6b3d520880eefcfe70d0cbb4aa7437644bec1bb79ddb18542e239f607bf12068409e65b547f8865c759bcef42b1c9ea8fcc90d65d86338ac765c2f1ac4f98261937a90ce29927282b1a413b26651811856fea1cb28f7d4a952dca395625e409093c9da70109bde05577c85cc65d29caa30a62befa74cf4d737107be875ea9b576be3a320cff95d70ee4a05bbabdf3cca5ba814fca1824c8847ffefe3944480e4def01e5db7538c7ebc244af44daf1cb5cac9ee73d96dac2535991fba4fa579acdd96d61d39896d333dd61895bf7a3fe3199697400900ded62bbbe801a5e8e733d08a165b98ead5cd5d913d513e90f6b9d385be3fad670d7d80d6d82354e744f04d9fdc7cf0437a5d84901f2a0020aca94cfc5799977a5ce31164d26b42787e31799ba5f02b11c2e0d18d86a5991870f58628dbec2a1631cf14c222d5cbe865dfa5478431d89ae93c3acf7d4ca1ecc400ec9a90cb24b4336334017bcba70a85a41f8589e515d82ed26822e8aac973db7e97fbe172b86f70ded2eb419f9bbd969dbc0d58db6a532c9660b8ecd1c1aff48e15445ae49ac188830a93f272593166630ce0dd89a8c6f70c25fa16774803c9a2144576ff0dfc5b69697fa5e4e439d47f8c2459da450326d2d1389d5ddfb780370991ec4ffdcbc9d461918476beec890cc2e0235e8daf75ef3abece914919f66360db996e71cb47ec10ba63bc45227506fded0dbceb313d58a96ac2adeecf4ac893f8c8e5cd48ef96bd1415b81f5c7dd50b315644ce1b0004af6344c72ea1a4984f9ac10f9d20b3c0d633c3ef5aeb2b570a1e3248ff90702c63addcd1b3e809d7e36cce6c6284abb41826c2550447f8303d3fa210b921b3a43300b52640df6ed0903a3c27c02d2d5cf50782649beadb1c1cfdb0286a3ecce679a0df6dbb3a659266ca73303ea3ffa2f390d2b1ca43118808a51284770d443a281e4558c3da49bc61aeab06817d7049e9c98f78d688945c6beeb5869aeb01b2e5ee4c0bb680e40526b71301263ada5de24c2013487a0fec1badb1bc485b3cb81f664d3056fab7e4b5d6ddc4e1da37bdef2aa262d5c9fdd5537f3851c2fe4904105bafb16c61d73fd0eb61e629975773f1c8241153677b275e6a15016f3b7c2d6dd5a9d4325f40966ca3726044adf12bc09864e9b016d5742366f55afa72ed10511385017f50a4ffddc95edfaf0c0df1033cd031b8f7d95776bfe9beafdce230443850c375b1f0442c94d83a8b1605c508066bf89ebe10e76b352b6738830dfeea7cad1b7d0cdf6244f8eada3e9c0ee1a99c76ab5621190bd9ebfb4bcb27df3a7270dc749d8f43fe2298703738ab70783ba3eaed62487e6841eb93c1dfaf4fd86cd27359ecb2072b584c606df60bc9d49d278ee7c84d1da0137e927e5452d03b16cf1ee2c33c09253076924c7dd1de474c11d8a661bc5ec3c49360868bd8e65db805a1ea669f6c121ac97e454d1d67b284b63f93ea41e1636429c5a6e94f6a28ab8f2604c9d49f85b84ab913cd390fddbff14c67c0bc6b02778f01000fba9d2be98e29ad03a77a364fbcd46725415efecbb5cfca23f557a2ecea854911ec64b75bc5e9bf0003c06d4f3fa5b7079f739f445af17020f287fc7683d9a7558b1bb5284dcd9a9a42575f822d45c888eb43e432ad6c0707a964ea807640e96bafc9718e856d2a945ff8fd78a8575dd076dcf76035c5e0bc95bf813dc5a92a59ec4fa479f1ca2accd1190fa37e1254ee0c0c45e0ee370f43c8ce24290875cbacc3f143747c944a222edf846b86afd12154f5c3cce880e826d4c511ca43fa0959c10b0665926a9b81aa79bf727099e103fc22d026477e7772fafbd800d05019314fcf4da1d0c1f613ce46071b782aece1c4ad4d75cca26e7fd9c1ba326a07016e09f22e430c22a36278a021d95454e2da47778d558cf1ff77017cceb5880d96666e466e597a663b2bfb35278d4dd0afe16860557f80d73d267c2a1ed7654114f283cce075ed2e24cf6188f39fe8e31e5446b7db4d8d367eb070b77ac57787403a76fc94f7b7afeb58aca841b3de56eff579a0ccad5eb725216db66fbd6167073ab3a62130b1f83b92add9ec1615ff35405eb158aae4ea68e8ddb98545cee64ad7fc0bf6c18d0ab41c232a121c13e3b368baa49adfea28ea6b3b3ab96f66d27af9008e6734a85d1d776ad3e7aa3b7b33b4ca3a47a95080cce40013baaa0631799153d48ea29aa16b297a265325613d4725fb236d742fb88a43306f5986adf67f3eb100c31c93ae65ab88fef231c4b784d24d513e401bb2835fc03b65b439dae0bbc1a52f93f776579ee313979734ce5bb4ce21ca25990d517c0d5e995153f4bafe4b910be4a584a111c601e36991780e4e01608bd2c255efe03a63ff83a0e8f3d8f272a069773b3a252aa607379adfac819974c849c781d2e0af4e942c392768dc5a30fb92971db829e1db06ae62186ea7ad53ea7b2121182d19a9506fefbd54c05b14d9a5787e84ab403d3bb28a976e361ae03da42d95115d800daa895cfd4e63312b32204c14bc4a6339b262c7c4a3f0d5f8ef9cfa8919b336eb10ac5365d51f036eb338747b4d9efe0fb638bc5a20859d99b57ddaaae433f79e4f5c9a2ce90a173e98ea0879dab923b5dadf357f17d43475ccac9d7cd43a7099c9362cce1146de53b6d0aab7332ed880aed64e1bdedcdd91cc77116fe9519abc1367e84effaa841bc29be78f211fc31479117b3fd57eac9807d78714037ad281344e7092e7184030a397f465b767805b3d54d783c23b507fc82c5a77b23ba2f85c8f4531451bc808ce43b002adcd16d7dce2fce809d13cb0b07b69d444345400b26bf0770bf1738ec9d8a945f079b60c4838530d129b77366166dcf62ff463ba03b239cad1e533aed7f55319eebd06c2c089df4cf3c703fed991d872362900d2f614c9cffe5697f728a095351bc78d220126ab88a634d05c199823dd632a578355851f07311d91945b43878ec6075d0aba623f4e95a4afb11d8312f3e516f3dd2441b2af7817629ba9750abaf33e0d574304b15f82db8125fd0750779c3341932ab408c7ac31b16c3467187c986377eee175a43073fbcef18ff25372d3528f1c9a2708fb7e877e70b59a86ecbf8c79c4b2f906f56534697e71be4a78c577a3e610772fb83e84e08012bfa3b216964f3990905da0e5133c922d6750017fbb2caf282fd7b6e75462489556000be50a36376a43e4ffc50d51fe608b2d99252addb68fe92147e6040d18a0d9a1161c5a9b6af19d92e64c6a59fcf89f7726fa9e0c9beefab148284df8fe9070ae909b18040781592d3876aca9827249c1ad633470dd92f0e300490148aa019116a888a4679235df1c8d3e4bfdce3889d899ec4615089417608db1c6cfe1d26998ce3d494fa63fec0555a04e0f5238a4fe246e2a2a1e03976a877e864a355e71829d159a43f8cce70e294d4aca66e90e11fdb09001c74a7ba28e3b8a3966db986c2e2bf6076afcd0a61fcfb2fc4b1c52165b272f2542fadec7173c4488204f1c767da69ef751bc5f920d951c15acf7242e8c04b15262a079df5d4b6a2fff2d14f7722143cfa6c1a46eac3493ed69201c6a0386b88b6a86dad6cc17053df49654f1e500a6861a0a676ce4823784d645fb515452be53f7f936cfd7011572283fa8a124f41075e87deae2ba1965fda87afa44f3c5ef19b77271d03829e93a725a1c8fb1271941b915e6fef69cc138aa11de87469dec5e6a456faaee7272fad5c38ca2c757f208d69173635355b4c5a972abdccef83e1c46ba08bb04ab384538f2cdd91aebfb4d2b44af2010bb4fe263cd814ee6c86d1d987eebef4046dede25aa719cd7050e9bbc2989c93732ea3c57e9ed8c51451ed32cabae801f36324da6c0260d0a9a35866947ac3d49f3be698528a09312b1e8312206c4273e3f4688491310a1c7ef7c9f33d845a95259195bbef28187cac4b0606acec99fec34b303a204a609298fff7c3e638dd03c018184afb3e0cdb75da38c97913a20ab6862b79796e9ae68eaa1f7e48857d6b5eb3ea7a08f8faa21df20c09e1754a1c90f7bad92fe7b052afefb2783fa567096457be89afe88b5b5dc05cfd1a2372de5fbaadad983b3f5a3a038565008d755f759cc6ef3743ab29d65", 0x1000, 0x3}], 0x10000, &(0x7f0000001540)=ANY=[@ANYBLOB="62736464662c6e6f75696433322c6e6f626c6f636b5f76ac6c69646974792c62736464662c75737271756f74612c6e6f757365725f78617474722c6e6f74792c0000000000000000000000000081bcc99a95c51218b104206d4684854bbe4b7b35c4538a01b133bccf3df3c8f7aa3d"]) ioctl(r4, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r5 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r5, 0x10d, 0x2, &(0x7f0000000000)=r5, 0x36) 2033/05/18 03:44:12 executing program 6: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f0000000200)='./file0\x00', 0xdffe, 0x1, &(0x7f00000000c0)=[{&(0x7f0000000180)="eb3c906d6b66732e666174000204010002000270003a", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) lstat(&(0x7f0000000700)='./file0\x00', &(0x7f0000000680)) umount2(&(0x7f00000001c0)='./file0\x00', 0xf) umount2(&(0x7f0000000000)='./file0\x00', 0x2) umount2(&(0x7f0000000040)='./file0\x00', 0x2) 2033/05/18 03:44:12 executing program 4 (fault-call:4 fault-nth:53): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:12 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xc, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="85000000220000000700000000009b009500000000000000b2e15278782dc98b157b8de66fdbf275c3ca0eddafaa3b41d039d7935c2eb4aa116c71593bef95f6127cd1"], &(0x7f00000001c0)="73797a6b616c6c65720001be826e8f833152f795b4d9f4bc3ea582523aed371b084fccfc3d2ef2cbe65d30642ca8dcd0f8479be52e66937908f1d8112489e8099d9d4edb806d81189c0fbb6818d028546c35d3363d54db0db780f54977ae6359d617c1d233d8e18abfc75f9a76cd8e1f77583bc02f07a33de6f304e95db82fd4da55ebd25162df6f88e7d1bb0654ffb31e008967", 0x1, 0x99, &(0x7f000000d000)=""/153}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x18, &(0x7f0000000280)="0aac1ac205286e83e0e5504088ca", &(0x7f0000000340)=""/24, 0x10}, 0x28) [ 953.300122] binder: 2688:2690 ioctl c0306201 20000540 returned -22 [ 953.307147] binder: 2688:2696 Acquire 1 refcount change on invalid ref 25355 ret -22 [ 953.378241] binder: 2688:2696 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 953.385808] binder: 2688:2696 unknown command 0 [ 953.390541] binder: 2688:2696 ioctl c0306201 20000540 returned -22 [ 953.432300] binder: 2699:2703 got reply transaction with no transaction stack [ 953.439705] binder: 2699:2703 transaction failed 29201/-71, size 0-0 line 2763 [ 953.459231] FAT-fs (loop6): invalid media value (0x3a) [ 953.464595] FAT-fs (loop6): Can't find a valid FAT filesystem [ 953.468710] FAULT_INJECTION: forcing a failure. [ 953.468710] name failslab, interval 1, probability 0, space 0, times 0 [ 953.481902] CPU: 0 PID: 2712 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 953.489110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 953.498472] Call Trace: [ 953.501069] dump_stack+0x1b9/0x294 [ 953.504701] ? dump_stack_print_info.cold.2+0x52/0x52 [ 953.509907] should_fail.cold.4+0xa/0x1a [ 953.513967] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 953.519071] ? graph_lock+0x170/0x170 [ 953.522865] ? save_stack+0xa9/0xd0 [ 953.526489] ? save_stack+0x43/0xd0 [ 953.530118] ? kasan_kmalloc+0xc4/0xe0 [ 953.534008] ? find_held_lock+0x36/0x1c0 [ 953.538073] ? __lock_is_held+0xb5/0x140 [ 953.542231] ? check_same_owner+0x320/0x320 [ 953.546561] ? rcu_note_context_switch+0x710/0x710 [ 953.551489] __should_failslab+0x124/0x180 [ 953.555719] should_failslab+0x9/0x14 [ 953.559514] kmem_cache_alloc_trace+0x2cb/0x780 [ 953.564182] ? refcount_add_not_zero+0x320/0x320 [ 953.568949] device_private_init+0x98/0x230 [ 953.573273] ? virtual_device_parent+0x60/0x60 [ 953.577862] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 953.583395] ? refcount_inc+0x29/0x70 [ 953.587194] device_add+0xe98/0x16d0 [ 953.590910] ? device_private_init+0x230/0x230 [ 953.595486] ? kfree+0x1e9/0x260 [ 953.598849] ? kfree_const+0x5e/0x70 [ 953.602562] device_create_groups_vargs+0x1ff/0x270 [ 953.607576] device_create_vargs+0x46/0x60 [ 953.611810] bdi_register_va.part.10+0xbb/0x9b0 [ 953.616471] ? cgwb_kill+0x630/0x630 [ 953.620180] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 953.625714] ? bdi_init+0x416/0x510 [ 953.629331] ? wb_init+0x9e0/0x9e0 [ 953.632864] ? bdi_alloc_node+0x67/0xe0 [ 953.636829] ? bdi_alloc_node+0x67/0xe0 [ 953.640794] ? rcu_read_lock_sched_held+0x108/0x120 [ 953.645804] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 953.651076] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 953.656605] ? refcount_sub_and_test+0x212/0x330 [ 953.661356] bdi_register_va+0x68/0x80 [ 953.665252] super_setup_bdi_name+0x123/0x220 [ 953.669740] ? kill_block_super+0x100/0x100 [ 953.674056] ? kmem_cache_alloc_trace+0x616/0x780 [ 953.678915] fuse_fill_super+0xe6e/0x1e20 [ 953.683067] ? fuse_get_root_inode+0x190/0x190 [ 953.687663] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 953.693192] ? vsnprintf+0x242/0x1b40 [ 953.697022] ? pointer+0xa10/0xa10 [ 953.700574] ? vsprintf+0x40/0x40 [ 953.704030] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 953.709040] ? set_blocksize+0x2c4/0x350 [ 953.713099] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 953.718633] mount_bdev+0x30c/0x3e0 [ 953.722251] ? fuse_get_root_inode+0x190/0x190 [ 953.726827] fuse_mount_blk+0x34/0x40 [ 953.730622] mount_fs+0xae/0x328 [ 953.736254] vfs_kern_mount.part.34+0xd4/0x4d0 [ 953.740843] ? may_umount+0xb0/0xb0 [ 953.744462] ? _raw_read_unlock+0x22/0x30 [ 953.748608] ? __get_fs_type+0x97/0xc0 [ 953.752496] do_mount+0x564/0x3070 [ 953.756041] ? copy_mount_string+0x40/0x40 [ 953.760267] ? rcu_pm_notify+0xc0/0xc0 [ 953.764165] ? copy_mount_options+0x5f/0x380 [ 953.768563] ? rcu_read_lock_sched_held+0x108/0x120 [ 953.773571] ? kmem_cache_alloc_trace+0x616/0x780 [ 953.778413] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 953.783945] ? _copy_from_user+0xdf/0x150 [ 953.788093] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 953.793620] ? copy_mount_options+0x285/0x380 [ 953.798113] ksys_mount+0x12d/0x140 [ 953.801736] __x64_sys_mount+0xbe/0x150 [ 953.805700] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 953.810720] do_syscall_64+0x1b1/0x800 [ 953.814603] ? finish_task_switch+0x1ca/0x840 [ 953.819099] ? syscall_return_slowpath+0x5c0/0x5c0 [ 953.824030] ? syscall_return_slowpath+0x30f/0x5c0 [ 953.828958] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 953.834320] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 953.839162] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 953.844347] RIP: 0033:0x455a09 [ 953.847535] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 953.855248] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 953.862508] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 953.869769] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 953.877030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 2033/05/18 03:44:12 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000fd00"}, 0x6e) [ 953.884288] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 953.903749] binder: BINDER_SET_CONTEXT_MGR already set [ 953.917169] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 953.924016] binder: 2699:2703 ioctl 40046207 0 returned -16 [ 953.936407] FAT-fs (loop6): invalid media value (0x3a) [ 953.941792] FAT-fs (loop6): Can't find a valid FAT filesystem [ 953.980881] binder: 2699:2715 got reply transaction with no transaction stack [ 953.988322] binder: 2699:2715 transaction failed 29201/-71, size 0-0 line 2763 [ 954.008989] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 2033/05/18 03:44:12 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:12 executing program 4 (fault-call:4 fault-nth:54): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:13 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000fffffdef00"}, 0x6e) 2033/05/18 03:44:13 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x7fff, 0x84002) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000400)) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1fffffd, 0x8011, r0, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r0, 0x9204, 0x103) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2008080}, 0xc, &(0x7f0000000380)={&(0x7f0000000040)=@flushsa={0x308, 0x1c, 0x204, 0x70bd26, 0x25dfdbfd, {0xff}, [@ipv6_hthresh={0x8, 0x4, {0x27, 0x16}}, @algo_crypt={0xa4, 0x2, {{'cbc-cast5-avx\x00'}, 0x2e0, "a18e33669a909344a28c4699903ba321eccff5f3cfb63c7a58b2a9e04433dce6a6a078704b5c09fc72bfa18753b7dd9e56b4ee1c316193e026711e4f5f94371298a9c2938be50c4bf70ba29cfba675e048d07b4e8fcc426b798f4350"}}, @tfcpad={0x8, 0x16, 0x2}, @algo_auth_trunc={0x144, 0x14, {{'sha384-avx2\x00'}, 0x7b0, 0x0, "eb6aed9c013ad2fdd49a81b008e05ce5c94d5a6364a69a118c0867835eee76b4a432d27bbde900723fa75f09ee6b4a50ebf73787d4a02ec0bcebc12cfa147992be6e59047ac18d3cd535e9b094bd2f923a6f0f7a90150d882b6e2c6a08157033e1bd1090b5e52444d3dfe928a7a6986208cc4cf04a0eb1194adc6ebe728391bcb2bdbfd791a1df4e97540b6d3f16bc41ef7257962d8078749ef01e2deebbdc3c4636da3f3ff69b9f923062cef6cd9124061ff52b96351c7fd45e8ffe3097296c4b8d4b53731c4fd841a3dd6077e1fd4369ae79d2051c36a455b2a33c4c46f2fc39361cab077297b65149ee515ceb0dfdf5e75287a174"}}, @algo_crypt={0xf4, 0x2, {{'xts(twofish)\x00'}, 0x560, "446864916331d990c0b71e8f15bf2541f755d34a8fd6f56f5e34d4f899c1b6b17662ca52881309df2102eb6af768bde4b0e56c0115177fae4c70723c1a1756a7a8fbb8b3af8ca5eab668bd3d05042b68090ce673737944a0c1d17da78a195151c3cf1f70aea456047ded2a3b51039aa83f233e7d9b42adf74bc041f6b5c21c673c18dc51b705d461073b866ebc0d99bbcd64bbc5d4e50a5da27b085c38231f49464c16ad0f23bca8a9a81f4f"}}, @extra_flags={0x8, 0x18, 0xfffffffffffffc00}]}, 0x308}, 0x1, 0x0, 0x0, 0x8001}, 0x0) accept4$packet(r0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000000540)=0x14, 0x800) sendmsg$can_raw(r0, &(0x7f0000000640)={&(0x7f0000000580)={0x1d, r1}, 0x10, &(0x7f0000000600)={&(0x7f00000005c0)=@can={{0x1, 0x10000, 0x1, 0x1ff}, 0x6, 0x3, 0x0, 0x0, "cda7c45e32af8427"}, 0x10}, 0x1}, 0x4000) 2033/05/18 03:44:13 executing program 6: r0 = socket(0xa, 0x2, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x0) connect$bt_sco(r0, &(0x7f0000000000)={0x1f, {0x1, 0x3, 0x4, 0x9, 0x7f, 0x7}}, 0x8) r2 = memfd_create(&(0x7f0000000040)='GPL\x00', 0x0) ioctl$EVIOCGABS20(r2, 0x80184560, &(0x7f0000000080)=""/77) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x4c09, 0x400) 2033/05/18 03:44:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 954.087376] binder: 2722 invalid dec weak, ref 4152 desc 0 s 1 w 0 [ 954.093848] binder: 2722:2732 unknown command 0 [ 954.118997] binder: undelivered TRANSACTION_ERROR: 29201 [ 954.126307] binder: undelivered TRANSACTION_ERROR: 29201 2033/05/18 03:44:13 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) getsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000040)={@dev}, &(0x7f0000000080)=0x14) [ 954.195836] FAULT_INJECTION: forcing a failure. [ 954.195836] name failslab, interval 1, probability 0, space 0, times 0 [ 954.207181] CPU: 1 PID: 2740 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 954.214466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 954.222107] binder: 2748:2749 got reply transaction with no transaction stack [ 954.223817] Call Trace: [ 954.223846] dump_stack+0x1b9/0x294 [ 954.223870] ? dump_stack_print_info.cold.2+0x52/0x52 [ 954.223893] ? is_bpf_text_address+0xd7/0x170 [ 954.231203] binder: 2748:2749 transaction failed 29201/-71, size 0-0 line 2763 [ 954.233743] should_fail.cold.4+0xa/0x1a [ 954.233764] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 954.233788] ? graph_lock+0x170/0x170 [ 954.267340] ? save_stack+0xa9/0xd0 [ 954.268953] binder: 2722:2732 ioctl c0306201 20000540 returned -22 [ 954.270976] ? save_stack+0x43/0xd0 [ 954.270993] ? kasan_kmalloc+0xc4/0xe0 [ 954.271013] ? find_held_lock+0x36/0x1c0 [ 954.271035] ? __lock_is_held+0xb5/0x140 [ 954.271068] ? check_same_owner+0x320/0x320 [ 954.271088] ? rcu_note_context_switch+0x710/0x710 [ 954.271109] __should_failslab+0x124/0x180 [ 954.278688] binder: BINDER_SET_CONTEXT_MGR already set [ 954.281038] should_failslab+0x9/0x14 [ 954.281056] kmem_cache_alloc_trace+0x2cb/0x780 [ 954.281079] ? refcount_add_not_zero+0x320/0x320 [ 954.303147] binder: 2748:2749 ioctl 40046207 0 returned -16 [ 954.306503] device_private_init+0x98/0x230 [ 954.306521] ? virtual_device_parent+0x60/0x60 [ 954.306543] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 954.306561] ? refcount_inc+0x29/0x70 [ 954.306579] device_add+0xe98/0x16d0 [ 954.306602] ? device_private_init+0x230/0x230 [ 954.324214] binder: 2748:2756 got reply transaction with no transaction stack [ 954.325059] ? kfree+0x1e9/0x260 [ 954.325078] ? kfree_const+0x5e/0x70 [ 954.325098] device_create_groups_vargs+0x1ff/0x270 [ 954.330833] binder: 2748:2756 transaction failed 29201/-71, size 0-0 line 2763 [ 954.335109] device_create_vargs+0x46/0x60 [ 954.335131] bdi_register_va.part.10+0xbb/0x9b0 [ 954.335149] ? cgwb_kill+0x630/0x630 [ 954.396415] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 954.401939] ? bdi_init+0x416/0x510 [ 954.405551] ? wb_init+0x9e0/0x9e0 [ 954.409085] ? bdi_alloc_node+0x67/0xe0 [ 954.413051] ? bdi_alloc_node+0x67/0xe0 [ 954.417019] ? rcu_read_lock_sched_held+0x108/0x120 [ 954.422033] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 954.427302] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 954.432834] ? refcount_sub_and_test+0x212/0x330 [ 954.437577] bdi_register_va+0x68/0x80 [ 954.441455] super_setup_bdi_name+0x123/0x220 [ 954.445937] ? kill_block_super+0x100/0x100 [ 954.450257] ? kmem_cache_alloc_trace+0x616/0x780 [ 954.455096] fuse_fill_super+0xe6e/0x1e20 [ 954.459235] ? fuse_get_root_inode+0x190/0x190 [ 954.463810] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 954.469334] ? vsnprintf+0x242/0x1b40 [ 954.473125] ? pointer+0xa10/0xa10 [ 954.476659] ? vsprintf+0x40/0x40 [ 954.480099] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 954.485102] ? set_blocksize+0x2c4/0x350 [ 954.489155] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 954.494679] mount_bdev+0x30c/0x3e0 [ 954.498292] ? fuse_get_root_inode+0x190/0x190 [ 954.502864] fuse_mount_blk+0x34/0x40 [ 954.506651] mount_fs+0xae/0x328 [ 954.510011] vfs_kern_mount.part.34+0xd4/0x4d0 [ 954.514584] ? may_umount+0xb0/0xb0 [ 954.518209] ? _raw_read_unlock+0x22/0x30 [ 954.522339] ? __get_fs_type+0x97/0xc0 [ 954.526216] do_mount+0x564/0x3070 [ 954.529743] ? do_raw_spin_unlock+0x9e/0x2e0 [ 954.534149] ? copy_mount_string+0x40/0x40 [ 954.538370] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 954.543372] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 954.548130] ? retint_kernel+0x10/0x10 [ 954.552014] ? copy_mount_options+0x1f0/0x380 [ 954.556503] ? copy_mount_options+0x202/0x380 [ 954.560985] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 954.566509] ? copy_mount_options+0x285/0x380 [ 954.571006] ksys_mount+0x12d/0x140 [ 954.574636] __x64_sys_mount+0xbe/0x150 [ 954.578596] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 954.583598] do_syscall_64+0x1b1/0x800 [ 954.587480] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 954.592309] ? syscall_return_slowpath+0x5c0/0x5c0 [ 954.597224] ? syscall_return_slowpath+0x30f/0x5c0 [ 954.602143] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 954.607495] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 954.612327] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 954.617500] RIP: 0033:0x455a09 [ 954.620673] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 954.628368] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 954.635625] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 954.642880] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 954.650230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 954.657483] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 954.686145] binder: BINDER_SET_CONTEXT_MGR already set [ 954.730392] binder: 2722:2732 ioctl 40046207 0 returned -16 [ 954.746228] binder: undelivered TRANSACTION_ERROR: 29201 [ 954.752496] binder: 2722 invalid dec weak, ref 4160 desc 0 s 1 w 0 [ 954.752703] binder: undelivered TRANSACTION_ERROR: 29201 [ 954.758901] binder: 2722:2765 unknown command 0 2033/05/18 03:44:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x6}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:13 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000008000002000"}, 0x6e) 2033/05/18 03:44:13 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000040)={0x0, 0x1}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000180)={0x2, 0x8, 0x9, 0xba7, r1}, &(0x7f00000001c0)=0xfffffffffffffe79) r2 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r2, 0x10d, 0x2, &(0x7f00000000c0)=r2, 0x4) 2033/05/18 03:44:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:13 executing program 4 (fault-call:4 fault-nth:55): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:13 executing program 0: mkdir(&(0x7f0000002800)='./file0\x00', 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x40000, 0x0) r1 = syz_fuse_mount(&(0x7f0000000340)='./file0\x00', 0x4000, 0x0, 0x0, 0x0, 0x0) lstat(&(0x7f0000000080)='./file0/.ile0\x00', &(0x7f00000000c0)) syz_fuse_mount(&(0x7f0000000040)='./file0/.ile0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) read(r1, &(0x7f0000003380)=""/4096, 0xf) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f0000000140)={0x100, 0x20, 0x3, 'queue1\x00', 0x5}) 2033/05/18 03:44:13 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:13 executing program 6: chroot(&(0x7f0000000080)='./file0/file0\x00') symlink(&(0x7f0000000400)='./file0/file0\x00', &(0x7f0000000000)='./file0/file0\x00') ioctl$KDSKBSENT(0xffffffffffffffff, 0x4b49, &(0x7f0000000200)="55ae6b330a7a37460d677a96e2706f4edada7d801825fc08d541aa9db526fc6c5926d36ee03062448937bacfc7da316a3a6899076acdedc16da7be56a9a1f121ddf5cec30616684861ad5076afdf1211a7f173d99b88eb80b287b614d44dc57b27781ee76f4771c8a94f44f51b059fa51058540b8c6d50893703734e") getsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0xd, &(0x7f00000000c0), &(0x7f0000000100)=0x2) readlink(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)=""/144, 0x21) [ 954.802222] binder: 2722:2765 ioctl c0306201 20000540 returned -22 [ 954.878593] binder: 2773:2775 got reply transaction with no transaction stack [ 954.885965] binder: 2773:2775 transaction failed 29201/-71, size 0-0 line 2763 [ 954.900130] FAULT_INJECTION: forcing a failure. [ 954.900130] name failslab, interval 1, probability 0, space 0, times 0 [ 954.904298] binder: BINDER_SET_CONTEXT_MGR already set [ 954.911425] CPU: 1 PID: 2779 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 954.911439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 954.911453] Call Trace: [ 954.935811] dump_stack+0x1b9/0x294 [ 954.939435] ? dump_stack_print_info.cold.2+0x52/0x52 [ 954.944633] ? is_bpf_text_address+0xd7/0x170 [ 954.949828] should_fail.cold.4+0xa/0x1a [ 954.953889] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 954.958993] ? graph_lock+0x170/0x170 [ 954.962785] ? save_stack+0xa9/0xd0 [ 954.966400] ? save_stack+0x43/0xd0 [ 954.970101] ? kasan_kmalloc+0xc4/0xe0 [ 954.973979] ? find_held_lock+0x36/0x1c0 [ 954.978037] ? __lock_is_held+0xb5/0x140 [ 954.982097] ? check_same_owner+0x320/0x320 [ 954.986423] ? rcu_note_context_switch+0x710/0x710 [ 954.991347] __should_failslab+0x124/0x180 [ 954.995572] should_failslab+0x9/0x14 [ 954.999363] kmem_cache_alloc_trace+0x2cb/0x780 [ 955.004037] ? refcount_add_not_zero+0x320/0x320 [ 955.008784] device_private_init+0x98/0x230 [ 955.013096] ? virtual_device_parent+0x60/0x60 [ 955.017668] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 955.023208] ? refcount_inc+0x29/0x70 [ 955.026999] device_add+0xe98/0x16d0 [ 955.030709] ? device_private_init+0x230/0x230 [ 955.035286] ? kfree+0x1e9/0x260 [ 955.038651] ? kfree_const+0x5e/0x70 [ 955.042357] device_create_groups_vargs+0x1ff/0x270 [ 955.047375] device_create_vargs+0x46/0x60 [ 955.051601] bdi_register_va.part.10+0xbb/0x9b0 [ 955.056267] ? cgwb_kill+0x630/0x630 [ 955.059973] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 955.065497] ? bdi_init+0x416/0x510 [ 955.069118] ? wb_init+0x9e0/0x9e0 [ 955.072655] ? bdi_alloc_node+0x67/0xe0 [ 955.076613] ? bdi_alloc_node+0x67/0xe0 [ 955.080588] ? rcu_read_lock_sched_held+0x108/0x120 [ 955.085591] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 955.090857] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 955.096383] ? refcount_sub_and_test+0x212/0x330 [ 955.101126] bdi_register_va+0x68/0x80 [ 955.105004] super_setup_bdi_name+0x123/0x220 [ 955.109491] ? kill_block_super+0x100/0x100 [ 955.113800] ? kmem_cache_alloc_trace+0x616/0x780 [ 955.118646] fuse_fill_super+0xe6e/0x1e20 [ 955.122809] ? fuse_get_root_inode+0x190/0x190 [ 955.127383] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 955.132906] ? vsnprintf+0x242/0x1b40 [ 955.136699] ? pointer+0xa10/0xa10 [ 955.140233] ? vsprintf+0x40/0x40 [ 955.143674] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 955.148674] ? set_blocksize+0x2c4/0x350 [ 955.152723] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 955.158253] mount_bdev+0x30c/0x3e0 [ 955.161865] ? fuse_get_root_inode+0x190/0x190 [ 955.166437] fuse_mount_blk+0x34/0x40 [ 955.170227] mount_fs+0xae/0x328 [ 955.173583] vfs_kern_mount.part.34+0xd4/0x4d0 [ 955.178153] ? may_umount+0xb0/0xb0 [ 955.181768] ? _raw_read_unlock+0x22/0x30 [ 955.185900] ? __get_fs_type+0x97/0xc0 [ 955.189779] do_mount+0x564/0x3070 [ 955.193311] ? copy_mount_string+0x40/0x40 [ 955.197536] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 955.202279] ? retint_kernel+0x10/0x10 [ 955.206162] ? __sanitizer_cov_trace_const_cmp8+0xf/0x20 [ 955.211599] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 955.217123] ? copy_mount_options+0x285/0x380 [ 955.221605] ksys_mount+0x12d/0x140 [ 955.225219] __x64_sys_mount+0xbe/0x150 [ 955.229180] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 955.234184] do_syscall_64+0x1b1/0x800 [ 955.238059] ? finish_task_switch+0x1ca/0x840 [ 955.242540] ? syscall_return_slowpath+0x5c0/0x5c0 [ 955.247466] ? syscall_return_slowpath+0x30f/0x5c0 [ 955.252386] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 955.257742] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 955.262573] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 955.267761] RIP: 0033:0x455a09 [ 955.270938] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 955.278635] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 955.285888] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 955.293144] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 955.300398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 955.307650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 955.318669] binder: 2773:2775 ioctl 40046207 0 returned -16 2033/05/18 03:44:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x7) sched_setattr(0x0, &(0x7f00000001c0)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) getpid() ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4030ae7b, &(0x7f0000000280)) 2033/05/18 03:44:14 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000001380)='bdev#cgroup@\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000042000)='/dev/snd/seq\x00', 0x0, 0x8000000000102) dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, "71756575651966e0ca00000000000000000000000000000b00e3001b000000000000000400080000000001000000000000000000000000000000f3feffb20300"}) write$sndseq(r1, &(0x7f0000000040), 0x0) 2033/05/18 03:44:14 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) [ 955.329270] binder: 2773:2790 got reply transaction with no transaction stack [ 955.336651] binder: 2773:2790 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:14 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000200"}, 0x6e) 2033/05/18 03:44:14 executing program 4 (fault-call:4 fault-nth:56): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:14 executing program 7: r0 = socket(0x2, 0x1, 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000040), &(0x7f0000000080)=0x4) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) r2 = semget$private(0x0, 0x0, 0x9) semop(r2, &(0x7f0000000100)=[{0x3, 0xc0, 0x1000}, {0x1, 0x5, 0x1000}], 0x2) ioctl$sock_netrom_TIOCINQ(r0, 0x541b, &(0x7f00000000c0)) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) 2033/05/18 03:44:14 executing program 0: perf_event_open(&(0x7f0000000200)={0x0, 0xffffff74, 0x3e4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000080)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @empty, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote={0xac, 0x223, 0x14, 0xbb}, @dev={0xac, 0x14, 0x14, 0xfffffffd}}, @icmp=@parameter_prob={0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @local={0xac, 0x14, 0x14, 0xaa}, @dev={0xac, 0x14, 0x14}}}}}}}, &(0x7f0000000040)) [ 955.497179] binder: 2791:2804 Acquire 1 refcount change on invalid ref 6 ret -22 [ 955.504847] binder: 2791:2804 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 955.506183] binder: undelivered TRANSACTION_ERROR: 29201 [ 955.512446] binder: 2791:2804 unknown command 0 [ 955.523821] binder: undelivered TRANSACTION_ERROR: 29201 [ 955.533545] binder: 2791:2804 ioctl c0306201 20000540 returned -22 [ 955.609851] binder: 2816:2817 got reply transaction with no transaction stack [ 955.617324] binder: 2816:2817 transaction failed 29201/-71, size 0-0 line 2763 [ 955.635456] FAULT_INJECTION: forcing a failure. [ 955.635456] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 955.647314] CPU: 0 PID: 2821 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 955.651921] binder: BINDER_SET_CONTEXT_MGR already set [ 955.654508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 955.654518] Call Trace: [ 955.654545] dump_stack+0x1b9/0x294 [ 955.654575] ? dump_stack_print_info.cold.2+0x52/0x52 [ 955.660592] binder: 2816:2817 ioctl 40046207 0 returned -16 [ 955.669241] should_fail.cold.4+0xa/0x1a [ 955.669271] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 955.674007] binder: 2816:2823 got reply transaction with no transaction stack [ 955.675471] ? perf_trace_run_bpf_submit+0x23f/0x370 [ 955.675505] ? perf_tp_event+0xc30/0xc30 [ 955.680694] binder: 2816:2823 transaction failed 29201/-71, size 0-0 line 2763 [ 955.686373] ? is_bpf_text_address+0xd7/0x170 [ 955.686392] ? kernel_text_address+0x79/0xf0 [ 955.686415] ? __unwind_start+0x166/0x330 [ 955.691134] binder: BINDER_SET_CONTEXT_MGR already set [ 955.695552] ? memset+0x31/0x40 [ 955.695596] ? zap_class+0x720/0x720 [ 955.703712] binder: 2791:2804 ioctl 40046207 0 returned -16 [ 955.707945] ? save_stack+0xa9/0xd0 [ 955.707969] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 955.707987] ? should_fail+0x21b/0xbcd [ 955.708002] ? __kmalloc_track_caller+0x14a/0x760 [ 955.708024] ? kstrdup+0x39/0x70 [ 955.725741] binder: undelivered TRANSACTION_ERROR: 29201 [ 955.728320] ? kstrdup_const+0x66/0x80 [ 955.728351] __alloc_pages_nodemask+0x34e/0xd70 [ 955.732851] binder: undelivered TRANSACTION_ERROR: 29201 [ 955.737772] ? bdi_register_va.part.10+0xbb/0x9b0 [ 955.737787] ? bdi_register_va+0x68/0x80 [ 955.737805] ? super_setup_bdi_name+0x123/0x220 [ 955.737831] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 955.752621] binder: 2791:2827 Acquire 1 refcount change on invalid ref 6 ret -22 [ 955.755082] ? ksys_mount+0x12d/0x140 [ 955.755101] ? do_syscall_64+0x1b1/0x800 [ 955.755125] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 955.760690] binder: 2791:2827 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 955.764546] ? find_held_lock+0x36/0x1c0 [ 955.764573] ? __lock_is_held+0xb5/0x140 [ 955.764613] ? check_same_owner+0x320/0x320 [ 955.769456] binder: 2791:2827 unknown command 0 [ 955.772790] cache_grow_begin+0x72/0x6c0 [ 955.772822] kmem_cache_alloc+0x689/0x760 [ 955.779056] binder: 2791:2827 ioctl c0306201 20000540 returned -22 [ 955.782115] ? memcpy+0x45/0x50 [ 955.782140] ? kstrdup+0x59/0x70 [ 955.782168] __kernfs_new_node+0xe7/0x580 [ 955.881277] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 955.886046] ? lock_downgrade+0x8e0/0x8e0 [ 955.890195] kernfs_new_node+0x80/0xf0 [ 955.894082] kernfs_create_dir_ns+0x3d/0x140 [ 955.898482] sysfs_create_dir_ns+0xbe/0x1d0 [ 955.902793] kobject_add_internal+0x354/0xac0 [ 955.907279] ? kobj_ns_type_registered+0x60/0x60 [ 955.912034] ? lock_downgrade+0x8e0/0x8e0 [ 955.916178] ? refcount_add_not_zero+0x320/0x320 [ 955.920923] ? kasan_check_read+0x11/0x20 [ 955.925071] kobject_add+0x13a/0x190 [ 955.928771] ? kset_create_and_add+0x190/0x190 [ 955.933347] ? mutex_unlock+0xd/0x10 [ 955.937057] device_add+0x3a5/0x16d0 [ 955.940764] ? device_private_init+0x230/0x230 [ 955.945331] ? kfree+0x1e9/0x260 [ 955.948694] ? kfree_const+0x5e/0x70 [ 955.952404] device_create_groups_vargs+0x1ff/0x270 [ 955.957413] device_create_vargs+0x46/0x60 [ 955.961640] bdi_register_va.part.10+0xbb/0x9b0 [ 955.966298] ? cgwb_kill+0x630/0x630 [ 955.970004] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 955.975535] ? bdi_init+0x416/0x510 [ 955.979157] ? wb_init+0x9e0/0x9e0 [ 955.982689] ? bdi_alloc_node+0x67/0xe0 [ 955.986648] ? bdi_alloc_node+0x67/0xe0 [ 955.990610] ? rcu_read_lock_sched_held+0x108/0x120 [ 955.995615] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 956.000883] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 956.006408] ? refcount_sub_and_test+0x212/0x330 [ 956.011153] bdi_register_va+0x68/0x80 [ 956.015048] super_setup_bdi_name+0x123/0x220 [ 956.019533] ? kill_block_super+0x100/0x100 [ 956.023844] ? kmem_cache_alloc_trace+0x616/0x780 [ 956.028684] fuse_fill_super+0xe6e/0x1e20 [ 956.032827] ? fuse_get_root_inode+0x190/0x190 [ 956.037401] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 956.042927] ? vsnprintf+0x242/0x1b40 [ 956.046731] ? pointer+0xa10/0xa10 [ 956.050273] ? vsprintf+0x40/0x40 [ 956.053717] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 956.058720] ? set_blocksize+0x2c4/0x350 [ 956.062771] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 956.068300] mount_bdev+0x30c/0x3e0 [ 956.071913] ? fuse_get_root_inode+0x190/0x190 [ 956.076484] fuse_mount_blk+0x34/0x40 [ 956.080272] mount_fs+0xae/0x328 [ 956.083631] vfs_kern_mount.part.34+0xd4/0x4d0 [ 956.088199] ? may_umount+0xb0/0xb0 [ 956.091812] ? _raw_read_unlock+0x22/0x30 [ 956.095954] ? __get_fs_type+0x97/0xc0 [ 956.099831] do_mount+0x564/0x3070 [ 956.103364] ? copy_mount_string+0x40/0x40 [ 956.107593] ? rcu_pm_notify+0xc0/0xc0 [ 956.111474] ? copy_mount_options+0x5f/0x380 [ 956.115876] ? rcu_read_lock_sched_held+0x108/0x120 [ 956.120877] ? kmem_cache_alloc_trace+0x616/0x780 [ 956.126156] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 956.131685] ? _copy_from_user+0xdf/0x150 [ 956.135822] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 956.141352] ? copy_mount_options+0x285/0x380 [ 956.145838] ksys_mount+0x12d/0x140 [ 956.149455] __x64_sys_mount+0xbe/0x150 [ 956.153413] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 956.158420] do_syscall_64+0x1b1/0x800 [ 956.162300] ? finish_task_switch+0x1ca/0x840 [ 956.166782] ? syscall_return_slowpath+0x5c0/0x5c0 [ 956.171708] ? syscall_return_slowpath+0x30f/0x5c0 [ 956.176627] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 956.181982] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 956.186906] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 956.192081] RIP: 0033:0x455a09 [ 956.195256] RSP: 002b:00007f138fb7bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 956.202953] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 2033/05/18 03:44:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x463044000000000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:15 executing program 4 (fault-call:4 fault-nth:57): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:15 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000080)="c626262c8523bf012cf66f") r3 = getpgrp(0x0) r4 = geteuid() getgroups(0x4, &(0x7f0000000100)=[0x0, 0xffffffffffffffff, 0x0, 0x0]) setsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000140)={r3, r4, r5}, 0xc) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x16}]}, 0x10) prctl$seccomp(0x16, 0x0, &(0x7f00000001c0)={0x4, &(0x7f0000000180)=[{0x2, 0xff, 0x7, 0x1}, {0xd19, 0x5, 0x81, 0xfffffffffffffb94}, {0x6, 0xff, 0x100, 0x1b15}, {0x9, 0x0, 0x9, 0x6}]}) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @loopback={0x0, 0x1}}, 0x1c) 2033/05/18 03:44:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:15 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000000000000000200"}, 0x6e) 2033/05/18 03:44:15 executing program 6: r0 = socket(0xa, 0x1, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") syz_emit_ethernet(0x46, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6039dab900100600fe8000000000000000001f00000000aafe800000000000000000000000000000000000000401907800f4005b00bfd4a0d70af32e2b12b3066420e70c58fe8cafe30f3e60bd94fda80561d9980c663ab460e057c096ca660b11e97cf8cc75cf18af1e28b5343ff781726deef8c11d66b8e71161427d2d6056baef416bb45f847c1fd1141c4d0bd61b7f840dd75cc0195a30fbbc85c62d0654f6406f890cfff574706b46a760369d90c6383e32d7b19bba0b3f84530c626e10863b809a52e7fa606dfdb93ba017e8c180e7bcf4bcbc15e8b505773f138d7a7a0fd5048a73f1525f1cb3092938b30b53ae04d9df3ae33b5d2af9085434c30b028f17250f5ea0dd43fb0884c75c7c4a2f9baccc76e9281db14877be10bc21114b91d3f36e780fc16184943b852317e80c3d0aeb47577b4da3c0da4aed2d726834b406de2b0c913a7f844ed79b299e8e5da03315ba4a09000000000000"], &(0x7f00000000c0)) socketpair$inet(0x2, 0x4, 0x8, &(0x7f0000000000)) 2033/05/18 03:44:15 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r0, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x84) 2033/05/18 03:44:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 956.210210] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 956.217463] RBP: 0000000020000140 R08: 00007f138fb7bb20 R09: 0000000000000000 [ 956.224717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 956.231979] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 956.291042] binder: 2834:2836 got reply transaction with no transaction stack [ 956.298440] binder: 2834:2836 transaction failed 29201/-71, size 0-0 line 2763 [ 956.325360] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 2033/05/18 03:44:15 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000000002000008000"}, 0x6e) 2033/05/18 03:44:15 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) ioctl$sock_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000040)) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r1, 0x36) [ 956.371984] binder: BINDER_SET_CONTEXT_MGR already set [ 956.392801] binder: 2834:2836 ioctl 40046207 0 returned -16 2033/05/18 03:44:15 executing program 6: r0 = socket$inet(0x2, 0x840000000003, 0x2) setsockopt$inet_int(r0, 0x0, 0xc8, &(0x7f0000000100), 0x4) rt_sigaction(0x3a, &(0x7f0000000000)={0x5, {0xfffffffffffffffe}, 0x40000000, 0x3ff}, 0x0, 0x8, &(0x7f0000000040)) setsockopt$inet_int(r0, 0x0, 0x40000000004d1, &(0x7f00000000c0)=0x1, 0xfffffd7d) getsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000080), &(0x7f0000000140)=0x4) 2033/05/18 03:44:15 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000000500"}, 0x6e) [ 956.428503] binder: 2845 invalid dec weak, ref 4181 desc 0 s 1 w 0 [ 956.435011] binder: 2845:2848 unknown command 0 [ 956.459173] binder: 2834:2849 got reply transaction with no transaction stack [ 956.466566] binder: 2834:2849 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:15 executing program 0: syz_emit_ethernet(0x0, &(0x7f0000000000)=ANY=[], &(0x7f00000016c0)={0x0, 0x1, [0x0, 0x0, 0x0, 0xffffffffffffffff]}) 2033/05/18 03:44:15 executing program 7: r0 = dup(0xffffffffffffff9c) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f0000000040)={0x800, 0x8, 0x7, 'queue1\x00', 0x7}) r1 = socket(0x2, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r2 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r2, 0x10d, 0x2, &(0x7f0000000000)=r2, 0x36) 2033/05/18 03:44:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:15 executing program 4 (fault-call:4 fault-nth:58): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) [ 956.573142] device bridge_slave_1 left promiscuous mode [ 956.578741] bridge0: port 2(bridge_slave_1) entered disabled state [ 956.646881] device bridge_slave_0 left promiscuous mode [ 956.652507] bridge0: port 1(bridge_slave_0) entered disabled state [ 956.658150] binder: 2845:2848 ioctl c0306201 20000540 returned -22 [ 956.679229] binder: undelivered TRANSACTION_ERROR: 29201 [ 956.685098] binder: undelivered TRANSACTION_ERROR: 29201 [ 956.738131] binder: BINDER_SET_CONTEXT_MGR already set [ 956.755757] IPVS: ftp: loaded support on port[0] = 21 [ 956.761666] binder: 2845 invalid dec weak, ref 4185 desc 0 s 1 w 0 [ 956.761815] binder: 2845:2848 ioctl 40046207 0 returned -16 [ 956.768087] binder: 2845:2882 unknown command 0 [ 956.772844] binder: 2845:2882 ioctl c0306201 20000540 returned -22 [ 956.774438] team0 (unregistering): Port device team_slave_1 removed [ 956.795577] team0 (unregistering): Port device team_slave_0 removed [ 956.805426] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 956.822952] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 956.852735] bond0 (unregistering): Released all slaves [ 957.493297] bridge0: port 1(bridge_slave_0) entered blocking state [ 957.499707] bridge0: port 1(bridge_slave_0) entered disabled state [ 957.507063] device bridge_slave_0 entered promiscuous mode [ 957.544239] bridge0: port 2(bridge_slave_1) entered blocking state [ 957.550653] bridge0: port 2(bridge_slave_1) entered disabled state [ 957.558125] device bridge_slave_1 entered promiscuous mode [ 957.595833] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 957.632345] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 957.740242] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 957.781290] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 957.951891] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 957.959399] team0: Port device team_slave_0 added [ 957.988121] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 957.995879] team0: Port device team_slave_1 added [ 958.034227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 958.072572] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 958.107822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 958.146710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 958.372589] bridge0: port 2(bridge_slave_1) entered blocking state [ 958.378995] bridge0: port 2(bridge_slave_1) entered forwarding state [ 958.385653] bridge0: port 1(bridge_slave_0) entered blocking state [ 958.392048] bridge0: port 1(bridge_slave_0) entered forwarding state [ 958.399269] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 959.174137] 8021q: adding VLAN 0 to HW filter on device bond0 [ 959.251477] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 959.328618] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 959.334805] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 959.342349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 959.353130] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 959.418976] 8021q: adding VLAN 0 to HW filter on device team0 [ 959.867796] FAULT_INJECTION: forcing a failure. [ 959.867796] name failslab, interval 1, probability 0, space 0, times 0 [ 959.879110] CPU: 1 PID: 3142 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 959.886293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 959.895628] Call Trace: [ 959.898205] dump_stack+0x1b9/0x294 [ 959.901824] ? dump_stack_print_info.cold.2+0x52/0x52 [ 959.907003] should_fail.cold.4+0xa/0x1a [ 959.911064] ? perf_trace_lock+0xd6/0x900 [ 959.915206] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 959.920292] ? zap_class+0x720/0x720 [ 959.923990] ? graph_lock+0x170/0x170 [ 959.927777] ? __mutex_lock+0x7d9/0x17f0 [ 959.931840] ? find_held_lock+0x36/0x1c0 [ 959.935930] ? __lock_is_held+0xb5/0x140 [ 959.939983] ? check_same_owner+0x320/0x320 [ 959.944291] ? rcu_note_context_switch+0x710/0x710 [ 959.949215] __should_failslab+0x124/0x180 [ 959.953435] should_failslab+0x9/0x14 [ 959.957222] __kmalloc_track_caller+0x2c4/0x760 [ 959.961883] ? graph_lock+0x170/0x170 [ 959.965667] ? graph_lock+0x170/0x170 [ 959.969451] ? kstrdup_const+0x66/0x80 [ 959.973324] kstrdup+0x39/0x70 [ 959.976505] kstrdup_const+0x66/0x80 [ 959.980205] __kernfs_new_node+0xa8/0x580 [ 959.984341] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 959.989084] ? lock_downgrade+0x8e0/0x8e0 [ 959.993236] ? kasan_check_read+0x11/0x20 [ 959.997378] ? do_raw_spin_unlock+0x9e/0x2e0 [ 960.001769] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 960.006346] kernfs_new_node+0x80/0xf0 [ 960.010223] kernfs_create_link+0x33/0x180 [ 960.014445] sysfs_do_create_link_sd.isra.2+0x90/0x130 [ 960.019709] sysfs_create_link+0x65/0xc0 [ 960.023755] device_add+0x7a0/0x16d0 [ 960.027459] ? device_private_init+0x230/0x230 [ 960.032033] ? kfree+0x1e9/0x260 [ 960.035387] ? kfree_const+0x5e/0x70 [ 960.039087] device_create_groups_vargs+0x1ff/0x270 [ 960.044094] device_create_vargs+0x46/0x60 [ 960.048315] bdi_register_va.part.10+0xbb/0x9b0 [ 960.052971] ? cgwb_kill+0x630/0x630 [ 960.056677] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 960.062196] ? bdi_init+0x416/0x510 [ 960.065818] ? wb_init+0x9e0/0x9e0 [ 960.069351] ? bdi_alloc_node+0x67/0xe0 [ 960.073309] ? bdi_alloc_node+0x67/0xe0 [ 960.077307] ? rcu_read_lock_sched_held+0x108/0x120 [ 960.082330] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 960.087603] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 960.093125] ? refcount_sub_and_test+0x212/0x330 [ 960.097866] bdi_register_va+0x68/0x80 [ 960.101738] super_setup_bdi_name+0x123/0x220 [ 960.106217] ? kill_block_super+0x100/0x100 [ 960.110526] ? kmem_cache_alloc_trace+0x616/0x780 [ 960.115372] fuse_fill_super+0xe6e/0x1e20 [ 960.119513] ? fuse_get_root_inode+0x190/0x190 [ 960.124090] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 960.129636] ? vsnprintf+0x242/0x1b40 [ 960.133432] ? pointer+0xa10/0xa10 [ 960.136963] ? vsprintf+0x40/0x40 [ 960.140401] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 960.145400] ? set_blocksize+0x2c4/0x350 [ 960.149457] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 960.154982] mount_bdev+0x30c/0x3e0 [ 960.158595] ? fuse_get_root_inode+0x190/0x190 [ 960.163163] fuse_mount_blk+0x34/0x40 [ 960.166947] mount_fs+0xae/0x328 [ 960.170321] vfs_kern_mount.part.34+0xd4/0x4d0 [ 960.174901] ? may_umount+0xb0/0xb0 [ 960.178512] ? _raw_read_unlock+0x22/0x30 [ 960.182641] ? __get_fs_type+0x97/0xc0 [ 960.186514] do_mount+0x564/0x3070 [ 960.190056] ? copy_mount_string+0x40/0x40 [ 960.194290] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 960.199308] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 960.204066] ? retint_kernel+0x10/0x10 [ 960.207948] ? copy_mount_options+0x1f0/0x380 [ 960.212427] ? copy_mount_options+0x1fa/0x380 [ 960.216909] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 960.222434] ? copy_mount_options+0x285/0x380 [ 960.226923] ksys_mount+0x12d/0x140 [ 960.230570] __x64_sys_mount+0xbe/0x150 [ 960.234526] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 960.239536] do_syscall_64+0x1b1/0x800 [ 960.243419] ? syscall_return_slowpath+0x5c0/0x5c0 [ 960.248338] ? syscall_return_slowpath+0x30f/0x5c0 [ 960.253258] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 960.258612] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 960.263456] entry_SYSCALL_64_after_hwframe+0x49/0xbe 2033/05/18 03:44:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0xc630000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:19 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) open_by_handle_at(r0, &(0x7f0000000400)={0x1008, 0x5, "bea94f22b2625260e9a54a92cd70d7412f6a2661be61e88a95a12fdb47b5f24c12c1ee3c746fe4be03da03e5626109ad43d1a5e0db3e4717f35cee45aca738e2636e8c4741d472021ce5c534a5b64a5ba32369047142972bb4d6835073448badc7db6c385446dce90e9345691cc6aeb36a21c3782d17922a41dc07505c962a1e3a9732bca1054188a782e7a0948c15d3052789d274fcef7c76bc268c550eed4c26635052950872d481265282c579653e67d824d2c8a631e028d88d5682e78d714af6bdd3e6f67feca1092d3340501001c7285e5c764f89c70f52933a965fc2c374183c38a1e2f7bfb085bdceb559bc88795197f4405b0e208b883028637d25c5f6a5d0366ecced146b50f517acd22183e2955cff8361b6ede9db0418d5348192e741c6368bf32e06c3240086effa083fd840cbb1f85c0784e5cf8df1a753474f719c9242f25268254aa7a47cf9204d52c31cc86f4aa8a2adeeca82f849da951022520ec8214b5ce3e39e6dd1602c9100bdf74db07e009485ac7d75336a20c71763e1809195c0e24c768b7cc5ab62456a31887e1f662cedcfbb87c43cceb39ba02db18fd28f976b85b6336447dd44a8f11c592d860557ead12437fe58c07e2f439b008a4cfd5fa4428a246bfcae49e0d8712972964b10a3cadcb7fbb31af0ceef8b23c60163c82b5b75f361277384ebb88337ff204b3ba5793db2a810542929744ae171eb7eca0fd2771389af9ebce95617a73d83e5ae25e9e9536070428c5e752adfceae6026c1e7d07363faddca8643e47dc9c7145ded5858ac38860c84447f08f28055ebf10f187219be612ab05b14b299de24d53c918c23a777d5444cc10cfb133e7bd19c088c52395d4f69211cc47a48b3cc2a0ad5f185127ab4865379a4c1ac34c21f63bf9760b063d79473ce0be809c25bd0dcd7d5a965d0296ce444a8d9bed0bff4d82e09b581bc69f2190e3fc497b6011527c31f5c3a84d88b68f16fcc889281cde141f8646aa11b1f6e3199645e79b8639089e61f9274c792d8671a70a3e6149b8d984a4dc45890402fc4d31614f63bfe5345a1189b80b73560d0121bd48a9528bd10279f90356e89ba67914c6eb33a91afaa37ab056a0b972b2d344cd47a2379659ac6f31786a1c0528e259e883b44feeaedd13a63adfa5aa08dfb5c20b56ba90c1d9ede157beddfc80cbdd1a0e6c1b1fa119aa0a24122df4f7552ba82cf4cf0c351fddd18be23a766d0a4a25812c2dd878af16857513284eab40406407f3fc058119916859869af8f9251e58d5d2d1e26e8a466eda10a2adcc240a87a4cb4ad3802227c4de1c949ba3608c5a22d1a6897861dd4377a064488293191d35fd74c720ba6bec90ce4051d69af671a3811826166ed76da9d0b3be685947be5f00e7946dc00719c57202ad84399a3eec24d40895d54d211002643dbd0f184a5e786d369d9fbd57de25efcde51ec6b495b8fed138f355f9ee9f5ecb8fd0391d7bbb09936f1355b1601185577039e5ebf6ac6331d30767eeecaa1918f41194965899f0c294663c49b8a207e455811335c4101a74f865a508625cf17093d579f438c648bc0cd89ae2a52e0dec9a68cf9f705b5fb15ad3a513e8900b006dcfa84700673e89f6f5a65cb522ffc0b2e9881cf07949caeb169454e0ca4eef30f9b4465e2481e2e3e5abd244fccba86f174d9869f22f13fc525c9f42326160bc6321b041efeb77123d9563187e327614da37945a08ae2226390b9387e92377ec12a5b9bdc587541f9c69dd9b1327f0af26e9e3d40c0ea511c866642c5c4046f811d5773aeb7256f9313d68e7bf340511a95893aa7fdad968935365a556ec7ee4e1e75fecb28712e0cf49f00b908641e5262610a8f1f40231c10c7cfde94f0bd91744244d30653cc677e3bd67e0bd15562572e40a088f351cb5eff4553c0814e5774e5bdf16abfb77726ea85f5af8a7e9a89c5537d1d1436f8788e1835ea0b0bfdf361741b7f1a96dca052d7df4a523f2b7a82c0b4045dd670a9bd13c6accf8a068ab9373bb1a1ba4c8f7ec03bec6dfab1e03c2b27944330c8defdff462f1b30d8abf7a9d38fe5423ca23e8817cb8ce7af698a2ec6fb8641628c30a8640bcddc6553e4f98461e2f3bb791652a22d22cad0a7b8b8c9fa7f5de65fb43fe4dc0e414b9ae9eaf2eef8ed7399d4480c0e7f3a7746c0848e164eac8c674a5094bf7c6983ac68e912f46fb83c47fe423e5a8b309db638ad0f4e89d71c82ce3d0cf5eeeab2ce47511808661d238eac1ff0086c345634620491138fb1203a8f3bfdc2e7a147e7fd16c673f2cc4da1dce2a34f9fd33bc3bd414cdf7d4eecd6c4d37ae26887822b6081041653066b538e90318b620faa5bb2cb3b4f9d4b0d5b8f1c7971d9945975df0c5fc02ea4393545483444f1289b39e6fa39e20027149d16a49052f5aa515024c890b25410b9770850df25f8c2bdd2a3fd5ecfa5937d8de0c789c7d168e133d991a2ae9af69cc85882d76016fb75e723ec8e210f935c01c822f790213165150d9b01e729bdb8a384030b9e62ffb62520880ce32ebe123d8df76e2219466c934ade8345877285e399d234bc20c90dfcf10873f416d249f67f7dd576d94c5af85215068590829eba5c806f8bffe058500c8712035982a489d072e4f478ed51aea811bbb78222c4f7c80b2f3d140236d122a413740a7b0284fb31506a3dedf1b0c28969be0d89428bd67ddbde00bbeae336f0a0443a701733236c252149f383eca085d28f1b05c948310d284ac73cec87b580945312f903387a9909b592499c81f7d864f89a784dff220b541ad18f3417a4a1e6a4e94c89488f3e3aeb31f6b61e46bf7d79658233cf65bf11dc06fde264f38d95ff840ba05adb1e2fa7ea1d862f1e5e9d2fdb5c23dbc1030e658bd312a240342f4518f19cb5a2cb3227cf3babaecef418f2266a6050c6a5c3fb0ac9aff7c210da0987eafeb68cfdde0298861cf2f6756955e8d24c5f4822aaf741aaf413b11b1085e276e253f9405c7ecc4b7b423bfe760af0cd1c78d1dd80642ff034113236270a640e890f475ccbaba797ae9fba3598822d46c300c63a8cdb9adba32a5ed1d7f395290c11c8e373cac9b28931354ff907625dffc45313759156a028e6f1319961403c3f59842fd00fec0f24e99d7cf3861f5f9bdf1b1de9a888ce0d5ac244b8e246864e12d39deebca253bb9599a8b839aa55a018d9c0ca9cfadb5169ea810e1ac472ddc3ecde31eb705f73c271534ec4a4be40e5a20f6221d086576d2958419e57f0f939805156030fdd24366ad0e68355d268a50682f02bea8c0d4fab2dc4be85a3f841184f6c9463ecfc888864bf75ff23b25638645df5fe0e6d40de849779e945d3148140b2cc29a7c001aeb20339429a19675605dfbf7e83709ccb47e2a4c8030ba96f40009aaa9c837ef0b57caf7ce9f223e27b18ec75b5939fa72d29af55773d437e9cb16628f5d3f53f6457687634e46891386e72ab210395b94853538906e7d0363808ee7fa74ed1f7ade91b8304330764b36de41123e0468eb1f1fd0221e396106b872795797ecfe42c02c56b8912258faf7cee788c37f2853aedf2aac188c484fee213907ec8f1efbc10291f8dba0fd11529f8275ce7294205a660bea7f7ba7facc4f56a6c074e468e50db16a5ef1c45d56c289344f5c8d85075d0d0df1bf8e4406d2221a0ab530e28a62940b9735e012a2b73924650f0161e644380a07e8d75670b4813843d8c9e7cb472d50d21951890a53e9f3c490035ddf71b2bdf50bc33892caefa29323e90e33a080e2954d14e323b0a635a93458fcabf049a7a9f7e20c07eb17292a78a1511831282a2d686652893f2101c0884104fe939de5987dda9eeb63abe27643f942f524320a57eb9adb69c37deb3b980081fb74d2a0d147b642f5f147bbfc29a7b27331f44c622aad19d46210239a4dca1bb1f98ef789bdb08037a45a101bd6d417e414f50aa85dcd8fa9038b3b964ba23881d51665ee63f3ea12415074c4585a5368cc5c0598612d768544cc378c7ca92fe70966265b7c2ba33920e7c4fd98e70918a1f2570f7f4b9aedd68fd730995d51c436b9c1d7c603d32169bd30508c14364e20802c085209cd789dbce6af167e4e01a0b62ce46a1e66f93b51bc373b3d11c604dee9485573f24b5173b0778dd6b55a2c0ac076b6c20bbc79ff660e21ca94e3fbf284dd1d8e27eb57cc0dfd2850eac8a6c5755b758c618f4bd99d01db63714882cd4f8c0dee388ad34be2ec32f8776d31b472b4feefaad5146d36132aa3685cf34371c30f6f77d1bd4ca0f5f6ac7a5d689968209a04682036e17d62fe341f82396ccd3e02c1376762667a59776b595d1ca56387abb14e0e80fe0018b5c670da3a1559a664bf2ac853638e792d43697348fe7a4f0977d5f90eac64247abf695c3dc20748b477236220a9ab3415fc85d8435e1ae357cf39bc26ee7c664f952e64662f8572d4d75662a3df8bb2e4bc7e9c4a0aff97a05cd61ccf348d6b937f534bc31b052eb8c76539727f9118b4c0446ec312c098c6998ad46d6b7e65b8606127ee27a20656c974b2f5ae64750f93a0e92bf5fa6db4640eec7c900fd6c7101c31f5f7978eacfe86c5693f9e2d152932f2fb30c25b5f3681037a75ef06d5413c17fe2459bfc9e2135b8b5a167a7c174f68969aed69b51b6752f8d667199747b4ab7592b6d086fc9da74148b1f5b40332a3102ef54b18a1acab1344dcce42ba608d9f270d5f22772b018c6c39a82937b1f5acdaf6a15ca7a52c100f6fa810efb6ab679550a4ec134c48192236a1fe867162db354bb50944aec7cc30c582183de09add5df678a0d7683d475284b8088817037acc1df966bef9a7b32893d40d48154af85fa350c526d21ae906b10a04c3666cb1e976815a5c009611376d39ffbdd8f6611a224fe45187515444ac17c30a3497d1a00f680a29fade70260ef08945d1d169480e5c7771ec9ca9633f26451511cce822ec01ad13f7c2172576d96a36ff47c1d47917cf4171d2772aed6ced9a9b5822be9b0081d59e9d5ae158483510fb4b5b1b680ae7ecf6cf1ef6d39f7a82105b70fafe2c5cf87bd970ee5a9d59254bc5706fab0339513c8ff706210fb6ba27924201ec0c4ecd5c4f7ec28f544b9184a5391eadf600c4895278b0f556449b4d2f34dfb5faa954338339868534e60e08bacfa8735e8630bc012e469a3ced719b0d4030d59229fee5f93b577b3a7e89524118d47282a891874d0b4191c12766cb5e39729eacd89b1fe0b74d2b3bb97e1fa43eb9322af87dce313fbc7b833685862c448bfd7a0f1e1dae4fc0aafbace17e9ac76722d44f609c9ebdfbe8f3ad07e22bec58efbea94d9ebbd126cec2a5a850e4d7fd4194d9124d7a31b83e2b99bea5b25a927d4fb14a15ef4df59095dd5eb2798fc4c4f1d9f688943bbf6667dbe5fa274145891c7ef6c9735f2ecdaaaf96b416531879ab2ad3bdd5191f1b6fc69c18470632cafa39ba54a6f5d61d0640f2d215c6abb1a5ee5228e799853d0b6b9afa2b302688630178177238efda8cae0936c2b1eba04ce736fb84cbeb7c493828b128d9c4e39bf032ebdf45fb04dcf74dff2a245d90081954f0626564ffa462308f0f2c0f75cf2a4dbd974c6af9b2b0de1222e38a177ab014e32902fdff29b23ae0ead97a7e3b6f97358a61f53e83c11720537a4af4ae51775b5500c488b373c3f4e966e550899339085fc751dfe63bb242ea7b8fb9a4d58b5877c28220d3860c0512ce4e7e9be0e9a86ea1aef22de96"}, 0x20000) r1 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x8800) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e22, 0x3, @local={0xfe, 0x80, [], 0xaa}, 0x10001}}}, &(0x7f0000000200)=0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000240)={r2, 0x8001}, 0x8) getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000080), &(0x7f0000000100)=0x68) ioctl$VT_RELDISP(r1, 0x5605) getsockopt$packet_int(r0, 0x107, 0xb, &(0x7f0000000000), &(0x7f00000003c0)=0x67) 2033/05/18 03:44:19 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000000100"}, 0x6e) 2033/05/18 03:44:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:19 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:19 executing program 6: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x200400, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@ipv4={[], [0xff, 0xff], @multicast1=0xe0000001}, 0x5, 0x3, 0xff, 0xf, 0x2, 0x5, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@dev={0xfe, 0x80, [], 0x1a}, 0x80000001, 0x1, 0xff, 0x0, 0x80000001, 0xfffffffffffffff7, 0x54}, 0x20) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000cc0)={{{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @dev}}, 0x0, @in=@multicast2}}, &(0x7f0000000dc0)=0xe8) bpf$PROG_LOAD(0x5, &(0x7f0000000e00)={0x11, 0x2, &(0x7f00000000c0)=@raw=[@map={0x18, 0xa, 0x1, 0x0, r0}], &(0x7f0000000100)='GPL\x00', 0x800, 0x4, &(0x7f0000000140)=""/4, 0x41100, 0x1, [], r1, 0xf}, 0x48) lgetxattr(&(0x7f0000000e80)='./file0\x00', &(0x7f0000000ec0)=@random={'system.', 'GPL\x00'}, &(0x7f0000000f00)=""/71, 0x47) socketpair$inet_sctp(0x2, 0x0, 0x84, &(0x7f0000000f80)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r3, 0x84, 0x74, &(0x7f0000000fc0)=""/210, &(0x7f00000010c0)=0xd2) ioctl$KVM_GET_DEBUGREGS(r0, 0x8080aea1, &(0x7f0000001100)) r5 = getpgrp(0x0) ioctl$sock_FIOSETOWN(r4, 0x8901, &(0x7f0000001180)=r5) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000011c0)={{{@in=@rand_addr=0x9, @in6=@dev={0xfe, 0x80, [], 0x1a}, 0x4e20, 0x101, 0x4e20, 0xfff, 0x0, 0xa0, 0x80, 0x8, r1, r2}, {0x2, 0x5, 0x0, 0x3, 0x6, 0x9, 0x1f, 0x10000}, {0x1, 0x6, 0x4, 0xff}, 0x1, 0x6e6bbb, 0x2, 0x1, 0x1, 0x3}, {{@in6=@mcast2={0xff, 0x2, [], 0x1}, 0x4d4, 0x33}, 0xa, @in6=@loopback={0x0, 0x1}, 0x3502, 0x3, 0x2, 0xffffffff, 0x7, 0x4, 0xfff}}, 0xe8) ioctl$DRM_IOCTL_IRQ_BUSID(r3, 0xc0106403, &(0x7f00000012c0)={0x0, 0x401, 0x7, 0x1}) bpf$MAP_CREATE(0x0, &(0x7f0000001300)={0x0, 0x8001, 0x8daf, 0x800, 0x9, r0, 0x400}, 0x2c) accept4$llc(r0, 0x0, &(0x7f0000001340), 0x0) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000001380)={@remote={0xfe, 0x80, [], 0xbb}, @mcast1={0xff, 0x1, [], 0x1}, @empty, 0x10000, 0xfff, 0x0, 0x400, 0x8, 0x20, r1}) ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f0000001400)) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000001540)={r0, &(0x7f0000001440)="ae3c2d1bd8e1439c44e562cf915b305bbe34308df17b4f1818ae0eebd0c2488d9fdc023cb58b872cd71e04f6a66d3f5bf3757a1f9270c77af5713590d5c51625d59a9cf2aa3bdbf38ca59c212d02935057cbcc035ef4afee9f832019c6b02fe2484ce51bc422c5c78736cf8653ca8fb4f480a4756f30f2e4240461f1b35382f78511afdf496e5783945fc43664371e50fe8fb0f9aab83cc5ab43d1a6830f07e34a18264e27c6e4b1b4c7657171384deaef7f913af5879dccf86c7ec92dd82e9c991d34dc5c8839bacfe6efbcbfcb37267e"}, 0x10) r6 = socket$key(0xf, 0x3, 0x2) getsockopt$inet_mreqn(r4, 0x0, 0x27, &(0x7f0000001580)={@local, @remote, 0x0}, &(0x7f00000015c0)=0xc) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000001600)={@remote={0xfe, 0x80, [], 0xbb}, @mcast1={0xff, 0x1, [], 0x1}, @remote={0xfe, 0x80, [], 0xbb}, 0x0, 0x3ff, 0xe5d, 0x500, 0x6, 0x400000, r7}) ioctl$SNDRV_TIMER_IOCTL_STATUS(r0, 0x80605414, &(0x7f0000001680)=""/188) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000001740)={0x0, 0xdc}, &(0x7f0000001780)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f00000017c0)={0x8, 0xd, 0x2, 0x6, r8}, &(0x7f0000001800)=0x10) utime(&(0x7f0000001840)='./file0\x00', &(0x7f0000001880)={0xbb82, 0x9}) getdents(r0, &(0x7f00000018c0)=""/33, 0x21) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000001900)='ip6gretap0\x00', 0x10) r9 = accept$unix(r0, &(0x7f0000001940), &(0x7f00000019c0)=0x6e) accept4$bt_l2cap(r6, &(0x7f0000001a00), &(0x7f0000001a40)=0xe, 0x800) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r9, &(0x7f0000001a80)={0x8}) 2033/05/18 03:44:19 executing program 7: r0 = syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x1, 0x44000) ioctl$KDSKBLED(r0, 0x4b65, 0x0) r1 = socket(0x2, 0x1, 0x0) r2 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x40) ioctl$KDGKBMODE(r2, 0x4b44, &(0x7f0000000080)) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r3 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r3, 0x10d, 0x2, &(0x7f0000000000)=r3, 0x36) ioctl$TIOCGETD(r2, 0x5424, &(0x7f0000000100)) 2033/05/18 03:44:19 executing program 4 (fault-call:4 fault-nth:59): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) [ 960.268651] RIP: 0033:0x455a09 [ 960.271827] RSP: 002b:00007f7983decb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 960.279520] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 960.286770] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 960.294038] RBP: 0000000020000140 R08: 00007f7983decb20 R09: 0000000000000000 [ 960.301296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 960.308552] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 960.346536] binder: 3143:3144 got reply transaction with no transaction stack [ 960.353982] binder: 3143:3144 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:19 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000000000000000200"}, 0x6e) [ 960.423654] FAULT_INJECTION: forcing a failure. [ 960.423654] name failslab, interval 1, probability 0, space 0, times 0 [ 960.435075] CPU: 1 PID: 3163 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 960.442278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 960.451645] Call Trace: [ 960.454257] dump_stack+0x1b9/0x294 [ 960.457921] ? dump_stack_print_info.cold.2+0x52/0x52 [ 960.460088] binder: 3161:3166 Acquire 1 refcount change on invalid ref 207814656 ret -22 [ 960.463134] ? lock_release+0xa10/0xa10 [ 960.463162] should_fail.cold.4+0xa/0x1a [ 960.463185] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 960.463206] ? kasan_check_write+0x14/0x20 [ 960.463219] ? __mutex_lock+0x7d9/0x17f0 [ 960.463238] ? perf_trace_lock+0xd6/0x900 [ 960.471500] binder: 3161:3166 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 960.475444] ? graph_lock+0x170/0x170 [ 960.475464] ? zap_class+0x720/0x720 [ 960.475482] ? find_held_lock+0x36/0x1c0 [ 960.475504] ? __lock_is_held+0xb5/0x140 2033/05/18 03:44:19 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000000000500"}, 0x6e) [ 960.475533] ? check_same_owner+0x320/0x320 [ 960.475545] ? find_held_lock+0x36/0x1c0 [ 960.475561] ? rcu_note_context_switch+0x710/0x710 [ 960.475578] __should_failslab+0x124/0x180 [ 960.475599] should_failslab+0x9/0x14 [ 960.475617] kmem_cache_alloc+0x2af/0x760 [ 960.475633] ? kasan_check_write+0x14/0x20 [ 960.475649] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 960.475662] ? lock_downgrade+0x8e0/0x8e0 [ 960.475677] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 960.475694] __kernfs_new_node+0xe7/0x580 [ 960.475713] ? kernfs_dop_revalidate+0x3c0/0x3c0 2033/05/18 03:44:19 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000effdffff00"}, 0x6e) 2033/05/18 03:44:19 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000500"}, 0x6e) [ 960.479788] binder: 3161:3166 unknown command 0 [ 960.484858] ? kasan_check_write+0x14/0x20 [ 960.484875] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 960.484893] ? __lock_is_held+0xb5/0x140 [ 960.484909] ? wait_for_completion+0x870/0x870 [ 960.550383] binder: 3161:3166 ioctl c0306201 20000540 returned -22 [ 960.555185] kernfs_new_node+0x80/0xf0 [ 960.555206] __kernfs_create_file+0x4d/0x330 [ 960.555225] sysfs_add_file_mode_ns+0x21a/0x560 [ 960.555248] internal_create_group+0x282/0x970 [ 960.555274] sysfs_create_groups+0x9b/0x150 [ 960.555298] device_add+0x84d/0x16d0 [ 960.555318] ? device_private_init+0x230/0x230 [ 960.555331] ? kfree+0x1e9/0x260 [ 960.555350] ? kfree_const+0x5e/0x70 [ 960.603746] binder: BINDER_SET_CONTEXT_MGR already set [ 960.605956] device_create_groups_vargs+0x1ff/0x270 [ 960.605979] device_create_vargs+0x46/0x60 [ 960.606001] bdi_register_va.part.10+0xbb/0x9b0 [ 960.606018] ? cgwb_kill+0x630/0x630 [ 960.606039] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 960.606052] ? bdi_init+0x416/0x510 2033/05/18 03:44:19 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000000000000000100"}, 0x6e) [ 960.606066] ? wb_init+0x9e0/0x9e0 [ 960.606086] ? bdi_alloc_node+0x67/0xe0 [ 960.638921] binder: 3161:3166 ioctl 40046207 0 returned -16 [ 960.639401] ? bdi_alloc_node+0x67/0xe0 [ 960.639418] ? rcu_read_lock_sched_held+0x108/0x120 [ 960.639437] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 960.654781] binder: 3161:3182 Acquire 1 refcount change on invalid ref 207814656 ret -22 [ 960.658617] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 960.658636] ? refcount_sub_and_test+0x212/0x330 [ 960.658657] bdi_register_va+0x68/0x80 [ 960.658677] super_setup_bdi_name+0x123/0x220 [ 960.658693] ? kill_block_super+0x100/0x100 [ 960.658712] ? kmem_cache_alloc_trace+0x616/0x780 [ 960.658737] fuse_fill_super+0xe6e/0x1e20 [ 960.662559] binder: 3161:3182 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 960.668053] ? fuse_get_root_inode+0x190/0x190 [ 960.668077] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 960.668098] ? vsnprintf+0x242/0x1b40 [ 960.671842] binder: 3161:3182 unknown command 0 [ 960.675352] ? pointer+0xa10/0xa10 [ 960.675377] ? vsprintf+0x40/0x40 [ 960.675401] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 960.777247] ? set_blocksize+0x2c4/0x350 [ 960.781301] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 960.786830] mount_bdev+0x30c/0x3e0 [ 960.790445] ? fuse_get_root_inode+0x190/0x190 [ 960.795024] fuse_mount_blk+0x34/0x40 [ 960.798814] mount_fs+0xae/0x328 [ 960.802180] vfs_kern_mount.part.34+0xd4/0x4d0 [ 960.806754] ? may_umount+0xb0/0xb0 [ 960.810371] ? _raw_read_unlock+0x22/0x30 [ 960.814506] ? __get_fs_type+0x97/0xc0 [ 960.818382] do_mount+0x564/0x3070 [ 960.821919] ? copy_mount_string+0x40/0x40 [ 960.826143] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 960.831150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 960.835897] ? retint_kernel+0x10/0x10 [ 960.839788] ? copy_mount_options+0x1f0/0x380 [ 960.844271] ? copy_mount_options+0x1fa/0x380 [ 960.848766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 960.854289] ? copy_mount_options+0x285/0x380 [ 960.858775] ksys_mount+0x12d/0x140 [ 960.862475] __x64_sys_mount+0xbe/0x150 [ 960.866433] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 960.871435] do_syscall_64+0x1b1/0x800 [ 960.875313] ? finish_task_switch+0x1ca/0x840 [ 960.879798] ? syscall_return_slowpath+0x5c0/0x5c0 [ 960.884717] ? syscall_return_slowpath+0x30f/0x5c0 [ 960.889633] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 960.894994] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 960.899830] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 960.905009] RIP: 0033:0x455a09 [ 960.908187] RSP: 002b:00007f7983decb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 960.915881] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 2033/05/18 03:44:19 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x23de632f, {0x2, 0x4e21, @multicast2=0xe0000002}, {0x2, 0x4e24, @multicast2=0xe0000002}, {0x2, 0x4e22, @multicast2=0xe0000002}, 0x0, 0x80000001, 0x0, 0x9, 0x9, &(0x7f0000000000)='team_slave_1\x00', 0x1000, 0x3, 0x8}) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x100) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f00000000c0)=r2, 0x37d) 2033/05/18 03:44:19 executing program 0: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(&(0x7f0000005480)='./file0\x00', &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='hugetlbfs\x00', 0x0, &(0x7f0000000240)="07c731678d56e73ee219884c82ced2cb2e2d576facb971ee0412c1069db35f6d5c82dda058683b3a0365841c14e4dfdfd46f29974c0cef3a81cbf9832e537cae5a0835cd9047c2ba853d0fc222c055c2470945fdd2e9d377086bc7bff074cd6150dcdd967f91b1a8603915922f750000000000000000") utime(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)={0x20, 0x401}) r0 = dup(0xffffffffffffff9c) ioctl$KDGKBDIACR(r0, 0x4b4a, &(0x7f00000000c0)=""/199) chdir(&(0x7f0000000000)='./file0\x00') mknod(&(0x7f0000000080)='./file0\x00', 0xffffc000, 0x0) 2033/05/18 03:44:19 executing program 6: r0 = getpgrp(0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x9, 0x244000) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000080)) r2 = perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, r0, 0x0, 0xffffffffffffffff, 0x0) rt_sigtimedwait(&(0x7f0000448000), &(0x7f0000d31ff0), &(0x7f00007adff0)={0x77359400}, 0x8) ioctl$PERF_EVENT_IOC_DISABLE(r2, 0x2401, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r2, 0x2401, 0x0) fcntl$lock(r1, 0x0, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x20, r0}) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000100)={{{@in=@dev, @in6}}, {{@in6=@loopback}, 0x0, @in6=@mcast2}}, &(0x7f0000000200)=0xe8) [ 960.923135] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 960.930387] RBP: 0000000020000140 R08: 00007f7983decb20 R09: 0000000000000000 [ 960.937641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 960.944893] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 960.958146] binder: 3161:3182 ioctl c0306201 20000540 returned -22 [ 960.961588] binder: BINDER_SET_CONTEXT_MGR already set [ 961.013634] hugetlbfs: Bad mount option: "Ç1gVç>âˆL‚ÎÒË.-Wo¬¹qîÁ³_m\‚Ý Xh;:e„äßßÔo)—L ï:Ëùƒ.S|®Z5ÍGº…=Â"ÀUÂG EýÒéÓwkÇ¿ðtÍaPÜÝ–‘±¨`9’/u" [ 961.028506] binder: 3143:3183 ioctl 40046207 0 returned -16 [ 961.048166] binder: 3143:3184 got reply transaction with no transaction stack [ 961.055648] binder: 3143:3184 transaction failed 29201/-71, size 0-0 line 2763 [ 961.077139] hugetlbfs: Bad mount option: "Ç1gVç>âˆL‚ÎÒË.-Wo¬¹qîÁ³_m\‚Ý Xh;:e„äßßÔo)—L ï:Ëùƒ.S|®Z5ÍGº…=Â"ÀUÂG EýÒéÓwkÇ¿ðtÍaPÜÝ–‘±¨`9’/u" [ 961.152769] binder: undelivered TRANSACTION_ERROR: 29201 [ 961.159171] binder: undelivered TRANSACTION_ERROR: 29201 2033/05/18 03:44:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0xa630840}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:20 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa000800450000280000000000069078ac1414bbac1414bb00004001", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50f00000de7800001eb28ab2fba22f77b1b35a5b7aa6ca6fbefc0fc51d3e2fff3415c569588ae7e2b25dfe8c754bffd92fac17e1cc6c1fdcd238ae46e245d43d09c8caf66d7c6821eed7dee0e0c7716b78"], &(0x7f0000000100)) 2033/05/18 03:44:20 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:20 executing program 4 (fault-call:4 fault-nth:60): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:20 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$kcm(0xa, 0x6, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040)='/dev/snd/midiC#D#\x00', 0x3, 0x42002) setsockopt$sock_attach_bpf(r1, 0x10d, 0x2, &(0x7f0000000000)=r2, 0x4) socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000080)) 2033/05/18 03:44:20 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000000000fffffdef00"}, 0x6e) 2033/05/18 03:44:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:20 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'rmd320-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, &(0x7f0000001040)=0xfffffffffffffe73, 0x0) sendmmsg$inet_sctp(r1, &(0x7f0000000c40)=[{&(0x7f0000000000)=@in={0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10, &(0x7f0000000c00), 0x0, 0x0, 0x0, 0x4004}], 0x1, 0x0) [ 962.109241] binder: 3215:3217 got reply transaction with no transaction stack [ 962.116610] binder: 3215:3217 transaction failed 29201/-71, size 0-0 line 2763 [ 962.133095] FAULT_INJECTION: forcing a failure. [ 962.133095] name failslab, interval 1, probability 0, space 0, times 0 [ 962.144418] CPU: 1 PID: 3221 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 2033/05/18 03:44:21 executing program 0: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x0, 0x0) ioctl$HDIO_GETGEO(r0, 0x301, &(0x7f00000000c0)) r1 = socket$alg(0x26, 0x5, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp6\x00') bind$alg(r1, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r3 = accept4$alg(r1, 0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x0, 0x81, 0x11, &(0x7f0000000200)="68e179acfc4a067197b965536b71edbc2d4b7c0374b32c0f338398b8e863f7186bae454537f01d731d3a8b8e27d3bce6934a6ecedc65830fe5d3e04620024d6301215fea63d16feab25e91622de6f4774b0af22a2d66c07ca8864082bd16b0de8f3cf7576e8c93767faee4ed5d92979f47658de2457f6739d99d5ebac205137dbe", &(0x7f0000000100)=""/17, 0x4}, 0x28) sendfile(r3, r2, &(0x7f0000000000), 0x447) 2033/05/18 03:44:21 executing program 6: clock_adjtime(0x0, &(0x7f0000000080)={0x73db, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x26bd}) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x101, 0x2, 0x1, 0xffffffffffffffff}) ioctl(r0, 0x8, &(0x7f0000000180)="01f6d613a39ccc4896b33de3a540527f96bf0308c917767138721b5bf22c51a163c85c6f6f61dc6565d1fdbb84999f28bbd47007886e46041e5c6c0bf5639e203a475bd8f360387a3c5f84807c7516fa0f8583c29a82e6986e789ac14e662cd0de29a2249e1d3b23bec68bc574fa0a7c50229403586aff249a9cfb6978d92c") pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x80000) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, &(0x7f0000000200)=[@in={0x2, 0x4e20, @multicast2=0xe0000002}, @in={0x2, 0x4e22, @multicast1=0xe0000001}, @in6={0xa, 0x4e22, 0x100000000, @ipv4={[], [0xff, 0xff], @rand_addr=0x8000}, 0x34}], 0x3c) [ 962.151610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 962.160963] Call Trace: [ 962.163564] dump_stack+0x1b9/0x294 [ 962.167214] ? dump_stack_print_info.cold.2+0x52/0x52 [ 962.172428] should_fail.cold.4+0xa/0x1a [ 962.176501] ? perf_trace_lock+0xd6/0x900 [ 962.180667] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 962.185793] ? zap_class+0x720/0x720 [ 962.189522] ? graph_lock+0x170/0x170 [ 962.193335] ? __mutex_lock+0x7d9/0x17f0 [ 962.197413] ? find_held_lock+0x36/0x1c0 [ 962.201492] ? __lock_is_held+0xb5/0x140 [ 962.205580] ? check_same_owner+0x320/0x320 [ 962.209920] ? rcu_note_context_switch+0x710/0x710 [ 962.214865] __should_failslab+0x124/0x180 [ 962.219108] should_failslab+0x9/0x14 [ 962.222905] __kmalloc_track_caller+0x2c4/0x760 [ 962.227574] ? graph_lock+0x170/0x170 [ 962.231367] ? graph_lock+0x170/0x170 [ 962.235165] ? kstrdup_const+0x66/0x80 [ 962.239048] kstrdup+0x39/0x70 [ 962.242229] kstrdup_const+0x66/0x80 [ 962.245935] __kernfs_new_node+0xa8/0x580 [ 962.250075] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 962.254820] ? lock_downgrade+0x8e0/0x8e0 [ 962.258961] ? kasan_check_read+0x11/0x20 [ 962.263110] ? do_raw_spin_unlock+0x9e/0x2e0 [ 962.267509] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 962.272083] kernfs_new_node+0x80/0xf0 [ 962.275960] kernfs_create_link+0x33/0x180 [ 962.280183] sysfs_do_create_link_sd.isra.2+0x90/0x130 [ 962.285458] sysfs_create_link+0x65/0xc0 [ 962.289507] device_add+0x7a0/0x16d0 [ 962.293221] ? device_private_init+0x230/0x230 [ 962.297789] ? kfree+0x1e9/0x260 [ 962.301154] ? kfree_const+0x5e/0x70 [ 962.304857] device_create_groups_vargs+0x1ff/0x270 [ 962.309870] device_create_vargs+0x46/0x60 [ 962.314097] bdi_register_va.part.10+0xbb/0x9b0 [ 962.318751] ? cgwb_kill+0x630/0x630 [ 962.322454] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 962.327977] ? bdi_init+0x416/0x510 [ 962.331587] ? wb_init+0x9e0/0x9e0 [ 962.335115] ? bdi_alloc_node+0x67/0xe0 [ 962.339077] ? bdi_alloc_node+0x67/0xe0 [ 962.343040] ? rcu_read_lock_sched_held+0x108/0x120 [ 962.348043] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 962.353306] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 962.358834] ? refcount_sub_and_test+0x212/0x330 [ 962.363578] bdi_register_va+0x68/0x80 [ 962.367453] super_setup_bdi_name+0x123/0x220 [ 962.371933] ? kill_block_super+0x100/0x100 [ 962.376241] ? kmem_cache_alloc_trace+0x616/0x780 [ 962.381076] fuse_fill_super+0xe6e/0x1e20 [ 962.385218] ? fuse_get_root_inode+0x190/0x190 [ 962.389790] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 962.395315] ? vsnprintf+0x242/0x1b40 [ 962.399109] ? pointer+0xa10/0xa10 [ 962.402657] ? vsprintf+0x40/0x40 [ 962.406099] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 962.411110] ? set_blocksize+0x2c4/0x350 [ 962.415165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 962.420708] mount_bdev+0x30c/0x3e0 [ 962.424410] ? fuse_get_root_inode+0x190/0x190 [ 962.428980] fuse_mount_blk+0x34/0x40 [ 962.432780] mount_fs+0xae/0x328 [ 962.436142] vfs_kern_mount.part.34+0xd4/0x4d0 [ 962.440714] ? may_umount+0xb0/0xb0 [ 962.444327] ? _raw_read_unlock+0x22/0x30 [ 962.448461] ? __get_fs_type+0x97/0xc0 [ 962.452341] do_mount+0x564/0x3070 [ 962.455867] ? do_raw_spin_unlock+0x9e/0x2e0 [ 962.460266] ? copy_mount_string+0x40/0x40 [ 962.464489] ? rcu_pm_notify+0xc0/0xc0 [ 962.468368] ? copy_mount_options+0x5f/0x380 [ 962.472760] ? rcu_read_lock_sched_held+0x108/0x120 [ 962.477762] ? kmem_cache_alloc_trace+0x616/0x780 [ 962.482595] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 962.488135] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 962.493666] ? copy_mount_options+0x285/0x380 [ 962.498149] ksys_mount+0x12d/0x140 [ 962.501763] __x64_sys_mount+0xbe/0x150 [ 962.505721] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 962.510727] do_syscall_64+0x1b1/0x800 [ 962.514601] ? finish_task_switch+0x1ca/0x840 [ 962.519100] ? syscall_return_slowpath+0x5c0/0x5c0 [ 962.524026] ? syscall_return_slowpath+0x30f/0x5c0 [ 962.528945] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 962.534297] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 962.539132] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 962.544309] RIP: 0033:0x455a09 [ 962.547487] RSP: 002b:00007f7983decb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 2033/05/18 03:44:21 executing program 0: r0 = socket(0xa, 0x1, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) ioctl$TCSBRK(r1, 0x5409, 0x2) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") getsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000000), &(0x7f00000000c0)=0x4) set_mempolicy(0x1, &(0x7f0000000040)=0x2, 0x3) set_mempolicy(0x0, &(0x7f0000000080), 0x1) [ 962.555182] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 962.562434] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 962.569698] RBP: 0000000020000140 R08: 00007f7983decb20 R09: 0000000000000000 [ 962.576952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 962.584207] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:44:21 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000000000000ffff00"}, 0x6e) [ 962.628129] binder: BINDER_SET_CONTEXT_MGR already set 2033/05/18 03:44:21 executing program 7: r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") socket$kcm(0xa, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x3c, &(0x7f0000000000)=[@in6={0xa, 0x4e22, 0x2000000000000, @local={0xfe, 0x80, [], 0xaa}, 0x1000}, @in={0x2, 0x4e21, @multicast1=0xe0000001}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xa}}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000140)={r1, 0xba4, 0x20}, &(0x7f0000000180)=0xc) socketpair(0x9, 0x6, 0x1, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r0, 0x10d, 0x2, &(0x7f0000000080)=r2, 0x4) 2033/05/18 03:44:21 executing program 4 (fault-call:4 fault-nth:61): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) [ 962.649358] binder: 3215:3239 got reply transaction with no transaction stack [ 962.656754] binder: 3215:3239 transaction failed 29201/-71, size 0-0 line 2763 [ 962.673818] binder: 3215:3217 ioctl 40046207 0 returned -16 2033/05/18 03:44:21 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000000000000000300"}, 0x6e) [ 962.728611] binder: 3237:3249 Acquire 1 refcount change on invalid ref 174262336 ret -22 [ 962.736963] binder: 3237:3249 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 962.744558] binder: 3237:3249 unknown command 0 2033/05/18 03:44:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 962.771256] binder: undelivered TRANSACTION_ERROR: 29201 [ 962.777273] binder: undelivered TRANSACTION_ERROR: 29201 [ 962.841156] FAULT_INJECTION: forcing a failure. [ 962.841156] name failslab, interval 1, probability 0, space 0, times 0 [ 962.852517] CPU: 0 PID: 3257 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 962.859720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 962.869085] Call Trace: [ 962.870188] binder: 3237:3249 ioctl c0306201 20000540 returned -22 [ 962.871690] dump_stack+0x1b9/0x294 [ 962.871722] ? dump_stack_print_info.cold.2+0x52/0x52 [ 962.871764] should_fail.cold.4+0xa/0x1a [ 962.890952] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 962.894138] binder: BINDER_SET_CONTEXT_MGR already set [ 962.896102] ? graph_lock+0x170/0x170 [ 962.896130] ? perf_trace_run_bpf_submit+0x23f/0x370 [ 962.896152] ? find_held_lock+0x36/0x1c0 [ 962.907993] binder: 3237:3249 ioctl 40046207 0 returned -16 [ 962.910334] ? __lock_is_held+0xb5/0x140 [ 962.910377] ? check_same_owner+0x320/0x320 [ 962.910400] ? rcu_note_context_switch+0x710/0x710 [ 962.918576] binder: 3266:3268 got reply transaction with no transaction stack [ 962.920171] __should_failslab+0x124/0x180 [ 962.920193] should_failslab+0x9/0x14 [ 962.920216] __kmalloc_track_caller+0x2c4/0x760 [ 962.924326] binder: 3266:3268 transaction failed 29201/-71, size 0-0 line 2763 [ 962.928601] ? graph_lock+0x170/0x170 [ 962.928631] ? kstrdup_const+0x66/0x80 [ 962.934836] binder: BINDER_SET_CONTEXT_MGR already set [ 962.940832] kstrdup+0x39/0x70 [ 962.940855] kstrdup_const+0x66/0x80 [ 962.940877] __kernfs_new_node+0xa8/0x580 [ 962.940899] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 962.946513] binder: 3237:3270 Acquire 1 refcount change on invalid ref 174262336 ret -22 [ 962.949533] ? lock_downgrade+0x8e0/0x8e0 [ 962.949566] ? kasan_check_read+0x11/0x20 [ 962.949582] ? do_raw_spin_unlock+0x9e/0x2e0 [ 962.949607] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 962.954299] binder: 3237:3270 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 962.961622] kernfs_new_node+0x80/0xf0 [ 962.961648] kernfs_create_link+0x33/0x180 [ 962.961671] sysfs_do_create_link_sd.isra.2+0x90/0x130 [ 962.965477] binder: 3237:3270 unknown command 0 [ 962.969332] sysfs_create_link+0x65/0xc0 [ 962.969358] device_add+0x7a0/0x16d0 [ 962.974988] binder: 3266:3268 ioctl 40046207 0 returned -16 [ 962.977826] ? device_private_init+0x230/0x230 [ 962.977843] ? kfree+0x1e9/0x260 [ 962.977865] ? kfree_const+0x5e/0x70 [ 962.977889] device_create_groups_vargs+0x1ff/0x270 [ 962.984090] binder: 3237:3270 ioctl c0306201 20000540 returned -22 [ 962.985741] device_create_vargs+0x46/0x60 [ 962.985772] bdi_register_va.part.10+0xbb/0x9b0 [ 962.985793] ? cgwb_kill+0x630/0x630 [ 962.985816] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 962.993242] binder: 3266:3269 got reply transaction with no transaction stack [ 962.998782] ? bdi_init+0x416/0x510 [ 962.998799] ? wb_init+0x9e0/0x9e0 [ 962.998821] ? bdi_alloc_node+0x67/0xe0 [ 962.998836] ? bdi_alloc_node+0x67/0xe0 [ 962.998855] ? rcu_read_lock_sched_held+0x108/0x120 [ 962.998877] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 963.003048] binder: 3266:3269 transaction failed 29201/-71, size 0-0 line 2763 [ 963.007224] ? nlmsvc_retrieve_args+0xa0/0x4b0 [ 963.007260] bdi_register_va+0x68/0x80 [ 963.007283] super_setup_bdi_name+0x123/0x220 [ 963.036602] binder: undelivered TRANSACTION_ERROR: 29201 [ 963.037156] ? kill_block_super+0x100/0x100 [ 963.037179] ? kmem_cache_alloc_trace+0x616/0x780 [ 963.042243] binder: undelivered TRANSACTION_ERROR: 29201 [ 963.045903] fuse_fill_super+0xe6e/0x1e20 [ 963.045937] ? fuse_get_root_inode+0x190/0x190 [ 963.045964] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 963.045980] ? vsnprintf+0x242/0x1b40 [ 963.046010] ? pointer+0xa10/0xa10 [ 963.190731] ? vsprintf+0x40/0x40 [ 963.194199] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 963.199205] ? set_blocksize+0x2c4/0x350 [ 963.203260] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 963.208789] mount_bdev+0x30c/0x3e0 [ 963.212405] ? fuse_get_root_inode+0x190/0x190 [ 963.216979] fuse_mount_blk+0x34/0x40 [ 963.220772] mount_fs+0xae/0x328 [ 963.224138] vfs_kern_mount.part.34+0xd4/0x4d0 [ 963.228716] ? may_umount+0xb0/0xb0 [ 963.232356] ? _raw_read_unlock+0x22/0x30 [ 963.236526] ? __get_fs_type+0x97/0xc0 [ 963.240440] do_mount+0x564/0x3070 [ 963.244000] ? copy_mount_string+0x40/0x40 [ 963.248229] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 963.253001] ? retint_kernel+0x10/0x10 [ 963.256890] ? copy_mount_options+0x1e3/0x380 [ 963.261393] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 963.266923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 963.272450] ? copy_mount_options+0x285/0x380 [ 963.276941] ksys_mount+0x12d/0x140 [ 963.280564] __x64_sys_mount+0xbe/0x150 [ 963.284546] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 963.289568] do_syscall_64+0x1b1/0x800 [ 963.293448] ? finish_task_switch+0x1ca/0x840 [ 963.297936] ? syscall_return_slowpath+0x5c0/0x5c0 [ 963.302855] ? syscall_return_slowpath+0x30f/0x5c0 [ 963.307786] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 963.313142] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 963.317978] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 963.323161] RIP: 0033:0x455a09 [ 963.326340] RSP: 002b:00007f7983decb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 963.334038] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 2033/05/18 03:44:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x600}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:22 executing program 0: r0 = socket(0x3, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xe, &(0x7f0000000040)=0x7fff, 0x4) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) r2 = dup3(r1, r0, 0x80000) ioctl$SNDRV_TIMER_IOCTL_START(r2, 0x54a0) setsockopt$inet_tcp_int(r1, 0x6, 0x4, &(0x7f0000e4d000)=0x77a1, 0xfffffffffffffff0) 2033/05/18 03:44:22 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:22 executing program 6: openat$ashmem(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ashmem\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup3(r0, r0, 0x7fffc) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@ipv6_getmulticast={0x14, 0x3a, 0x410, 0x70bd2a, 0x25dfdbfd, {0xa}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x44}, 0x2400c081) 2033/05/18 03:44:22 executing program 7: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x2000, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000000c0)={'rose0\x00', 0x2}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x82100, 0x0) ioctl$DRM_IOCTL_AGP_ACQUIRE(r0, 0x6430) r1 = socket(0x2, 0x1, 0xffffffff) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r2 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r2, 0x10d, 0x2, &(0x7f0000000000)=r2, 0x36) 2033/05/18 03:44:22 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000000000200"}, 0x6e) 2033/05/18 03:44:22 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:22 executing program 4 (fault-call:4 fault-nth:62): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) [ 963.341305] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 963.348565] RBP: 0000000020000140 R08: 00007f7983decb20 R09: 0000000000000000 [ 963.355820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 963.363077] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 963.429582] binder: 3276:3277 got reply transaction with no transaction stack [ 963.437007] binder: 3276:3277 transaction failed 29201/-71, size 0-0 line 2763 [ 963.446271] sock: process `syz-executor0' is using obsolete setsockopt SO_BSDCOMPAT [ 963.483658] FAULT_INJECTION: forcing a failure. [ 963.483658] name failslab, interval 1, probability 0, space 0, times 0 [ 963.494972] CPU: 1 PID: 3293 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 963.497857] binder: 3291:3295 Acquire 1 refcount change on invalid ref 1536 ret -22 [ 963.502336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 963.502346] Call Trace: [ 963.502373] dump_stack+0x1b9/0x294 [ 963.502395] ? dump_stack_print_info.cold.2+0x52/0x52 [ 963.502411] ? __mutex_lock+0x7d9/0x17f0 [ 963.502434] ? perf_trace_lock+0xd6/0x900 [ 963.510262] binder: 3291:3295 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 963.519626] should_fail.cold.4+0xa/0x1a [ 963.519649] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 963.519671] ? graph_lock+0x170/0x170 [ 963.522261] binder: 3291:3295 unknown command 0 [ 963.525878] ? find_held_lock+0x36/0x1c0 [ 963.525899] ? __lock_is_held+0xb5/0x140 [ 963.525931] ? check_same_owner+0x320/0x320 [ 963.576702] ? kasan_check_write+0x14/0x20 [ 963.580925] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 963.585839] ? rcu_note_context_switch+0x710/0x710 [ 963.590755] __should_failslab+0x124/0x180 [ 963.594978] should_failslab+0x9/0x14 [ 963.598765] kmem_cache_alloc+0x2af/0x760 [ 963.602897] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 963.607821] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 963.612826] __kernfs_new_node+0xe7/0x580 [ 963.616959] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 963.621699] ? mutex_unlock+0xd/0x10 [ 963.625400] ? kernfs_activate+0x20e/0x2a0 [ 963.629626] ? kernfs_walk_and_get_ns+0x320/0x320 [ 963.634469] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 963.639990] ? kernfs_link_sibling+0x1d2/0x3b0 [ 963.644561] kernfs_new_node+0x80/0xf0 [ 963.648439] __kernfs_create_file+0x4d/0x330 [ 963.652841] sysfs_add_file_mode_ns+0x21a/0x560 [ 963.657512] internal_create_group+0x282/0x970 [ 963.662176] sysfs_create_groups+0x9b/0x150 [ 963.666487] device_add+0x84d/0x16d0 [ 963.670189] ? device_private_init+0x230/0x230 [ 963.674758] ? kfree+0x1e9/0x260 [ 963.678113] ? kfree_const+0x5e/0x70 [ 963.681824] device_create_groups_vargs+0x1ff/0x270 [ 963.686832] device_create_vargs+0x46/0x60 [ 963.691239] bdi_register_va.part.10+0xbb/0x9b0 [ 963.695903] ? cgwb_kill+0x630/0x630 [ 963.699604] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 963.705126] ? bdi_init+0x416/0x510 [ 963.708738] ? wb_init+0x9e0/0x9e0 [ 963.712267] ? bdi_alloc_node+0x67/0xe0 [ 963.716227] ? bdi_alloc_node+0x67/0xe0 [ 963.720195] ? rcu_read_lock_sched_held+0x108/0x120 [ 963.725211] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 963.730486] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 963.736036] ? refcount_sub_and_test+0x212/0x330 [ 963.740791] bdi_register_va+0x68/0x80 [ 963.744669] super_setup_bdi_name+0x123/0x220 [ 963.749151] ? kill_block_super+0x100/0x100 [ 963.753459] ? kmem_cache_alloc_trace+0x616/0x780 [ 963.758309] fuse_fill_super+0xe6e/0x1e20 [ 963.762450] ? fuse_get_root_inode+0x190/0x190 [ 963.767110] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 963.772633] ? vsnprintf+0x242/0x1b40 [ 963.776425] ? pointer+0xa10/0xa10 [ 963.779958] ? vsprintf+0x40/0x40 [ 963.783399] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 963.788403] ? set_blocksize+0x2c4/0x350 [ 963.792452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 963.797976] mount_bdev+0x30c/0x3e0 [ 963.801588] ? fuse_get_root_inode+0x190/0x190 [ 963.806158] fuse_mount_blk+0x34/0x40 [ 963.809945] mount_fs+0xae/0x328 [ 963.813300] vfs_kern_mount.part.34+0xd4/0x4d0 [ 963.817870] ? may_umount+0xb0/0xb0 [ 963.821483] ? _raw_read_unlock+0x22/0x30 [ 963.825614] ? __get_fs_type+0x97/0xc0 [ 963.829490] do_mount+0x564/0x3070 [ 963.833024] ? copy_mount_string+0x40/0x40 [ 963.837246] ? rcu_pm_notify+0xc0/0xc0 [ 963.841126] ? copy_mount_options+0x5f/0x380 [ 963.845520] ? rcu_read_lock_sched_held+0x108/0x120 [ 963.850526] ? kmem_cache_alloc_trace+0x616/0x780 [ 963.855358] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 963.860882] ? _copy_from_user+0xdf/0x150 [ 963.865022] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 963.870545] ? copy_mount_options+0x285/0x380 [ 963.875031] ksys_mount+0x12d/0x140 [ 963.878646] __x64_sys_mount+0xbe/0x150 [ 963.882625] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 963.887630] do_syscall_64+0x1b1/0x800 [ 963.891592] ? finish_task_switch+0x1ca/0x840 [ 963.896083] ? syscall_return_slowpath+0x5c0/0x5c0 [ 963.901000] ? syscall_return_slowpath+0x30f/0x5c0 [ 963.905934] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 963.911297] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 963.916132] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 963.921304] RIP: 0033:0x455a09 [ 963.924493] RSP: 002b:00007f7983decb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 2033/05/18 03:44:22 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'gretap0\x00', {0x2, 0x4e22, @multicast2=0xe0000002}}) ioctl(r0, 0x6, &(0x7f00000000c0)) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000080)={0x0, 0xea, "151306149f262ef4acf1c684b1458bea228257234efb4e79a8f1f7e983a6a5540c150e712b63bf6a34d4ac73dae960e85916f23d3b44c3849a0aaadd23006e20d7f8de7f823f79522e770b7386b7dcdf43480e38950c58a2ab78be9d52934d1d18f58aca04263e813e7a965502f79d35f72bb59999c408acd8f29073635ee9bb3da62e18a6d9e44e4f8bb7d87ea329215d098597733de6003c856f63633723c28735da67f82f086bcdf5e56077616aa34abf89db366e8c98eee6262e805f0345665f7f32b8f89ce8179946f9201255780a5fca6bf893bf42cca322de871d78ee018290ed7aad19a5b19d"}, &(0x7f0000000180)=0xf2) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f0000000280)={r2, @in6={{0xa, 0x4e22, 0x7ff, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0x14}}, 0x100}}}, 0x84) 2033/05/18 03:44:22 executing program 7: r0 = syz_open_dev$audion(&(0x7f00000003c0)='/dev/audio#\x00', 0x0, 0xc100) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000400)) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x40840) pread64(r1, &(0x7f0000000040)=""/96, 0x60, 0x0) [ 963.932188] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455a09 [ 963.939439] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 963.946696] RBP: 0000000020000140 R08: 00007f7983decb20 R09: 0000000000000000 [ 963.953952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 963.961204] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 963.969096] binder: 3291:3295 ioctl c0306201 20000540 returned -22 2033/05/18 03:44:22 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000300"}, 0x6e) [ 964.002470] binder: BINDER_SET_CONTEXT_MGR already set 2033/05/18 03:44:22 executing program 0: mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x8001, &(0x7f00000000c0)=0x1, 0x40, 0x0) r0 = socket(0x10, 0x803, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") get_mempolicy(&(0x7f0000000040), &(0x7f00000001c0), 0x1ff, &(0x7f0000ffc000/0x4000)=nil, 0x2) getsockopt$inet6_udp_int(r0, 0x11, 0x65, &(0x7f0000000000), &(0x7f0000000080)=0x4) [ 964.024835] program syz-executor6 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 964.027056] binder: 3276:3277 ioctl 40046207 0 returned -16 [ 964.062365] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 2033/05/18 03:44:22 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:23 executing program 7: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0xc) r1 = inotify_init() r2 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x2, 0x41) syz_mount_image$gfs2(&(0x7f0000000100)='gfs2\x00', &(0x7f0000000140)='./file0/file0\x00', 0x6, 0x3, &(0x7f0000000280)=[{&(0x7f0000000180)="d05ce029", 0x4, 0x3}, {&(0x7f0000000440)="2031254efa421f1ec5b8d3f82372b4dae3473b95b5006516c2e32ebf34b4e59cc54757c8f5dd5051a342fc4625f67780fc4b06b720b4929e6e7b662fe653c301a41445e20dd804de179a08b7bcb28b24d7143efcc0a68b5d2e119d53f3fe3e47c7962b134fcae456f94169780578bb78685d8bce8e84974b3f103ae60ad1c945432e69e4630fa1cacf3dda6bbb278d05e05e5c068d6209243c9e5b98e338a820e297f0376bc9652e780f8e5513c21a79e3335ed7990aa07a16f481c6b6efb08f317b44b9e9db96e6111e086506dc1c31f95bde4ac30d03727783eff585554ba6babdab88f40abc1314e4f1ebac25d993c6c8d9d219dd1c5e641d26f92ebf42d2d312329c38fa3e7478f9446706d7e0211d7621d4130561e10a247b51b3078b7a3bd95c73460354e07d1fe995c4471ee6c793a97f5a45405c128eced1392c8d0d266f6921ed37d29799d0a347a8e7d1a3dc9192601183fb85d4a28eb7c158db360fb9c18887564d9bd53eed9fba197061c459158575083304915159ad4ec32bc1ee1a6674d3cd09195c3ba32679b492e98d12dc4e3bd4b2c221802a720d76dabe94e84d6e9924855f2e70f06dfe6bb83c265980dcfc389f4b23584a1c02c1b618c7a2645bf8e93c9351740202c8d773826bb0b09be9d7cccb066e9eb519da663e3c396d7c3a52ffbf5bdaddc8febcc32b04e39e162558479e9446ed93d301a95049d308fb78e1deb725a6c04293a6e73bd99a12b35a6764fef044696c16b494f6c72871c05f231c6155f359316c6418f39db1d1d8acab0ab8cb03e50ae891705df95704603901836982f1c587f0d940e720f8a94a26be93b3c11e1f6cae3a58f2d501e08da331a2c13ea89bb2297533be7e4b4e7789ed6d107f03fd21539fb635a91b210a63c65ad7478d977ea3c644270df4d18629656b7795c26b897a3db537fdd2f4ea2740b2ca5d2938e624989ab2d2d3e40d142482b371ccc4e46b3db37fd3516dd0a6e08f998c8cd04f95be391f755271f3df8f357ca38b5a0dd4921db6b1d59514ab8ba29c08e1da59dda7e0469c9840fadf44763b5eb672c000a6dca5c2f51a0ae08b87bfae229b0156ee7b8d84a7aba106195cf4aba66c7631433519b71e53fb8ff14e761cf9a96f4832e58d52a67335cd639594e545e8de86b80bd3b1493ac6e369bf1f9cbdef912fc2243626d22a1e3d5560e886a8ebf44732ac13f95294e24564330bac058526448f5c7668f6d5f3930412ace6b9fa4eb9b5f06e98dabe947bdeceea2f6899c26972857ec9529b7b4fa3226c65165fd0ab31d46b967616bfbdfbfd0548380913704ce091c88f33056e23c5876cece1f93effceaa6b945b6c6462c058f15e6b7efddc9f77d8e8d7e2d8dae520eae63a1e13c0802739dcc744c0e9a991b746b2d3c1677baac88d24d0e85d4ec41c3353e7d0b865742ee907da1f64a3a4ac4f24712cb9e303ff43d1164380d7aa17f83f9ec20d074330e802a38b42acae68aea9344ea4c5a1c967ba3dd35cbc55e4bbaec349af7022c7bf22ad87cd23f06ec20de79b49e310b650605f1e2b0753658a50c393d9126e092ecea2001c0c868e47ea7e9a2f6e86ad0c06ef49a963235015719cdad885239fdab63517af66689f3feb66b3d2a88d2069b36b3f859799ed14728154d9d07ed6ceb2d57dd30da55e2b9e4faaeb18f4633fc03c7e51afbe2367a5b84ec93eb692a91dd63610e40330079e0b6f71be4cf5b90be559d1723f5cef80be1eb4124893faf33aa833b22cae8264dde557e78d1c0b62f0a92b603e5423d02c10779e787dbd784b109b28abee541978806b6a384713f71bffa217157071338fafdf38b6546d1378f6d21a6336e847d45cfc2c7c96a1dce233c0be4f3ac2bb7ec66c5b77765e7c65c976f8c536bf148c6b2af50dbb07ba01f1fd0981a7e0830e8d78efa605d15b40eba5ebb576018ba7b10e669615b4d0d4bc5d10b82dfbbe1cc2d04825a5010895e09820801cf984bacfc065d8c913108498ac434bad881e711fbea55ad65a2f97d4ffa43456dda6a2437810f65100ecf02bdebb934e491fe58156ff1246f72205a1b15d5bc3a88de947aa40a7ac689cb0db49bccabd2a5658c05fe05627b44e87c328bba1a7f5b1e931a332db9b2f7542ddcb9f17430d520f0eb9c27e0432ca20eca631a9775e364178f1086608b1c2e66ed6239497cf4d58774e15d5cca3805c7ebffa0873dbf0316b4e57119f2b4fec53dcf3054970075a94dc2465585de59ccbdc527696ec967de5421724049a2f65c3173a14f88aa6e544d09e24f7c2e1d96595a1b5d1cb52afc7717beee9d7e79ec1c25002aeb59f4eb4b852967f18585c16680b7966d7300dc18871118d5f3fdbf19dee053bcbbdce6940e22d97ecc19752bb9db20dbb6fb9bb02ce5caa37ba4ec3db520abea7a03a7b55e61a251fa3ec0d38654adb39c8ba14f0dcad1e4de76caf04d5ad71354567c1cdcedf82639eb36041b15c09a891092b68ec01c0db1f8e0d5ac1a9b61a7606c3012208aa4e05f315ea71fe43e15cfcfb27ad25bec46f49729c6554111c16850bb7a79b102688f9f653da549c36dabcca369b0a8fd888da2df0fe56f7f39a0ee57d97eb0b9265f81f0509a187ae4eecb17c6a4070bb4e8fc82c1aa6996718a6f483ba94e17de64000ebc2286812022750ae09e638eedee07b7caa1227055b018f0027cf5cfd50de71db2687ebf58afc4be035e8375bfb8b1cd5b8453b2255f6791dffe77009c40852e96324c4505728f85f4d9e3451edb3945b3d449390c9fd31aaa8d42d0577a6f4ae91c80b4a4e5249e2ecfccff6f45f491df0924699568a8a5c1581af26e2c804cf84f1a7f6f0142827a598f292e83660a48c5fe4281ab0c7d1c3c35bef72f38db18e18865dbdb97ed4f87409963f30d2d17ec04863c6de53fb3af41de0ca11fbcff829fd9e055e304b5e5404add66343b31d977ef28f9a1caa8cc2bede5f4c02e992a64ba9ddccb21859321a81d543c4bf1d4caed9be5da574fa6e733bdc3b36f9d59105cfa89197fdeac346a4635516248059f8b66a7a756584d58ab84a5c9f76851eed1736c74fe612c7faace9a3bb65e070f8f2501fd86f458e461df8c6676e4b4f32d29f3a3890410382a06e871f8cfe5caf6b359bf997844460162b534836100f10e540916eac9992ab15a4386844b13f7eab98020a9b796b1527520ac85597576a76a61812fc6ea3e1ee02d465f2d4bfbc64c55a540a543d85b32a3af2fd569a1a53e1d5b3962d6dfa163d35cfe0bc4dc02797380f65ee1d93ad834c69371c5af9101ddbce2fa85841044c7915d07c695e4206c72bfe2be1b8a26137a4f40f274010fbba0309ab4c9ede6c6ca6c49349c1c2afa1cdd52103802075ea2e36be602d0bd6ba855399b832e3844ed79b4ee6ae1b55b4483e98fae9ce9d59a8f1781c90d37334b0117014ae1293784d9ecc7c1188261c45e7d21e5960a509a8c406671e46de029b42b0b64a94acc0f38214e4b64a7894bdf325228068e06f72e2b5676eb192854a027ebd333ff6a7d0f34838146be6cf92957cf58ffcf316138ecb9c3508a7e4e34083b1c710b26ee0819bd37abf6d203511e3dfaca5f755bec9179910148cbebaa1a8898f7266be953042e92be45113805c6a5a7372bc32e461a9c8970f79e01bfc61bd14870ccc6a59ca62f4509aa838e4b1577f24cc51499ac223604f572eefd1971e74a0d8c1db3153f44f5ac1c38bc7cc073c11d2fa1e35dd1aa67e7b2e75c6492a9abf5047bcadf606c4f4e929b5bf47b698fdf4801dcfc44c85b4798500a7929ca7c031e10dc688f60f1f6e8fdf3dd42ff20d5e9562df451826ef54d8359e19ec9f2ea369c9c610b541dca4847695b124f126d0e2bac9131ab45fdb1091a8b76bc6e4bdf793f23bae1dd92b08eaced808767e9b961e5512364f4b3236b6a55d76a1799fae7bf4fec38e8627805329cec9cebfd71add2bd0cda519faa5b07615667f1b2c16e1bc25c70445af85553ee6099fbbc6aff5a63f52cf6b75bfc01aee167017ab247695a127733012847c946777e56692d52201b134d89a68aca4a788924682f832441e5a7f8825a9ab39440f1cd19edbcbbf31cb6e483130745ab934c71d7a47a1dada829d413eb78b9363e4ddd71d0bb97ed807f016e2d0b8595d1889bbe4770a509a39238f8c7ba5842b884a3e08f7d6d61cedc9070bda72988b89720d5f7a0559f52806dad59022ad56a29a0c1419d2a087263ec0189729d7104ee4077674a87e08b0c1350914244e29a2a13a643e66e80b0fcc81910edb195ae3861b09f6e834ebd224be7567771d88c3b6d746834873815c1d0a6c88c3c304df195e7b80ca9cf21087181daeb899d59896ce5f8a9ff89723947896cafa88d4fc1948956396a33dde53beb63b08553c107e12642ebfb34231d6301b14f5c4ff452f8897d57356bdd42bf445ba9dbe888635383dd7b7fb5bb76a9314e3634de2cd9e8f385d71fb021bf7529945b1d0c414a83adaac2b0383a21aacba1ed287f521f865e4ea7513483bfb40b08a089c0bb598ad8836c0a413be9972e6ba6b771b49fdeb17cad3082a113d24c8ce66396592c683df5a993a360fcf85560405e8f7813d595d5cd67f968deb32a9414ce91ec6e6e1fbf6927742543575af8e14cbe1c64a616b454b2c71021eebef21ee18ee8ad5937a9e59c87a03f813134e9c16377562e57bb04c0e83379efaaff0ff597428d13f2f5d3a93b00cc5e6f42d3f6051415e7a8c561e923446416ea49eb5c860dd7298e42c81ecb5732e9ef1ecf2adb2b3b2f8b213a9b3b205bf5c589b681f93c914ee5fb2b29e278a7945eeeb6b13d3ef05506454b9732123bbaf439a39a234eb6d5a56e853183b54eb63c85806cbbfdb84bfe5ff23c0a4ab164bbf3e9a67ef6d065ff8ba0c77c57d1396a85d2faf259efc1aa6bb7adfff9246be1c92f4af86381b9cc7e28904d498596f553c281f6e2db040ca813474bdd4510d3ce29769ccd4595a6517daaf8786a3cd02619baa01a882cb5805462db165e3c1f155133f542c045359421b681a3a0929c662b979a26097350e7ff84ef181decea335fcf3b9d18277ff4d50d335c1f7b691d9c80fa7582f47b4d7db43447141cefa187c6903f27bc2b8f33f2aa101c7d37d7fb80face6f87b8ecd616cbed932a406690a7b71698af97bfa862b10cf102be51b5e6dfeac288f6e2a4ea4afaea297f3a78540ab69bd65db044d5197b69b527a3d230d9e4e3403bdec8c90f78f13a19ed0ad42db3eede8eda4b265f17bdb315fb4039aad1ef59e346b11c94bf0715951461bb8355ad639f25db7d69669265ba280e0d67d25c854fa39de8b20cbeaf2b5060ded3316688aedf684b817d7810c2b0e6a8d8ac43a3d45db2b23ea83c754570bfea66099550a0219aa5aec4bd8ca7c5dcd2f8951181c1d2c4a4579585fd2f82c9b1f0c69e4778fa7ba2f5ec00634d2a91ef374f62be0d3d5cde76020f4a1f7ddc2e7d68e3a2b3d474f1e9779e7f15d0fe35e2f4e54e7080320b02cbfedb7f46b98a69a817a721ae795db70b7ed46f2a37f41f1d44e05a9c7080962aec9bf1ce474d395d0ec57eda8befeb0749596c53307d6810ae34abcf9968297d9243ff02f0683ea11e6192f3ed84204252e058d917e5ff58d36a0fb9758646bb1d833cdc8d49664c10c5550e60a3854c5366044bc59eea73baa3a8eacd1d8f9521969f6db2314c2eb7f1e3d4d521ae00b2eb24abbd1ccc8b7d54d8910b628642d22404ac67559fa9123", 0x1000, 0x5}, {&(0x7f00000001c0)="fd1a70b187bb23445cb4fcc57cf9a9ec3309f45c710c5467a5ede0ffa7311eddd2c8b40e214b094dbcaaaff8c41b7803b0cd42176a12eac8cd5091f7ae84556e04edf7039288c48f585a9331847400847b3bd947704f378a34a1ae29236c3aeb36e9b319aee53b0732b788f21336865d4e85907bee973812734b4d53fa9b3dcb5a645b98e4f41c2cc517a02ec8eb0270f24390af419c0bc9fccd9c3efb2338835f", 0xa1, 0x5}], 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="73bf617466735f7193616e74756d3d3f78003f2c6c6f63616c63610248eb6e673c61636c2c73746174663f2c6c6f63616c6361634de66e672c6e6f726773706c76622c6c6f636b70726f746f3d646c6d2c61636c2c0000000000000000000000080088caf95181f79daf0b1b"]) setsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x3, &(0x7f00000000c0)=0x2, 0x4) inotify_add_watch(r1, &(0x7f0000000000)='./file0\x00', 0x2000000) inotify_add_watch(r1, &(0x7f0000000400)='./file0\x00', 0x8) 2033/05/18 03:44:23 executing program 4 (fault-call:4 fault-nth:63): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:23 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000fd00"}, 0x6e) [ 964.076681] program syz-executor6 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 964.089337] binder: BINDER_SET_CONTEXT_MGR already set [ 964.100670] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 964.101749] binder: 3276:3299 got reply transaction with no transaction stack [ 964.115718] binder: 3276:3299 transaction failed 29201/-71, size 0-0 line 2763 [ 964.211374] gfs2: invalid mount option: s¿atfs_q“antum=?x [ 964.217029] gfs2: can't parse mount arguments [ 964.227947] FAULT_INJECTION: forcing a failure. [ 964.227947] name failslab, interval 1, probability 0, space 0, times 0 [ 964.239307] CPU: 0 PID: 3323 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 964.246513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 964.255877] Call Trace: [ 964.256965] binder: undelivered TRANSACTION_ERROR: 29201 [ 964.258491] dump_stack+0x1b9/0x294 [ 964.258523] ? dump_stack_print_info.cold.2+0x52/0x52 [ 964.258564] should_fail.cold.4+0xa/0x1a [ 964.268669] binder: undelivered TRANSACTION_ERROR: 29201 [ 964.272820] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 964.272858] ? graph_lock+0x170/0x170 [ 964.272890] ? find_held_lock+0x36/0x1c0 [ 964.272918] ? __lock_is_held+0xb5/0x140 [ 964.272955] ? check_same_owner+0x320/0x320 [ 964.272972] ? kasan_check_write+0x14/0x20 [ 964.272991] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 964.273010] ? rcu_note_context_switch+0x710/0x710 [ 964.273035] __should_failslab+0x124/0x180 [ 964.273056] should_failslab+0x9/0x14 [ 964.273074] kmem_cache_alloc+0x2af/0x760 [ 964.281180] binder: 3291:3295 ioctl 40046207 0 returned -16 [ 964.282576] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 964.282609] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 964.282633] __kernfs_new_node+0xe7/0x580 [ 964.298931] binder: 3291:3331 Acquire 1 refcount change on invalid ref 1536 ret -22 [ 964.299654] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 964.299679] ? mutex_unlock+0xd/0x10 [ 964.299697] ? kernfs_activate+0x20e/0x2a0 [ 964.299726] ? kernfs_walk_and_get_ns+0x320/0x320 [ 964.304081] binder: 3291:3331 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 964.308284] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 964.308301] ? kernfs_link_sibling+0x1d2/0x3b0 [ 964.308332] kernfs_new_node+0x80/0xf0 [ 964.313267] binder: 3291:3331 unknown command 0 [ 964.318166] __kernfs_create_file+0x4d/0x330 [ 964.318196] sysfs_add_file_mode_ns+0x21a/0x560 [ 964.323256] binder: 3291:3331 ioctl c0306201 20000540 returned -22 [ 964.326216] internal_create_group+0x282/0x970 [ 964.326253] sysfs_create_groups+0x9b/0x150 [ 964.326278] device_add+0x84d/0x16d0 [ 964.326305] ? device_private_init+0x230/0x230 [ 964.434027] ? kfree+0x1e9/0x260 [ 964.437395] ? kfree_const+0x5e/0x70 [ 964.441107] device_create_groups_vargs+0x1ff/0x270 [ 964.446120] device_create_vargs+0x46/0x60 [ 964.450354] bdi_register_va.part.10+0xbb/0x9b0 [ 964.455017] ? cgwb_kill+0x630/0x630 [ 964.458739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 964.464264] ? bdi_init+0x416/0x510 [ 964.467885] ? wb_init+0x9e0/0x9e0 [ 964.471422] ? bdi_alloc_node+0x67/0xe0 [ 964.475389] ? bdi_alloc_node+0x67/0xe0 [ 964.479359] ? rcu_read_lock_sched_held+0x108/0x120 [ 964.484368] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 964.489641] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 964.495172] ? refcount_sub_and_test+0x212/0x330 [ 964.499925] bdi_register_va+0x68/0x80 [ 964.503808] super_setup_bdi_name+0x123/0x220 [ 964.508297] ? kill_block_super+0x100/0x100 [ 964.512616] ? kmem_cache_alloc_trace+0x616/0x780 [ 964.517483] fuse_fill_super+0xe6e/0x1e20 [ 964.521636] ? fuse_get_root_inode+0x190/0x190 [ 964.526218] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 964.531747] ? vsnprintf+0x242/0x1b40 [ 964.535549] ? pointer+0xa10/0xa10 [ 964.539097] ? vsprintf+0x40/0x40 [ 964.542546] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 964.547558] ? set_blocksize+0x2c4/0x350 [ 964.551618] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 964.557152] mount_bdev+0x30c/0x3e0 [ 964.560775] ? fuse_get_root_inode+0x190/0x190 [ 964.565352] fuse_mount_blk+0x34/0x40 [ 964.569158] mount_fs+0xae/0x328 [ 964.572526] vfs_kern_mount.part.34+0xd4/0x4d0 [ 964.577103] ? may_umount+0xb0/0xb0 [ 964.580737] ? _raw_read_unlock+0x22/0x30 [ 964.584874] ? __get_fs_type+0x97/0xc0 [ 964.588760] do_mount+0x564/0x3070 [ 964.592298] ? copy_mount_string+0x40/0x40 [ 964.596527] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 964.601538] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 964.606296] ? retint_kernel+0x10/0x10 [ 964.610189] ? copy_mount_options+0x1f0/0x380 [ 964.614675] ? copy_mount_options+0x1f6/0x380 [ 964.619174] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 964.624703] ? copy_mount_options+0x285/0x380 [ 964.629197] ksys_mount+0x12d/0x140 [ 964.632819] __x64_sys_mount+0xbe/0x150 [ 964.636783] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 964.641795] do_syscall_64+0x1b1/0x800 [ 964.645674] ? finish_task_switch+0x1ca/0x840 [ 964.650167] ? syscall_return_slowpath+0x5c0/0x5c0 [ 964.655093] ? syscall_return_slowpath+0x30f/0x5c0 [ 964.660019] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 964.665382] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 964.670224] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 964.675404] RIP: 0033:0x455a09 [ 964.678582] RSP: 002b:00007f7983decb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 964.686283] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 964.693542] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 964.700800] RBP: 0000000020000140 R08: 00007f7983decb20 R09: 0000000000000000 [ 964.708057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 964.715326] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 964.749505] gfs2: invalid mount option: s¿atfs_q“antum=?x [ 964.755120] gfs2: can't parse mount arguments 2033/05/18 03:44:23 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:23 executing program 4 (fault-call:4 fault-nth:64): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:23 executing program 7: recvmsg(0xffffffffffffffff, &(0x7f000000e5b4)={&(0x7f000000b000)=@can, 0x10, &(0x7f0000002000)=[{&(0x7f0000000000)=""/237, 0x3c7}, {&(0x7f0000000fdb)=""/37, 0x9c}], 0x96b0cf4a6d2225a0, 0x0, 0xb5}, 0x0) chmod(&(0x7f0000000100)='./file0\x00', 0xa0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x5, &(0x7f0000002000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, [@jmp={0x5, 0x0, 0x2}], {0x95}}, &(0x7f000000a000)='syzkaller\x00', 0x1, 0x31b, &(0x7f0000011000)=""/195}, 0x48) 2033/05/18 03:44:23 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000040)={'mangle\x00'}, &(0x7f00000000c0)=0x127) r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x6, 0xc2) getsockopt$EBT_SO_GET_INFO(r1, 0x0, 0x80, &(0x7f0000000180)={'nat\x00'}, &(0x7f0000000200)=0x78) getsockopt$llc_int(r1, 0x10c, 0x7, &(0x7f0000000100), &(0x7f0000000140)=0x4) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000240)=""/114, &(0x7f00000002c0)=0x72) 2033/05/18 03:44:23 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x2, 0x3, &(0x7f0000000100)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x8, 0x3c}, [], {0x95}}, &(0x7f00000001c0)='GPL\x00', 0x1, 0xffffffffffffff87, &(0x7f0000000200)=""/195, 0x41100}, 0x48) 2033/05/18 03:44:23 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000008000002000"}, 0x6e) 2033/05/18 03:44:23 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x40106309}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 964.848640] binder: 3347:3348 got reply transaction with no transaction stack [ 964.856107] binder: 3347:3348 transaction failed 29201/-71, size 0-0 line 2763 [ 964.889191] FAULT_INJECTION: forcing a failure. [ 964.889191] name failslab, interval 1, probability 0, space 0, times 0 [ 964.900495] CPU: 1 PID: 3356 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 964.907694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 964.917051] Call Trace: [ 964.919646] dump_stack+0x1b9/0x294 [ 964.923273] ? dump_stack_print_info.cold.2+0x52/0x52 [ 964.928460] ? __mutex_lock+0x7d9/0x17f0 [ 964.932510] ? perf_trace_lock+0xd6/0x900 [ 964.936651] should_fail.cold.4+0xa/0x1a [ 964.940703] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 964.947014] ? graph_lock+0x170/0x170 [ 964.950811] ? find_held_lock+0x36/0x1c0 [ 964.954863] ? __lock_is_held+0xb5/0x140 [ 964.958934] ? check_same_owner+0x320/0x320 [ 964.963255] ? kasan_check_write+0x14/0x20 [ 964.967486] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 964.972424] ? rcu_note_context_switch+0x710/0x710 [ 964.977347] __should_failslab+0x124/0x180 [ 964.981573] should_failslab+0x9/0x14 [ 964.985359] kmem_cache_alloc+0x2af/0x760 [ 964.989498] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 964.994421] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 964.999428] __kernfs_new_node+0xe7/0x580 [ 965.003568] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 965.008312] ? mutex_unlock+0xd/0x10 [ 965.012013] ? kernfs_activate+0x20e/0x2a0 [ 965.016239] ? kernfs_walk_and_get_ns+0x320/0x320 [ 965.021073] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 965.026598] ? kernfs_link_sibling+0x1d2/0x3b0 [ 965.031175] kernfs_new_node+0x80/0xf0 [ 965.035057] __kernfs_create_file+0x4d/0x330 [ 965.039466] sysfs_add_file_mode_ns+0x21a/0x560 [ 965.044129] internal_create_group+0x282/0x970 [ 965.048705] sysfs_create_groups+0x9b/0x150 [ 965.053018] device_add+0x84d/0x16d0 [ 965.056721] ? device_private_init+0x230/0x230 [ 965.061287] ? kfree+0x1e9/0x260 [ 965.064652] ? kfree_const+0x5e/0x70 [ 965.068359] device_create_groups_vargs+0x1ff/0x270 [ 965.073363] device_create_vargs+0x46/0x60 [ 965.077586] bdi_register_va.part.10+0xbb/0x9b0 [ 965.082243] ? cgwb_kill+0x630/0x630 [ 965.085948] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 965.091470] ? bdi_init+0x416/0x510 [ 965.095082] ? wb_init+0x9e0/0x9e0 [ 965.098610] ? bdi_alloc_node+0x67/0xe0 [ 965.102572] ? bdi_alloc_node+0x67/0xe0 [ 965.106534] ? rcu_read_lock_sched_held+0x108/0x120 [ 965.111535] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 965.116797] ? retint_kernel+0x10/0x10 [ 965.120677] bdi_register_va+0x68/0x80 [ 965.124552] super_setup_bdi_name+0x123/0x220 [ 965.129037] ? kill_block_super+0x100/0x100 [ 965.133359] ? kmem_cache_alloc_trace+0x616/0x780 [ 965.138210] fuse_fill_super+0xe6e/0x1e20 [ 965.142348] ? fuse_get_root_inode+0x190/0x190 [ 965.146921] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 965.152452] ? vsnprintf+0x242/0x1b40 [ 965.156244] ? pointer+0xa10/0xa10 [ 965.159782] ? vsprintf+0x40/0x40 [ 965.163222] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 965.168225] ? set_blocksize+0x2c4/0x350 [ 965.172274] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 965.177798] mount_bdev+0x30c/0x3e0 [ 965.181413] ? fuse_get_root_inode+0x190/0x190 [ 965.185985] fuse_mount_blk+0x34/0x40 [ 965.189772] mount_fs+0xae/0x328 [ 965.193140] vfs_kern_mount.part.34+0xd4/0x4d0 [ 965.197719] ? may_umount+0xb0/0xb0 [ 965.201331] ? _raw_read_unlock+0x22/0x30 [ 965.205463] ? __get_fs_type+0x97/0xc0 [ 965.209344] do_mount+0x564/0x3070 [ 965.212877] ? copy_mount_string+0x40/0x40 [ 965.217104] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 965.221854] ? retint_kernel+0x10/0x10 [ 965.225732] ? copy_mount_options+0x1f0/0x380 [ 965.230231] ? __sanitizer_cov_trace_pc+0x48/0x50 [ 965.235071] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 965.240592] ? copy_mount_options+0x285/0x380 [ 965.245075] ksys_mount+0x12d/0x140 [ 965.248699] __x64_sys_mount+0xbe/0x150 [ 965.252667] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 965.257670] do_syscall_64+0x1b1/0x800 [ 965.261561] ? finish_task_switch+0x1ca/0x840 [ 965.266045] ? syscall_return_slowpath+0x5c0/0x5c0 [ 965.270962] ? syscall_return_slowpath+0x30f/0x5c0 [ 965.275883] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 965.281241] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 965.286073] entry_SYSCALL_64_after_hwframe+0x49/0xbe 2033/05/18 03:44:24 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f000065ffa8)={0x26, 'hash\x00', 0x0, 0x0, 'vmac(aes-generic)\x00'}, 0x58) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x40003, 0x100) ioctl$GIO_FONT(r0, 0x4b60, &(0x7f0000000240)=""/25) ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000200)) r2 = syz_open_dev$audion(&(0x7f0000000180)='/dev/audio#\x00', 0x0, 0x0) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x502, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r3, 0x40405515, &(0x7f0000000140)={0x8, 0x0, 0xb3e, 0x4, "2daa4259b6d556eadbd15dd7af45ab99f855b5092d084a834f324f71e75fb086bda5955a7821424c94317253", 0x7}) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x10) r4 = accept$alg(r0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000280)={0x0, 0x100000001}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000340)={r5, 0x6}, &(0x7f0000000380)=0x8) sendmsg(r4, &(0x7f00000000c0)={&(0x7f0000000000)=@pptp={0x18, 0x2, {0x0, @dev={0xac, 0x14, 0x14}}}, 0x80, &(0x7f0000002680)=[{&(0x7f0000001680)="ee43658538c8e1a6bc14ac42599bd3cbc2df7faf57e4f166ef04d4bc5b9e8931cd56241b8cfd65be3d4dd3b0f96895cdde7f81b414589463be51f202685b8c1114e4454d14637e3b293e608b7c2af5b840f9a4d7bcca92f5663608e762ecf0227edc389d521325cfa2995cbfb5c027c1628fa7120082d906794c0829986b4ab413830c2e239be7c8eeab1840d901e2766b790a4e86da072baab4429d4aad755484b75375b6ce554aa1966c47821568aee0540f355140970f478d80560c0db47f092369a7030148df8ec097000a0b02325d4929296d5808f6635452a89a6019bf6eaf8788358509f595616d9eddccb37afaa0a8f779cb33ad0749c1cd7573158fd0aefc69cef79ffa82d93bbadf0f941ec05754cc5639f4bf9ca92ba924c31743385606a2e320bbce14a162ff8e91cf697d7c1fb13b88eaeb2c0f51a3810726ae612a450768df56596501f42b4665098deda01d02b29458c595119d7ea9f057f71ad6ebc2de9c4aa232bb9b4a1d1edc967868092202235b8e7b18255ab67593c319", 0x181}], 0x1, &(0x7f00000004c0)}, 0x0) socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000002c0)="4e094c0342dfcbaf375a0d702028ae97ab423882140e7dce817ae91306bb6fc4f766c19696b67cd4e65383f7e7be4062043503fde6d5abd206", 0x39) [ 965.291244] RIP: 0033:0x455a09 [ 965.294420] RSP: 002b:00007f7983decb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 965.302121] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 965.309378] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 965.316640] RBP: 0000000020000140 R08: 00007f7983decb20 R09: 0000000000000000 [ 965.323900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 965.331246] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:44:24 executing program 0: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f00000000c0), &(0x7f0000000000)=0x4) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000040)={0x0, 0x100, 0x30, 0x0, 0x7}, &(0x7f0000000080)=0x18) umount2(&(0x7f0000000140)='./file0\x00', 0x2) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000100)={r1, 0x7ff}, 0x8) 2033/05/18 03:44:24 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000300"}, 0x6e) [ 965.351159] binder: BINDER_SET_CONTEXT_MGR already set [ 965.368439] binder: 3347:3348 ioctl 40046207 0 returned -16 2033/05/18 03:44:24 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000000002000008000"}, 0x6e) [ 965.398149] binder: 3358:3365 Acquire 1 refcount change on invalid ref 1074815753 ret -22 [ 965.406614] binder: 3358:3365 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 965.414208] binder: 3358:3365 unknown command 0 [ 965.414950] binder: 3347:3359 got reply transaction with no transaction stack [ 965.426258] binder: 3347:3359 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:24 executing program 6: r0 = syz_open_dev$sndseq(&(0x7f0000dcc000)='/dev/snd/seq\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x4200, 0x2) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000100)="e41798f2b8984f8bcfa84b2eec604087", 0x10) read(r0, &(0x7f0000fb6000)=""/28, 0x1c) r2 = getpid() sched_setaffinity(r2, 0x8, &(0x7f0000d4b000)=0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4", 0xa9824f69d1376637, 0x10800a}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f000019ffe9)={0xc1, @tick, 0xfffffffffffffff7}) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000000)) write$binfmt_misc(r0, &(0x7f0000000080)={'syz0', "31b55aad6c2395"}, 0xb) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f000035d000)) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000efb000)='/dev/sequencer2\x00', 0x0, 0x0) setpgid(r2, r2) 2033/05/18 03:44:24 executing program 7: r0 = open(&(0x7f0000ae8ff8)='./file0\x00', 0x14104a, 0x0) write$evdev(r0, &(0x7f0000000100)=[{}], 0x18) sendfile(r0, r0, &(0x7f00009bcffe), 0x2000000800004c39) creat(&(0x7f00000000c0)='./file0\x00', 0x0) uselib(&(0x7f0000000340)='./file0\x00') mq_timedsend(r0, &(0x7f0000000200)="c317853079a28a2516fe3bf9a2c4ffcba22fe43e243e9d3c2e7c8e225d0fa07f103bb05c80d65d9542b3d495c2ad9dd3d348101e7ce40be26fd8f93a5e0258f33a41569a5b4aa1e0597c732c4bc9e5c5e48544813fa842706317739b2810bce82c285524532a554be22c7b858797500a76f94f36346bf8145e187b10388be8d736f502d1a75ca5e16072c607bfc7daf22fd33503e8bf13736cf2a50accbd257d4412e129d8a585cb945551a2294368077d76834f660c9346b85bfe17022abe1aae4e9ba20c4b25464514a69ac34d84aad97fcf4ccea7754fff4bb6feeec11f5a2305f922da5c7e6bffb7312b12eeca2a00facb0df80c999687e123304ff2", 0xfe, 0x1, &(0x7f0000000300)={0x0, 0x989680}) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000040)='fou\x00') sendmsg$FOU_CMD_ADD(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0x48, r1, 0x600, 0x70bd26, 0x25dfdbff, {0x1}, [@FOU_ATTR_TYPE={0x8, 0x4, 0x3}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4, 0x5}, @FOU_ATTR_TYPE={0x8, 0x4, 0x3}, @FOU_ATTR_TYPE={0x8, 0x4, 0x1}, @FOU_ATTR_TYPE={0x8, 0x4, 0x2}, @FOU_ATTR_AF={0x8, 0x2, 0xa}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e20}]}, 0x48}, 0x1, 0x0, 0x0, 0x840}, 0x80) [ 965.448644] binder: 3358:3365 ioctl c0306201 20000540 returned -22 2033/05/18 03:44:24 executing program 0: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) syz_mount_image$btrfs(&(0x7f0000000040)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x5, 0x2, &(0x7f0000002380)=[{&(0x7f0000001240)="804a6930a78ff85b65f6444675911a6158fc941c073aecacf2f8347d5dd0b44e1014b3b9973f7cbd6711fb6c74f4ff833d932b659c7a4a4ba9cb6f3ff74f37f2053e7a9965ba8a81a0473e2f60ec2306a2f3b6af68daa790b47cefde2cbcd829827ae82117ea440168710b3364c65780e80234f15e795a4f487767af898badd8706d23e556b84f658795d93fd7f22aab20c585ebf18052c36616df427a26c0f5b55f65ba565797b3c4309c4101882d08d96aadc46c5bcb443a00253fca59a6d610ee751c28a00b072c6a9d06edfc34f7b07d9a303c2e2856fc97d0122802f80440bc9460130dac9cd966a2382b93839c8d76bd0152ce29f20ce8271d8cf53e73d1e68a34809e8bba7283eca589acf50861fff94e1e04218ffaad5bd229ba11829a3199f3d7c940002ab14c45529759d9bb9c31daa248fcb91459b03cd3bc42c9f6707a1d41def14c9ed2d40b249b0ec7d7f8d6476e00c997f8e5bccec3e4a8a892543231aca1003f7455fc2912e91c447c02fc966e5f81e6f40f155c6ac30494ea5250d25d0508cbbb4aaeaf4f0bf5fba687200a4e4b219db41cc925f4c5992ff31c817237dee3e4e7658ed6e1e0aeb4a5a72c1d1a87470c25bccf72b5cd8d5ec7812fd10f10f2384830f104ad6f394b2d7c72a1b36ae2db5c84780341dbd7e0cff057f3f0faff09d79277619bba16165647dff75d314f7557a1bb2e1b2dfb5590ec8fad5ba94cfccdcfb00c1036f6fa65545643dc90b28aa9332bb1e963e9556805acffa3b81b25159f078165a9ece8431bfe879d273fa58103f17cf87e3a1d392b8cd31da0dd99d63fbc781486117fcdea6d5a924a73e5fc4c03127499868e1141297ed7675b2fb5c324ed639139c9a42671396b994df338a8d35af9c7382d5930bc94d5eb1de8f7f07b8a516a47412715b7ed4da851b1972a89a5ff86fdfb39212186c4d9ccc2e5f24b2a1117cb3c22a9ccea4ddf6f9760d643bb93ba0a302f8ec844075e89b07d30ef33380d4d7661fc738d4a6a5f3ab0afdf7a8f5b48aab85062c85902cf697036c34ff66c86f8a655dc497342be6620b7d4f2885cafcb75bc02354ff5e513a6f3e3bcb64936d4c03db0fc0826ee86fdf30f7a65b70d07e9da717ee3e898dff5463a18ad1d5b9ad20235e92dcb0e17bde6b12f835ead2da5d87c11944ac3180b243c1c107b1bc894f62cdfa14793ea82fd5c496e53f9e365581eedf81e05e568e9f18dbf6aa1e78e0b8f4882f8f756dc10954da77514d3fa3e194903ab9978a484ee25f152a1f3c98a0a5fddd2a53242a82c4e4693333db1a133f8cc3ef4f0846b36ae400d4dd5f410688f878e984ba05dc4c30282c05e9055db788b4d1fe3ed5dff56a5affe87332c2437a489447dbf938d5af73da137c8b2cfd19353361b855e5f2e858557ee32d95ab1137ba083863a5bb715909b7a1428c813275627a5ccae8db6d336115572a2d91cbd97010acf7566998a44a7fe55ef0ec00cfb5e36b6eef7bdea9f023a845b7c25e8c6c3f5636d4a7bf485fd2a8a2af526e32cd5e6aa34484ce99974047485cfda42e3bf1abac652584a0cd1abb424a48788ed4360b9320a6d80654d5e38bb9cfa7eaba9ae19949adaf1a9c009ed3b0a33009e1e0df5e392fbf7945d57eff9c5b77042511a7c9501e6a42c70da1e555d2800ba6c7c71ff2141d5581201271ffcc6433f24f03d877eab47c79c5f161d8e40f7e2bd4e0fc44a28553b4b6584018e4612d941578cc0b7f91edddc57b7f0c1fa23c1723c6d3b1ddec43e7ec94d809f1c79e505cd460e045fb58380910f535f1f8ae03e8675d2646dcfe1ccbd24e11215f396ee877b0f692070dd6740e33be7e17b46477f3bbfa99fa6d8ba09fac87d592a6c360ee696698718334abb8ae623d627b830342b26bc41e77b7da47f66746968a193f59d7f27d0a89865eac177bb1fcf27f7650e9d8309a180e091e96520adad76734153c8ad70248d6c3739a93a7fe3168b9ef453ad47f84c43920c222438fe0fb5dbf3a7131559a5c102306b0a5a01335b5c3eb8b21262bff404d14b34ff6f93a5ee79cd499094ce3c785a450df5e448258dda2f153e15e9ae2b6ba6651138ee399a5ea512f29d690f46a49e4a92f2ab51e5db7be6a94cc0d0a5e2c24f9ecdc9f4b5e59a8a6471f77c306b81796b5b6ed589397cbc446d035875a178e3e6ae232cdfe33a9567f0903f5c12ff5a9e63127adce57b660fd06f649b6d08728b6ac0c40712c819a1dc480f83bbca9910ac6188bb6d46c4ee0c70217d94e5983752c83bb76e87ded2d183f592cc477a9bc090465fa42a36fa06b9eed88c9b9378b6d032c6db74360e4d487e3681f8252da80cad2a2f4a86970f26c7f192b5ce2346a60bee0b3ecfa1ccf577cdbd01480865d4f560103bf4fcafcda9368800454d3dc14e16239111fc1e346aa82875d2bdecb3f35e21833ac9f5e22d7434f6408ba08df63e21740a06e7d5f39c6675d966af57fb2f7ef1a00987fac1fe3f6a55bad544c6cd7bdd628ad5bc9aeefb40ea5059394565b406db5fbd84f9a3506747bdab805f1310b827040b0a636e922fb8dbc96c713ba32e62eba33cf5c45ea1466c77a469069c9c7585ecacc71c8b2e03964ddcfd324330a7dddf5b115d035be713f6b12ecec971a57a728d0131d0f4052218904eb189d3f5adb39e401973df5d6e32ae17c26f0e4ba7d86efad214737c0fbffd4f6d868513dde6085279fffe51509ade1b93c099d19eca5ae251d7b68cf6db76db3715c87fb71c4a9af734316ab1a9f8c992df380c9c9515b76bad431f147434275cb4a79ab27cfec5540d4822803360f44627cef35e566219671e6f7624a22b2beb92cebb02522a68ffbf8aadd8756533efd79107f9ae48fdf16a4ac457ee31a005862defc449c9c06c39303f5ae3fe28bf32fd966f2ef9fd54e95d5c2c05d00e394226f63dedba35ce14f841f1c90306d0e0b6210054b3839962a9343918c98a45828245c145bc52a9dedbcdd05f4191e2cccd9418d55c8b7cdf7dc74281cc3a684a86b6137dcb02a2aab4dbb345446f32ec1f3be53ef2fb5319ce7dc180ad8afd3ed51d1b163c0967da87ffe7cf840562359f26ef25f68c0d43990ffeb1229989da8587de0fecd7773770eddebf172d4abef39a513a12dc663eaecd2a41f0576ebd1632135683ee440641bcd5e5a7fb02d1eab5e8fbfb35474c3376cb8de18b2491ad6603851e53ac1dec93bccbae1a372a627088f8caf72600089212ac6ac5442bcb8db6c7587e86f1af9701193c47c496972a0df8b472e9e10ced2c0dd65d4a436dc78c525b6e314a2ae8fdbafc0e2fad4c2cdd13e0579b44ee5ff049c53384c181bfa8fb15b2c304b864097dde970522e40d1b7ddfaa4eeac92b270aa4a646e8a82c529dcfffdbe3263a72c3e0df4b20728bc21de13a95d2628fa51fb68013604f0ade2233b659f55f3bf566eab42799b35a09c7dd599596dd1d4cc3ccb74892dd7d064a365490682aac05afdff063fa8000fa6b101ea76b3c92066f0ec9b71db3a14eef7b2c50459c1d00d959b3c77c08bd0a81515502b882507cd334148188e4c89cf14d7434459d8310aaa8754cbd634c305d68702b62a9e36f32a6e53000aa198dd292c12c586bb93c0b76fda57c376822cc7fc32bc911c30c364099fb6c314aa70cbe088032048d218d021d851837cc1eef6bc38ca1c04e8b29e6e8a1fe694e7f077bdf1626f2c6d5567cb50a15c87a6ef0f9061c0dc810523a1ee31d3212a857e53e4ce47e29230e263263d9447e185b4b9a23e93840534042d119217216af787d52af4e8e135459a8258661c9814f5f92a5cd1902299853bef03036aadf749fc61a87377063ae7c8d55ae841627f55362d6b3330d2f6d2ed2ea483beab1937dc56db2c85c46efd84ade40b5d75999df40eacf451ec35d9ead6456f19c9923d3478ab9308ab8691f00d9974a21aed4ed927d5ab8cd559c343344324fd145425b1d35dfa79b5087a28660f0a4239afb549faff900db2696fb2d63e4babcae4abea6bbc4c96c85e7a9b332426ae6211a45a2420555b3a8d01a021826af337f3a523c4218e078347d1939431d12046ef1474affa2e01eb804733f1cc1e0d5a27f42c76e7ff8cba5ca298f81e27ab55d20a10b57272df06c5630e5847da7460b0b6ab7b9cc6e13213d0d3c5101c66e9ff3c358d4eef33ded049d1edbaa48e2892a4a744468d1d26633153155f5531ab8faf27f716871009c8bb821349b972c4379922262b2975a47a1310eb13668ad7573b15eff03852bebeb0f8fcbf2a104e138bb13f744c4a459b8c388628cf0a5f7a3ebb1a0204f0ea7042decb7212a279eb51f24e60ec3e37a5a4b1423a72ccfd13fad6c3bdd4ae42e56f7b04f170e57c5e8ebcfccff3e9cf8277055e12a61c379b9cb10fcbe7c4cbc01badec7b3ca4faebd0c9217764bf337b97ac37864e41280b098baac6e7a895ca4b0c01f731dbc1dfbc4d90b2bfa4cd8f510e93dc23d173dc54cc18a9a480a8fb10169297d4eabff042d6014d85a327d8ee332030995de1229fad67a456d2f62ad67f324f3ff2fbd1ffb3f38ea14e503c25a1ad3e5bf105df81a437b60759ae2b96e3314732865c30fdf30cb55e79b23abb1eb850de015449ec42d464bebd7ad87e40228d2a87e5dedf0040e4e91997f459434162cbc235340ca60e01146ee3cac77b4b99836cf1997690638d790b3bd2492839a3b38511df117f5d7191bf251a82c365c5f92de634f051b1f033991d306a1d5f105ee67f0a529d59e111d02fa96d5d4acd2c7fae74d0056c92d4835b6dc02947512d479239b5089edd044a08f6becbef5c7362954dccdcd99540aca11fe2b10b0c397b8b8719b73d30b0621e3d42373cef77eec62fc6c07855407cef1386433ac946370c645a66f666a8c02039891fb59b23c141964653dee5abea2ac7ce6ab1137f76e210469fae11809cdea760276dbb4bb62909fbf89c3742b1a640b49ef168e298585641b3758f94653f1549035682c54eb21ae557ef9b55f0d15bac43503ee4047722046c5d2018b7e9d1d6470de5e0e464d9eb50ec8b2e3ad2252ddcda90cb2eec90c17da6eaad82c3e7545c71f31687bcab01479a76e74639482b6de6cc40c075214ae041ea42e257de3966cc89309d09facb8211963b677babe1f37619d77be9ed2fea076183cef39e3c8bab59f39732e43c03698b0b3befbdb7f106622960869024809aae438392108af7b28bf1b5ca1a341677211a7ff48532a049d2fbbf7a52e0c68c502a0c3d0ac162ce677e3112ed2d8bee5b15dc3bc7d5b09603dc4bdc5b11f12ab69e31a465c3c051f2ef41469e6de7426dc65e1c3fa603f3919cbf828dc604a230b7ebacc6674726d653a2989b3c52f10b32cc4e1d587943ffe0a67151b84cfc467e4c1ba7caee928031efd666d607eaf07e78f41f83738559e6f6b3e68e1306e3e4dc5679086f241d17275fea93de32f5645fcd8f060cbd4ff47ac198fdd5bc5934621ea7884deb114436af54318bc52af3dae6a1217ac9984b75c11690c99326052f3233172d8cf986c915607d9377807ccf914cc6663f6eef0576446389750b3a304662811db6ff800fa576e1e670ce4760c40c2dea18017260c02ca79e0799014a2951d28d6d7642aa244a585d5960d3756a0d2408b3ebbf007ad7e5cc58e2952ec2ea83c51d096661999927fb866b633f519726dedc9b6e7ac86055ab17f2dfd48b5e66d2f37b7052ef494e3e69e2ada6ff230992006d0d6006e30222b999cb5a8ca04fac777d54c160e754501fe1be48186369d6de148e151340b6e599385955e69bb0779c0e006c51638861c067ea07c00520e05723c0b3b09f4efd62fa63489e8c6b8baeb92443007ce60b45489734e22c8754346fceed2fd713a698df62b782e1f4a6db5f47642e84ec7aeb8a273679ed01ce19b2a9c9eef55fdc9ed95ace4138850c76dcd", 0x1087, 0x40000000008}, {&(0x7f0000001140)="7c1223cc7b587329820a913da028bf201f714002cf684197b8d5d206436f13ec1000ff0bfdf1a5a59959b2d0b0809c816a57f8da19e095dd76a937516926c8f729eb695b6f0e", 0x46, 0xffffffff}], 0x5, &(0x7f00000023c0)={[{@usebackuproot='usebackuproot', 0x2c}]}) quotactl(0x0, &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)) r0 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f00000000c0)={0x80000000}) 2033/05/18 03:44:24 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 965.523566] binder: undelivered TRANSACTION_ERROR: 29201 [ 965.530786] binder: undelivered TRANSACTION_ERROR: 29201 [ 965.573546] binder: 3387:3388 got reply transaction with no transaction stack [ 965.580947] binder: 3387:3388 transaction failed 29201/-71, size 0-0 line 2763 [ 965.582283] binder: BINDER_SET_CONTEXT_MGR already set [ 965.595928] binder: 3358:3365 ioctl 40046207 0 returned -16 [ 965.609672] binder: BINDER_SET_CONTEXT_MGR already set [ 965.616583] binder: 3387:3388 ioctl 40046207 0 returned -16 [ 965.627634] binder: 3387:3390 got reply transaction with no transaction stack [ 965.635028] binder: 3387:3390 transaction failed 29201/-71, size 0-0 line 2763 [ 965.640265] binder: 3358:3393 Acquire 1 refcount change on invalid ref 1074815753 ret -22 [ 965.651008] binder: 3358:3393 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 965.658593] binder: 3358:3393 unknown command 0 [ 965.674711] binder: undelivered TRANSACTION_ERROR: 29201 [ 965.681840] binder: undelivered TRANSACTION_ERROR: 29201 [ 965.690268] binder: 3358:3393 ioctl c0306201 20000540 returned -22 2033/05/18 03:44:25 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:25 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000fd00"}, 0x6e) 2033/05/18 03:44:25 executing program 4 (fault-call:4 fault-nth:65): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:25 executing program 0: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000040)="c626262c8523bf012cf66f") syz_mount_image$hfsplus(&(0x7f0000000080)='hfsplus\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f0000000180)={[{@decompose='decompose', 0x2c}]}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r3 = syz_open_pts(r1, 0x0) read(r3, &(0x7f0000000280)=""/1, 0x1) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000fd0ffc)=0x3) ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000000)) fchmod(r3, 0x1d0) r4 = gettid() timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, &(0x7f0000040000)) tkill(r4, 0x1000000000016) 2033/05/18 03:44:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x500000000000000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:25 executing program 7: r0 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x8, 0x200000) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0xe803, 0x1, &(0x7f0000000440)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010a0200027415f8", 0x16}], 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="5c3639c358819c28513500c420ca622a67c0417b652516144dcdaf94ff5193e4e086bf229f7059b30165375a0012b5a2080ae5fe083638f38ed6b9f50d1d044921bff5bb5521ea52e25f2bd30d055ef487c35e5cd80daea397daba3aa62b3598dd2301c6df71cee2"]) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f00000000c0)={'\x00', {0x2, 0x4e20, @multicast2=0xe0000002}}) [ 966.614244] binder: 3408:3409 got reply transaction with no transaction stack [ 966.621625] binder: 3408:3409 transaction failed 29201/-71, size 0-0 line 2763 [ 966.635549] FAULT_INJECTION: forcing a failure. [ 966.635549] name failslab, interval 1, probability 0, space 0, times 0 [ 966.647066] CPU: 0 PID: 3413 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 966.654268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 966.663624] Call Trace: [ 966.666212] dump_stack+0x1b9/0x294 [ 966.669837] ? dump_stack_print_info.cold.2+0x52/0x52 [ 966.675039] should_fail.cold.4+0xa/0x1a [ 966.679097] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 966.684203] ? graph_lock+0x170/0x170 [ 966.688004] ? lock_downgrade+0x8e0/0x8e0 [ 966.692163] ? find_held_lock+0x36/0x1c0 [ 966.696288] ? __lock_is_held+0xb5/0x140 [ 966.700365] ? check_same_owner+0x320/0x320 [ 966.704685] ? wait_for_completion+0x870/0x870 [ 966.709379] ? rcu_note_context_switch+0x710/0x710 [ 966.714303] ? graph_lock+0x170/0x170 [ 966.718192] __should_failslab+0x124/0x180 [ 966.722427] should_failslab+0x9/0x14 [ 966.726221] kmem_cache_alloc+0x2af/0x760 [ 966.730386] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 966.735414] __kernfs_new_node+0xe7/0x580 [ 966.739573] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 966.744326] ? kernfs_walk_and_get_ns+0x320/0x320 [ 966.749181] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 966.754722] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 966.760258] ? kernfs_put+0x493/0x750 [ 966.764059] ? kernfs_add_one+0x129/0x4d0 [ 966.768214] ? kernfs_get+0x30/0x30 [ 966.771847] kernfs_new_node+0x80/0xf0 [ 966.775738] kernfs_create_dir_ns+0x3d/0x140 [ 966.780153] internal_create_group+0x110/0x970 [ 966.784736] ? internal_create_group+0x347/0x970 [ 966.789499] sysfs_create_group+0x1f/0x30 [ 966.793652] dpm_sysfs_add+0x26/0x210 [ 966.797447] device_add+0xa11/0x16d0 [ 966.801163] ? device_private_init+0x230/0x230 [ 966.805749] ? kfree+0x1e9/0x260 [ 966.809114] ? kfree_const+0x5e/0x70 [ 966.812826] device_create_groups_vargs+0x1ff/0x270 [ 966.817842] device_create_vargs+0x46/0x60 [ 966.822075] bdi_register_va.part.10+0xbb/0x9b0 [ 966.826750] ? cgwb_kill+0x630/0x630 [ 966.830468] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 966.835995] ? bdi_init+0x416/0x510 [ 966.839699] ? wb_init+0x9e0/0x9e0 [ 966.843233] ? bdi_alloc_node+0x67/0xe0 [ 966.847204] ? bdi_alloc_node+0x67/0xe0 [ 966.851185] ? rcu_read_lock_sched_held+0x108/0x120 [ 966.856197] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 966.861478] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 966.867010] ? refcount_sub_and_test+0x212/0x330 [ 966.871767] bdi_register_va+0x68/0x80 [ 966.875649] super_setup_bdi_name+0x123/0x220 [ 966.880138] ? kill_block_super+0x100/0x100 [ 966.884455] ? kmem_cache_alloc_trace+0x616/0x780 [ 966.889303] fuse_fill_super+0xe6e/0x1e20 [ 966.893451] ? fuse_get_root_inode+0x190/0x190 [ 966.898033] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 966.903564] ? vsnprintf+0x242/0x1b40 [ 966.907366] ? pointer+0xa10/0xa10 [ 966.910915] ? vsprintf+0x40/0x40 [ 966.914362] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 966.919378] ? set_blocksize+0x2c4/0x350 [ 966.923435] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 966.928981] mount_bdev+0x30c/0x3e0 [ 966.932601] ? fuse_get_root_inode+0x190/0x190 [ 966.937180] fuse_mount_blk+0x34/0x40 [ 966.940986] mount_fs+0xae/0x328 [ 966.944353] vfs_kern_mount.part.34+0xd4/0x4d0 [ 966.948941] ? may_umount+0xb0/0xb0 [ 966.952562] ? _raw_read_unlock+0x22/0x30 [ 966.956702] ? __get_fs_type+0x97/0xc0 [ 966.960588] do_mount+0x564/0x3070 [ 966.964129] ? copy_mount_string+0x40/0x40 [ 966.968364] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 966.973132] ? retint_kernel+0x10/0x10 [ 966.977026] ? copy_mount_options+0x1a1/0x380 [ 966.981514] ? __sanitizer_cov_trace_pc+0x48/0x50 [ 966.986351] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 966.991878] ? copy_mount_options+0x285/0x380 [ 966.996381] ksys_mount+0x12d/0x140 [ 967.000006] __x64_sys_mount+0xbe/0x150 [ 967.003980] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 967.008994] do_syscall_64+0x1b1/0x800 [ 967.012876] ? finish_task_switch+0x1ca/0x840 [ 967.017368] ? syscall_return_slowpath+0x5c0/0x5c0 [ 967.022300] ? syscall_return_slowpath+0x30f/0x5c0 [ 967.027228] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 967.032595] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 967.037436] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 967.042618] RIP: 0033:0x455a09 [ 967.045798] RSP: 002b:00007f7983decb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 967.053505] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 2033/05/18 03:44:25 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000500"}, 0x6e) 2033/05/18 03:44:25 executing program 6: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x280900, 0x0) r1 = syz_genetlink_get_family_id$team(&(0x7f00000000c0)='team\x00') getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000002c0)={{{@in6, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@multicast1}}, &(0x7f00000003c0)=0xe8) accept4$packet(0xffffffffffffff9c, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000440)=0x14, 0x80800) getpeername$packet(r0, &(0x7f0000008300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000008a00)=0x1ec) getpeername$packet(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000600)=0x14) recvmmsg(0xffffffffffffffff, &(0x7f0000007d40)=[{{&(0x7f0000000640)=@pptp={0x0, 0x0, {0x0, @rand_addr}}, 0x80, &(0x7f0000000d80)=[{&(0x7f00000006c0)=""/39, 0x27}, {&(0x7f0000000700)=""/199, 0xc7}, {&(0x7f0000000800)=""/59, 0x3b}, {&(0x7f0000000840)=""/49, 0x31}, {&(0x7f0000000880)=""/202, 0xca}, {&(0x7f0000000980)=""/196, 0xc4}, {&(0x7f0000000a80)=""/185, 0xb9}, {&(0x7f0000000b40)=""/105, 0x69}, {&(0x7f0000000bc0)=""/159, 0x9f}, {&(0x7f0000000c80)=""/232, 0xe8}], 0xa, &(0x7f0000000e40)=""/4096, 0x1000, 0x8}, 0x2}, {{&(0x7f0000001e40)=@nfc_llcp, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000001ec0)=""/200, 0xc8}], 0x1, &(0x7f0000002000)=""/55, 0x37}, 0x5}, {{&(0x7f0000002040)=@l2, 0x80, &(0x7f00000023c0)=[{&(0x7f00000020c0)=""/130, 0x82}, {&(0x7f0000002180)=""/124, 0x7c}, {&(0x7f0000002200)=""/13, 0xd}, {&(0x7f0000002240)}, {&(0x7f0000002280)=""/101, 0x65}, {&(0x7f0000002300)=""/159, 0x9f}], 0x6, &(0x7f0000002440)=""/237, 0xed, 0x4}, 0xffffffff}, {{&(0x7f0000002540)=@ipx, 0x80, &(0x7f0000002980)=[{&(0x7f00000025c0)=""/133, 0x85}, {&(0x7f0000002680)=""/209, 0xd1}, {&(0x7f0000002780)=""/47, 0x2f}, {&(0x7f00000027c0)=""/70, 0x46}, {&(0x7f0000002840)=""/200, 0xc8}, {&(0x7f0000002940)=""/54, 0x36}], 0x6, 0x0, 0x0, 0xfff}, 0x5}, {{&(0x7f0000002a00)=@in6={0x0, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000002a80), 0x0, &(0x7f0000002ac0)=""/246, 0xf6, 0x8}, 0xfffffffffffffff8}, {{&(0x7f0000002bc0)=@ipx, 0x80, &(0x7f0000004ec0)=[{&(0x7f0000002c40)=""/74, 0x4a}, {&(0x7f0000002cc0)=""/169, 0xa9}, {&(0x7f0000002d80)=""/4096, 0x1000}, {&(0x7f0000003d80)=""/16, 0x10}, {&(0x7f0000003dc0)=""/216, 0xd8}, {&(0x7f0000003ec0)=""/4096, 0x1000}], 0x6, &(0x7f0000004f40), 0x0, 0x7}, 0xbeac}, {{&(0x7f0000004f80)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @mcast2}}}, 0x80, &(0x7f0000005080)=[{&(0x7f0000005000)=""/69, 0x45}], 0x1, &(0x7f00000050c0)=""/143, 0x8f, 0xfffffffffffffeff}, 0x101}, {{&(0x7f0000005180)=@nfc_llcp, 0x80, &(0x7f00000063c0)=[{&(0x7f0000005200)=""/181, 0xb5}, {&(0x7f00000052c0)=""/93, 0x5d}, {&(0x7f0000005340)=""/118, 0x76}, {&(0x7f00000053c0)=""/4096, 0x1000}], 0x4, &(0x7f0000006400)=""/111, 0x6f, 0x6068}, 0x4}, {{&(0x7f0000006480)=@hci, 0x80, &(0x7f0000007780)=[{&(0x7f0000006500)=""/161, 0xa1}, {&(0x7f00000065c0)=""/193, 0xc1}, {&(0x7f00000066c0)=""/4096, 0x1000}, {&(0x7f00000076c0)=""/169, 0xa9}], 0x4, &(0x7f00000077c0)=""/141, 0x8d, 0x1c5a}, 0x8}, {{&(0x7f0000007880)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0x80, &(0x7f0000007c80)=[{&(0x7f0000007900)=""/45, 0x2d}, {&(0x7f0000007940)=""/76, 0x4c}, {&(0x7f00000079c0)=""/136, 0x88}, {&(0x7f0000007a80)=""/251, 0xfb}, {&(0x7f0000007b80)=""/201, 0xc9}], 0x5, &(0x7f0000007d00)=""/44, 0x2c, 0x6}, 0x2000000000}], 0xa, 0x40000000, &(0x7f0000007fc0)={0x77359400}) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000240)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000002240)={0x0, 0x0, &(0x7f0000008100), 0x30, 0x0, &(0x7f0000000580)="2b0f228f68ea19aec5e193b316871b5ad7489a2810739cb2f92b120dee587358823131f74ce014f8be1bb18a03d1ef9a"}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000008000)={@dev, 0x0}, &(0x7f0000008040)=0x14) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f0000008080)={0x0, @loopback, @rand_addr}, &(0x7f00000080c0)=0xc) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f00000081c0)={@ipv4={[], [], @broadcast}, 0x0}, &(0x7f0000008200)=0x14) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r6, 0x84, 0x65, &(0x7f0000000100)=[@in={0x2, 0x4e22, @broadcast=0xffffffff}, @in={0x2, 0x4e20, @broadcast=0xffffffff}, @in={0x2, 0x4e20, @broadcast=0xffffffff}, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1f}}, @in={0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}, @in={0x2, 0x4e24, @rand_addr=0x3f2}, @in6={0xa, 0x4e20, 0x1, @dev={0xfe, 0x80, [], 0x1b}, 0x2f5f}, @in={0x2, 0x4e22, @multicast1=0xe0000001}], 0x8c) ioctl$sock_SIOCGIFINDEX(0xffffffffffffff9c, 0x8933, &(0x7f0000008240)={'bridge0\x00', 0x0}) clock_gettime(0x1, &(0x7f00000001c0)) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000008280)={'vcan0\x00', 0x0}) ioctl$sock_ifreq(0xffffffffffffffff, 0x8970, &(0x7f0000008380)={'irlan0\x00', @ifru_addrs=@hci={0x1f, 0x0, 0x3}}) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000008880)={{{@in=@multicast2, @in6=@remote}}, {{@in6}, 0x0, @in6}}, &(0x7f0000000200)=0xe8) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000008840)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x42010001}, 0xc, &(0x7f0000008800)={&(0x7f00000083c0)=ANY=[@ANYBLOB="40040000", @ANYRES16=r1, @ANYBLOB="000000007000fcdbdf250304020008000100", @ANYRES32=r2, @ANYBLOB="f00102003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r3, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r4, @ANYBLOB="3c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000008000300050000000c00040068617368000000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r5, @ANYBLOB="4c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000008000300050000001c000400686173685f746f5f706f72745f6d617070696e670000000040000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e000000080004000300000008000600", @ANYRES32=r7, @ANYBLOB="38000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000800030003000000080004000001000038000100240001006e6f746966795f70656572735f696e74657276616c0000000000000000000000080003000300000008000400ff00000008000100", @ANYRES32=r8, @ANYBLOB="bc00020038000100240001006d636173745f72656a6f696e5f636f756e7400000000000000000000000000000800030003000000080004000008000040000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e000000080004000800000008000600", @ANYRES32=r9, @ANYBLOB="400001002400010071756575655f69640000000000000000000000000000000000000000000000000800030003000000080004007f00000008000600", @ANYRES32=r10, @ANYBLOB="08000100", @ANYRES32=r11, @ANYBLOB="6801020038000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000800030003000000080004000100000038000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000080003000300000008000400090000003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r12, @ANYBLOB="38000100240001006e6f746966795f70656572735f636f756e74000000000000000000000000000008000300030000000800040066000000400001002400015f73746174730000000000000000dc1300000800040001000100080006000000000000000000", @ANYRES32=r13, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000080003000b00000008000400ff7f00000800070000000000"], 0x440}, 0x1, 0x0, 0x0, 0x8000}, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000000000)={0x0, @rand_addr, 0x0, 0x0, 'dh\x00'}, 0x2c) [ 967.060765] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 967.068122] RBP: 0000000020000140 R08: 00007f7983decb20 R09: 0000000000000000 [ 967.075382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 967.082652] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 967.091799] FAT-fs (loop7): Unrecognized mount option "\69ÃXœ(Q5" or missing value [ 967.097520] binder: BINDER_SET_CONTEXT_MGR already set [ 967.106214] binder: 3408:3409 ioctl 40046207 0 returned -16 2033/05/18 03:44:26 executing program 0: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x2000, 0x0) read$eventfd(r0, &(0x7f0000000040), 0x8) getsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000080), &(0x7f00000000c0)=0x4) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000180)={0x0, 0x6, 0x800}, &(0x7f00000001c0)=0x8) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={r1}, 0x8) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000240), 0x4) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000280)=0x1, 0x4) getsockopt$bt_hci(r0, 0x0, 0x2, &(0x7f00000002c0)=""/251, &(0x7f00000003c0)=0xfb) r2 = request_key(&(0x7f0000000480)='encrypted\x00', &(0x7f00000004c0)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000500)='+\x00', 0xfffffffffffffffa) r3 = add_key$keyring(&(0x7f0000000400)='keyring\x00', &(0x7f0000000440)={0x73, 0x79, 0x7a, 0x1}, 0x0, 0x0, r2) sigaltstack(&(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000540)) getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000580), 0x2) ioctl$sock_inet_udp_SIOCOUTQ(r0, 0x5411, &(0x7f00000005c0)) add_key$keyring(&(0x7f0000000600)='keyring\x00', &(0x7f0000000640)={0x73, 0x79, 0x7a, 0x0}, 0x0, 0x0, r3) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000680)={'filter\x00', 0x4}, 0x68) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000700)={r1, 0x8, 0x20, 0xfffffffffffffff8}, 0x10) setsockopt$IP_VS_SO_SET_EDITDEST(r0, 0x0, 0x489, &(0x7f0000000740)={{0x87, @local={0xac, 0x14, 0x14, 0xaa}, 0x4e20, 0x3, 'ovf\x00', 0x12, 0x400, 0x32}, {@dev={0xac, 0x14, 0x14, 0xd}, 0x4e22, 0x3, 0xd870, 0x8, 0x69}}, 0x44) removexattr(&(0x7f00000007c0)='./file0\x00', &(0x7f0000000800)=@known='com.apple.FinderInfo\x00') setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000840)={r1, 0x401}, 0x8) ioctl$KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000880)={0x2, 0x0, [{}, {}]}) sendmsg$key(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f00000008c0)={0x2, 0x4, 0x100, 0x7, 0x1b, 0x0, 0x70bd2a, 0x25dfdbff, [@sadb_key={0x12, 0x9, 0x408, 0x0, "9d7f6d4bac26856875aa444fd29ebf702e88485e9f7522971c91704666f259bbe5aa14aac3b05e93c8aaef9972329e3380a41b24b54288fd8d71f5f0e0c1a79a9f34010b692dffed71a5a8167ee7b2965c1138c6396bd02662e24dd8d70c26630ccbbe52cd6b7d572aa49cc670fcb07654e418079a0548829ff69599a8d03e5cec"}, @sadb_spirange={0x2, 0x10, 0x4d4, 0x4d6}, @sadb_x_filter={0x5, 0x1a, @in=@dev={0xac, 0x14, 0x14, 0x14}, @in6=@dev={0xfe, 0x80, [], 0x1d}, 0x0, 0x14, 0x14}]}, 0xd8}, 0x1}, 0x15) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000a40)={r1, 0x1000}, &(0x7f0000000a80)=0x8) r5 = gettid() getpgid(r5) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000ac0)={r4, 0x4}, &(0x7f0000000b00)=0x8) renameat2(r0, &(0x7f0000000b40)='./file0\x00', r0, &(0x7f0000000b80)='./file0\x00', 0x6) ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000bc0)) ioctl$EVIOCGBITKEY(r0, 0x80404521, &(0x7f0000000c00)=""/113) ioctl$KVM_GET_DEVICE_ATTR(r0, 0x4018aee2, &(0x7f0000000cc0)={0x0, 0x18, 0x94d400000, &(0x7f0000000c80)}) read(r0, &(0x7f0000000d00)=""/139, 0x8b) [ 967.126194] binder: 3408:3421 got reply transaction with no transaction stack [ 967.133608] binder: 3408:3421 transaction failed 29201/-71, size 0-0 line 2763 [ 967.154101] FAT-fs (loop7): Unrecognized mount option "\69ÃXœ(Q5" or missing value 2033/05/18 03:44:26 executing program 6: perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) setsockopt$nfc_llcp_NFC_LLCP_RW(r0, 0x118, 0x0, &(0x7f0000000080), 0x4) signalfd4(r0, &(0x7f0000000000)={0x2}, 0x8, 0x800) 2033/05/18 03:44:26 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000000000000000fd00"}, 0x6e) 2033/05/18 03:44:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:26 executing program 4 (fault-call:4 fault-nth:66): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) [ 967.227439] binder: 3423 invalid dec weak, ref 4240 desc 0 s 1 w 0 [ 967.233922] binder: 3423:3435 unknown command 0 [ 967.260660] binder: undelivered TRANSACTION_ERROR: 29201 [ 967.266563] binder: undelivered TRANSACTION_ERROR: 29201 2033/05/18 03:44:26 executing program 7: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000040)="c626262c8523bf012cf66f") r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x4}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x46, &(0x7f0000000000), 0x4) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) 2033/05/18 03:44:26 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket(0x2000000001, 0x2, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") setsockopt$inet6_tcp_int(r0, 0x6, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe, 0x75) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r2, 0x0) sendto$inet6(r0, &(0x7f00004e8000), 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x4e22}, 0x1c) sendto$inet6(r0, &(0x7f0000000080)="f80fbd5da1b3c0f09d3d94815745711bc76fe5db01b2fc2212e65d8952d0e6c6a78d9f733c0b2e6e682851541ccb5deb7457e151cc1b5b5f36b48923af79e3e31d74d21dc9276ec6f239daf8840b23b84d41ef4054d550e46cfccfc13cb3a98b0115acdeb9a444078b26402b41c98ab137b29323385056b60a526b3761a836df03793a0d70bc210cdffb72830619e25a176e9093cd2f7638c729ff1729c356aa239337240d338a81f3518edc86ef1b5c6cd42d1cb29af9759c30b7c23ffae4fecf251357f1393e3a0323f95bd74bbf0ef60ffaf5f145b6f799b8b78adeefd3fdd5e5c640aeef43a440e9ff23509a446d6fa8496d4d073d1b98352d9ad48c32cc08b80ddf39dd47ed07b16dc93e526db098de8a840c9c65cbdbae98c40da0ef48e76429d4a74a2b228bfba5ed2eaf754154621255f65595ffaa2d79c49efd77849986e5dc12189002f11145da3d56c1ce8cac370b43b3cee8e8071c44f54f94f17368586f53dbaf3be6e5aba47cccac708235c3d6f75e18d397fd167aee63522153e59d14fc28996fae0c2ee0a6c582146530547829808681f6f631ece598d63118a08a4550534ac8ad228c05182eb2fee2a304b6d27db943307578e78c68b2b3889abf3158ec7fd4603aa7a6b601769724e669c4a3dc74afaeba1ed37b00ec985b1553e3452de574312e12114412bbefa695ac9d613fe505421f835f8c3a17aa04f20be028c321f176205f7da29dd81393125e99b68832a2", 0x218, 0x8000, &(0x7f0000000000)={0xa}, 0x1c) close(r0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x80000, 0x0) ioctl$KDDELIO(r3, 0x4b35, 0x2) [ 967.321243] binder: 3450:3451 got reply transaction with no transaction stack [ 967.328680] binder: 3450:3451 transaction failed 29201/-71, size 0-0 line 2763 [ 967.367502] binder: BINDER_SET_CONTEXT_MGR already set [ 967.374434] binder: 3450:3451 ioctl 40046207 0 returned -16 [ 967.387014] binder: 3423:3435 ioctl c0306201 20000540 returned -22 [ 967.397108] binder: 3450:3454 got reply transaction with no transaction stack [ 967.404478] binder: 3450:3454 transaction failed 29201/-71, size 0-0 line 2763 [ 967.413183] FAULT_INJECTION: forcing a failure. [ 967.413183] name failslab, interval 1, probability 0, space 0, times 0 [ 967.416152] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 967.424472] CPU: 1 PID: 3457 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 967.441921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 967.451274] Call Trace: [ 967.453874] dump_stack+0x1b9/0x294 [ 967.457517] ? dump_stack_print_info.cold.2+0x52/0x52 [ 967.462733] should_fail.cold.4+0xa/0x1a [ 967.466816] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 967.471912] ? graph_lock+0x170/0x170 [ 967.475701] ? lock_downgrade+0x8e0/0x8e0 [ 967.479842] ? find_held_lock+0x36/0x1c0 [ 967.483891] ? __lock_is_held+0xb5/0x140 [ 967.487941] ? ext4_writepages+0x670/0x4030 [ 967.492261] ? check_same_owner+0x320/0x320 [ 967.496569] ? wait_for_completion+0x870/0x870 [ 967.501138] ? rcu_note_context_switch+0x710/0x710 [ 967.506050] ? graph_lock+0x170/0x170 [ 967.509847] __should_failslab+0x124/0x180 [ 967.514070] should_failslab+0x9/0x14 [ 967.517867] kmem_cache_alloc+0x2af/0x760 [ 967.522018] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 967.527024] __kernfs_new_node+0xe7/0x580 [ 967.531162] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 967.535904] ? kernfs_walk_and_get_ns+0x320/0x320 [ 967.540734] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 967.546258] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 967.551783] ? kernfs_put+0x493/0x750 [ 967.555581] ? kernfs_add_one+0x129/0x4d0 [ 967.559718] ? kernfs_get+0x30/0x30 [ 967.563332] kernfs_new_node+0x80/0xf0 [ 967.567218] kernfs_create_dir_ns+0x3d/0x140 [ 967.571616] internal_create_group+0x110/0x970 [ 967.576188] ? internal_create_group+0x347/0x970 [ 967.580938] sysfs_create_group+0x1f/0x30 [ 967.585074] dpm_sysfs_add+0x26/0x210 [ 967.588865] device_add+0xa11/0x16d0 [ 967.592578] ? device_private_init+0x230/0x230 [ 967.597144] ? kfree+0x1e9/0x260 [ 967.600497] ? kfree_const+0x5e/0x70 [ 967.604210] device_create_groups_vargs+0x1ff/0x270 [ 967.609224] device_create_vargs+0x46/0x60 [ 967.613450] bdi_register_va.part.10+0xbb/0x9b0 [ 967.618107] ? cgwb_kill+0x630/0x630 [ 967.621809] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 967.627328] ? bdi_init+0x416/0x510 [ 967.630939] ? wb_init+0x9e0/0x9e0 [ 967.634464] ? bdi_alloc_node+0x67/0xe0 [ 967.638423] ? bdi_alloc_node+0x67/0xe0 [ 967.642382] ? rcu_read_lock_sched_held+0x108/0x120 [ 967.647384] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 967.652652] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 967.658185] ? refcount_sub_and_test+0x212/0x330 [ 967.662931] bdi_register_va+0x68/0x80 [ 967.666807] super_setup_bdi_name+0x123/0x220 [ 967.671290] ? kill_block_super+0x100/0x100 [ 967.675599] ? kmem_cache_alloc_trace+0x616/0x780 [ 967.680433] fuse_fill_super+0xe6e/0x1e20 [ 967.684574] ? fuse_get_root_inode+0x190/0x190 [ 967.689147] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 967.694670] ? vsnprintf+0x242/0x1b40 [ 967.698462] ? pointer+0xa10/0xa10 [ 967.702000] ? vsprintf+0x40/0x40 [ 967.705441] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 967.710459] ? set_blocksize+0x2c4/0x350 [ 967.714509] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 967.720036] mount_bdev+0x30c/0x3e0 [ 967.723650] ? fuse_get_root_inode+0x190/0x190 [ 967.728224] fuse_mount_blk+0x34/0x40 [ 967.732010] mount_fs+0xae/0x328 [ 967.735549] vfs_kern_mount.part.34+0xd4/0x4d0 [ 967.740136] ? may_umount+0xb0/0xb0 [ 967.743754] ? _raw_read_unlock+0x22/0x30 [ 967.747897] ? __get_fs_type+0x97/0xc0 [ 967.751777] do_mount+0x564/0x3070 [ 967.755305] ? copy_mount_string+0x40/0x40 [ 967.759526] ? rcu_pm_notify+0xc0/0xc0 [ 967.763404] ? copy_mount_options+0x5f/0x380 [ 967.767797] ? rcu_read_lock_sched_held+0x108/0x120 [ 967.772800] ? kmem_cache_alloc_trace+0x616/0x780 [ 967.777636] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 967.783157] ? copy_mount_options+0x285/0x380 [ 967.787654] ksys_mount+0x12d/0x140 [ 967.791267] __x64_sys_mount+0xbe/0x150 [ 967.795229] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 967.800238] do_syscall_64+0x1b1/0x800 [ 967.804119] ? finish_task_switch+0x1ca/0x840 [ 967.808605] ? syscall_return_slowpath+0x5c0/0x5c0 [ 967.813530] ? syscall_return_slowpath+0x30f/0x5c0 [ 967.818460] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 967.823814] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 967.828647] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 967.833831] RIP: 0033:0x455a09 [ 967.837005] RSP: 002b:00007f7983decb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 967.844799] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 967.852051] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 967.859303] RBP: 0000000020000140 R08: 00007f7983decb20 R09: 0000000000000000 [ 967.866557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 967.873814] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 967.905195] binder: BINDER_SET_CONTEXT_MGR already set [ 967.936912] binder: undelivered TRANSACTION_ERROR: 29201 [ 967.942978] binder: undelivered TRANSACTION_ERROR: 29201 [ 967.954748] binder: 3423:3435 ioctl 40046207 0 returned -16 2033/05/18 03:44:26 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:26 executing program 4 (fault-call:4 fault-nth:67): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x6800000000000000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:26 executing program 7: mprotect(&(0x7f00005dc000/0x1000)=nil, 0x1000, 0x0) r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0xffffffffffffffff, 0x2, 0x1, 0x81, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001140)={r0, 0x0, 0x1000, 0x3, &(0x7f0000000100)="928d7b562ac62f88f90c103f157bd6932faa608b92810fb791ee93be661313acd003c7738760b2784d03f406520c9062ec8eda94eb0e071a721b44c93196f5e656ab69b538f9f16c94a743c9d49830dc87584c3f5836742403be0690a7f6e29f8a06a52650fe2a2f6a5de7d597b51b81d03d442cfb1183b33f0cf5247a02454400602a7234e5701440aefe5ec695ec40853be6cfd727e06a7b4f75c10bfa5e866d94f5dbccedff0e65fc7617c459a9885d2f7b44dc87ae930925adbc96898e11441be9dfd3d2c68d9ec56bdee79109cdbff6ad1a06e3e8fffb821482412b625d7626a5ef9020b03a4c8384522018e799aba7b944ca51a01fb215a8ab87dfa6c62da4389186df573fe91b436e5fd389ef21163855d6f912fd2f6f5c108acc7ac5544e0584908ca4ea14105a9375973e259b9a2ec86e526dab84e6997be7753de05480e6e67f5857c2ad76e5af9ecb8fa1567d97dbc59cd21c8175fdc3442d6c0e726784ddfa28497b3445cc3502b433469aa46f210328ed82d3793fdcc4ed495a823044fb8db90832dbba340e5e876a18b0f2819e3327d68d32f3845a94ff5845c122633804d8ec0134dd79dd824d75c4ac83a942a87c82fe60f8e0579e837c48f8b7e37ca913e2aea6bec7b6c77b8896487d0f78b58cc7d4aba20f8d9edc4d5feea9498f7a31b7f50459779c459f873a6b25ca3dca4a5b5765821b617521dec60a798af2bb29efceb91193b7295f98d9d7d68108876c2076c967900f706ccba5ab0d4ae639ec35819e45bee2681b857bedfecc450bf132a2a3d2da21d8e6ff7dd761eefc1927f9f00c76127a0bab7823fe38b8299ab3f54dbfd6c0129dca9f222ed1d4c2a1f425cc2991b4123f1bc09cb8d3f2165f0adfda6ac80332481560034a6118f781b5a03a85c87f91e8554f36e95dc42f0994d37b4e1f8465a5536dc0c41aa8b99825946a3476bd58f2c4dbdf9d0e62bb6e79fdefbf3b6e20d365ed00ca51a9fa41d3abed5c47cd780cba054c863de4de8e2cc722ba9be342b80dc089f772f0435d26a10883a901d5228a1dd39ad57821b65b9c3245791b8396a426f4cf6001972bc959c053dc9adfbb1eaa3cf685bd667a6abcf8f467ce2941b771dcf5c1b555db4efabf3c354678a17a3a8a9c582751c922eb3103b3c8ff0dcb79fba293ee5c66bb2c7f252724fa3ac07faa2591a6b84eba47ab06b421995ab271a5c736c93f09f2f3de6902441fe626bac1396626aabbb3f1543b86a13fdfb9e115ebbd5782a204f4f4eac45c79ca873bfb9d79298749ef6025201f4467072535a3b7cf434488615780f134ce223034f4c33e5cf56d566a4115df313a01865fd34e4721ec5ce4b7f531358b7170d507ab87a53a72ad232e557f669b2392655615887cca387197975fa2ddeea941c92225707b7811246b34b3d3fb070395d57acfdff6fd0e7df9a35cd110bf579ed00c68d27879a3aa13adc8b9b8343338633767a3f4d90267795d1863b7bc1d95a5c94eb95904396be1a322a5624bc3e555efd92933e5e8a1838018ef8b7a4f0d9f9506e4216cd1b8a7c11391014089991c19878a23b08362e23d8800bd996b4bf9f28c487b493f51ac2968bd46fa11b58cb1cc65ce834c6097f135909af968095b6435cf14b7036374d5a697c6c4e6345fc904125d8c7642ae43df6d9c32994f127f4834db6ff8def77dae1656b2466cedd0572395121e97617b366aa693447a1d47fb8c2239384c66c3915ffa38beba86350af6e8bd31f462c468da48e52c0be7b58dfee540fa42066a12aec261544f9537e3e98b2432a949009fe84ab860f65ab15a6dee58b97cf6f6931b0c7ee02b03bd0c33242173e47dbf9a240086ad40f36884ede0d9b89194407fd3fe9afed6a36652452c4a48979182aba64f6321e56f72c273feac069ffc1fb35d69a6fde6b1c58ad5452204fc810082666d9c2044b8c6567e10e116fecc9f367c678bc3ac026ace810a319e1a9fa7e9a5f28d72b22fc73b68bef6d416828222384362f976d5d460d7620213691fa055cbbeeabf21f5df732aa30444c4fcf6eee522beccf30283250f6aa5ae01d0ea5c18199bd22c93a892908abcbcd94b53d072f048d22333fe5ce64a7abcdb505ab87c2456b18841c131a86f12447be3c3e989f98c4c34311d5844cd298582a35eeb04e2918484848afb2245809188148a157e1985bae6552dffa18fdbb59d34eb28c8a77eefb532af45b26d96ce9613d23f00c02318139708f001b7194b5028f3e35cc2a8dcc8f9c8d7cebe3e6eb4cb4556a7ae53f9f6603f52b9710c2a004258f0c31cc145cef21a97024ee8cc18a949b93a9ba1d4847c1f694b571348905be502ed388520687651242886439c7fbec24c4bf0b672c7a108f06f4da79858979b72adb3926f980bdbb9814433bbbb2a3232570c4784db3a7c6997da2767260285f6ac7e8e09c5e68ecca159aaf75b2b39a7a2122b515fdd5f0e6114d61c54ca80e36a6c59522d8868cd719e4ddd31b1f7f27e410a8b115146d48f34e555f3bec23185bc93dc5fb3795134b3c6087c00527542b728fe7255dbad91346418f2044bf5bc125effd82e51b922dac7271b61c64b2300653876eb3ca62e6f9f8b315a7bac87e5ec2f00c82406d642b25c52bb3ba2a6be16f771ffdcb262f2f1e7b7b46a2da05f0e4953a7baad40112b8921f7d574fd42fcec488cff4dbb24c2cc49d8436eb9c149e1c7ec010c4a2410a4ddd0dab80088365bc3cec9975072cfda2d0269699cae119ce13a647cef1c544694774bf8dc54b179215d96b0ffa448303cbbad999ff32d8b3ca291fa7979f12533c539015e37413a0b30b50fd6d2f7c5960214de9a2f85de802619c7cc57e9ed9fd6edb927cc65cf2702e8403074b2b6fcd106c3b069002b80f0c570789479aa52e9ada853438887dee2d989bcda62c8d8665c6b8ede8955911ae86c374df13d6346d4bee604e58233d68a38049c97a3787619427079b2ed7a371ce51540b41b6ef54405a6143221601d2168d300c73500b0a63f8438439b7cfcfbfef8e2847afc42cae947261af59f81a75c3c1bc6c9bd0c209d1b7b31b21ef8d1b1bb52f358df1c17442edcd95c79d0dd02c4637060cdd0b4377aa964ff548ca598558ee183a673581017efa708fc218d1dedfb465589ed670f159d99806b3cf598ffe77161d98674e73441c8b1085b0bdc528cc1818019c8273ae358aab15d54de961a6e7783594f60cf50a14d808916891573f041853a499a6dba3cfddb02bc6a84642f6de12e035ecff8eddc66fd595c4b9ffb9fadd7e05927e14d4e6d6cae7ae366d1bef4120eff7eba2fe833f02849800e694508e32a3e2a3f57130a9ca4fcd65179c854706898837a05c33ec00cac19fb95a8da3126c9c13af191d4da6e561c9a0844355325e9f6ad36b5f057aa8c335cfb777e473786fba525f223f03bc9370343e22b8458439e80b4a79d5b9e00215bde24b35bc99f291b0bda259dd6b44576bfc21b08725af591a1d6ff313f088b4776983810a0f9702538fbafb7cecd2f1985674c5f626551128ae10d6b89b1bdc2b4bb391df52da97e23909e0968550063319e525bd1c9af713f1b797af4a55165f59c79edc2eb0ee1ec8387e50505a569ba85b8d03326ee1e335e5b71b3bb0ecd946c288ec7a351fd832a7ef7f8d3d53cc52f65e6d93e91691c597f227c854cda2b68c009f1a92e0398af0e4db8f5a169fc091cf59c510b900e7e16f2dcd4708907759a5b33190184a685b30331844092a6e79288d97a0d4ac1cf74ad642b307f62e1ab92beb4c78002c8cfd9c3e1d9249a5ebd52061d8be12758c9ae283f65cea7bc5845c7c8bd506d2edfba40b440d6764c1af7616fb45c3c6cf74706aab40cabbf73c248f793392c1dd2fa3037eb0fc172da02f9e71f8b1ad77c56130ae9f5e243746dfd7de083c4a9dade1d4504b01a94d75161230a83da9c607c0b2db970c3ff6f06934c72147093a81f124a3432e89b0fd1fed9dab6e9e9a51402f301ecbf447320df49c4879f9f9a5009b3a3802e6ef39d76fce519ae8c868ad34b6097be45482d0d1322e913cdb6d401129fbb51afc10f69c1f9d050183925d6cd6991aa81446690090b478de980d35d60399ff6e8a49eb90311ef610d830d607d243c3253bf72e2005c5a992f3c22284791023d56f4b9913c6ef66835b8f82244f0436aa341e791305de2f531f56eaaff90de97fb2dc1dd4a43c214acefec6659b0d67f507d41c122a9a5ee1146669d2344bd50e11299ab3fa4c9ee1d757d876394e6863fba1288f58c457e3ec8b81f4a0e2dd80dc7cdb09bfe952b610578df3fa0e2d5cef0a0f08b3e165d003a363050a37833df07e26189de14eb6fc5e7279d91aaca21acb0cb6fff13b199a174e2310c86530ca3d585315b4e69ac0a2401c775573b678be8ca1f7a08a94c95eee0d4ae913610a11af6bd8561058d48aa7952779557ca9c84fa78a3e654d8fd3e2a7c3724166352778c7e283ea6e95a348f6b2dcd0b1f776c420a009519df047be036bae96b983998b1736a78b41852b9a87421bd6afe5fe562c03f07a6778371edc4aded4d8799de389cc06b610b24d1421a889854315760dbdecfea48c7b02071a7ec56be11d857bbcf6d6b7562bfaa91cea3a79efb73d04d72c0a691bef6395e60882f444492c02f14d7b49e47ecf0f78519b5ea30528e956dec6cc40b1b452d2016162eefc55110a4e77b82544741e1e55d4f38a6a150d9f4c20b31be6af51f12ac521da523a697eafa1aea2eefb47ecc27efc9c879a05366b420f8438b2869057790ec12b8ec0bd5a255a509c9a01c99457190a617346669d1f6f5adac5af4ae846031679c9b5ed52e8cd0f9ec00322c68f668898332c05006c8dd413964e732ec5c3cfebced682724ae21a06ad8c640ce782fb3c547acd35c7d466aed53cb482f736c2c0dc8a75c918f20df9c593e5755586f91ed29e844e44e55e1df81327cba7f81f9cf1063ecce30f7cbd4109d95e41eaa7d83ba58172a079bb284e7f123d0e1fd92b5050dbc6829dc4ab7197d4fa4f3d2862b23f18cf7cce693b597f08864b0b117f230d9d9300018b3f7829fddf69567ac308674b949d58cc8bbe46426a3ad314a3f4c907dbeb028a73bf159b4f83391d8b7ac9b24307858b3e70fff8dfafffd9195293c51fce082fdbc6a680ae74c5edcb3a9784aebff55df40f9f1bf127950988978bd447dbd65ba95d3f885584e81dd18670a5ee8e025716dcf323fb2bc020b5f08631c9f7074e8653b2b5c8a27c3c7e7870ce330cdfbb68f4bad74d20488d1cdbc043134610a8e1466a543dd873e09b108414a43e5671d1ec7d5757b6cbbc1087aa811828a37b0156eed604ac69ef865111b6382e810fc47b547577f4fb6e416342ec290de20ee6b2d5b13e03bdf5d7818c54cc30fa05fbba5dd2a3df17a6b6464bfb2f858d80a64f8b17821b9e10878cd0fa9c478c8c9d3682a8c34b5a74003ec55e125bf374b734cb308cd42a9a51b8dbf5024506f1fe09a52e2e33c772499e6c073d9cec045a3df941843e43050202b9729bec0eb9e43e98a7e21163c232dc34e5fc56d549c2122df4f0f4a1ff2e9636d7f4faf7bd0b0b5e5a5d876f4a483b0520578d30f1526ec9c5a2e7c847cacb26f183d98b30010cf40a3ec763a7cb4f25caf38d5d7c457abe5f2e663ab9f053426d627290fb7e908152aa40eefdaa510de6fd614df541e50f33e6ce3f53ef3c9cbaed95fcc7115fca1d9bc86c45be5ce393f12a3887bd50df615cf", &(0x7f0000001100)=""/3, 0xee9}, 0x28) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000001240)={0xf1fb, 0x0, 0x10000, 0x10001}) ioctl$DRM_IOCTL_SG_FREE(r0, 0x40106439, &(0x7f0000001280)={0x7, r1}) ioctl$KVM_SET_SIGNAL_MASK(r0, 0x4004ae8b, &(0x7f0000001180)={0x95, "4da8a4004e3ab88b97746cf7a2b2b119dbbaddd9bb449dda71fe0eaade332bfb5c047fe8c171bc32646f84e9cbd45eaa284a2879019b26395deaf6d6b6c3a3478b73b73fbf6275dc9367f9c9f4fc2380fa05c829d673e320e2c7811489c26daaa17d983551360f81864883fd41955f3e79e12c307856b6c10a69ded86a4fab511fd4837dd186f624257a965a2b0e1aa6e9046bf8bf"}) r2 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x6, 0x20040) ioctl$RNDADDTOENTCNT(r2, 0x40045201, &(0x7f0000000040)=0x3) 2033/05/18 03:44:26 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000002000008000"}, 0x6e) 2033/05/18 03:44:26 executing program 6: socketpair$inet6_udp(0xa, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x41, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000a9b064b8cde12a46891ca0cb314aca87c84617b313788a872a16394a7b08ebfda7b4a5a252443bbce333c0e0cc55b88d4ff5174003a06e80be610303248d8b130c7a18be11a805b4fffc28997aff642a719423b821a744d8416485097d7b99b37ea030077894d404a6503b0ae861d1c19b2ac3070883d4e37222012e712282ef6a29cc7ada9541a22b083b"], &(0x7f0000000080)=0xb3) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f00000000c0)="c626262c8505bf012cf66f") r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r2, 0x2285, &(0x7f00000002c0)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0x4, &(0x7f0000000040)=""/4}, &(0x7f0000000180)="3c1a016b527d", &(0x7f0000000240)=""/41, 0x0, 0xfffffffffffffffc, 0x0, &(0x7f0000000280)}) 2033/05/18 03:44:26 executing program 0: capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000001fe8)) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x8003, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000140)="35ea0e8b925c98bf76639ece8c0da188", 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x9, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff9c}, 0x2c) 2033/05/18 03:44:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 967.997426] binder: 3423 invalid dec weak, ref 4248 desc 0 s 1 w 0 [ 968.003853] binder: 3423:3468 unknown command 0 [ 968.008580] binder: 3423:3468 ioctl c0306201 20000540 returned -22 2033/05/18 03:44:26 executing program 0: r0 = socket(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_ifreq(r0, 0x89f3, &(0x7f0000000240)={'sit0\x00', @ifru_data=&(0x7f0000000000)="00b4ae9fca19fba868f03158de8d12d04ed14126c514de7b02ade828cb2a0180"}) [ 968.062070] binder: 3476:3478 got reply transaction with no transaction stack [ 968.069457] binder: 3476:3478 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:26 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000480)='/dev/input/mouse#\x00', 0x3f, 0x80) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f00000004c0)=0x101, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r2, &(0x7f0000000280), 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r3 = dup2(r0, r2) recvmsg$kcm(r3, &(0x7f0000000440)={&(0x7f0000000000)=@llc={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000080)=""/87, 0x57}, {&(0x7f0000000280)=""/107, 0x6b}, {&(0x7f0000000300)=""/78, 0x4e}], 0x3, &(0x7f0000000380)=""/172, 0xac, 0x800}, 0x1) syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00') r4 = getpgid(0x0) sched_rr_get_interval(r4, &(0x7f0000000500)) read(r1, &(0x7f0000000180)=""/230, 0xfffffffffffffdab) 2033/05/18 03:44:26 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000000ffff00"}, 0x6e) 2033/05/18 03:44:26 executing program 6: r0 = accept4$ax25(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0x10, 0x80000) write$binfmt_script(r0, &(0x7f0000000080)={'#! ', './file0', [{0x20, '!bdev&$)-/'}, {0x20}, {0x20}], 0xa, "60ada9c5ccbb93"}, 0x1f) mmap(&(0x7f0000000000/0x237000)=nil, 0x237000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x80001, 0x0) getsockopt$bt_hci(r1, 0x0, 0x60, &(0x7f00001e3000)=""/30, &(0x7f0000d23000)=0x44) [ 968.151343] binder: BINDER_SET_CONTEXT_MGR already set [ 968.189303] binder: 3476:3478 ioctl 40046207 0 returned -16 [ 968.190533] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 968.196893] binder: 3488 invalid dec weak, ref 4254 desc 0 s 1 w 0 [ 968.211890] binder: 3488:3498 unknown command 0 2033/05/18 03:44:27 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @multicast2=0xe0000002}, {0xe0000304, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}, 0x0, {0x2, 0x0, @rand_addr}, 'lo\x00'}) r1 = accept(r0, 0x0, &(0x7f0000000080)) bind$bt_l2cap(r1, &(0x7f00000000c0)={0x1f, 0x4, {0x1f, 0x854, 0x1, 0x7, 0x0, 0x5}, 0x3f, 0x2}, 0xe) 2033/05/18 03:44:27 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000000000300"}, 0x6e) [ 968.235525] binder: 3476:3492 got reply transaction with no transaction stack [ 968.242928] binder: 3476:3492 transaction failed 29201/-71, size 0-0 line 2763 [ 968.265648] binder: 3488:3498 ioctl c0306201 20000540 returned -22 [ 968.312242] binder: undelivered TRANSACTION_ERROR: 29201 [ 968.318169] binder: undelivered TRANSACTION_ERROR: 29201 [ 968.337051] FAULT_INJECTION: forcing a failure. [ 968.337051] name failslab, interval 1, probability 0, space 0, times 0 [ 968.348340] CPU: 1 PID: 3489 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 968.355533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 968.364893] Call Trace: [ 968.367506] dump_stack+0x1b9/0x294 [ 968.371153] ? dump_stack_print_info.cold.2+0x52/0x52 [ 968.376363] should_fail.cold.4+0xa/0x1a [ 968.380443] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 968.385570] ? graph_lock+0x170/0x170 [ 968.389397] ? lock_downgrade+0x8e0/0x8e0 [ 968.393554] ? kasan_check_write+0x14/0x20 [ 968.397800] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 968.402750] ? find_held_lock+0x36/0x1c0 [ 968.405684] binder: BINDER_SET_CONTEXT_MGR already set [ 968.406824] ? __lock_is_held+0xb5/0x140 [ 968.406861] ? check_same_owner+0x320/0x320 [ 968.414363] binder: 3488:3498 ioctl 40046207 0 returned -16 [ 968.416199] ? rcu_note_context_switch+0x710/0x710 [ 968.416222] __should_failslab+0x124/0x180 [ 968.416253] should_failslab+0x9/0x14 [ 968.421182] binder: 3488 invalid dec weak, ref 4258 desc 0 s 1 w 0 [ 968.426301] kmem_cache_alloc_trace+0x2cb/0x780 [ 968.426326] ? device_create_file+0x1e0/0x1e0 [ 968.426342] kobject_uevent_env+0x20f/0xea0 [ 968.426354] ? device_pm_add+0x221/0x340 [ 968.426375] kobject_uevent+0x1f/0x30 [ 968.432524] binder: 3488:3522 unknown command 0 [ 968.436722] device_add+0xb01/0x16d0 [ 968.436747] ? device_private_init+0x230/0x230 [ 968.441344] binder: 3488:3522 ioctl c0306201 20000540 returned -22 [ 968.446829] ? kfree+0x1e9/0x260 [ 968.446850] ? kfree_const+0x5e/0x70 [ 968.446872] device_create_groups_vargs+0x1ff/0x270 [ 968.446893] device_create_vargs+0x46/0x60 [ 968.503675] bdi_register_va.part.10+0xbb/0x9b0 [ 968.508331] ? cgwb_kill+0x630/0x630 [ 968.512044] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 968.517561] ? bdi_init+0x416/0x510 [ 968.521169] ? wb_init+0x9e0/0x9e0 [ 968.524693] ? bdi_alloc_node+0x67/0xe0 [ 968.528646] ? bdi_alloc_node+0x67/0xe0 [ 968.532608] ? rcu_read_lock_sched_held+0x108/0x120 [ 968.537631] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 968.542904] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 968.548428] ? refcount_sub_and_test+0x212/0x330 [ 968.553174] bdi_register_va+0x68/0x80 [ 968.557048] super_setup_bdi_name+0x123/0x220 [ 968.561528] ? kill_block_super+0x100/0x100 [ 968.565839] ? kmem_cache_alloc_trace+0x616/0x780 [ 968.570680] fuse_fill_super+0xe6e/0x1e20 [ 968.574813] ? fuse_get_root_inode+0x190/0x190 [ 968.579380] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 968.584915] ? vsnprintf+0x242/0x1b40 [ 968.588702] ? pointer+0xa10/0xa10 [ 968.592233] ? vsprintf+0x40/0x40 [ 968.595683] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 968.600685] ? set_blocksize+0x2c4/0x350 [ 968.604741] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 968.610262] mount_bdev+0x30c/0x3e0 [ 968.613873] ? fuse_get_root_inode+0x190/0x190 [ 968.618439] fuse_mount_blk+0x34/0x40 [ 968.622221] mount_fs+0xae/0x328 [ 968.625572] vfs_kern_mount.part.34+0xd4/0x4d0 [ 968.630147] ? may_umount+0xb0/0xb0 [ 968.633781] ? _raw_read_unlock+0x22/0x30 [ 968.637924] ? __get_fs_type+0x97/0xc0 [ 968.641796] do_mount+0x564/0x3070 [ 968.645333] ? copy_mount_string+0x40/0x40 [ 968.649549] ? rcu_pm_notify+0xc0/0xc0 [ 968.653425] ? copy_mount_options+0x5f/0x380 [ 968.657822] ? rcu_read_lock_sched_held+0x108/0x120 [ 968.662837] ? kmem_cache_alloc_trace+0x616/0x780 [ 968.667666] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 968.673206] ? _copy_from_user+0xdf/0x150 [ 968.677351] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 968.682871] ? copy_mount_options+0x285/0x380 [ 968.687351] ksys_mount+0x12d/0x140 [ 968.690961] __x64_sys_mount+0xbe/0x150 [ 968.694918] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 968.699923] do_syscall_64+0x1b1/0x800 [ 968.703797] ? finish_task_switch+0x1ca/0x840 [ 968.708286] ? syscall_return_slowpath+0x5c0/0x5c0 [ 968.713198] ? syscall_return_slowpath+0x30f/0x5c0 [ 968.718113] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 968.723475] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 968.728317] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 968.733489] RIP: 0033:0x455a09 [ 968.736690] RSP: 002b:00007f7983decb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 968.744384] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 968.751638] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 2033/05/18 03:44:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:27 executing program 0: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timer\x00', 0x0, 0x0) inotify_init() pselect6(0x40, &(0x7f00000abfc0)={0x3ffffd}, &(0x7f0000768000), &(0x7f0000086000), &(0x7f0000349000), &(0x7f0000f14000)={&(0x7f00001da000), 0x8}) r1 = syz_open_dev$amidi(&(0x7f0000000200)='/dev/amidi#\x00', 0x81, 0x1040) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000080)=@assoc_id=0x0, &(0x7f00000000c0)=0x4) ioctl$TIOCLINUX7(r1, 0x541c, &(0x7f0000000140)={0x7, 0xfffffffffffffffb}) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000100)=@sack_info={r2, 0x7ff, 0x5}, 0xc) getsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000000180)=0x7, &(0x7f00000001c0)=0x2) 2033/05/18 03:44:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:27 executing program 7: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xe004, 0x1, &(0x7f0000000080)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401000200027000f801", 0x17}], 0x0, &(0x7f00000000c0)=ANY=[]) r0 = socket(0x2, 0x1, 0x0) ioctl(r0, 0x10001, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = open(&(0x7f0000032ff8)='./file0\x00', 0x0, 0x0) mkdirat(r1, &(0x7f0000056ff8)='./file0\x00', 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000140)={0x1, {{0xa, 0x4e24, 0xd343, @mcast1={0xff, 0x1, [], 0x1}, 0x70}}}, 0x88) unlinkat(r1, &(0x7f0000060000)='./file0\x00', 0x200) 2033/05/18 03:44:27 executing program 6: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) fsetxattr(r0, &(0x7f0000000040)=@known='system.posix_acl_access\x00', &(0x7f0000000080)='trustedeth1\\\x00', 0xd, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000000c0)='/dev/snd/midiC#D#\x00', 0x100000001, 0x1) ioctl$SG_SCSI_RESET(r1, 0x2284, 0x0) 2033/05/18 03:44:27 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000fffffdef00"}, 0x6e) 2033/05/18 03:44:27 executing program 4 (fault-call:4 fault-nth:68): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0xd630000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 968.758894] RBP: 0000000020000140 R08: 00007f7983decb20 R09: 0000000000000000 [ 968.766242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 968.773506] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 968.836797] binder: 3531:3538 got reply transaction with no transaction stack [ 968.844203] binder: 3531:3538 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:27 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000200"}, 0x6e) 2033/05/18 03:44:27 executing program 6: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth0_to_team\x00', 0x0}) socketpair$inet_sctp(0x2, 0x5, 0x84, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$inet_mreqn(r2, 0x0, 0x24, &(0x7f00000000c0)={@empty, @rand_addr}, &(0x7f0000000100)=0xc) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000180)=0x8, 0x4) sendto$packet(r0, &(0x7f0000000000), 0xa5, 0x0, &(0x7f0000000080)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}, 0x14) 2033/05/18 03:44:27 executing program 0: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer\x00', 0x100200000, 0x0) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f00000000c0)={0x0, @multicast1, @broadcast}, &(0x7f0000000180)=0xc) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000280)={{0x0, 0x10000}, 0x1, 0x7, 0x1, {0x5, 0x3}, 0x400, 0x7f}) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x649642da6916828f}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="080029bd70d5eb05692500000000000000bf6a00", @ANYRES32=r1, @ANYBLOB="ffff1c0a0004000a000000000000000000000000"], 0x2c}, 0x1}, 0x40080) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) utime(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)={0x72, 0xaf2}) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0xcd9e, 0x4) ioctl$KDSKBLED(r0, 0x4b65, 0x2) syz_mount_image$bfs(&(0x7f0000000100)='bfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001280), 0x0, 0x7ffffffff000) getpeername$packet(r0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000500)=0xffffff2e) socket$unix(0x1, 0x5, 0x0) [ 968.908289] binder: BINDER_SET_CONTEXT_MGR already set [ 968.923832] binder: 3531:3538 ioctl 40046207 0 returned -16 2033/05/18 03:44:27 executing program 7: r0 = socket(0xa, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000280), &(0x7f00000002c0)=0x8) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000b00)='./cgroup.cpu\x00', 0x200002, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000000)={0x6, {{0xa, 0x4e24, 0x7fffffff, @mcast2={0xff, 0x2, [], 0x1}, 0xfffffffffffff001}}, 0x1, 0x3, [{{0xa, 0x4e24, 0x0, @ipv4={[], [0xff, 0xff]}, 0xfffffffffffffffa}}, {{0xa, 0x4e20, 0x80000001, @ipv4={[], [0xff, 0xff], @rand_addr=0x100000001}, 0x8}}, {{0xa, 0x4e24, 0x2, @mcast1={0xff, 0x1, [], 0x1}, 0x3}}]}, 0x210) fcntl$dupfd(r1, 0x0, r1) [ 968.968201] binder: 3531:3543 got reply transaction with no transaction stack [ 968.975605] binder: 3531:3543 transaction failed 29201/-71, size 0-0 line 2763 [ 969.003021] binder: 3542:3549 Acquire 1 refcount change on invalid ref 224591872 ret -22 2033/05/18 03:44:27 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000000000000000500"}, 0x6e) 2033/05/18 03:44:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 969.011421] binder: 3542:3549 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 969.019015] binder: 3542:3549 unknown command 0 2033/05/18 03:44:27 executing program 6: r0 = socket(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c6d74650c3640000000000") syz_emit_ethernet(0x36, &(0x7f0000000280)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}, @remote={0xac, 0x14, 0x14, 0xbb}}, @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, &(0x7f0000000100)={0x0, 0x4, [0x0, 0x650, 0x0, 0xfffffffffffffffd]}) [ 969.059588] binder: 3542:3549 ioctl c0306201 20000540 returned -22 [ 969.122046] binder: undelivered TRANSACTION_ERROR: 29201 [ 969.127944] binder: undelivered TRANSACTION_ERROR: 29201 [ 969.193206] device bridge_slave_1 left promiscuous mode [ 969.198785] bridge0: port 2(bridge_slave_1) entered disabled state [ 969.244605] device bridge_slave_0 left promiscuous mode [ 969.250205] bridge0: port 1(bridge_slave_0) entered disabled state [ 969.253933] binder: BINDER_SET_CONTEXT_MGR already set [ 969.273918] binder: 3542:3577 Acquire 1 refcount change on invalid ref 224591872 ret -22 [ 969.276408] binder: 3542:3549 ioctl 40046207 0 returned -16 [ 969.282279] binder: 3542:3577 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 969.282290] binder: 3542:3577 unknown command 0 [ 969.282477] binder: 3542:3577 ioctl c0306201 20000540 returned -22 [ 969.338200] team0 (unregistering): Port device team_slave_1 removed [ 969.348007] team0 (unregistering): Port device team_slave_0 removed [ 969.358792] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 969.377489] bond0 (unregistering): Releasing backup interface bond_slave_0 2033/05/18 03:44:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:28 executing program 4 (fault-call:4 fault-nth:69): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:28 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000000fd00"}, 0x6e) 2033/05/18 03:44:28 executing program 0: r0 = getpgrp(0x0) r1 = gettid() rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xffffffffffffff7f}, 0x0, 0x8) rt_tgsigqueueinfo(r0, r1, 0x800000001d, &(0x7f00000001c0)={0x0, 0x0, 0x4}) r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000ff8)={0xfffffffffffffdb0}, 0x8, 0x0) read(r2, &(0x7f0000000080)=""/128, 0x7a) 2033/05/18 03:44:28 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000001640)={0x53, 0xfffffffffffffffc, 0x21, 0x0, @buffer, &(0x7f0000000080)="abc0b501df7e354ee21a0e461d4074b3fe6860227fcd663b2149358c2a2c9bfb41", &(0x7f0000000600)=""/4096, 0x0, 0x0, 0x0, &(0x7f0000001600)}) 2033/05/18 03:44:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x4008630a}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:28 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:28 executing program 6: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) recvmsg(r0, &(0x7f0000000580)={&(0x7f0000000040)=@in6, 0x80, &(0x7f0000000480)=[{&(0x7f00000000c0)=""/188, 0xbc}, {&(0x7f0000000180)=""/168, 0xa8}, {&(0x7f0000000240)=""/111, 0x6f}, {&(0x7f00000002c0)=""/66, 0x42}, {&(0x7f0000000340)=""/130, 0x82}, {&(0x7f0000000400)=""/83, 0x53}], 0x6, &(0x7f0000000500)=""/108, 0x6c, 0x542a76b9}, 0x2143) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f00000005c0)={0x2, 0x3, 0x9, 0xfffffffffffffc00}, 0x10) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$KVM_DEASSIGN_PCI_DEVICE(r0, 0x4040ae72, &(0x7f0000000600)={0x61a, 0x3f, 0x0, 0x2, 0x294b169f}) fcntl$setlease(r1, 0x400, 0x1) fcntl$setflags(r0, 0x2, 0x1) [ 969.406132] bond0 (unregistering): Released all slaves [ 969.465169] sd 0:0:1:0: [sg0] tag#1536 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK [ 969.473953] sd 0:0:1:0: [sg0] tag#1536 CDB: opcode=0xab, sa=0x0 [ 969.480102] sd 0:0:1:0: [sg0] tag#1536 CDB[00]: ab c0 b5 01 df 7e 35 4e e2 1a 0e 46 1d 40 74 b3 [ 969.489000] sd 0:0:1:0: [sg0] tag#1536 CDB[10]: fe 68 60 22 7f cd 66 3b 21 49 35 8c 2a 2c 9b fb [ 969.497914] sd 0:0:1:0: [sg0] tag#1536 CDB[20]: 41 [ 969.505783] binder: 3594:3597 got reply transaction with no transaction stack [ 969.513222] binder: 3594:3597 transaction failed 29201/-71, size 0-0 line 2763 [ 969.551588] binder: BINDER_SET_CONTEXT_MGR already set [ 969.572823] binder: 3594:3597 ioctl 40046207 0 returned -16 [ 969.607385] binder: 3594:3599 got reply transaction with no transaction stack [ 969.612667] binder: 3600:3601 Acquire 1 refcount change on invalid ref 1074291466 ret -22 [ 969.614840] binder: 3594:3599 transaction failed 29201/-71, size 0-0 line 2763 [ 969.623094] binder: 3600:3601 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 969.623108] binder: 3600:3601 unknown command 0 [ 969.668508] binder: 3600:3601 ioctl c0306201 20000540 returned -22 [ 969.695728] binder: undelivered TRANSACTION_ERROR: 29201 [ 969.702316] binder: undelivered TRANSACTION_ERROR: 29201 [ 969.717099] binder: BINDER_SET_CONTEXT_MGR already set [ 969.722793] binder: 3600:3601 ioctl 40046207 0 returned -16 [ 969.732811] binder: 3600:3609 Acquire 1 refcount change on invalid ref 1074291466 ret -22 [ 969.741259] binder: 3600:3609 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 969.748845] binder: 3600:3609 unknown command 0 [ 969.763184] IPVS: ftp: loaded support on port[0] = 21 [ 969.764653] binder: 3600:3609 ioctl c0306201 20000540 returned -22 [ 970.386701] bridge0: port 1(bridge_slave_0) entered blocking state [ 970.393153] bridge0: port 1(bridge_slave_0) entered disabled state [ 970.401105] device bridge_slave_0 entered promiscuous mode [ 970.440671] bridge0: port 2(bridge_slave_1) entered blocking state [ 970.447089] bridge0: port 2(bridge_slave_1) entered disabled state [ 970.455035] device bridge_slave_1 entered promiscuous mode [ 970.493843] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 970.531106] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 970.641788] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 970.682522] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 970.839423] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 970.847237] team0: Port device team_slave_0 added [ 970.884519] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 970.891892] team0: Port device team_slave_1 added [ 970.927172] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 970.955427] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 970.981205] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 970.988313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 970.996732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 971.017749] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 971.024798] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 971.033046] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 971.245787] bridge0: port 2(bridge_slave_1) entered blocking state [ 971.252209] bridge0: port 2(bridge_slave_1) entered forwarding state [ 971.258881] bridge0: port 1(bridge_slave_0) entered blocking state [ 971.265238] bridge0: port 1(bridge_slave_0) entered forwarding state [ 971.272905] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 972.014391] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 972.072456] 8021q: adding VLAN 0 to HW filter on device bond0 [ 972.154507] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 972.232379] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 972.238557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 972.245742] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 972.324251] 8021q: adding VLAN 0 to HW filter on device team0 [ 972.785872] FAULT_INJECTION: forcing a failure. [ 972.785872] name failslab, interval 1, probability 0, space 0, times 0 [ 972.797652] CPU: 0 PID: 3866 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 972.804838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 972.814191] Call Trace: [ 972.816781] dump_stack+0x1b9/0x294 [ 972.820413] ? dump_stack_print_info.cold.2+0x52/0x52 [ 972.825601] ? perf_trace_run_bpf_submit+0x23f/0x370 [ 972.830707] should_fail.cold.4+0xa/0x1a [ 972.834770] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 972.839895] ? perf_trace_lock+0x495/0x900 [ 972.844146] ? zap_class+0x720/0x720 [ 972.847867] ? graph_lock+0x170/0x170 [ 972.851672] ? print_usage_bug+0xc0/0xc0 [ 972.855737] __should_failslab+0x124/0x180 [ 972.859982] should_failslab+0x9/0x14 [ 972.863795] kmem_cache_alloc+0x47/0x760 [ 972.867860] ? lock_downgrade+0x8e0/0x8e0 [ 972.872009] radix_tree_node_alloc.constprop.19+0x1e6/0x310 [ 972.877718] idr_get_free+0x891/0x10a0 [ 972.881615] ? radix_tree_clear_tags+0xc0/0xc0 [ 972.886208] ? unwind_get_return_address+0x61/0xa0 [ 972.891133] ? __save_stack_trace+0x7e/0xd0 [ 972.895458] ? save_stack+0xa9/0xd0 [ 972.899079] ? save_stack+0x43/0xd0 [ 972.902709] ? kasan_kmalloc+0xc4/0xe0 [ 972.906587] ? kasan_slab_alloc+0x12/0x20 [ 972.910733] ? kmem_cache_alloc+0x12e/0x760 [ 972.915048] ? __kernfs_new_node+0xe7/0x580 [ 972.919358] ? kernfs_new_node+0x80/0xf0 [ 972.923409] ? __kernfs_create_file+0x4d/0x330 [ 972.927979] ? sysfs_add_file_mode_ns+0x21a/0x560 [ 972.932806] ? sysfs_add_file+0x4e/0x60 [ 972.936780] ? sysfs_merge_group+0xfa/0x230 [ 972.941099] ? device_add+0xa11/0x16d0 [ 972.944977] ? device_create_groups_vargs+0x1ff/0x270 [ 972.950170] ? device_create_vargs+0x46/0x60 [ 972.954578] ? bdi_register_va.part.10+0xbb/0x9b0 [ 972.959406] ? bdi_register_va+0x68/0x80 [ 972.963464] ? super_setup_bdi_name+0x123/0x220 [ 972.968125] ? fuse_fill_super+0xe6e/0x1e20 [ 972.972446] ? fuse_mount_blk+0x34/0x40 [ 972.976415] ? mount_fs+0xae/0x328 [ 972.979943] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 972.984689] ? do_mount+0x564/0x3070 [ 972.988400] ? ksys_mount+0x12d/0x140 [ 972.992189] ? __x64_sys_mount+0xbe/0x150 [ 972.996324] ? do_syscall_64+0x1b1/0x800 [ 973.000388] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 973.006105] ? print_usage_bug+0xc0/0xc0 [ 973.010168] idr_alloc_u32+0x1f9/0x3d0 [ 973.014051] ? __fprop_inc_percpu_max+0x2c0/0x2c0 [ 973.018885] ? lock_acquire+0x1dc/0x520 [ 973.022848] ? __kernfs_new_node+0x10e/0x580 [ 973.027248] ? __lock_is_held+0xb5/0x140 [ 973.031309] idr_alloc_cyclic+0x167/0x340 [ 973.035451] ? idr_alloc+0x1a0/0x1a0 [ 973.039157] ? kasan_check_write+0x14/0x20 [ 973.043390] ? do_raw_spin_lock+0xc1/0x200 [ 973.047646] __kernfs_new_node+0x1a3/0x580 [ 973.051904] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 973.056676] ? mutex_unlock+0xd/0x10 [ 973.060389] ? kernfs_activate+0x20e/0x2a0 [ 973.064617] ? kernfs_walk_and_get_ns+0x320/0x320 [ 973.069452] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 973.074979] ? kernfs_link_sibling+0x1d2/0x3b0 [ 973.079744] kernfs_new_node+0x80/0xf0 [ 973.083638] __kernfs_create_file+0x4d/0x330 [ 973.088040] sysfs_add_file_mode_ns+0x21a/0x560 [ 973.092720] sysfs_add_file+0x4e/0x60 [ 973.096518] sysfs_merge_group+0xfa/0x230 [ 973.100663] dpm_sysfs_add+0x161/0x210 [ 973.104542] device_add+0xa11/0x16d0 [ 973.108252] ? device_private_init+0x230/0x230 [ 973.112825] ? kfree+0x1e9/0x260 [ 973.116199] ? kfree_const+0x5e/0x70 [ 973.119917] device_create_groups_vargs+0x1ff/0x270 [ 973.124949] device_create_vargs+0x46/0x60 [ 973.129184] bdi_register_va.part.10+0xbb/0x9b0 [ 973.133846] ? cgwb_kill+0x630/0x630 [ 973.137566] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 973.143097] ? bdi_init+0x416/0x510 [ 973.146714] ? wb_init+0x9e0/0x9e0 [ 973.150247] ? bdi_alloc_node+0x67/0xe0 [ 973.154218] ? bdi_alloc_node+0x67/0xe0 [ 973.158184] ? rcu_read_lock_sched_held+0x108/0x120 [ 973.163206] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 973.168479] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 973.174012] bdi_register_va+0x68/0x80 [ 973.177907] super_setup_bdi_name+0x123/0x220 [ 973.182396] ? kill_block_super+0x100/0x100 [ 973.186710] ? kmem_cache_alloc_trace+0x616/0x780 [ 973.191557] fuse_fill_super+0xe6e/0x1e20 [ 973.195724] ? fuse_get_root_inode+0x190/0x190 [ 973.200307] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 973.205836] ? vsnprintf+0x242/0x1b40 [ 973.209645] ? pointer+0xa10/0xa10 [ 973.213208] ? vsprintf+0x40/0x40 [ 973.216672] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 973.221677] ? set_blocksize+0x2c4/0x350 [ 973.225734] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 973.231264] mount_bdev+0x30c/0x3e0 [ 973.234882] ? fuse_get_root_inode+0x190/0x190 [ 973.239455] fuse_mount_blk+0x34/0x40 [ 973.243251] mount_fs+0xae/0x328 [ 973.246616] vfs_kern_mount.part.34+0xd4/0x4d0 [ 973.251189] ? may_umount+0xb0/0xb0 [ 973.254806] ? _raw_read_unlock+0x22/0x30 [ 973.258950] ? __get_fs_type+0x97/0xc0 [ 973.262834] do_mount+0x564/0x3070 [ 973.266369] ? copy_mount_string+0x40/0x40 [ 973.270598] ? rcu_pm_notify+0xc0/0xc0 [ 973.274486] ? copy_mount_options+0x5f/0x380 [ 973.278882] ? rcu_read_lock_sched_held+0x108/0x120 [ 973.283887] ? kmem_cache_alloc_trace+0x616/0x780 [ 973.288738] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 973.294267] ? copy_mount_options+0x285/0x380 [ 973.298759] ksys_mount+0x12d/0x140 [ 973.302379] __x64_sys_mount+0xbe/0x150 [ 973.306353] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 973.311815] do_syscall_64+0x1b1/0x800 [ 973.315701] ? finish_task_switch+0x1ca/0x840 [ 973.320200] ? syscall_return_slowpath+0x5c0/0x5c0 [ 973.325131] ? syscall_return_slowpath+0x30f/0x5c0 [ 973.330058] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 973.335417] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 973.340274] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 973.345462] RIP: 0033:0x455a09 [ 973.348636] RSP: 002b:00007f760113fb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 973.356342] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 973.363609] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 973.370868] RBP: 0000000020000140 R08: 00007f760113fb20 R09: 0000000000000000 [ 973.378133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 2033/05/18 03:44:32 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:32 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000000000100"}, 0x6e) 2033/05/18 03:44:32 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket(0xa, 0x1, 0x0) setsockopt$netlink_NETLINK_CAP_ACK(r1, 0x10e, 0xa, &(0x7f0000000040)=0x2c9, 0x4) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) ioctl$TCFLSH(r0, 0x80047456, 0x707000) 2033/05/18 03:44:32 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:32 executing program 7: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x4}, 0x1c) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="c626262c8523bf012cf66f") sendmmsg(r0, &(0x7f0000000140), 0x7b, 0x0) socket$inet6(0xa, 0x4, 0x7fffffff) 2033/05/18 03:44:32 executing program 0: socketpair$inet6_dccp(0xa, 0x6, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000340)='/dev/autofs\x00', 0x80000, 0x0) ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000000380)) getsockopt$IP6T_SO_GET_INFO(r1, 0x29, 0x40, &(0x7f0000000080)={'mangle\x00'}, &(0x7f0000000100)=0x54) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f00000001c0)={0x0, 0x4}, &(0x7f0000000400)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000440)={r3, 0x16, 0xaa0}, 0x8) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00003e4000)={&(0x7f0000e87000)={0x10}, 0xc, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3800000012000902000000000000000000000000", @ANYRES32=0x0, @ANYBLOB="000000cbb92a400010801200ecff0000757365727b00000008000a003ae5567679740693b2f429098b1c39a45a1c14e25e39ae0bc5b9413d202daf64d3686f8b792d62e70d8ae4306bfd99ff07573a49b9697cda1e7ca33c11672498a5e5d637126b79fb348f2bb5019cc40c5ebabea9c607d3b0e9f1184006b248f50d5641599eaca896bb610cd3825f64367676cfe5548c13cc9393e5a275c61aec146ea560efb31756f1b338e66c33b952196989a2a7291c0fea59d5d4b2e502ff187e5ab092ae13bc62deded82929601fc797d57e3d9d45cc96fb85fd614fc96497a4bf173807e272223be43863165dc0cd71fc487c19f88722f06405dba803eab79d3f"], 0x38}, 0x1}, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000180)={r0}) setsockopt$RDS_CANCEL_SENT_TO(r5, 0x114, 0x1, &(0x7f00000003c0)={0x2, 0x4e24, @loopback=0x7f000001}, 0x10) getrlimit(0xb, &(0x7f0000000140)) 2033/05/18 03:44:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x4}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:32 executing program 4 (fault-call:4 fault-nth:70): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) [ 973.385389] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 973.442808] binder: 3874:3875 got reply transaction with no transaction stack [ 973.447321] netlink: 24 bytes leftover after parsing attributes in process `syz-executor0'. [ 973.450181] binder: 3874:3875 transaction failed 29201/-71, size 0-0 line 2763 [ 973.481672] netlink: 24 bytes leftover after parsing attributes in process `syz-executor0'. 2033/05/18 03:44:32 executing program 6: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000001240)={{{@in=@multicast1=0xe0000001, @in6=@dev={0xfe, 0x80}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@loopback={0x0, 0x1}, 0x0, 0xff}, 0x0, @in=@multicast2=0xe0000002}}, 0xe8) sendto$inet6(r0, &(0x7f0000000280), 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x4e21}, 0x1c) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x9, 0xa0000) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r1, 0x40485404, &(0x7f0000000100)={{0xffffffffffffffff, 0x2, 0x7, 0x0, 0x6447}, 0x7f, 0x9}) ioctl$TIOCLINUX2(r1, 0x541c, &(0x7f0000000040)={0x2, 0x9, 0x0, 0x3, 0x9, 0xbbc}) 2033/05/18 03:44:32 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000000000002000008000"}, 0x6e) [ 973.486063] binder: BINDER_SET_CONTEXT_MGR already set [ 973.498244] binder: 3874:3875 ioctl 40046207 0 returned -16 [ 973.521700] binder: 3874:3883 got reply transaction with no transaction stack [ 973.529138] binder: 3874:3883 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:32 executing program 7: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = memfd_create(&(0x7f0000857fff)='\t', 0x0) r2 = syz_open_dev$sndseq(&(0x7f000011c000)='/dev/snd/seq\x00', 0x0, 0x8000000000102) dup2(r2, r0) write$sndseq(r1, &(0x7f0000d81fd0)=[{}], 0x30) [ 973.540541] binder: 3882:3886 Acquire 1 refcount change on invalid ref 4 ret -22 [ 973.548313] binder: 3882:3886 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 973.555926] binder: 3882:3886 unknown command 0 [ 973.561699] netlink: 24 bytes leftover after parsing attributes in process `syz-executor0'. 2033/05/18 03:44:32 executing program 6: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getpeername$netlink(r0, &(0x7f0000000140), &(0x7f0000000180)=0xc) sendmsg$nl_xfrm(r0, &(0x7f0000001440)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000001400)={&(0x7f0000000080)=ANY=[@ANYBLOB="b8000000190001010000000000000000e0000001000000000000000000000000ff02000000000000000000000000000100000000000000000000000090f3a800000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000009f0caa940000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009e00000000"], 0xb8}, 0x1}, 0x0) syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x6, 0x4000) [ 973.598962] netlink: 24 bytes leftover after parsing attributes in process `syz-executor0'. 2033/05/18 03:44:32 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000000000000000000500"}, 0x6e) 2033/05/18 03:44:32 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f00000000c0)="660f06670f2292dfdc0f138e0500ba4200ed6766c7442400002800006766c7442402004000006766c744240600000000670f011424b8df000f00d0360f20136766c7442400000000006766c7442402050000006766c744240600000000670f011c24baf80c66b88c77838d66efbafc0cb8e6b5ef", 0x74}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)={0x77359400}, 0x8) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x1c5000, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f00000002c0)={[{}, {}, {0x0, 0x0, 0x4c}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:32 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:32 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 973.717763] binder: undelivered TRANSACTION_ERROR: 29201 [ 973.723816] binder: undelivered TRANSACTION_ERROR: 29201 2033/05/18 03:44:32 executing program 7: openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0xf7a9bf98a61e5985, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000ac0)=@broute={'broute\x00', 0x20, 0x4, 0x810, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f00000001c0), &(0x7f0000000b40)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff010000001100000000000000000076657468300000000000000000000000697036746e6c3000000000000000000062637368300000000000000000000000626f6e645f736c6176655f3100000000aaaaaaaaaabb0000000000000180c20000000000000000000000d000000038010000680100007374617465000000000000000000000000000000000000000000000000000000080000000000000000000000000000006367726f75700000000000000000000000000000000000000000000000000000080000000000000000000000000000006d61726b000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000b27442aac51f9fc44e5fd034181c8e8c00434f4e4e5345434d41524b00000000000000000000000000000000000000000008000000000000000000000000000000434c4153534946590000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff010000001f00000000000000000069703667726530000000000000000000677265300000000000000000000000007665746830000000000000000000000076657468305f746f5f626f6e64000000aaaaaaaaaa000000000000000180c20000000000000000000000c0000000c0000000f00000006e66616363740000000000000000000000000000000000000000000000000000280000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000004e465155455545000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000002000000ffffffff020000000900000000000000000073797a6b6100000000000000000000007465616d5f736c6176655f31000000007663616e300000000000000000000000000000000000000000000000aaaaaaaaaa0000000000000000007000000070000000a0000000434f4e4e5345434d41524b00000000000000000000000000000000000000000008000000000000000000000000000000110000000000000000006e72300000000000000000000000000079616d30000000000000000000000000697036746e6c300000000000000000007465616d5f736c6176655f3000000000000000000000000000000000aaaaaaaaaa000000000000000000f81c000028040000580400006270660000000000000000000000000000000000000000000000000000000000100200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000068656c7065720000000000000000000000000000000000000000000000000000280000000000000000000000746674702d323030303000000000000000000000000000000000000000000000000000005345434d41524b000000000000000000000000000000000000000000000000000801000000000000000000000000000073797374656d5f753a6f626a6563745f723a6576656e745f6465766963655f743a73300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000fbaa144cc852b345f7f280e6fc7351e04e658e994936982d61deee0c68b45e6ba616f2135f19ff9d28b74f6debc652f126581a51c8490bd36bb9b675b1ab3ebb49d0555ee3fa042b645d1650ab6d7d85858f7ab94b591ad96ae7c5235e806c64c82acf0eccb978e29a0590d93726440717c7d1943b0bc303def4d57406c9d16cb3b3f3be3db208b277aefc284a063b999fc77ebb20770c840100000000000000000000000000000000"]}, 0x931) 2033/05/18 03:44:32 executing program 4 (fault-call:4 fault-nth:71): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) [ 973.795599] binder: 3913:3914 got reply transaction with no transaction stack [ 973.803015] binder: 3913:3914 transaction failed 29201/-71, size 0-0 line 2763 [ 973.830649] device bridge_slave_1 left promiscuous mode [ 973.836286] bridge0: port 2(bridge_slave_1) entered disabled state [ 973.861268] kernel msg: ebtables bug: please report to author: Wrong len argument [ 973.876137] device bridge_slave_0 left promiscuous mode [ 973.881785] bridge0: port 1(bridge_slave_0) entered disabled state [ 973.895107] binder: BINDER_SET_CONTEXT_MGR already set [ 973.905364] binder: 3913:3914 ioctl 40046207 0 returned -16 [ 973.906254] binder: 3913:3924 got reply transaction with no transaction stack [ 973.918467] binder: 3913:3924 transaction failed 29201/-71, size 0-0 line 2763 [ 973.926004] kernel msg: ebtables bug: please report to author: Wrong len argument [ 973.948760] binder: 3882:3886 ioctl c0306201 20000540 returned -22 [ 973.971966] binder: BINDER_SET_CONTEXT_MGR already set [ 973.986410] binder: 3882:3886 ioctl 40046207 0 returned -16 [ 973.994033] binder: 3882:3928 Acquire 1 refcount change on invalid ref 4 ret -22 [ 974.001701] binder: 3882:3928 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 974.009308] binder: 3882:3928 unknown command 0 [ 974.011037] IPVS: ftp: loaded support on port[0] = 21 [ 974.021550] team0 (unregistering): Port device team_slave_1 removed [ 974.028817] binder: 3882:3928 ioctl c0306201 20000540 returned -22 [ 974.046132] team0 (unregistering): Port device team_slave_0 removed [ 974.059615] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 974.074105] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 974.102014] bond0 (unregistering): Released all slaves [ 974.145839] binder: undelivered TRANSACTION_ERROR: 29201 [ 974.152452] binder: undelivered TRANSACTION_ERROR: 29201 [ 974.783169] bridge0: port 1(bridge_slave_0) entered blocking state [ 974.789658] bridge0: port 1(bridge_slave_0) entered disabled state [ 974.797661] device bridge_slave_0 entered promiscuous mode [ 974.836527] bridge0: port 2(bridge_slave_1) entered blocking state [ 974.843006] bridge0: port 2(bridge_slave_1) entered disabled state [ 974.850829] device bridge_slave_1 entered promiscuous mode [ 974.888855] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 974.925893] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 975.034633] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 975.074492] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 975.237042] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 975.246318] team0: Port device team_slave_0 added [ 975.281800] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 975.289184] team0: Port device team_slave_1 added [ 975.327230] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 975.357259] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 975.397631] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 975.436929] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 975.655692] bridge0: port 2(bridge_slave_1) entered blocking state [ 975.662075] bridge0: port 2(bridge_slave_1) entered forwarding state [ 975.668769] bridge0: port 1(bridge_slave_0) entered blocking state [ 975.675132] bridge0: port 1(bridge_slave_0) entered forwarding state [ 975.682736] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 976.465131] 8021q: adding VLAN 0 to HW filter on device bond0 [ 976.556481] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 976.635799] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 976.642190] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 976.649468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 976.657110] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 976.725783] 8021q: adding VLAN 0 to HW filter on device team0 [ 977.177971] FAULT_INJECTION: forcing a failure. [ 977.177971] name failslab, interval 1, probability 0, space 0, times 0 [ 977.189276] CPU: 1 PID: 4191 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 977.196459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 977.205861] Call Trace: [ 977.208442] dump_stack+0x1b9/0x294 [ 977.212057] ? dump_stack_print_info.cold.2+0x52/0x52 [ 977.217234] ? kernel_text_address+0x79/0xf0 [ 977.221629] ? __unwind_start+0x166/0x330 [ 977.225766] should_fail.cold.4+0xa/0x1a [ 977.229812] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 977.234907] ? save_stack+0xa9/0xd0 [ 977.238518] ? graph_lock+0x170/0x170 [ 977.242301] ? kasan_kmalloc+0xc4/0xe0 [ 977.246174] ? kmem_cache_alloc_trace+0x152/0x780 [ 977.251000] ? kobject_uevent_env+0x20f/0xea0 [ 977.255477] ? kobject_uevent+0x1f/0x30 [ 977.259435] ? device_add+0xb01/0x16d0 [ 977.263307] ? device_create_groups_vargs+0x1ff/0x270 [ 977.268491] ? find_held_lock+0x36/0x1c0 [ 977.272567] ? __lock_is_held+0xb5/0x140 [ 977.276642] ? check_same_owner+0x320/0x320 [ 977.280973] ? rcu_note_context_switch+0x710/0x710 [ 977.285908] __should_failslab+0x124/0x180 [ 977.290143] should_failslab+0x9/0x14 [ 977.293932] __kmalloc+0x2c8/0x760 [ 977.297458] ? kobject_uevent_env+0x20f/0xea0 [ 977.301941] ? rcu_read_lock_sched_held+0x108/0x120 [ 977.306980] ? kobject_get_path+0xc2/0x1a0 [ 977.311213] kobject_get_path+0xc2/0x1a0 [ 977.315274] kobject_uevent_env+0x234/0xea0 [ 977.319586] ? device_pm_add+0x221/0x340 [ 977.323642] kobject_uevent+0x1f/0x30 [ 977.327430] device_add+0xb01/0x16d0 [ 977.331132] ? device_private_init+0x230/0x230 [ 977.335784] ? kfree+0x1e9/0x260 [ 977.339136] ? kfree_const+0x5e/0x70 [ 977.342836] device_create_groups_vargs+0x1ff/0x270 [ 977.347838] device_create_vargs+0x46/0x60 [ 977.352061] bdi_register_va.part.10+0xbb/0x9b0 [ 977.356713] ? cgwb_kill+0x630/0x630 [ 977.360417] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 977.365935] ? bdi_init+0x416/0x510 [ 977.369544] ? wb_init+0x9e0/0x9e0 [ 977.373069] ? bdi_alloc_node+0x67/0xe0 [ 977.377031] ? bdi_alloc_node+0x67/0xe0 [ 977.380990] ? rcu_read_lock_sched_held+0x108/0x120 [ 977.385990] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 977.391254] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 977.396801] ? refcount_sub_and_test+0x212/0x330 [ 977.401549] bdi_register_va+0x68/0x80 [ 977.405520] super_setup_bdi_name+0x123/0x220 [ 977.410005] ? kill_block_super+0x100/0x100 [ 977.414318] ? kmem_cache_alloc_trace+0x616/0x780 [ 977.419153] fuse_fill_super+0xe6e/0x1e20 [ 977.423288] ? fuse_get_root_inode+0x190/0x190 [ 977.427856] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 977.433389] ? vsnprintf+0x242/0x1b40 [ 977.437177] ? pointer+0xa10/0xa10 [ 977.440708] ? vsprintf+0x40/0x40 [ 977.444164] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 977.449172] ? set_blocksize+0x2c4/0x350 [ 977.453219] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 977.458841] mount_bdev+0x30c/0x3e0 [ 977.462461] ? fuse_get_root_inode+0x190/0x190 [ 977.467028] fuse_mount_blk+0x34/0x40 [ 977.470813] mount_fs+0xae/0x328 [ 977.474167] vfs_kern_mount.part.34+0xd4/0x4d0 [ 977.478733] ? may_umount+0xb0/0xb0 [ 977.482363] ? _raw_read_unlock+0x22/0x30 [ 977.486502] ? __get_fs_type+0x97/0xc0 [ 977.490375] do_mount+0x564/0x3070 [ 977.493906] ? copy_mount_string+0x40/0x40 [ 977.498125] ? rcu_pm_notify+0xc0/0xc0 [ 977.502006] ? copy_mount_options+0x5f/0x380 [ 977.506401] ? rcu_read_lock_sched_held+0x108/0x120 [ 977.511447] ? kmem_cache_alloc_trace+0x616/0x780 [ 977.516302] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 977.521831] ? copy_mount_options+0x285/0x380 [ 977.526313] ksys_mount+0x12d/0x140 [ 977.529923] __x64_sys_mount+0xbe/0x150 [ 977.533883] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 977.538885] do_syscall_64+0x1b1/0x800 [ 977.542764] ? finish_task_switch+0x1ca/0x840 [ 977.547254] ? syscall_return_slowpath+0x5c0/0x5c0 [ 977.552182] ? syscall_return_slowpath+0x30f/0x5c0 [ 977.557104] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 977.562453] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 977.567282] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 977.572460] RIP: 0033:0x455a09 2033/05/18 03:44:36 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x9, &(0x7f0000000100)="c626262c8523bf012cf66f") r1 = socket(0x10, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/udp\x00') recvfrom$ax25(r1, &(0x7f0000000140)=""/158, 0x9e, 0x40000020, &(0x7f00000000c0)={0x3, {"c19e96e7bf9028"}, 0x5fc47348}, 0x10) sendfile(r1, r2, &(0x7f0000000040), 0x10001) getpeername$llc(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000080)=0x10) 2033/05/18 03:44:36 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000000000000fffffdef00"}, 0x6e) 2033/05/18 03:44:36 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:36 executing program 7: socket$packet(0x11, 0x2, 0x300) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x10000000000000, 0x40031, 0xffffffffffffffff, 0x2) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x8132, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x200) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000040)={{0x8, 0x1}, {0x4, 0x101}, 0x69a, 0xe9af22a5010b0433, 0x1}) clone(0x100000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00000000c0)={0x0, @local, @broadcast}, &(0x7f0000000100)=0xc) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000140)={@mcast1={0xff, 0x1, [], 0x1}, r1}, 0x14) 2033/05/18 03:44:36 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x68000000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:36 executing program 4 (fault-call:4 fault-nth:72): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:36 executing program 0: r0 = syz_open_dev$tun(&(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000140)=0x8, 0x4) r1 = memfd_create(&(0x7f00000001c0)='/dev/net/tun\x00', 0x2) connect$vsock_dgram(r1, &(0x7f0000000200)={0x28, 0x0, 0x2711, @host=0x2}, 0x10) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x400, 0x0) r3 = getpgrp(0xffffffffffffffff) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000040)={[], 0xc142, 0xbef, 0x6, 0xe9, 0x3ff, r3}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={"69000200000f002dc830ee26e3008000", 0x10a}) r4 = syz_open_dev$tun(&(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r5 = socket(0xa, 0x1, 0x0) signalfd(r2, &(0x7f0000000180)={0x80}, 0x8) ioctl$TUNDETACHFILTER(r4, 0x401054d6, 0x0) ioctl(r5, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={"69000200000f002dc830ee000000005d", 0x103}) ioctl$TUNDETACHFILTER(r4, 0x401054d6, 0x0) [ 977.575633] RSP: 002b:00007f765e352b08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 977.583323] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 977.590581] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 977.597835] RBP: 0000000020000140 R08: 00007f765e352b20 R09: 0000000000000000 [ 977.605087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 977.612336] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:44:36 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000000fd00"}, 0x6e) [ 977.667369] binder: 4200:4203 got reply transaction with no transaction stack [ 977.674773] binder: 4200:4203 transaction failed 29201/-71, size 0-0 line 2763 [ 977.720890] binder: BINDER_SET_CONTEXT_MGR already set 2033/05/18 03:44:36 executing program 0: r0 = open(&(0x7f0000000080)='./file0\x00', 0x18041, 0x1) ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, &(0x7f00000000c0)={0x4, 0x8001}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) prctl$intptr(0xe, 0xe64) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r2, 0x4008ae6a, &(0x7f0000000000)) [ 977.749415] binder: 4200:4203 ioctl 40046207 0 returned -16 [ 977.782145] binder: 4200:4210 got reply transaction with no transaction stack [ 977.789515] binder: 4200:4210 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:36 executing program 7: r0 = syz_open_dev$sndctrl(&(0x7f0000007fed)='/dev/snd/controlC#\x00', 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0x40045542, &(0x7f0000004000)={0x3}) sendfile(r0, r0, 0x0, 0x401) r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x200, 0x0) ioctl$TIOCLINUX2(r1, 0x541c, &(0x7f0000000040)={0x2, 0x1, 0x4, 0x2, 0x100000001, 0x4}) 2033/05/18 03:44:36 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000002000008000"}, 0x6e) [ 977.790163] binder: 4206:4212 Acquire 1 refcount change on invalid ref 1744830464 ret -22 [ 977.805373] binder: 4206:4212 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 977.812940] binder: 4206:4212 unknown command 0 2033/05/18 03:44:36 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:36 executing program 4 (fault-call:4 fault-nth:73): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) [ 977.880612] binder: undelivered TRANSACTION_ERROR: 29201 [ 977.886540] binder: undelivered TRANSACTION_ERROR: 29201 2033/05/18 03:44:36 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000000000300"}, 0x6e) [ 977.925667] device bridge_slave_1 left promiscuous mode [ 977.931307] bridge0: port 2(bridge_slave_1) entered disabled state [ 977.960702] binder: 4206:4212 ioctl c0306201 20000540 returned -22 [ 977.986119] device bridge_slave_0 left promiscuous mode [ 977.991744] bridge0: port 1(bridge_slave_0) entered disabled state [ 978.004682] binder: BINDER_SET_CONTEXT_MGR already set [ 978.015884] binder: 4206:4212 ioctl 40046207 0 returned -16 [ 978.042041] binder: 4206:4239 Acquire 1 refcount change on invalid ref 1744830464 ret -22 [ 978.050461] binder: 4206:4239 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 978.058060] binder: 4206:4239 unknown command 0 [ 978.064829] team0 (unregistering): Port device team_slave_1 removed [ 978.101427] binder: 4206:4239 ioctl c0306201 20000540 returned -22 [ 978.103435] team0 (unregistering): Port device team_slave_0 removed [ 978.122474] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 978.125748] IPVS: ftp: loaded support on port[0] = 21 [ 978.140795] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 978.169620] bond0 (unregistering): Released all slaves [ 978.188899] binder: 4230:4231 got reply transaction with no transaction stack [ 978.196294] binder: 4230:4231 transaction failed 29201/-71, size 0-0 line 2763 [ 978.208479] binder: BINDER_SET_CONTEXT_MGR already set [ 978.213971] binder: 4230:4231 ioctl 40046207 0 returned -16 [ 978.230130] binder: 4230:4243 got reply transaction with no transaction stack [ 978.237507] binder: 4230:4243 transaction failed 29201/-71, size 0-0 line 2763 [ 978.284160] binder: undelivered TRANSACTION_ERROR: 29201 [ 978.290056] binder: undelivered TRANSACTION_ERROR: 29201 [ 978.841836] bridge0: port 1(bridge_slave_0) entered blocking state [ 978.848264] bridge0: port 1(bridge_slave_0) entered disabled state [ 978.855685] device bridge_slave_0 entered promiscuous mode [ 978.892582] bridge0: port 2(bridge_slave_1) entered blocking state [ 978.898995] bridge0: port 2(bridge_slave_1) entered disabled state [ 978.906301] device bridge_slave_1 entered promiscuous mode [ 978.945065] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 978.980076] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 979.087964] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 979.128609] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 979.298901] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 979.307741] team0: Port device team_slave_0 added [ 979.343634] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 979.350841] team0: Port device team_slave_1 added [ 979.378012] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 979.416057] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 979.456142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 979.485770] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 979.728924] bridge0: port 2(bridge_slave_1) entered blocking state [ 979.735344] bridge0: port 2(bridge_slave_1) entered forwarding state [ 979.741938] bridge0: port 1(bridge_slave_0) entered blocking state [ 979.748307] bridge0: port 1(bridge_slave_0) entered forwarding state [ 980.548761] 8021q: adding VLAN 0 to HW filter on device bond0 [ 980.624259] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 980.702036] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 980.708237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 980.715321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 980.793902] 8021q: adding VLAN 0 to HW filter on device team0 [ 981.246375] FAULT_INJECTION: forcing a failure. [ 981.246375] name failslab, interval 1, probability 0, space 0, times 0 [ 981.257824] CPU: 0 PID: 4528 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 981.265021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 981.274386] Call Trace: [ 981.276974] dump_stack+0x1b9/0x294 [ 981.280604] ? dump_stack_print_info.cold.2+0x52/0x52 [ 981.285810] ? kernel_text_address+0x79/0xf0 [ 981.290246] should_fail.cold.4+0xa/0x1a [ 981.294318] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 981.299519] ? save_stack+0xa9/0xd0 [ 981.303141] ? graph_lock+0x170/0x170 [ 981.306930] ? kasan_kmalloc+0xc4/0xe0 [ 981.310813] ? kmem_cache_alloc_trace+0x152/0x780 [ 981.315649] ? kobject_uevent_env+0x20f/0xea0 [ 981.320138] ? kobject_uevent+0x1f/0x30 [ 981.324105] ? device_add+0xb01/0x16d0 [ 981.327995] ? device_create_groups_vargs+0x1ff/0x270 [ 981.333183] ? find_held_lock+0x36/0x1c0 [ 981.337252] ? __lock_is_held+0xb5/0x140 [ 981.341321] ? check_same_owner+0x320/0x320 [ 981.345636] ? rcu_note_context_switch+0x710/0x710 [ 981.350565] __should_failslab+0x124/0x180 [ 981.354798] should_failslab+0x9/0x14 [ 981.358590] __kmalloc+0x2c8/0x760 [ 981.362141] ? kobject_uevent_env+0x20f/0xea0 [ 981.366626] ? rcu_read_lock_sched_held+0x108/0x120 [ 981.371638] ? kobject_get_path+0xc2/0x1a0 [ 981.375871] kobject_get_path+0xc2/0x1a0 [ 981.379924] kobject_uevent_env+0x234/0xea0 [ 981.384236] ? device_pm_add+0x221/0x340 [ 981.388298] kobject_uevent+0x1f/0x30 [ 981.392112] device_add+0xb01/0x16d0 [ 981.395834] ? device_private_init+0x230/0x230 [ 981.400402] ? kfree+0x1e9/0x260 [ 981.403760] ? kfree_const+0x5e/0x70 [ 981.407486] device_create_groups_vargs+0x1ff/0x270 [ 981.412497] device_create_vargs+0x46/0x60 [ 981.416726] bdi_register_va.part.10+0xbb/0x9b0 [ 981.421385] ? cgwb_kill+0x630/0x630 [ 981.425090] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 981.430625] ? bdi_init+0x416/0x510 [ 981.434242] ? wb_init+0x9e0/0x9e0 [ 981.437772] ? bdi_alloc_node+0x67/0xe0 [ 981.441742] ? bdi_alloc_node+0x67/0xe0 [ 981.446318] ? rcu_read_lock_sched_held+0x108/0x120 [ 981.451328] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 981.456611] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 981.462144] ? refcount_sub_and_test+0x212/0x330 [ 981.466895] bdi_register_va+0x68/0x80 [ 981.470777] super_setup_bdi_name+0x123/0x220 [ 981.475261] ? kill_block_super+0x100/0x100 [ 981.479577] ? kmem_cache_alloc_trace+0x616/0x780 [ 981.484437] fuse_fill_super+0xe6e/0x1e20 [ 981.488582] ? fuse_get_root_inode+0x190/0x190 [ 981.493156] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 981.498947] ? vsnprintf+0x242/0x1b40 [ 981.502755] ? pointer+0xa10/0xa10 [ 981.506297] ? vsprintf+0x40/0x40 [ 981.509748] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 981.514752] ? set_blocksize+0x2c4/0x350 [ 981.518812] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 981.524349] mount_bdev+0x30c/0x3e0 [ 981.527963] ? fuse_get_root_inode+0x190/0x190 [ 981.532546] fuse_mount_blk+0x34/0x40 [ 981.536337] mount_fs+0xae/0x328 [ 981.539698] vfs_kern_mount.part.34+0xd4/0x4d0 [ 981.544270] ? may_umount+0xb0/0xb0 [ 981.547886] ? _raw_read_unlock+0x22/0x30 [ 981.552024] ? __get_fs_type+0x97/0xc0 [ 981.555931] do_mount+0x564/0x3070 [ 981.559482] ? interrupt_entry+0xb1/0xf0 [ 981.563542] ? copy_mount_string+0x40/0x40 [ 981.567770] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 981.572521] ? retint_kernel+0x10/0x10 [ 981.576421] ? copy_mount_options+0x1e3/0x380 [ 981.580910] ? write_comp_data+0x11/0x70 [ 981.584970] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 981.590496] ? copy_mount_options+0x285/0x380 [ 981.594991] ksys_mount+0x12d/0x140 [ 981.598611] __x64_sys_mount+0xbe/0x150 [ 981.602583] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 981.607683] do_syscall_64+0x1b1/0x800 [ 981.611562] ? finish_task_switch+0x1ca/0x840 [ 981.616079] ? syscall_return_slowpath+0x5c0/0x5c0 [ 981.621019] ? syscall_return_slowpath+0x30f/0x5c0 [ 981.625950] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 981.631310] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 981.636147] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 981.641334] RIP: 0033:0x455a09 2033/05/18 03:44:40 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsn(&(0x7f0000000180)='/dev/vcs#\x00', 0x753, 0x8000) ioctl$RNDADDENTROPY(r0, 0x40085203, &(0x7f00000001c0)={0x1, 0x18, "5ce12e2f4b4dfc663d829b2b1957bc0500572da54f140c02"}) move_pages(0x0, 0x9, &(0x7f0000000080)=[&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x3000)=nil], &(0x7f0000000040), &(0x7f0000000180), 0x4) syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x50000) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x101080, 0x0) ioctl$sock_ipx_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000140)={'ip6gretap0\x00', {0x4, 0x65, 0x200, "ecef13e84b4d", 0x2f4400}}) 2033/05/18 03:44:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 2033/05/18 03:44:40 executing program 7: r0 = socket(0x20000000000000a, 0x2, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{0x20, 0x0, 0x0, 0xfffff000}, {0x6}]}, 0x10) r2 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x8, 0x2002) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000040)=0x8) 2033/05/18 03:44:40 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000effdffff00"}, 0x6e) 2033/05/18 03:44:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x4630440}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:40 executing program 4 (fault-call:4 fault-nth:74): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:40 executing program 6: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) close(r0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f00000001c0)=ANY=[@ANYRES32=0x0, @ANYPTR=&(0x7f0000000180)=ANY=[@ANYRES64, @ANYRES64=r0, @ANYPTR64]], &(0x7f0000000200)=0x2) r2 = syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x400) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x16, &(0x7f0000000000)={0x0, 0x1, 0x3, 0x0, r1}, 0x10) [ 981.644509] RSP: 002b:00007fdade178b08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 981.652208] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 981.659475] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 981.666730] RBP: 0000000020000140 R08: 00007fdade178b20 R09: 0000000000000000 [ 981.673991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 981.681254] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:44:40 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000300"}, 0x6e) [ 981.740112] binder: 4543:4548 got reply transaction with no transaction stack [ 981.747639] binder: 4543:4548 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:40 executing program 6: capset(&(0x7f00000fc000)={0x19980330}, &(0x7f000047efe8)) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x2) ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f00000000c0)={0x4c3a, 0x8, 0x2000000, 0x0, 0xec5f, 0x3, 0xe0b, 0x6, 0x800, 0x6, 0x32, 0x3, 0x0, 0x8, 0x400, 0x7fff, 0x3, 0xfffffffffffffffc, 0x10001}) r1 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) fremovexattr(r1, &(0x7f0000000080)=@known='system.posix_acl_access\x00') [ 981.785511] binder: BINDER_SET_CONTEXT_MGR already set [ 981.794686] binder: 4543:4548 ioctl 40046207 0 returned -16 [ 981.815471] binder: 4543:4557 got reply transaction with no transaction stack [ 981.822853] binder: 4543:4557 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:40 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x101, @local={0xfe, 0x80, [], 0xaa}, 0x80000001}, 0x1c) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f0000000000)="14", 0x1, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x6}, 0x1c) listen(r0, 0xffffffffffffffff) accept(r0, &(0x7f0000012ff0)=@ethernet={0x0, @link_local}, &(0x7f00005b7ffc)=0xfffffffffffffda7) 2033/05/18 03:44:40 executing program 7: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8916, &(0x7f00000000c0)="c626262c8523bf012cf66f") r1 = inotify_init() poll(&(0x7f0000000040)=[{r1}], 0x1, 0x7) 2033/05/18 03:44:40 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000500"}, 0x6e) [ 981.837350] binder: 4556:4562 Acquire 1 refcount change on invalid ref 73598016 ret -22 [ 981.845611] binder: 4556:4562 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 981.853264] binder: 4556:4562 unknown command 0 2033/05/18 03:44:40 executing program 6: mount(&(0x7f0000000080)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f00000013c0)='ramfs\x00', 0x0, &(0x7f000000a000)) chroot(&(0x7f0000000280)='./file0\x00') umount2(&(0x7f0000000040)='./file0\x00', 0x2) mount(&(0x7f0000000300)='/\x00', &(0x7f00000002c0)='./file0\x00', &(0x7f0000000140)="6566697661726673007fb8cd082647ec5f010edfc353bbacd209eaf315513ba62adc380fdb97ef826c2aad06a9bb3e", 0x31000, 0x0) 2033/05/18 03:44:40 executing program 4 (fault-call:4 fault-nth:75): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:40 executing program 5 (fault-call:10 fault-nth:0): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:40 executing program 7: r0 = syz_init_net_socket$llc(0x1a, 0x4, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='gretap0\x00', 0x10) socket$inet_udp(0x2, 0x2, 0x0) bind$llc(r0, &(0x7f0000000040)={0x1a}, 0x10) getpeername$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000100)=0x14) bind(r0, &(0x7f0000000140)=@ll={0x11, 0xf5, r1, 0x1, 0x3, 0x6, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x20}}, 0x80) [ 981.990217] binder: undelivered TRANSACTION_ERROR: 29201 [ 982.001516] binder: undelivered TRANSACTION_ERROR: 29201 2033/05/18 03:44:40 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000fd00"}, 0x6e) [ 982.034367] device bridge_slave_1 left promiscuous mode [ 982.039956] bridge0: port 2(bridge_slave_1) entered disabled state 2033/05/18 03:44:40 executing program 6: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = dup2(r0, r0) ioctl$TUNSETSNDBUF(r1, 0x400454d4, &(0x7f0000000000)=0xffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000280)="6e65742f736e6d703600dfad84017a66f0b0cc8e715ed7761efe34bb04f89da5d5a7bec63195188f4c179c6c30abeb97f3f255923f33af39b94056bd46d6a12d00b5c29a04bd8b7593234e405850456909235b92a130734dfeb48c94b316da57a26ef767485a298b436ce52581638ac392b873094517001245999a087586c53b85c96ef92b888ddb616d5c1374067fb47a20e891ebdb2c45d444a649336d55d337dd777001bfde1fe20ad3ba2266b9300f2713a3acc4115b5d6cc2b5302d6be82f17852c698a8117") dup3(r0, r2, 0x0) [ 982.105762] device bridge_slave_0 left promiscuous mode [ 982.111377] bridge0: port 1(bridge_slave_0) entered disabled state [ 982.218222] binder: 4556:4562 ioctl c0306201 20000540 returned -22 [ 982.228067] team0 (unregistering): Port device team_slave_1 removed [ 982.249852] team0 (unregistering): Port device team_slave_0 removed [ 982.262196] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 982.272959] binder: BINDER_SET_CONTEXT_MGR already set [ 982.275295] IPVS: ftp: loaded support on port[0] = 21 [ 982.288667] binder: 4556:4562 ioctl 40046207 0 returned -16 [ 982.295019] binder: 4556:4604 Acquire 1 refcount change on invalid ref 73598016 ret -22 [ 982.296307] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 982.303227] binder: 4556:4604 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 982.303240] binder: 4556:4604 unknown command 0 [ 982.303495] binder: 4556:4604 ioctl c0306201 20000540 returned -22 [ 982.350543] bond0 (unregistering): Released all slaves 2033/05/18 03:44:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x7400}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:41 executing program 7: gettid() r0 = fcntl$getown(0xffffffffffffff9c, 0x9) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/qat_adf_ctl\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000400)={0x3, 0x70, 0x9, 0x9, 0xfffffffffffffffb, 0x0, 0x0, 0x17, 0x40800, 0x2, 0x2, 0x401, 0x1ff, 0x4, 0x7f, 0x26a, 0x0, 0xe820, 0x1, 0x6, 0x4f5b, 0x7fffffff, 0x13be, 0x30f7, 0x4, 0x800, 0xfff, 0x1, 0x100000001, 0x3, 0x2, 0x101, 0x3ff, 0x4, 0x3, 0x100, 0x7, 0x1000, 0x0, 0x3a8f, 0x1, @perf_bp={&(0x7f0000000040), 0x2}, 0x24010, 0x7, 0x80000000, 0x2, 0x2, 0x100, 0x2}, r0, 0xe, r1, 0x1) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f0000000480)={0x20000000, 0x1, 0xc}) r2 = accept(r1, &(0x7f00000005c0)=@ax25, &(0x7f0000000640)=0x80) getsockopt$inet6_dccp_int(r1, 0x21, 0x1f, &(0x7f0000000540), &(0x7f0000000580)=0x4) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$rdma_cm(0xffffffffffffffff, &(0x7f0000000100)=@create_id={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080)={0xffffffff}, 0x113, 0xf}}, 0x20) write$rdma_cm(r3, &(0x7f0000004f80)=@query={0x13, 0x10, 0xfa00, {&(0x7f0000000200), r4}}, 0x18) getsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000680), &(0x7f00000006c0)=0x4) write$rdma_cm(r3, &(0x7f00000004c0)=ANY=[@ANYBLOB="03000000400000fa0200000000000000fe80000000000000000000000000000000000000020000009c7500000000000000000000000000000000000000000000543065", @ANYRES32=0xffffffff, @ANYBLOB='\x00\x00\x00\x00'], 0x48) 2033/05/18 03:44:41 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000000000000000000300"}, 0x6e) 2033/05/18 03:44:41 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 982.366656] binder: 4586:4588 got reply transaction with no transaction stack [ 982.374095] binder: 4586:4588 transaction failed 29201/-71, size 0-0 line 2763 [ 982.382817] binder: BINDER_SET_CONTEXT_MGR already set [ 982.390095] binder: 4586:4588 ioctl 40046207 0 returned -16 [ 982.399180] binder: 4586:4606 got reply transaction with no transaction stack [ 982.406877] binder: 4586:4606 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:41 executing program 6: r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x10001, 0x40) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000040)={@empty, 0x0}, &(0x7f0000000080)=0x14) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x1d, r1}, 0x10, &(0x7f00000001c0)={&(0x7f0000000140)={0x7, 0x844, 0x6, {r2, r3/1000+10000}, {0x0, 0x2710}, {0x4, 0x9, 0x3, 0x5}, 0x1, @can={{0x3, 0xfff, 0x0, 0x8001}, 0x4, 0x1, 0x0, 0x0, "c2a97e87f6038e73"}}, 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x10) syz_emit_ethernet(0x2a, &(0x7f000000a000)={@broadcast=[0xff, 0xe0, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0xc003, 0x0, 0x11, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @multicast1=0xe0000001}, @udp={0x0, 0x0, 0x8}}}}}, 0x0) [ 982.440349] QAT: Invalid ioctl 2033/05/18 03:44:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 982.484885] QAT: Invalid ioctl [ 982.498380] binder: undelivered TRANSACTION_ERROR: 29201 [ 982.505568] binder: undelivered TRANSACTION_ERROR: 29201 [ 982.580677] binder: 4628:4629 got reply transaction with no transaction stack [ 982.588201] binder: 4628:4629 transaction failed 29201/-71, size 0-0 line 2763 [ 982.637620] binder: BINDER_SET_CONTEXT_MGR already set [ 982.659912] binder: 4628:4629 ioctl 40046207 0 returned -16 [ 982.677864] binder: 4628:4634 got reply transaction with no transaction stack [ 982.685262] binder: 4628:4634 transaction failed 29201/-71, size 0-0 line 2763 [ 982.697089] binder: 4630:4635 Acquire 1 refcount change on invalid ref 29696 ret -22 [ 982.705175] binder: 4630:4635 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 982.712751] binder: 4630:4635 unknown command 0 [ 982.748152] binder: 4630:4635 ioctl c0306201 20000540 returned -22 [ 982.768796] binder: undelivered TRANSACTION_ERROR: 29201 [ 982.775028] binder: undelivered TRANSACTION_ERROR: 29201 [ 982.792550] binder: BINDER_SET_CONTEXT_MGR already set [ 982.803241] binder: 4630:4644 Acquire 1 refcount change on invalid ref 29696 ret -22 [ 982.811223] binder: 4630:4644 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 982.812557] binder: 4630:4635 ioctl 40046207 0 returned -16 [ 982.818821] binder: 4630:4644 unknown command 0 [ 982.836160] binder: 4630:4644 ioctl c0306201 20000540 returned -22 [ 983.309715] bridge0: port 1(bridge_slave_0) entered blocking state [ 983.316138] bridge0: port 1(bridge_slave_0) entered disabled state [ 983.323660] device bridge_slave_0 entered promiscuous mode [ 983.362838] bridge0: port 2(bridge_slave_1) entered blocking state [ 983.369248] bridge0: port 2(bridge_slave_1) entered disabled state [ 983.376844] device bridge_slave_1 entered promiscuous mode [ 983.413762] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 983.449949] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 983.560328] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 983.599975] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 983.765791] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 983.773726] team0: Port device team_slave_0 added [ 983.807325] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 983.814795] team0: Port device team_slave_1 added [ 983.849528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 983.879638] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 983.886497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 983.899572] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 983.922855] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 983.929988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 983.937891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 983.976366] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 983.983494] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 983.991832] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 984.211781] bridge0: port 2(bridge_slave_1) entered blocking state [ 984.218173] bridge0: port 2(bridge_slave_1) entered forwarding state [ 984.224809] bridge0: port 1(bridge_slave_0) entered blocking state [ 984.231169] bridge0: port 1(bridge_slave_0) entered forwarding state [ 984.238404] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 984.921489] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 985.005922] 8021q: adding VLAN 0 to HW filter on device bond0 [ 985.079260] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 985.153140] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 985.159369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 985.166456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 985.238119] 8021q: adding VLAN 0 to HW filter on device team0 [ 985.669043] FAULT_INJECTION: forcing a failure. [ 985.669043] name failslab, interval 1, probability 0, space 0, times 0 [ 985.680859] CPU: 0 PID: 4901 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 985.688056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 985.697399] Call Trace: [ 985.699983] dump_stack+0x1b9/0x294 [ 985.703640] ? dump_stack_print_info.cold.2+0x52/0x52 [ 985.708843] should_fail.cold.4+0xa/0x1a [ 985.712901] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 985.718014] ? graph_lock+0x170/0x170 [ 985.721817] ? find_held_lock+0x36/0x1c0 [ 985.725877] ? __lock_is_held+0xb5/0x140 [ 985.729944] ? check_same_owner+0x320/0x320 [ 985.734255] ? device_create_groups_vargs+0x1ff/0x270 [ 985.739448] ? device_create_vargs+0x46/0x60 [ 985.743853] ? rcu_note_context_switch+0x710/0x710 [ 985.748775] ? mount_bdev+0x30c/0x3e0 [ 985.752581] ? fuse_mount_blk+0x34/0x40 [ 985.756553] ? mount_fs+0xae/0x328 [ 985.760087] __should_failslab+0x124/0x180 [ 985.764325] should_failslab+0x9/0x14 [ 985.768122] kmem_cache_alloc+0x2af/0x760 [ 985.772273] skb_clone+0x1ed/0x4f0 [ 985.775802] ? refcount_add_not_zero+0x310/0x320 [ 985.780551] ? skb_split+0x11d0/0x11d0 [ 985.784428] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 985.789434] ? netlink_trim+0x1b2/0x370 [ 985.793405] ? netlink_skb_destructor+0x210/0x210 [ 985.798241] ? cleanup_uevent_env+0x40/0x40 [ 985.802565] netlink_broadcast_filtered+0x1024/0x1580 [ 985.807765] ? __netlink_sendskb+0xd0/0xd0 [ 985.812005] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 985.817533] ? refcount_inc_not_zero+0x1dd/0x2d0 [ 985.822283] ? refcount_add_not_zero+0x320/0x320 [ 985.827037] ? cleanup_uevent_env+0x40/0x40 [ 985.831352] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 985.836380] kobject_uevent_env+0x6e4/0xea0 [ 985.840698] ? device_pm_add+0x221/0x340 [ 985.844757] kobject_uevent+0x1f/0x30 [ 985.848547] device_add+0xb01/0x16d0 [ 985.852256] ? device_private_init+0x230/0x230 [ 985.856829] ? kfree+0x1e9/0x260 [ 985.860203] ? kfree_const+0x5e/0x70 [ 985.863916] device_create_groups_vargs+0x1ff/0x270 [ 985.868924] device_create_vargs+0x46/0x60 [ 985.873172] bdi_register_va.part.10+0xbb/0x9b0 [ 985.877838] ? cgwb_kill+0x630/0x630 [ 985.881543] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 985.887065] ? bdi_init+0x416/0x510 [ 985.890700] ? wb_init+0x9e0/0x9e0 [ 985.894250] ? bdi_alloc_node+0x67/0xe0 [ 985.898225] ? bdi_alloc_node+0x67/0xe0 [ 985.902196] ? rcu_read_lock_sched_held+0x108/0x120 [ 985.907204] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 985.912475] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 985.918001] ? refcount_sub_and_test+0x212/0x330 [ 985.922749] bdi_register_va+0x68/0x80 [ 985.926789] super_setup_bdi_name+0x123/0x220 [ 985.931272] ? kill_block_super+0x100/0x100 [ 985.935583] ? kmem_cache_alloc_trace+0x616/0x780 [ 985.940431] fuse_fill_super+0xe6e/0x1e20 [ 985.944576] ? fuse_get_root_inode+0x190/0x190 [ 985.949157] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 985.954697] ? vsnprintf+0x242/0x1b40 [ 985.958505] ? pointer+0xa10/0xa10 [ 985.962050] ? vsprintf+0x40/0x40 [ 985.965499] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 985.970502] ? set_blocksize+0x2c4/0x350 [ 985.974557] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 985.980087] mount_bdev+0x30c/0x3e0 [ 985.983702] ? fuse_get_root_inode+0x190/0x190 [ 985.988289] fuse_mount_blk+0x34/0x40 [ 985.992083] mount_fs+0xae/0x328 [ 985.995447] vfs_kern_mount.part.34+0xd4/0x4d0 [ 986.000020] ? may_umount+0xb0/0xb0 [ 986.003641] ? _raw_read_unlock+0x22/0x30 [ 986.007787] ? __get_fs_type+0x97/0xc0 [ 986.011674] do_mount+0x564/0x3070 [ 986.015210] ? copy_mount_string+0x40/0x40 [ 986.019448] ? rcu_pm_notify+0xc0/0xc0 [ 986.023345] ? copy_mount_options+0x5f/0x380 [ 986.027744] ? rcu_read_lock_sched_held+0x108/0x120 [ 986.032749] ? kmem_cache_alloc_trace+0x616/0x780 [ 986.037601] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 986.043138] ? _copy_from_user+0xdf/0x150 [ 986.047289] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 986.052823] ? copy_mount_options+0x285/0x380 [ 986.057315] ksys_mount+0x12d/0x140 [ 986.060933] __x64_sys_mount+0xbe/0x150 [ 986.064902] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 986.069921] do_syscall_64+0x1b1/0x800 [ 986.073797] ? finish_task_switch+0x1ca/0x840 [ 986.078282] ? syscall_return_slowpath+0x5c0/0x5c0 [ 986.083214] ? syscall_return_slowpath+0x30f/0x5c0 [ 986.088154] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 986.093512] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 986.098351] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 986.103525] RIP: 0033:0x455a09 [ 986.106698] RSP: 002b:00007f2b5e9bab08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 2033/05/18 03:44:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x40086303}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:44 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:44 executing program 4 (fault-call:4 fault-nth:76): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:44 executing program 6: r0 = socket(0xa, 0x1, 0x0) write$binfmt_script(r0, &(0x7f0000000140)={'#! ', './file0', [{0x20, 'system$vboxnet1'}, {0x20, ',vmnet0/'}, {0x20, 'vmnet0selinux]'}, {0x20, '^'}, {0x20}, {0x20, 'system^-'}, {0x20}, {0x20, '{+!)cgroup\''}], 0xa, "cdf90e10df0aa7f882363087e0ac04ad012526f1d817c555a3eb10d6bd4adecc254f91f170f6681bfc3423ab551cb0f500022b4670b7d99bc87ec4a73241dbb7cd6c871da0e4650ff2452648a728b9c38942d975715e77f135ce32"}, 0xa7) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f0000000280)={r0, 0x4, 0x44a, "3449a9ddd21a2b6345ac3fc8371700634c687738dc6a34dedd7183ab8ac01fe8108e23689c0ef1d4c519a6f95fb98fe41ce6c905f4b607f56d"}) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$inet6_group_source_req(r2, 0x29, 0x2a, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}, {{0xa}}}, 0x108) close(r2) close(r1) 2033/05/18 03:44:44 executing program 0: io_setup(0x8000, &(0x7f00000000c0)=0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0}) io_getevents(r0, 0x2, 0x2, &(0x7f0000000100)=[{}, {}], &(0x7f0000000180)={r1}) r2 = socket$nl_route(0x10, 0x3, 0x0) io_submit(r0, 0x1, &(0x7f0000002cc0)=[&(0x7f0000000040)={0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffc, r2}]) 2033/05/18 03:44:44 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000000000000000000100"}, 0x6e) 2033/05/18 03:44:44 executing program 7: r0 = syz_open_dev$midi(&(0x7f00000001c0)='/dev/midi#\x00', 0x100000000001, 0x10000) ioctl$EVIOCREVOKE(r0, 0x40044591, &(0x7f0000000180)=0x1ff) bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1d}, 0x2c) r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x3, 0x1) r2 = open(&(0x7f0000000040)='./file0\x00', 0x580, 0x0) bind(r1, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r2, 0x0, 0x0, 0x2, 0x3, {0xa, 0x4e22, 0x0, @ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0x14, 0xaa}}, 0x8}}}, 0x80) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="b4000a0000040000bd000000000000000fa000000000000200000000000000009500000000000000"], &(0x7f0000003ff6)='syzkaller\x00', 0x5, 0x450, &(0x7f000000cf3d)=""/195}, 0x48) 2033/05/18 03:44:44 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0x41a0ae8d, 0x0) [ 986.114638] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 986.121897] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 986.129156] RBP: 0000000020000140 R08: 00007f2b5e9bab20 R09: 0000000000000000 [ 986.136419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 986.143689] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:44:44 executing program 7: r0 = socket(0x11, 0x100000803, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000180)='/dev/net/tun\x00', 0x0, 0x20027e) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000140)={"6966623000faffffffffffffff00", 0x12}) getsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000240)={@rand_addr, @rand_addr, @dev}, &(0x7f00000002c0)=0xc) ioctl$TUNSETSNDBUF(r1, 0x400454d4, &(0x7f00000001c0)=0x1) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'ifb0\x00', 0xa201}) write(r1, &(0x7f0000000280)="9b2363a751a3c521a55def20a97ca90f731b", 0x12) syz_mount_image$minix(&(0x7f0000000040)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x20, 0x1, &(0x7f0000000200)=[{&(0x7f00000000c0)="ab277a5b71eb2b6da7775afa36145c663bdf14d27622bcd92bc3eea45c9af539d3fa759a2b219f75481e2d839936158d308dccb233230ef51f6e2fb3ab0da2d482511614071031e222af344d29e9a2d6300266bf960291b46b43dd6117e306f61f546cdff1af189ec0", 0x69, 0x1}], 0x1, 0x0) 2033/05/18 03:44:44 executing program 6: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000002640)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x3, 0x0) recvmsg(r0, &(0x7f0000000480)={&(0x7f0000000100)=@pppol2tpv3={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @dev}}}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000180)=""/126, 0x7e}, {&(0x7f0000000280)=""/222, 0xde}, {&(0x7f0000000380)=""/144, 0x90}, {&(0x7f0000000080)=""/36, 0x24}], 0x4, 0x0, 0x0, 0x2}, 0x1) ioctl$sock_ifreq(r0, 0x89f2, &(0x7f00000000c0)={'tunl0\x00', @ifru_addrs=@in={0x2, 0x4e20, @rand_addr}}) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r1, 0x40045402, &(0x7f0000000040)) [ 986.215972] binder: 4905:4907 got reply transaction with no transaction stack [ 986.223368] binder: 4905:4907 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:44 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000000000500"}, 0x6e) [ 986.274918] binder: BINDER_SET_CONTEXT_MGR already set [ 986.302963] binder: 4905:4907 ioctl 40046207 0 returned -16 [ 986.321911] binder: 4916:4919 Acquire 1 refcount change on invalid ref 1074291459 ret -22 [ 986.330332] binder: 4916:4919 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 986.333596] binder: 4905:4917 got reply transaction with no transaction stack [ 986.337922] binder: 4916:4919 unknown command 0 [ 986.345401] binder: 4905:4917 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:45 executing program 4 (fault-call:4 fault-nth:77): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:45 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000000500"}, 0x6e) 2033/05/18 03:44:45 executing program 6: r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @local={0xac, 0x14, 0x14, 0xaa}}}, 0xe2) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0xa00, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, 0x0}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000140)={0x0, 0x0}, &(0x7f0000000180)=0xc) stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000280)={r2, r3, r4}, 0xc) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f00000000c0)) connect$pptp(r0, &(0x7f0000000040)={0x18, 0x2, {0xe000, @multicast2=0xe0000002}}, 0x1e) [ 986.423462] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop7. 2033/05/18 03:44:45 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:45 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0x5450, 0x0) [ 986.489586] binder: undelivered TRANSACTION_ERROR: 29201 [ 986.495964] binder: undelivered TRANSACTION_ERROR: 29201 [ 986.514017] device bridge_slave_1 left promiscuous mode [ 986.519611] bridge0: port 2(bridge_slave_1) entered disabled state [ 986.540061] binder: 4916:4919 ioctl c0306201 20000540 returned -22 [ 986.560293] device bridge_slave_0 left promiscuous mode [ 986.565917] bridge0: port 1(bridge_slave_0) entered disabled state [ 986.665789] binder: BINDER_SET_CONTEXT_MGR already set [ 986.671002] IPVS: ftp: loaded support on port[0] = 21 [ 986.677754] team0 (unregistering): Port device team_slave_1 removed [ 986.695949] team0 (unregistering): Port device team_slave_0 removed [ 986.721081] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 986.730661] binder: 4916:4919 ioctl 40046207 0 returned -16 [ 986.743204] binder: 4916:4952 Acquire 1 refcount change on invalid ref 1074291459 ret -22 [ 986.751626] binder: 4916:4952 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 986.759198] binder: 4916:4952 unknown command 0 [ 986.764387] binder: 4916:4952 ioctl c0306201 20000540 returned -22 [ 986.777405] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 986.844917] bond0 (unregistering): Released all slaves [ 986.888504] binder: 4943:4944 got reply transaction with no transaction stack [ 986.895901] binder: 4943:4944 transaction failed 29201/-71, size 0-0 line 2763 [ 986.912693] binder: BINDER_SET_CONTEXT_MGR already set [ 986.923174] binder: 4943:4944 ioctl 40046207 0 returned -16 [ 986.941283] binder: 4943:4953 got reply transaction with no transaction stack [ 986.948650] binder: 4943:4953 transaction failed 29201/-71, size 0-0 line 2763 [ 987.016271] binder: undelivered TRANSACTION_ERROR: 29201 [ 987.028105] binder: undelivered TRANSACTION_ERROR: 29201 [ 988.101709] bridge0: port 1(bridge_slave_0) entered blocking state [ 988.108147] bridge0: port 1(bridge_slave_0) entered disabled state [ 988.115551] device bridge_slave_0 entered promiscuous mode [ 988.156790] bridge0: port 2(bridge_slave_1) entered blocking state [ 988.163207] bridge0: port 2(bridge_slave_1) entered disabled state [ 988.182348] device bridge_slave_1 entered promiscuous mode [ 988.253778] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 988.341161] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 988.457853] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 988.544771] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 988.798308] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 988.806171] team0: Port device team_slave_0 added [ 988.841641] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 988.849604] team0: Port device team_slave_1 added [ 988.886566] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 988.926689] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 988.964760] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 988.971926] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 988.987689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 989.021508] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 989.028799] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 989.037676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 989.406760] bridge0: port 2(bridge_slave_1) entered blocking state [ 989.413275] bridge0: port 2(bridge_slave_1) entered forwarding state [ 989.419954] bridge0: port 1(bridge_slave_0) entered blocking state [ 989.426323] bridge0: port 1(bridge_slave_0) entered forwarding state [ 989.434704] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 990.407147] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 990.765098] 8021q: adding VLAN 0 to HW filter on device bond0 [ 990.889474] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 991.014884] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 991.021117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 991.028716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 991.159776] 8021q: adding VLAN 0 to HW filter on device team0 [ 991.911930] FAULT_INJECTION: forcing a failure. [ 991.911930] name failslab, interval 1, probability 0, space 0, times 0 [ 991.923682] CPU: 1 PID: 5212 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 991.930868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 991.940217] Call Trace: [ 991.942810] dump_stack+0x1b9/0x294 [ 991.946447] ? dump_stack_print_info.cold.2+0x52/0x52 [ 991.951637] ? d_add+0x605/0xa10 [ 991.955002] ? lock_downgrade+0x8e0/0x8e0 [ 991.959160] should_fail.cold.4+0xa/0x1a [ 991.963223] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 991.968330] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 991.973350] ? graph_lock+0x170/0x170 [ 991.977150] ? __lockdep_init_map+0x105/0x590 [ 991.981651] ? find_held_lock+0x36/0x1c0 [ 991.985725] ? __lock_is_held+0xb5/0x140 [ 991.989803] ? check_same_owner+0x320/0x320 [ 991.994131] ? rcu_note_context_switch+0x710/0x710 [ 991.999068] __should_failslab+0x124/0x180 [ 992.003306] should_failslab+0x9/0x14 [ 992.007115] kmem_cache_alloc+0x2af/0x760 [ 992.011275] alloc_inode+0xb2/0x190 [ 992.014916] new_inode_pseudo+0x69/0x1a0 [ 992.018978] ? prune_icache_sb+0x1a0/0x1a0 [ 992.023218] ? down_read+0x1b0/0x1b0 [ 992.026935] ? mntput+0x74/0xa0 [ 992.030224] new_inode+0x1c/0x40 [ 992.033596] debugfs_get_inode+0x19/0x120 [ 992.037750] debugfs_create_dir+0x75/0x3c0 [ 992.041992] bdi_register_va.part.10+0x318/0x9b0 [ 992.046751] ? cgwb_kill+0x630/0x630 [ 992.050472] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 992.056006] ? bdi_init+0x416/0x510 [ 992.059634] ? wb_init+0x9e0/0x9e0 [ 992.063183] ? bdi_alloc_node+0x67/0xe0 [ 992.067172] ? bdi_alloc_node+0x67/0xe0 [ 992.071155] ? rcu_read_lock_sched_held+0x108/0x120 [ 992.076182] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 992.081467] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 992.087009] ? refcount_sub_and_test+0x212/0x330 [ 992.091772] bdi_register_va+0x68/0x80 [ 992.095668] super_setup_bdi_name+0x123/0x220 [ 992.100167] ? kill_block_super+0x100/0x100 [ 992.104493] ? kmem_cache_alloc_trace+0x616/0x780 [ 992.109351] fuse_fill_super+0xe6e/0x1e20 [ 992.113518] ? fuse_get_root_inode+0x190/0x190 [ 992.118107] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 992.123650] ? vsnprintf+0x242/0x1b40 [ 992.127467] ? pointer+0xa10/0xa10 [ 992.131020] ? vsprintf+0x40/0x40 [ 992.134478] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 992.139497] ? set_blocksize+0x2c4/0x350 [ 992.143567] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 992.149110] mount_bdev+0x30c/0x3e0 [ 992.152736] ? fuse_get_root_inode+0x190/0x190 [ 992.157322] fuse_mount_blk+0x34/0x40 [ 992.161129] mount_fs+0xae/0x328 [ 992.164501] vfs_kern_mount.part.34+0xd4/0x4d0 [ 992.169083] ? may_umount+0xb0/0xb0 [ 992.172711] ? _raw_read_unlock+0x22/0x30 [ 992.176858] ? __get_fs_type+0x97/0xc0 [ 992.180752] do_mount+0x564/0x3070 [ 992.184300] ? copy_mount_string+0x40/0x40 [ 992.188534] ? rcu_pm_notify+0xc0/0xc0 [ 992.192432] ? copy_mount_options+0x5f/0x380 [ 992.196840] ? rcu_read_lock_sched_held+0x108/0x120 [ 992.201857] ? kmem_cache_alloc_trace+0x616/0x780 [ 992.206706] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 992.212247] ? _copy_from_user+0xdf/0x150 [ 992.216411] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 992.221952] ? copy_mount_options+0x285/0x380 [ 992.226456] ksys_mount+0x12d/0x140 [ 992.230090] __x64_sys_mount+0xbe/0x150 [ 992.234065] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 992.239092] do_syscall_64+0x1b1/0x800 [ 992.242982] ? finish_task_switch+0x1ca/0x840 [ 992.247479] ? syscall_return_slowpath+0x5c0/0x5c0 [ 992.252501] ? syscall_return_slowpath+0x30f/0x5c0 [ 992.257439] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 992.262810] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 992.267670] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 992.272856] RIP: 0033:0x455a09 [ 992.276050] RSP: 002b:00007f3182b6bb08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 992.283762] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 992.291030] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 992.298305] RBP: 0000000020000140 R08: 00007f3182b6bb20 R09: 0000000000000000 [ 992.305571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 2033/05/18 03:44:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x400000000000000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:50 executing program 4 (fault-call:4 fault-nth:78): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:50 executing program 0: r0 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x0, 0x143042) fallocate(r0, 0x0, 0x0, 0x8) getsockopt$IP6T_SO_GET_REVISION_TARGET(r0, 0x29, 0x45, &(0x7f0000000040)={'TPROXY\x00'}, &(0x7f0000000080)=0x1e) 2033/05/18 03:44:50 executing program 7: syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x4, &(0x7f0000000440)=[{&(0x7f0000000140)="0922aad0c52032ac77103ccf454cefa6d3a89d49b49cedc0e4c099c2b48bcf1791af056dce32f007da22cb", 0x2b, 0x9}, {&(0x7f0000000180)="42a8d514a4a43db7e8c5ee234cb730701b28c37731f6b2712f62f36f21ce85de2d488dcc6196603084d55d6342d09a320c1c91b7054498e34a229fc41ce2615ecb374836022ac6bf2e36df9ff80de4934ed6da409b1c2e3561d619c51b39c1b1463a9e04b306d9525222a73bf9d0b74ff9a67febc656703ad00cebd32933ae7dda3dc34f1919663ce057528b", 0x8c, 0x7d3983e1}, {&(0x7f0000000240)="f02ff76b0f1730ac8832d23207052d66172a82fb2a19f7bc5a68dcf82ffc5cc15870cffd9eb20b326589d80a42303028bbe6b890c7c523a86719229e533e6698eb2159655c9fc702027ef49463d4e5a778cd0b01ea2be58215be9d250b260a4542e1d2afb3ef4eac27833e5160c9c2b7514a121737fe3da961c8a9f48f881a5fe114557801efc612191d917e5bb7ce02f3c30c8fb782dcdc0a2f4e2227a6673221812c342f511088b432ba8d5c2c7e7adac33e1433c33a72e2259dd5e3ae2071bef36edd2ad50b0349fe34c64059c9f2b2a2ff95f90b1ad57797347f4279c2107dc3ad1ceff88822978a1e711efc35afb7790510fc9b64", 0xf7, 0x5}, {&(0x7f0000000340)="fa2ca58311635bb2c4779f1ca33407e20594b85d2b0f0c3d863aec85b3f5c1d664a023a0ea24f796553b9631a3870a7cc932714e88fe9bb0d2d5192884f707bded3ed3fd3e37cea4ced6548b8ac956eb7d28096f1b23bf25f2a159b66ec2d2f67bb8ec9e972177e0dcdafe21d60e704b0aa0ff7d942fc3c1bfae360d25560921d70a6919bf1c1fe095a18d941db0c023a1a26a6bb0a9a21f6580f11c3cc761437bea7b7a0400dcd5037183b0b2cc97d7c3942817e11aefe8bb2127196438275c8e1d8555fd8e4ffb7583fdfe25ce72e988535d28a6b85d00778d3c746527f83e714f7b64e205f3051adaa0b3a4e0c14ba30f224001980a8032c9", 0xfa}], 0x100000, &(0x7f00000000c0)={[{@uid={'uid', 0x3d}, 0x2c}]}) 2033/05/18 03:44:50 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000008000002000"}, 0x6e) 2033/05/18 03:44:50 executing program 6: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYPTR64=&(0x7f0000000140)=ANY=[@ANYRES32=r0, @ANYRES32=r3, @ANYRES32=r0, @ANYBLOB="fc14aa5b1abaa564129b54796ddc9b8d68294cd967de988b0f84a4ad17b2531f6320968d312194228f903dc29f663f", @ANYRES32=r3, @ANYRES32]]) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000001c0)={0x2, 0x0, [0x40000002]}) 2033/05/18 03:44:50 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0x40049409, 0x0) [ 992.312838] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 992.374812] binder: 5213:5219 got reply transaction with no transaction stack [ 992.382256] binder: 5213:5219 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:51 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000000000000000000200"}, 0x6e) 2033/05/18 03:44:51 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1d}, 0x2c) fcntl$getownex(r0, 0x10, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000913b777317b4a649bded930000bd00020000000000870000000040000000000000006e5314400adc81a65fc83bff9993bbae00000000000000000000000000000000"], &(0x7f0000003ff6)='syzkaller\x00', 0x5, 0x450, &(0x7f000000cf3d)=""/195}, 0x48) [ 992.422204] binder: BINDER_SET_CONTEXT_MGR already set 2033/05/18 03:44:51 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f00000000c0)="66f0ff01baf80c66b80b27058266efbafc0cb007eebaf80c66b848d08a8e66efbafc0c66b87200000066efbad00466edf6c5007b0f660ffb05ffb4cb78f30f0966b9b10600000f32", 0x48}], 0x1, 0x5f, &(0x7f0000000580), 0x0) ioctl$fiemap(r1, 0xc020660b, &(0x7f0000000000)=ANY=[@ANYBLOB="4ae30000000000000200000000000000000000004000000003000000000000000002000000000000b1ee0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018310028d158c0fc9dcbee94c5896a7975f30d0000000000000000000000000008ac000000000000000000000000000000056b000000000080000000000000000000000000000000010100570000000000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2033/05/18 03:44:51 executing program 6: r0 = socket$inet6(0xa, 0x100000002, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x7}, 0x1c) sendto$inet6(r0, &(0x7f0000000300), 0xfd90, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}}, 0x1c) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_inet_SIOCSIFBRDADDR(r1, 0x891a, &(0x7f0000000040)={'gre0\x00', {0x2, 0x4e22, @remote={0xac, 0x14, 0x14, 0xbb}}}) ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f00000001c0)) [ 992.500137] binder: 5213:5219 ioctl 40046207 0 returned -16 [ 992.516292] binder: 5228 invalid dec weak, ref 4348 desc 0 s 1 w 0 [ 992.522722] binder: 5228:5231 unknown command 0 2033/05/18 03:44:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0x4004ae99, 0x0) [ 992.548069] binder: 5213:5230 got reply transaction with no transaction stack [ 992.555445] binder: 5213:5230 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:51 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'rfc3686(ctr(aes-aesni))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7295df0df", 0x14) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x0, 0x0) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vga_arbiter\x00', 0x40101604, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000100)="26d9bbae000f20c2f30f22d1b80b008ed00fafc2d933baf80c66b83654ae8f66efbafc0ced0f01c90f3809ccba2000b80900ef", 0x33}], 0x1, 0x44, &(0x7f0000000180), 0x0) 2033/05/18 03:44:51 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000000ffff00"}, 0x6e) 2033/05/18 03:44:51 executing program 4 (fault-call:4 fault-nth:79): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) [ 992.672521] device bridge_slave_1 left promiscuous mode [ 992.678143] bridge0: port 2(bridge_slave_1) entered disabled state [ 992.684169] binder: undelivered TRANSACTION_ERROR: 29201 [ 992.691775] binder: undelivered TRANSACTION_ERROR: 29201 [ 992.713203] binder: 5228:5231 ioctl c0306201 20000540 returned -22 [ 992.737371] device bridge_slave_0 left promiscuous mode [ 992.742984] bridge0: port 1(bridge_slave_0) entered disabled state [ 992.843228] binder: BINDER_SET_CONTEXT_MGR already set [ 992.866630] team0 (unregistering): Port device team_slave_1 removed [ 992.875780] IPVS: ftp: loaded support on port[0] = 21 [ 992.879474] binder: 5228:5231 ioctl 40046207 0 returned -16 [ 992.887401] team0 (unregistering): Port device team_slave_0 removed [ 992.899682] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 992.907379] binder: 5228 invalid dec weak, ref 4352 desc 0 s 1 w 0 [ 992.913858] binder: 5228:5266 unknown command 0 [ 992.919494] binder: 5228:5266 ioctl c0306201 20000540 returned -22 [ 992.931952] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 993.008433] bond0 (unregistering): Released all slaves [ 994.059445] bridge0: port 1(bridge_slave_0) entered blocking state [ 994.065878] bridge0: port 1(bridge_slave_0) entered disabled state [ 994.088391] device bridge_slave_0 entered promiscuous mode [ 994.148992] bridge0: port 2(bridge_slave_1) entered blocking state [ 994.155405] bridge0: port 2(bridge_slave_1) entered disabled state [ 994.163282] device bridge_slave_1 entered promiscuous mode [ 994.220300] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 994.277840] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 994.506490] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 994.564553] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 994.637926] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 994.644852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 994.699443] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 994.706360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 994.856500] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 994.864021] team0: Port device team_slave_0 added [ 994.900267] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 994.908185] team0: Port device team_slave_1 added [ 994.945483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 994.986720] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 995.027953] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 995.035134] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 995.043659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 995.083100] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 995.090250] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 995.098725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 995.464414] bridge0: port 2(bridge_slave_1) entered blocking state [ 995.470827] bridge0: port 2(bridge_slave_1) entered forwarding state [ 995.477495] bridge0: port 1(bridge_slave_0) entered blocking state [ 995.483863] bridge0: port 1(bridge_slave_0) entered forwarding state [ 995.492394] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 995.553884] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 996.844041] 8021q: adding VLAN 0 to HW filter on device bond0 [ 996.975115] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 997.109009] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 997.115411] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 997.124190] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 997.253052] 8021q: adding VLAN 0 to HW filter on device team0 [ 998.016189] FAULT_INJECTION: forcing a failure. [ 998.016189] name failslab, interval 1, probability 0, space 0, times 0 [ 998.027758] CPU: 1 PID: 5521 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 998.034947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 998.044293] Call Trace: [ 998.046886] dump_stack+0x1b9/0x294 [ 998.050517] ? dump_stack_print_info.cold.2+0x52/0x52 [ 998.055711] ? __lock_acquire+0x7f5/0x5140 [ 998.059958] should_fail.cold.4+0xa/0x1a [ 998.064024] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 998.069130] ? debug_check_no_locks_freed+0x310/0x310 [ 998.074325] ? kasan_check_write+0x14/0x20 [ 998.078566] ? graph_lock+0x170/0x170 [ 998.082367] ? find_held_lock+0x36/0x1c0 [ 998.086437] ? find_held_lock+0x36/0x1c0 [ 998.090512] ? __lock_is_held+0xb5/0x140 [ 998.094574] ? i915_interrupt_info+0x18b0/0x1f00 [ 998.099346] ? check_same_owner+0x320/0x320 [ 998.103668] ? graph_lock+0x170/0x170 [ 998.107473] ? rcu_note_context_switch+0x710/0x710 [ 998.112427] __should_failslab+0x124/0x180 [ 998.116675] should_failslab+0x9/0x14 [ 998.120478] kmem_cache_alloc+0x2af/0x760 [ 998.124631] ? find_held_lock+0x36/0x1c0 [ 998.128700] fuse_alloc_inode+0x96/0x4f0 [ 998.132766] ? fuse_dev_alloc+0x4e0/0x4e0 [ 998.136913] ? lock_downgrade+0x8e0/0x8e0 [ 998.141071] ? kasan_check_read+0x11/0x20 [ 998.145223] ? do_raw_spin_unlock+0x9e/0x2e0 [ 998.149633] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 998.154229] ? kasan_check_write+0x14/0x20 [ 998.158466] ? find_inode.isra.19+0xc3/0x1d0 [ 998.162874] ? fuse_dev_alloc+0x4e0/0x4e0 [ 998.167023] alloc_inode+0x63/0x190 [ 998.170653] iget5_locked+0x20e/0x570 [ 998.174450] ? fuse_inode_eq+0x80/0x80 [ 998.178337] ? fuse_init_file_inode+0x70/0x70 [ 998.182834] ? inode_lru_isolate+0x580/0x580 [ 998.187244] ? cgwb_kill+0x630/0x630 [ 998.190961] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 998.196496] ? print_usage_bug+0xc0/0xc0 [ 998.200557] fuse_iget+0x1cc/0x820 [ 998.204105] ? fuse_change_attributes+0x810/0x810 [ 998.208972] fuse_get_root_inode+0x121/0x190 [ 998.213394] ? fuse_iget+0x820/0x820 [ 998.217118] ? _raw_spin_unlock_bh+0x30/0x40 [ 998.221529] ? bdi_set_max_ratio+0x112/0x150 [ 998.225942] fuse_fill_super+0x11e0/0x1e20 [ 998.230190] ? fuse_get_root_inode+0x190/0x190 [ 998.234780] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 998.240320] ? vsnprintf+0x242/0x1b40 [ 998.244246] ? pointer+0xa10/0xa10 [ 998.247823] ? vsprintf+0x40/0x40 [ 998.251281] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 998.256296] ? set_blocksize+0x2c4/0x350 [ 998.260363] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 998.265905] mount_bdev+0x30c/0x3e0 [ 998.269530] ? fuse_get_root_inode+0x190/0x190 [ 998.274115] fuse_mount_blk+0x34/0x40 [ 998.277949] mount_fs+0xae/0x328 [ 998.281323] vfs_kern_mount.part.34+0xd4/0x4d0 [ 998.286007] ? may_umount+0xb0/0xb0 [ 998.289641] ? _raw_read_unlock+0x22/0x30 [ 998.293802] ? __get_fs_type+0x97/0xc0 [ 998.297714] do_mount+0x564/0x3070 [ 998.301264] ? copy_mount_string+0x40/0x40 [ 998.305500] ? rcu_pm_notify+0xc0/0xc0 [ 998.309398] ? copy_mount_options+0x5f/0x380 [ 998.313808] ? rcu_read_lock_sched_held+0x108/0x120 [ 998.318827] ? kmem_cache_alloc_trace+0x616/0x780 [ 998.323674] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 998.329215] ? _copy_from_user+0xdf/0x150 [ 998.333371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 998.338908] ? copy_mount_options+0x285/0x380 [ 998.343408] ksys_mount+0x12d/0x140 [ 998.347040] __x64_sys_mount+0xbe/0x150 [ 998.351013] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 998.356031] do_syscall_64+0x1b1/0x800 [ 998.359917] ? finish_task_switch+0x1ca/0x840 [ 998.364423] ? syscall_return_slowpath+0x5c0/0x5c0 [ 998.369356] ? syscall_return_slowpath+0x30f/0x5c0 [ 998.374292] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 998.379664] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 998.384511] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 998.389701] RIP: 0033:0x455a09 [ 998.392886] RSP: 002b:00007f8b76024b08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 998.400604] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 998.407873] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 2033/05/18 03:44:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0xd63000000000000}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:57 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:57 executing program 6: sendmmsg(0xffffffffffffffff, &(0x7f0000002300)=[{{0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000940)}}, {{&(0x7f0000000000)=@generic={0x10, "23f725e7b84d065383d8e8aa5ea1737ab9525bcfa003c81033db12ace35f949365df82dc5df46579fe09b30c1b76e072d120664b5c59690dd2b39e490dab5fd5a4a67a2cbfdb7ac55ae2dfd65b4e46d5bfb100d97f3a6da00957e9cb640c57dd09f8466a0d287eb30b045e94065d14f414e5f33f6c09c9fba48f14dd20e4"}, 0x80, &(0x7f0000000140), 0x2f5, &(0x7f00000005c0)}, 0x4}], 0x2, 0x0) 2033/05/18 03:44:57 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000000000200"}, 0x6e) 2033/05/18 03:44:57 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0xc020660b, 0x0) 2033/05/18 03:44:57 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='gid_map\x00') ioctl$DRM_IOCTL_VERSION(r1, 0xc0406400, &(0x7f00000001c0)={0x2, 0x7fff, 0x1ff, 0x1e, &(0x7f0000000240)=""/30, 0x1000, &(0x7f0000002380)=""/4096, 0xfffffffffffffee3, &(0x7f00000000c0)=""/255}) sendmsg$nl_route(r0, &(0x7f00000002c0)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="0a0000180001000008000000000000020000000000ff000000040000"], 0x1c}, 0x1}, 0x0) connect(r1, &(0x7f0000001300)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x4e21, @multicast2=0xe0000002}, 0x0, 0x0, 0x1, 0x1}}, 0x80) 2033/05/18 03:44:57 executing program 7: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) lsetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)=@known='user.syz\x00', &(0x7f0000000140)='user.syz\x00', 0x0, 0x0) r0 = dup(0xffffffffffffff9c) ioctl$sock_ipx_SIOCIPXNCPCONN(r0, 0x89e3, &(0x7f0000000040)=0xe9) getxattr(&(0x7f0000000080)='./file0\x00', &(0x7f0000004fc0)=@known='user.syz\x00', &(0x7f0000005000)=""/171, 0xab) 2033/05/18 03:44:57 executing program 4 (fault-call:4 fault-nth:80): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) [ 998.415145] RBP: 0000000020000140 R08: 00007f8b76024b20 R09: 0000000000000000 [ 998.422411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 998.429678] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:44:57 executing program 6: r0 = socket$inet(0x2, 0x4000000000000001, 0x1000000000000) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2000000000000151, &(0x7f00000001c0)=[{0x9, 0x0, 0xc00000, 0x2}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000280)='highspeed\x00', 0x205) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") sendto$inet(r0, &(0x7f0000a88f88), 0x29f, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x921b527a62bfd8af) getpgrp(0x0) getuid() getresgid(&(0x7f0000003040), &(0x7f0000003080), &(0x7f00000030c0)) fcntl$getownex(r1, 0x10, &(0x7f00000034c0)) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000003500)={{{@in=@remote, @in6=@remote}}, {{@in=@loopback}, 0x0, @in=@remote}}, &(0x7f0000003600)=0xe8) stat(&(0x7f0000003640)='./file0\x00', &(0x7f0000003680)) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000003980)) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000039c0), &(0x7f0000003a00)=0xc) getgroups(0x5, &(0x7f0000003a40)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff]) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000003a80)) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000004ac0)={{{@in=@rand_addr, @in6=@loopback}}, {{@in6=@ipv4={[], [], @broadcast}}, 0x0, @in=@loopback}}, &(0x7f0000004bc0)=0xe8) getresgid(&(0x7f0000004c00), &(0x7f0000004c40), &(0x7f0000004c80)) r2 = socket$netlink(0x10, 0x3, 0xc) sendmsg$nl_generic(r2, &(0x7f0000004fc8)={&(0x7f000000aff4)={0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000ccb30a67fab824c44d550927000000000000000000000000000000000000000000000000e095a313271e82bc45d699ebd2ea00000000", @ANYRES32], 0xff1e}, 0x1}, 0x0) getpgrp(0x0) stat(&(0x7f0000004cc0)='./file0\x00', &(0x7f0000004d00)) getgid() gettid() getresuid(&(0x7f0000004d80), &(0x7f0000004dc0), &(0x7f0000004e00)) lstat(&(0x7f0000004e40)='./file0\x00', &(0x7f00000002c0)) fcntl$getown(r1, 0x9) [ 998.500223] binder: 5525:5526 got reply transaction with no transaction stack [ 998.507625] binder: 5525:5526 transaction failed 29201/-71, size 0-0 line 2763 2033/05/18 03:44:57 executing program 0: r0 = socket(0xa, 0x2, 0x0) ioctl(r0, 0x3ff, &(0x7f0000000000)="c606262c8523bf012cf66f") connect$inet(r0, &(0x7f0000f6fff0)={0x2, 0x4e23, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0x10) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xb}}, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1a}}], 0x20) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000100), 0x0) listen(0xffffffffffffffff, 0x110000000012) accept(0xffffffffffffffff, &(0x7f0000000040)=@hci, &(0x7f00000000c0)=0x80) 2033/05/18 03:44:57 executing program 7: r0 = socket(0x13, 0x800, 0x95f) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000) ioctl$BLKTRACESTART(r1, 0x1274, 0x0) getsockopt$sock_int(r0, 0x1, 0x39, &(0x7f0000000080), &(0x7f0000000140)=0x3) 2033/05/18 03:44:57 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000000000100"}, 0x6e) [ 998.587088] binder: BINDER_SET_CONTEXT_MGR already set [ 998.607310] binder: 5525:5526 ioctl 40046207 0 returned -16 [ 998.613497] binder: 5538 invalid dec weak, ref 4358 desc 0 s 1 w 0 [ 998.619895] binder: 5538:5544 unknown command 0 2033/05/18 03:44:57 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000000300"}, 0x6e) [ 998.644406] binder: 5525:5545 got reply transaction with no transaction stack [ 998.651792] binder: 5525:5545 transaction failed 29201/-71, size 0-0 line 2763 [ 998.652772] FAULT_INJECTION: forcing a failure. [ 998.652772] name failslab, interval 1, probability 0, space 0, times 0 [ 998.670551] CPU: 0 PID: 5555 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 998.677744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 998.687087] Call Trace: [ 998.689680] dump_stack+0x1b9/0x294 [ 998.693324] ? dump_stack_print_info.cold.2+0x52/0x52 [ 998.698522] should_fail.cold.4+0xa/0x1a [ 998.702582] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 998.707690] ? graph_lock+0x170/0x170 [ 998.711484] ? lock_downgrade+0x8e0/0x8e0 [ 998.715679] ? kasan_check_write+0x14/0x20 [ 998.719917] ? find_held_lock+0x36/0x1c0 [ 998.723977] ? __lock_is_held+0xb5/0x140 [ 998.728047] ? check_same_owner+0x320/0x320 [ 998.732384] ? rcu_note_context_switch+0x710/0x710 [ 998.737315] __should_failslab+0x124/0x180 [ 998.741547] should_failslab+0x9/0x14 [ 998.745342] kmem_cache_alloc_trace+0x2cb/0x780 [ 998.750014] ? device_create_file+0x1e0/0x1e0 [ 998.754500] kobject_uevent_env+0x20f/0xea0 [ 998.758811] ? device_pm_add+0x221/0x340 [ 998.762874] kobject_uevent+0x1f/0x30 [ 998.766666] device_add+0xb01/0x16d0 [ 998.770378] ? device_private_init+0x230/0x230 [ 998.774949] ? kfree+0x1e9/0x260 [ 998.778315] ? kfree_const+0x5e/0x70 [ 998.782025] device_create_groups_vargs+0x1ff/0x270 [ 998.787038] device_create_vargs+0x46/0x60 [ 998.791270] bdi_register_va.part.10+0xbb/0x9b0 [ 998.795942] ? cgwb_kill+0x630/0x630 [ 998.799651] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 998.805178] ? bdi_init+0x416/0x510 [ 998.808794] ? wb_init+0x9e0/0x9e0 [ 998.812329] ? bdi_alloc_node+0x67/0xe0 [ 998.816306] ? bdi_alloc_node+0x67/0xe0 [ 998.820275] ? rcu_read_lock_sched_held+0x108/0x120 [ 998.825285] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 998.830560] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 998.836092] ? refcount_sub_and_test+0x212/0x330 [ 998.840846] bdi_register_va+0x68/0x80 [ 998.844733] super_setup_bdi_name+0x123/0x220 [ 998.849220] ? kill_block_super+0x100/0x100 [ 998.853538] ? kmem_cache_alloc_trace+0x616/0x780 [ 998.858388] fuse_fill_super+0xe6e/0x1e20 [ 998.862539] ? fuse_get_root_inode+0x190/0x190 [ 998.867134] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 998.872672] ? vsnprintf+0x242/0x1b40 [ 998.876473] ? pointer+0xa10/0xa10 [ 998.880036] ? vsprintf+0x40/0x40 [ 998.883490] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 998.888498] ? set_blocksize+0x2c4/0x350 [ 998.892558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 998.898103] mount_bdev+0x30c/0x3e0 [ 998.901721] ? fuse_get_root_inode+0x190/0x190 [ 998.906299] fuse_mount_blk+0x34/0x40 [ 998.910100] mount_fs+0xae/0x328 [ 998.913468] vfs_kern_mount.part.34+0xd4/0x4d0 [ 998.918053] ? may_umount+0xb0/0xb0 [ 998.921693] ? _raw_read_unlock+0x22/0x30 [ 998.925849] ? __get_fs_type+0x97/0xc0 [ 998.929735] do_mount+0x564/0x3070 [ 998.933283] ? copy_mount_string+0x40/0x40 [ 998.937512] ? rcu_pm_notify+0xc0/0xc0 [ 998.941404] ? copy_mount_options+0x5f/0x380 [ 998.945817] ? rcu_read_lock_sched_held+0x108/0x120 [ 998.950828] ? kmem_cache_alloc_trace+0x616/0x780 [ 998.955667] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 998.961199] ? _copy_from_user+0xdf/0x150 [ 998.965346] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 998.970874] ? copy_mount_options+0x285/0x380 [ 998.975381] ksys_mount+0x12d/0x140 [ 998.979003] __x64_sys_mount+0xbe/0x150 [ 998.982973] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 998.987987] do_syscall_64+0x1b1/0x800 [ 998.991866] ? finish_task_switch+0x1ca/0x840 [ 998.996356] ? syscall_return_slowpath+0x5c0/0x5c0 [ 999.001279] ? syscall_return_slowpath+0x30f/0x5c0 [ 999.006205] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 999.011568] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 999.016415] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 999.021599] RIP: 0033:0x455a09 [ 999.024779] RSP: 002b:00007f8b76024b08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 999.032491] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 999.039748] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 999.047004] RBP: 0000000020000140 R08: 00007f8b76024b20 R09: 0000000000000000 [ 999.054261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 999.061516] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2033/05/18 03:44:57 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0x4004ae8b, 0x0) 2033/05/18 03:44:57 executing program 0: socketpair$inet(0x1e, 0x5, 0x0, &(0x7f0000000d40)={0x0, 0x0}) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000040)=0x0) fcntl$setown(r1, 0x8, r2) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r1, 0xc0a85322, &(0x7f0000000140)) accept4(r0, &(0x7f00000000c0)=@ll, &(0x7f0000000080)=0x80, 0x0) syz_genetlink_get_family_id$team(&(0x7f00000002c0)='team\x00') connect$netlink(r1, &(0x7f0000000200)=@kern={0x10, 0x0, 0x0, 0x2000180}, 0xc) readahead(r0, 0x8, 0x6) getsockname$unix(r1, &(0x7f0000000300), &(0x7f0000000380)=0x6e) getsockopt$netrom_NETROM_T1(r1, 0x103, 0x1, &(0x7f0000000240), &(0x7f0000000280)=0x4) 2033/05/18 03:44:57 executing program 6: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$sock_buf(r0, 0x1, 0x1c, &(0x7f0000000100)=""/59, &(0x7f0000000140)=0x3b) r1 = fcntl$dupfd(r0, 0x4, r0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) [ 999.163330] binder: undelivered TRANSACTION_ERROR: 29201 [ 999.169250] binder: undelivered TRANSACTION_ERROR: 29201 [ 999.206560] binder: 5538:5544 ioctl c0306201 20000540 returned -22 [ 999.226299] binder: BINDER_SET_CONTEXT_MGR already set [ 999.233836] binder: 5538:5544 ioctl 40046207 0 returned -16 [ 999.263531] binder: 5538 invalid dec weak, ref 4362 desc 0 s 1 w 0 [ 999.270037] binder: 5538:5574 unknown command 0 [ 999.282295] binder: 5538:5574 ioctl c0306201 20000540 returned -22 2033/05/18 03:44:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305, 0x3}, @reply={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:57 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c65300000000000000000000000000000000000000000000000000200"}, 0x6e) 2033/05/18 03:44:57 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) 2033/05/18 03:44:57 executing program 6: r0 = socket(0x10, 0x2, 0x0) ioctl(r0, 0xfffffffffffffffa, &(0x7f0000000240)="c666262c8523bf012cf66f") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f000065ffa8)={0x26, 'hash\x00', 0x0, 0x0, 'vmac(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000100)="000000000034bc720d00000000000000", 0x10) r2 = accept$alg(r1, 0x0, 0x0) syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000040)='./file0\x00', 0x7e, 0x6, &(0x7f0000000600)=[{&(0x7f00000002c0)="7dda22466ef9d006ecbfb42ebda0ec34e320c58f5f6800458d6e592ce0d482bca082b8f070d4fe88d1cbf04180858a2cfeddfa7a5817856d9c033b1a4a2a72f06208e6e28d10435effd8032fbfa6248f7a0498396b74a4380bdf0e87b4394652217bce4dfabc90f8a000a862d4ea0571e47a4a185b73965ca2292894011e480ae81bce5fd072b2e00690f04627f15175bf64c5a9d3350b06105df0871e0f33847e99f60219f86942fb52fa2cc2f770823b0823f46b5879fe1ee457b81b51e58a676980d7b95dc128", 0xc8, 0x8}, {&(0x7f0000000dc0)="904d44f9dfaea3a9c3978dbb57995bb7f86df575f698f978d2b8f5dfe81b24a91da79273290bb761f8e1f5d59a4bf455d6af974aa0dddd32b2ec35e22fc6ea29030354dc7a6dc5e852eda1998077b01f8ed480d6b46931ad8a54012ea9312106b6515df370b74134508604a53f24d6549756245dff5bdbb4fc0665a30010f1325b01e3186515373e7fe811d79041be83202481d7597e048491f2a53892e74a82c8bd4f6ef2ccfaa2878b9b19be56de140e38d37511dfee397a65ced069f594f925edb3a01d68ccc593459e3d24ebfe4bb59e9015ed1feada58968210825350f9077a38e8757e3b7c541b057e2318f07b5b85a929df7c19627093a339573b07771e980da1816f56e4f34022e2f845604040a98b072c14c961931e19eec7824a3c44234e8a1809c017fb8ffecb78d4ee0f016e23e4e793838502819d9670b6597feda1babe522231f8ad64e5927cfa0ecfd917607d5f6add57fcc45499f14477d783c03a0ae688c6b0c0fbf782748c3c2f9c8ef436d824e19d5c6479928e8450cd2ddbd98ce58b79d140e002e80cef48e5fbd8dc065fd40e08456ca8c6054ee2aab704454667b8e604ca1e60ff6572bccd3e6840085e63a1f92b58568c5b3edb69410d15ceef6af673a716680aebb42007e988f59a83aa781023931da26ce39123da30a3294e58938e1263769098378d964c29f50636703bcb74f41cade0f703f5ed40fff3423af0afbf12bccccd585a508106b4db0052e108c5f9d013281f36b2b6000e50b1ff49d568a47c0a75e5927dc0c3bc448d3202295af6e1f8f73bcb5e913c7647d952ebfd842065f44f8c083f09550a3a960c80f2207470066cf1be9f1c1d11402b0213a1ef8a80ab334cfb6f45783630a3e0009968b5dae09e99355ad62e021e429086d97f513914dd82da267dc4257a69c2bd2bbd75c331aff6194be94fb5577325bc61f5e705283db56d717e38daf9b098657159cb4c09308779721f9c5bb0bfa098f17f2ffe96b0319272bf656b142acb1ff3790cba681adce77b09cda15bafbbe9f7f9356aaee42a67b2475b07fca752dd2481b89b0878e2ba55549c97e8d33113c257100eda03bf0b112dc0b511d330736a158de226c262527f3d35a6d244cc17754d6436f5fe276aec504715fb6f9bd9a16ceab4fe5ec6df99f8f9ac32c3c8ae57445f740511e7b726e43a6655c4f3b55c90275abd30570326d716f68ca9ecf073324257684ccd31ff49a7253d54f564a7bf0978472e7e893f9293034f3a63f8fb28678152b48da836c8fa13e9b1c516895b1ce7aaca3601c8c73783789c9aba6a90a3083f2cbec5f26349cd14c1517db9264a81f66db58df032b842c1817748256c504ec1956db6150114d234d5a03df456f9c18c1a00fec04e99f1509fa39c5fd37cf5c65862c2e253e5d3002fbec32e63a2fb70fcc6d51eb68ca26eb48e57a743e1b8017b34aff8be95a4f64c742a3e1bad9c6919df284c1f428fa57bcaa41b817e98cedae26a3b0832cf2a7cbcdd3a086b06a3d98f4a451cf4706454032aec05e27b4c36eb5c2bc2ee00e3a3fe93224c610d55fc14dda467e32ea890b4a3746e4cf428158aa7852c8cf2f7de8bf4b56d03557f87827fe8ff57f7d63d9ecacc4b3c13ee2cc0fb49024ed790813d8c52f20a5f788e80eb3a733f41ed3c9dc29aaac1113737d3750a1dd27219841d8ddadf00a97530ea5de2107489f817d5f26c44a6f6b4436824d26969e9e5a28211b1db4630ed5acbc88d44043215c55b7abc458f0d9e0ef5267b8474145b125cce59d596ada4bd72aeab32083c4725ec1fb91669ca39256a385356908653071a00b0728febe988f5a7cf951a456396e566aa6d19444d9aab52e8b28a56b9709abd1e273be7b2aac15d7309a98e7fe566b4d66f721aeace404192a124f018b63128aba4a1ebf42ff040b0c85ad6d314b6c1ea335a3b101408250a651cf501d9041fb8025173b68b680ae4bbd35e36c4f6004219a4f853a7f26fd02f15536772174036b7003b72b40c5af343ae819a582f95d1b2660f706045a6d074d99506e1f1f953c2047e418e3afa4d21145f1b057590c01d3668f54262eaa78935b2deed7b7cb275bded2433cca8b7666cb824489a7e39185c99e47a0201918758eee4dbdbe5d5d92d3ad8d510bdeeb307ecb1f6ccc75efcddd5da62836511f5ff1dfe98a2a64603976038eeb35a6a0c985208cb503f6c00c15081573e0aa9e3684e1b04d3d9bca32ea55f4d996ba082a4daf65c0df9909a1c023f156da4b059dca9be3ea99518786be216b1a35ff71f4493a4a70ed86b8d5da26728dfe9ff466c5023473ff4dd98cfc455f03d55454cf4c271cb7d1fa1369a1f4d99f5a312178afddbf3a13009ae1f47d2e3f1378cc4a079a76b9c034519334d715d11381de243922499ec52e132bfbc0c843dea0db3a28225ba846668a0b72c94cc35bf26da130b3ea7f92afec473b6f078c24ae9fe810bef7db848c7ee89ab1ae42e16aa063dfc3a62d5ed704478d52764663c75d0c9462a819e768f96ea6471ab4b1bdac1252071ce83a7a75fa55205c4c06575867ff834d38b0eeaecf94ca3a01386c4d3f67ef48bdc021bb331aeaa4c1fcc4fad167d14767f901f4cb1cdb4547415f01496ffed532b66cf2747c0c0b2c418d7b99524ceaa5e62ab8143a40880e9f7b688a5979abfa7be4afa78462a5cd0ae7e198bd0e709aee961f6dc1c5f01422508cfa3ae330c889b46dc1e4dca0ff669adbba50ae341a778a07cc80a16122584d9b0b5b830d89348a8e605277c619ec20077b917a6da5ad7853b6ed0d115aa484f2aa9a45b2ada3d69b9136db7fcd6197afa384acf34a83c44a2bcc75de3e79379fe52e97e06bdefffc729fb60273e22595987d85569f7a69fd754e8356d0b36b14e65d0271c7af13993152cf2aca6993cef204026e65e44c5ddc89b9568af67efaa385de6af4f3d84a8da1d7f6f48caec318c1bc68f09161a774d1629ad4eb053a79cfa58f05b55694c868aa2c41162c8f80147f5ba1a8962acfd21234417d60dd6d694bc7150a46642e17b92bcdb53034fdbae63ebfe13bf0c4bf99d69677992e668a6d4bbe26a8d909c3b6af86de3a8acaa9a0a4006193562df5e6338b4a7c2896463488cd6bff10b5fdebbb9721ca31d435a603eb0fed605896d4f5c4b9d086cc8dc5fe5ce37705500c3c00e6af09544ed1a6fd94a7b7404d96106ada0e83105f8133d7165b1ea64ea8faa4f1a73581978f9541b0a030933149b59715f5b049decab7241bcd8d95e94606d735719ea54d18b8bab83e391f0c0a9f9286bcc7350fa5fe81f115c083894b81358b2986671b627da9ef8172b0e53f502ae85f3d02a2dc67d9b7c7a5a934c757a8feac3801dedc67bf666ebeb54b1f836eee0ec24ed1972157961c1e908ff02e6e3aa8c5c8cce0a6748803b915f8e851ca542a026f9cdd0393fed1ac7f1bbf545bc35b627a8637c1d544b02b73e5e5090de0d5df83eac97ed35a6d5407d23a01028508b6058ad330ea6ee824135af685fa4b128a549b4de1907fdfbf84e4cb3c9200ac9b7943dafe50dcf302e4c725fc4033472bf38f22026f87590589252a471fd164da4d610db54e5e9052eb26e00a1cfd4f4240dd2a8d2e763b2ea0e5a91fdf8335fd3bdb49286cc184214472e657518bba74493f82db665e9ec9ca55e78a5cf41e6c7ab9aca94905c55fec5fff19bfbeb2c97b95a342e988ef7de540ab41c41d0df4d5702833075421c52ae7b81e286c69b11e6ed15e3f6e8a07f0181a3a4dc871cdb452e3f5874bd279fb1a3946b954b993794eab5bab78504e36b7d0df464702fd1b214935f435508911407e4a3936d895ec3a2bc6c79a9b44f3dc80115a141d656f986a15208bf09813d9f46e427fe5e6136ec6aa55f4b54c423b142243bf8b47780f817c9181bbd084448e91c30999caf1f3b126ac8785cc1ca88dc5731e6dc1f6ad2fd602d12aaf338f0b6dc25a4d9d7093a58672ba4db118d912aba14ec7711676833e783e63ab8737baaed48953bcc9b9a137855048897140bee73e00850ec31ae670600e15df17606642645b873ecbfbfd83bf94246b9e854aa41b66f444610b2af4f389b972af3ef63257b9cd57c390374c4ec4d1b7ae60fe9f53aa0b0efe37278c166d979903faa7acb10a9fa6dd5a4165f69d1c55f3469b7ed1d2eb20bedbcc553b2ceb013376180bb7a584059ff79922fdcbdb09bdd8982748d57eea74c8a1db3d36595090036feeff58d65c36f6b9b1ab4caa8118040862a8eb35aea304153b3259bdcb453a8cde867db1fae44503157b632e2aec3398ea652e7c044139b5866b5cb2f9a1f1b19bb658fdf1bcb02c0320702532816d800de2db00431843c49ff56ade610c0f5f0ce6b3c91c1c645813ae47ede89042645caf7114ccf094a8020478533d50a73d0f2a753c889df51d5607c9039f0431b77613c925c4afc9b14bd25ff71f927e9f67a15aa935219b88597b3eb85a68584ec5b59db6f9330cb8941dd2e6262a94b8501b1e1e444e71028deaa53761feeb84f4a0df770a608a038a7bbbfd08a5f2605b2d849c66b6622ea5de2aaad051deb7dc18c59a5985c82a90771f80f5f175f6b083b2968d494626d149b73e4968aa3dbdb761268aaf2afc410d8db6a59b515ab1c7628ebefd5e6fc0a382a7f4732619d325896acd2c3d8b074adbec3f7b5a8dd2213db4684e7cf08d20f6a1a6d632131bafd3be5d8a16d54c8f2108391c75dbc27dc8b123b1defe1a84aab720ac203192cc61fb311b9de0f9956a18622d1ee43766394c16c0a1bb54998a347fe5ee7cb01d98472325cdcb20272268471e0f9f79d061669668455033f620010fe8a52a30a668dbcfbba4ca0087deea4f8222f7135f195a80b2e4444de4665c6776e97be650902cd16f34f1728bf0845ed2553de940380e33065e0dc31ea0278b9df0967bc211d90d61e157223f879d5a0f58111f95d62d5de9bd14695558c73f66f0055a5a8ec194c470d23d4ee15032340056feb84717f3e4f090e2ee19d3a9ec36c02c94a2833d9ab9a3aaed9e93db6a8b21d178a99efac4b55088c325e5aa080371d6b790182930e0582db37a4731aa36210264763ff55443d8709939b2204d14d874bdb3775437d70a307432660c6b390eb8107e6cef862ea35c5cb39504a5c6094955e24d9d50763826a14c83e671977a33191b89f3e351d0fb904c54f9a4ae1d8244d0b47eea3ce555aed4911d0f47b200f46f74e82413b8784865c77a81e67fa69463e64b155af658b647a3bd1eb3e8a66b8d18cac67c9af93b9f9f888089db51b2760cae0cb799e01315cfca0a2d5837d67b56fa98fa3ac260e7d205a25e2dd6ad4cdf605aa241323c4b7ef1c41f40106878d30005c70ecce276434f2dc8f4f7de2f41887df87b0caedb12899c4c91fdb13119399fb96f71c5986ee5aa22673aa702f314c2ef45d798542be7100ec3f5894e2d617f57c191e4e1b3bfdbe7e3d8739b00ef104094e60e4fdf4d7197d69fd73c7274a29797bdb31c26e922750c24417b4b891d1125fe3848f3005f23a82a871a4a9c0a50f3691d52e35a2884a32a06c779141ab8ae501c9885616f70709b5af604664de84769f056053d4d30ea7e72efa09076050d5dd260d7f499762de5dfe08aa6fcd0bf8fe2fac789ab8b64063ea2b04e8881acb22ba3d6bd882ff3abb3191c64f36ceb90002415a86f246dfea0a23b02af52fab2a14b275428a9717cfff7dd8244aee035a898b2f5db400590b0954a324", 0x1000, 0x200}, {&(0x7f0000000080)="46ba2453fdc5247d68bbb99bcc666a08a32b8540f8a3e7b2af6db9ef952e27e4dcb41fd10c450ecc1d758ab306f9382d715591e844ad2e1e2518510733523f7b032d69c1f9b9ef5dfa13372ffd1e9bb8441c47b426a6a0d3e5", 0x59, 0x64c4}, {&(0x7f00000001c0)="4cdd076003e7d99f9141de30b03c10a5fcaaf337b8c528ea6d364849d805997179036ccdd57e3393789cec8d28647f52e5ed25a4c4d5818cbac666260664bf8fafcefdf26bf29616a0167757dca92bf83c82d7ddb2d350750dc66d1392115be8d11b8a69390598", 0x67, 0x3}, {&(0x7f00000003c0)="ba5b2488c6787f691d8b28a74914124f02135526e258a5f1657cb432868b5b94aa84005e0e642e2ed4af7a67d4c55c1a9c3e6612dc95010bed000852a5cef559f7fbd54cb3c8a6eff706bcebf7c8070ddd27a9ecf5684d77555b94c76db6894cc7b91ef49f034bb9f131994f6af6157921735c187675ae8b8e11e6796c67451b0b53aa4cb61140cee5abdd25e126b85f8263f75bc5ba409b69dc8081dbb3c91c3db8efd87c0e538ff8455324d3ff50309c7c6939de", 0xb5, 0x10001}, {&(0x7f0000000480)="714607574220aa2a125dd1decc93777691c4a7a6ce7cc5ac1470ce3d515dbd7d35f94e562603a664868fc47d52799b2f467c4a162cd469e02c9882c209e24a3bfb0f9cdd43fc5448accb14c4eb999d593e20d0bcc310d4e90ddd5eee942b2e079de8e65daafb8420eb6006423b5adb4005d4f2f788e2fe67b8d4fc39ccada9134c5f15d1dca1513de1", 0x89, 0x4000000040000000}], 0x804001, &(0x7f0000000540)={[{@upgrade='upgrade', 0x2c}, {@rgrplvb='rgrplvb', 0x2c}, {@meta='meta', 0x2c}]}) sendmmsg(r2, &(0x7f0000000d40)=[{{&(0x7f0000000140)=@sco={0x1f}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000280)="3f2a3c71c360c461869a4084871935d86fab0d3c49d64da821d21d4711ebd63c1670ea9086c0", 0x26}], 0x1, &(0x7f0000000640)}}, {{&(0x7f00000007c0)=@in={0x2, 0x0, @multicast2=0xe0000002}, 0x80, &(0x7f0000000cc0)=[{&(0x7f0000000840)='r', 0x1}], 0x1, &(0x7f0000001140), 0x0, 0x20000000}, 0x9}], 0x2, 0x0) 2033/05/18 03:44:57 executing program 7: r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = dup3(r0, r1, 0x0) r3 = fcntl$getown(r2, 0x9) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000200)={{{@in=@multicast1, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@mcast1}}, &(0x7f0000000300)=0xe8) r5 = getegid() ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000001640)=0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000001680)={{{@in6=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @broadcast}}, 0x0, @in6=@remote}}, &(0x7f0000001780)=0xe8) fstat(r1, &(0x7f00000017c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r9 = fcntl$getown(r0, 0x9) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000001840)={{{@in=@broadcast, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in6=@loopback}}, &(0x7f0000001940)=0xe8) fstat(r1, &(0x7f0000001980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r12 = geteuid() r13 = getgid() ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000001a00)=0x0) fstat(r2, &(0x7f0000001a40)={0x0, 0x0, 0x0, 0x0, 0x0}) r16 = getegid() ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000001ac0)=0x0) r18 = getuid() getgroups(0x2, &(0x7f0000001b00)=[0x0, 0xffffffffffffffff]) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000001b40)=0x0) getresuid(&(0x7f0000001b80), &(0x7f0000001bc0), &(0x7f0000001c00)=0x0) fstat(r2, &(0x7f0000001c40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000002240)=0x0) r24 = geteuid() getresgid(&(0x7f0000002280)=0x0, &(0x7f00000022c0), &(0x7f0000002300)) r26 = getpgid(0xffffffffffffffff) r27 = getuid() fstat(r2, &(0x7f0000002340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000023c0)=0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000002400)={{{@in=@broadcast, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000002500)=0xe8) stat(&(0x7f0000002540)='./file0\x00', &(0x7f0000002580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r32 = getpid() getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000002600)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@dev}}, &(0x7f0000002700)=0xe8) stat(&(0x7f0000002740)='./file0\x00', &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000002e00)=0x0) lstat(&(0x7f0000002e40)='./file0\x00', &(0x7f0000002e80)={0x0, 0x0, 0x0, 0x0, 0x0}) r37 = getgid() getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000002f00)={0x0}, &(0x7f0000002f40)=0xc) r39 = geteuid() stat(&(0x7f0000002f80)='./file0\x00', &(0x7f0000002fc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r41 = fcntl$getown(r2, 0x9) r42 = geteuid() fstat(r0, &(0x7f0000003040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r44 = gettid() r45 = getuid() fstat(r0, &(0x7f00000030c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmmsg$unix(r0, &(0x7f0000004700)=[{&(0x7f0000000000)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f00000001c0)=[{&(0x7f00000000c0)="6f9879bdb4837c8ab57239484ed1b89b76463e549f6affd2444873c4ba124224dd814b772e774681ba3b1929a1cd6ecad8ee084a079e1919816ee742a04ce61999b7eeee877824fd0487a1f4b2bb59c9936f0da7812893aaaaaf843bf8e3411ef132e3c6a6ee15c1fa6bfde6c7e2b8a75c50be23e15ee0866b39ad528d8d6d756e0062d66ffb895f2eed87f55befc6b30276683cff9e6e52e51c203e1fccb8a6e3216727fe9988ee473f4c46c0e665a8979b9a9dcbfddbec12be5c1f837db7d4e28d378c91fa2df4181f201144ea", 0xce}], 0x1, &(0x7f0000000340)=[@cred={0x20, 0x1, 0x2, r3, r4, r5}, @rights={0x20, 0x1, 0x1, [r0, r1, r2]}], 0x40, 0x4000}, {&(0x7f0000000380)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000001600)=[{&(0x7f0000000400)="02983a6291e226b9d977e03cfcb534f21f2deb06f05586d2c12cee914670441d7a0ee0efcb16100198f1bc75c8074cb9c7bf54f621f4fd8d2641c6381657561ba6d17e1c5b7145c58e1d33db9912fb0c318d6b010608e3eef540cc1131e35c91970dcda892fcbaea87bd2ce38db78fbe60171fa52b8e2acbac5750d3fd08241f7fa22d5c9e9a9d286fc1d9317ed16cfa99f86c69bd7968c63a2cfa17fb226126874f28b8b44c9d5021fbd1744c2a5401476da7f66f72587ed5d4e4d6a38c3b56ebc6612c982628acd769fd5b2de56d4a63cfd3309e16eb5775819d14a9597d56734e9c2864050e7ea0fbcb462827553b0ef35be4a27cfc48a94e4e48209d8920ea0c33159127916d2b608b55f086bd13346282b6cb97dcf427bc5db3ca6ece3aa03b875238abbd98439691dbe542a5304bb1a2b23afb23989c802dde85c6cc076a843d599389f8287ffe5d7867a7db2975744017961826c94119d2a614e260cdc5cc04b2405aa74deec8851484f69d6ed4bbea4ef30a2a3231097867fdb7585c2d2bef0dad7596c9e4c6d9bebb3fa97006993be54a8d21164c6cc660d372842753638cdc7665fb9059e4d6aa9b371a4567a6415b9b7bf28b65e3f53d7233f236baefcaf8b49354b75f5c401e84f61ac9c46034628e6f9624353798eae322405c1016d14999da1589c6c767b935e779490e1931bd8f8b04a8078f420b926fe83ca0b78af67e3f48fa2395600ca5402106d8beeec14c1eb98b9b1f79ab7501cba820bde73ba61e24281fbe47fde35957757dc3bb0ab1a9d77424194cfcbc3f59b4bd2c8d1646d0cf4142776a030b15f55ae671e5610d5a163d2203d715ce6b51dec1afd6d1f9bdd2ff402155ce5b49d480fbb0d2f507c72d697adc59cc84c913177cb4abb665040bc223ed7f416f4970201c82221102ab02bc0aaafeef16115b4f4184b696579052b03380486073ce7fb5b5bf6592e55a54f0d125f5088ef8c9b252344fd35756667a4991c783f401f1524dda94f586de5e010fb02f3d27a8159a6bf2bcd3fc2b9706e60e6916bc4f1dda557d808fc301a050b6c1df63db960e019937d1e60a2cdb25a3d8048f35e6702fa948adfa69d6be1dce086c0399e1970ccd3aeb86e875ca91f5987ba690e34c2e78f4ed855292759aaabcd3f05760afcac319eb1f0fc0277870f05f7523127a68a718102f934319788f90c08ba19436e0661a8777889fc7419dad59c79c8c7e85404466a269d6b1fabc9ed4203c2a8375bb82030ba0c45f71ff0cb83f0e2af95fc91e67e5b2889ca74351cc04073b51dba459dbb59bfad481ba68226697f13bd1c4829b4caf7d5a93c905265d42d49c4481b971a5ed8da742b956397afe2b669d6d3d8342dd81899784c2f9c43b4c5e1e7e3de7426b1ca843c7e86eea7dd0191b34a6d707601d41e373ac6f3c894077703de159f7f4be92fa348c6b7a9bf6db76a8db926d61fcb84109991676c2281d2b1e7340628ebd8e1e790e27f0f9b4aa5b6d029c7af67f9a00c88d835ec9d1405c454a3d8760681b3c62127508d8d1aabee4f5d77aab13682e07b2fbf2e40b4e1b1f320f8f6fdb3d3d0ef09d65ccc39b0e9e55dbd396412a62601759cfc967359f4227800dc18dfed1b8039cb879939f0139778cb5b57739848b4c08747e68deb78c5635aeb682cade1fae55d719fd96384d8abbe910b137f685927ef1d1e8cffd819b54950a827c9bb51fd482a6165497f553ae786d1bf6221f1222be431243e35218f4e847e944ac850303690eab6c7aa1a04eeaed6dd9b2edc6d884fcd81f5a9fea3d2e98b3cd7564bb0ce20b08f52c30a2743f5148af631f2a94f97265a82eabf7aee9c3c87702d3d11d0a77b47b6a05b369c741edbf9dcea94c4e990f4e164e29d599a68d85800e32a43faee6ab95d9c5d9018901b8d1fd4175519ee7d244f5b5dbe1a786390c070b4231d8553bf764cc2d79662df90c457bf3374663cf68488adcc44961d320fbdbbeeab31596ad9430add39f3728a98d8bf4f319295e631a24979c76dcf0a975eac12c86f9d086cf9d86c9f1cffb596fdf39f66c4fddfd52d4024388d7f2d5a4df5a1b7d506e1042e83dbd6bbc7c393a8a4011ac298c101af95f4f3ccd8df62ed85231e93d710c02b9fea671e39187fe52070ba5608711d47c56eae5c1ef941b102c6f7638aae3dc3a37edabf346977a8a184eb6a84d76e5a14861cdf98b68ba59a49325d902166c2f3a8c6b4d60fbc4cc955856d5d3f9a8edf5d4e4e93086863d93ca1eb22a82bd263136b7e871f82c7d6f2d7f2557e97733bdcebf1bfbec5e69bb11477a5d7a1f87233ddd5fc843a61d82045af680596ba52ebb37f44c721b6d6cedebf1bf3c6ae505d243e3619bad7f3987bbf372dbf7d1b80d3bbb738abb0393ccc4c4e74258f19e42b0df0bf75b71dca537d415efb9df2cf5a52f0c09490d4405b9085e7b522ea89885b33a53ecfdaf2482b2f0b038c3f5fe4b6a8d353dd642b9a44c2bc588a7ae14c776511842364cd19ac8f4fd633867b4283bc2b136532921083b98d49c8f65669b1db875279a01fe5846352b7e30d0416f288efbb74e0cbe650b3f43ca941ab67cc31bab7bdd18e8a568bc542e60178176aff9e6ffc836a404c350749af7d7e242be9c1d4d5ec190a33e0dca6dfb54cae9845dd5b4395f7a367551878ceb730e166f7f1b17f3632e76f0a90872ce71e70655619b14c427fab8d561850cd56d70a9f6911a1c68bb05fc3a070d66407eab5fc9636fce51bfe76e67894ca1d1d3410ef38d70cb315532b39708dcf834d245c9e9ec13039ea3b5fa73cc79bce65892239e3c52853d458b698971a6062ef2f1fa58d3362eabe76239186084e1e596953573131bc131ca5ce202af45ea204324f1b71fc7020362d3ca6a4ec49ae9015984239532906f4a9670e538eaa89fd3ee3e8ef25c5481b57e4ec6577713bced3bfdeb62c885f75fb9e8f21c5a3c29e4578309ba4a83cd0f01251675be0e2d0789650837f83807d3db048bd524f0f0e1bca43153b72d79ce38c84d21ea05a4e800bd301cd860cd88162283eb3729d44c4008a2d83a74bc86880878061537ac5bdc3466512668a91d7ed08bcf097302a95159d97c1757b032dab827bcc53398773594d0c290ed3d7f3f0dc650007f5e9f925d0ae0ecd987429cad111228641b72b0a5912c923186a2fdab7bcd381eeba28f866f1157c0f12b307d28c6dc8c0b0036d55bf481b56832a355abf457569af3d150a9fdcf1f54fe8e20c94507378863f303fdaf7b38dfa99aa8e05a08a3c6dfa689902ddf3fd575049ece618a18503758a179e1df5a03a537313e778f3a08ba38a58b209f9fc8b1040513b8a401ea3eabcdd521fc80d09fa9c91a13d9f676e230c527b96d4c6228db169c6072b356577dda5ca77a512e78277ffe78a01bd5e657294b2cd4266d8bee2162c6b6cc438bc904234d53188da42bf1c4cd35764f2dd18c2e4c50ee9e4e2142200069004ae5eb10f5f7ca761940d518c5f22ac0886261baf1a676ca4db7b5b45e4eddecf26cb502dd25f7df3db6b88d571984f6d6027805072d415759805bd20c01da0d8b5b4b85178a2dc07bf7286b84352c1c0ab7600039cbc2d27450a10adff8952829dc02c5de19c9007487b12629a63d3c09ce2cddef10b319db94a40d755916eefb590245c5e3b31c8461df8d107567b90b4231b174af108b4266df5091c35975d19ef0acb9a6e2d169249407b559a2c4450f3062ec9c24ffe3a3691418deadc2f8cf66545a5949dd96f898c04f8609118644960ccdb9fbfc06adc6edd6768c5c0911e4438b14b2cc862674e03dbc02e0b09a0ed2be6dd121278eca426783dc627ed893dac3268457c17952ad1845f15ae207891d63ad2444455209233ab0f7cea8881f91d7c906435363da38a09677b239337457da189ab366c5be31936d513051b337de562d95eb74d850e7a21674dcb7ddb425022fe1ddf256af4f284a69c594404b31c2cab80052b45d675be077f3c7bc3a0ca5caf350431135c238510b58aeb974be0a824239bcd9401fdbad7802918adf72561da3a548b5de0753ec0173b942178da5f66578bee5bc8b45e819f368a3ef99a988c536cff7455e4cbd902b2838132d1268d403a97d4c496f208174a29f58f78239991f529a976721da9f5949dfe60feead14ffa23ede056565b1951742b66f642bb37a7d8b2c8898e2bded1f5b67e3f4baeea1c0d158e455407a5245ae9eba933072e67f9c90ee0d8bf948b25fe1e6c4defe53bc6cd1079cdacbcdb400b26bbdabf073cf41843cff5662ba3d023798a52d30275892b782ffc8e3a15e233f652ba61b3339951a71e80b17bfc1a2eea91ccca5fb1ec86e7541520af127f5fa3dd7399406b80768bcb639cc6a607dbe18329caa3006fb9e8cdcbc47e15b26bf7bec4bd99bb918ac4d21b5bb045ddd10f7fc84dd1f9c7020633d80080c2a1a42505968c9dac95ff09b83db1143cf6b68cdb3738939be811d6e0489f999f95416033ec581b0984d8bc1a3850f7ccda4e41edb35561e803228a7dc8994aa9c7b915bbffe385665818f6fc8beda823307ee701646fd1c9f1192e1e13ba702fd4fbe547f19bad1452ae670c203037221ab02f814dd0d09df185de075169c7f8d486bae9fc0da0500825aa87e2836d5de99443e806f77779a4421c2f8023712554bd5f506764f57b622d41f06db2b617af1fd038caffedcad8b4333b6d966f9c64ac051564011ea4d28eca8263920b37a4786d206dd7de769924008522deb059dd5d59830cd5010f6c42d31f92eec9994920515a881364e730aff4e63959272e111021326de61d0764cc048ada6469c4c754b051b12691b8e26c74c7bfbcfd9ff09780d98a7c3cd4bf44456bf0fe2a7536e13208680fe3e89d86d666f1b87a007ad173a3c7fda9ed35e397b94defc4decb40837512577f63c220dd458e2b2432522a198f9db7dcc14e470df9e7166cf3b107dd0bc541c634f917455904478a5117aa38532adfc60a3777f7ebb1470e55f7357595bb3c07c44df88bf0d2fbe4d179508a96a33eaf502c6ccbaa4b6f0566ebd2fcaaff51810290e072a5f802d701018ac9134fe967d793e7a51beaf211858a83085305594cd571f308883f206d5b42cb3447df7514d29eecf405fb5e82808d56e7bc660f5a9a3ae472cfaddcf4bbcd4f730bcc3b56fe38e7be85a7a545315d0bb1edfccd98098e4c2029ab7986d9247b2223faf182122f7e37d8548662f57be21aaaa42d8cac9e980201207f13dcd13e9006b601cb85635258e1c2b20e57e17a413be199e770ff4c177fc9dea27682f04619f1a0040552dbd90b06a2581af8df0550b83153c4d32527469970b60245114bb963e05b5b0db5317db9fc0464af6997eba89cb7d92cb1f5c084fbf0d60f0ce1758930926fed44f507ee8b1f25506051fef67508a0795a8aef64bb9eda52d11aee369c65d3a0f7eca2e63f34f1c1210c06e41077696d61eef675b2fae60c457d0450a5b9550b1c7aeb1b9c7e46ef86a33b3f56eeb914ab1c84296c73d74deca74f116b8abcc77cd4d08253e493cbad883e0baa062fb27c231c1c0731b9ed621125ff1b627a9858de83bbb6b12b51819b900bc9782b463ff35ab714e04052c575278fb53ce8ff61b7a4efea086d0d2289181a2ae90c256848923ae9d01f7802acaf220e914c3cf3c6e1d423a369db334207308358e671d79398c7f43258b279b88fccf506030918812844b3f5fce38729a3c947c8e8e1d42c3336240", 0x1000}, {&(0x7f0000001400)="6130d5fd95279fdbcc47b33a059dacc16927203ccf8946480ba9a733302cd615f79efffa6d33646f777547205c1af4fe22fece0300cd16efae640f0ea70905cac097436e6ba2abed1555d904d8408e22b81eb2830687a074d871d5dd7007de7977a1d4679eeb71b25e05557f33ec36faa3a87a690a26e2bad3a22dce36964e61e84b0c8276381aa1757880e1e3d8ccc4cf5b5268f3be0e46d90d10da41911f3e685d97b1510ac07083a35fea939a56d973a71eb26da4f67dd62315571e4a5d5ac803e5553712921e3e3ede037802b3d1b29e0a96cca182f986d1d726b5b0cc7e50d573d08c2a58864b9bff82f2ae9ae4add245", 0xf3}, {&(0x7f0000001500)="99194ab1b29a1976890d72b838defa594dd3c4b4ab5eee5348bee09775efef9c0c36939d434450242c05dbc6cbc73a3c10df73069b591159b2db64054caa8210aa8197c1ecdedf2cbd3f4612de940c08b57df143c63faecfed53fb643e52cc39e835760d715d28c4e5a17ff0cf77468d2c8574c329f0bd8f625de47f96913bb728f2065b0cfba1382091630b528ce4306860f1399ed190c185b36172a9ba4d8aedcef0bf65e0dc109139911b9fa15cc3880ec00e87bfcaa2260018a99b118d1f3d9b0b214ce6f5b2d00e35a3e899346b19706e4a", 0xd4}], 0x3, &(0x7f0000001cc0)=[@cred={0x20, 0x1, 0x2, r6, r7, r8}, @cred={0x20, 0x1, 0x2, r9, r10, r11}, @rights={0x20, 0x1, 0x1, [r1, r1, r0]}, @cred={0x20, 0x1, 0x2, 0x0, r12, r13}, @cred={0x20, 0x1, 0x2, r14, r15, r16}, @cred={0x20, 0x1, 0x2, r17, r18, r19}, @cred={0x20, 0x1, 0x2, r20, r21, r22}, @rights={0x18, 0x1, 0x1, [r2, r1]}, @rights={0x30, 0x1, 0x1, [r1, r0, r2, r2, r2, r1, r0, r0]}], 0x128, 0x4000050}, {&(0x7f0000001e00)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f00000021c0)=[{&(0x7f0000001e80)="e446996ab81d9fb3f1b0ce23a7e464fde731e3652fd280a077ba7e03af7891f0fa1177cb19e2e9cab2dd1e52a45a4dd3441177f361d2e5c96f633ece5ad9103b83316251e277435870e5462df1ba5b3a231597494e24b207ce412fbb273a287e625fe56cd90a27cf276f5ab3b7e51620ff337b831fe3185721e3809ff1933a084d672740480f3f27f1dd15f934b15baa56d7a732173856d9198d83b6cbfac851c398ecc11a87f063ecd5455a1d12ecbc8cc6baede7b42bfe43af96a674765c5cf74692f44eeaad78792b1b28d9f42a6c61450311d08fca4c6cd76e", 0xdb}, {&(0x7f0000001f80)="57b0477b2c777db5d3c5ca7ca12d01a2a9f1b359565a825915fb733092f6e75e422e389bd696f77c66edc2b4b24c81510d25ace856a4c12e9ebe1fa4c02714b1d469d8c11021a1f4", 0x48}, {&(0x7f0000002000)="65200e4cbabad86a984c060d180339744dd6046902830cbb3f0ce2e208b5e785473b181d8c5847a801fbe9113e6274", 0x2f}, {&(0x7f0000002040)="740f86a2f17ac91c48abd562eb7524cab16a53bdda65d534a0ae45db1ea9195c7310088f1ed056846b245fb71a866a308a6dc621968ba1f4e9bd67c6b8ddb0c91bb7db114727fc6332c5e43bc5df9e3b722363b31dd9d984d744de5d92103bb79fec1f8679c13afc22b8c754a8e30e0c9a8d69174f5d8586a535169f80a32aec83db932c018ac5303d6da68a9c2c59835c53163fbb13d0ad34bb544fd23411c8ca0beaa6d4138405d32dc885a0e5a1722bddad2070f686c96ca1d039e61547a3eeeeef34762ad2276aa90307879f45cac6b5cc6de5", 0xd5}, {&(0x7f0000002140)="faf62c6c428b5a0984e99e9f4b2ad670d414ef3466d5305828afb05af6b3ca64cb95548f5ba27b38f841f030437d8e228c489453ca5b0128a28542332d875577b04d2b1105346c169c", 0x49}], 0x5, &(0x7f0000002800)=[@cred={0x20, 0x1, 0x2, r23, r24, r25}, @rights={0x38, 0x1, 0x1, [r0, r2, r1, r2, r0, r2, r1, r2, r2]}, @rights={0x18, 0x1, 0x1, [r0, r2]}, @cred={0x20, 0x1, 0x2, r26, r27, r28}, @cred={0x20, 0x1, 0x2, r29, r30, r31}, @cred={0x20, 0x1, 0x2, r32, r33, r34}], 0xd0}, {&(0x7f0000002900)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000002d80)=[{&(0x7f0000002980)="7e10fe961e24938dc0ce0a16c828a097336d6dbbd39652ebb2a1340014c596cdc4266da921155024862516a041f41b8aca2b6e718d7bd0a389bba697b938e203ffa12c4b0cc1903eecaa8d728151a23a0ae3", 0x52}, {&(0x7f0000002a00)="82681a21cc63ac57e402f02d38c06fcd059763d236aad1ea28dba004a2d752307c9831554ad0a393e5b9a5abb07d79ebcca80e478bf2b1559468a2a9c20e378971bfeed1aa303404d54695bfaacb4e2cfba9844197d8", 0x56}, {&(0x7f0000002a80)="b9f0c47af8e92998cf60811653732f88bea8c1144c5e8f55566ea2f1c59db63cc4e64c7e4f9156922e3c5f88e6d3a5aa1cefd9c067e2ec20659d612e7896749427bb13083cd9237e0f7e127a37eabc95dfc9f4bef2c993e2c49348d87d728b", 0x5f}, {&(0x7f0000002b00)="7f1c54f7b3269e16c24e80109c61371853eed1d4a014f85700f0d54805b773bc279543017f7abc7c562619ef9210bd755579215df8f3f412721d43cf6669c608afbfab6fa17265322108332dda99c1e8ac23caa5b4e6f3dd22aee4e7822f1a3d6a4beb24652cb1585fa0e8bbd54a1c14fe4b7518910bb906acf15a05fb2b9a47af1d7041050dd48e48e106887c22f5d2238a2ff1566201e573e79056ec63628b2bbe450dd6dc536068bf20c6c746d395254694c010628855d8d44c50e5d5dc722a4c5caa2f7550de57be7c858ed9d6366bad", 0xd2}, {&(0x7f0000002c00)}, {&(0x7f0000002c40)="a1d02a727f3647b77277c051f93931f1207fdc83cfac1a75ff826d134eecf98adbe6c95e75a1318994006faa2eee90057a1a84ce77c898a0e6855ce5f042c429854dd68d6a49a971291475890adab941d1bb4a0663e6280e99ad408c2a8922fce9933eee24b6fef81876362589eceb13a32edf56026592ea8b5cd6023dbc6d379089c5afc90237f162ea89435637136fba8a300e60861c8244e0d3371011910e4e", 0xa1}, {&(0x7f0000002d00)}, {&(0x7f0000002d40)="0ed2758c11308815a187029834d7507b16ab92e5d329b21d116d5119961f86cdb115eea346755d", 0x27}], 0x8, &(0x7f0000003140)=[@cred={0x20, 0x1, 0x2, r35, r36, r37}, @cred={0x20, 0x1, 0x2, r38, r39, r40}, @cred={0x20, 0x1, 0x2, r41, r42, r43}, @rights={0x30, 0x1, 0x1, [r2, r0, r2, r2, r1, r0, r0]}, @cred={0x20, 0x1, 0x2, r44, r45, r46}], 0xb0, 0x20040000}, {&(0x7f0000003200)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000004680)=[{&(0x7f0000003280)="57c2ac5f733def548e18ee36f1ecc7d9a66f1d797ffa5bbd3554c049c803ada10c68a5b9250f7393d7e26bf4175380cdd83776b7d475f16cbd0a792afaf1e30b4e53d745bf65646e0ab5d85b18f74c0bc7ba7a0656663e", 0x57}, {&(0x7f0000003300)="6b761639908c4e8aa5eec274b91e90eae18b52e60d947b140a521a1fe17f729b9492d522bf83d3833b9e52b3a84ad6d7506940034af9d08a0718e47c36231d", 0x3f}, {&(0x7f0000003340)="b0677d5c322efc428cacf6ca15b5c66df9ab427a76cc488b12e2321a488ec06ab3871803e6f8a98adaf427c5912cb791c90805c6e3dc0a86484f520913cdd6b877528cd2a2dcbe548824e5e3ed500f5537dba81d9a9de73210b42f97bdad2c73891e2e2602cec4b3a63afb22ef550bd07a447ecf223a2782342c96baf461cb4e69e87023dee75983f3ec26996f5b3fa3670f35c18d8887d5c61a5a56980794468c99e3a758fae85c06ee806d16d7f21af0696c", 0xb3}, {&(0x7f0000003400)="695925e0418f69d68d83803fe235d2381ec712c1deec7f75d83d", 0x1a}, {&(0x7f0000003440)="a0a05b8c76e1c993127972b137072107143fd12138aaf3615580b2cc0ace7197d09190f7145c49ea6855eb9aacc06193bf7816b9b45bba15796b98b967fe54eac0790e6a81f5a6c7b3bbc940a1c7f7f60f4cc97c0e011fdb8ef8dead2d61e91dd0998654008ec811a8a53cb435722def5e1be372c8460a1afd43564e5c3253116f58097684c7838f7dee7d945bff447f2046bb5f78be6f6030d124107842444a86f7524144c8b152efa932075d94e4e4e9c559f5359ae67d51dc0105821ad8ce65adf881cab05da10e93a3139f4b868b74464b53e7c4eeb479032b10e14356ca8326618db5e3a6d29a03fe427aa4c4f524eb0515722b0684", 0xf8}, {&(0x7f0000003540)="7fbe65a572b730cffcacde8de48b40d8483caa2cfec8c0a34dfc99de8682b921ec06891972151f68bf9ff96f20ab35ca721e8915489b91c1749b4567338faacdb95aa56299bcacb7c422816fd6c16bdfa928f8d3746b2350065cf526e3683b6cd9592a835249dc1ce1459119533afb6f775048c2f4bf408f1d59d83b2d1b", 0x7e}, {&(0x7f00000035c0)="f0138b85db6df2a815b3fcd05eee96336773cf0fe2ba8ecb8b3773c65330854804335bc8f8efc19bbc87a704d151934a1ab2d0e3f6cc6289de4aebcfa2a579b53b5fbeef5dedeab0a835ffbbe335d05bf0cfdc3a912a5a3850d5401f398186f180f422f483613491e0e83a19d5a2e410c0d83d54cd75f8aa282f516989e0cebdf3534e4b1f0974f40d403df460321a0d73e08ab40e5a2754ade4056180d0b2da48a37c4e940dfe8230d5846ea5a1dd0fbaf49acfa60cf8c7c0b98756750f2ba2e14a10a305b10850dcdef56b47751f14a446de25a17cf27eefe2e99330b4adeb54816678cb140b7fdd7c3ebebaf6e2ad1d11604b8b6788ad3d19ef857aa8baad3c821fba59c451d08631b521269570b1ec9cd4ed199be60962c90fb7e5d8592fedcf7224faa3349d360d2d198d06eb4e88a5fa52be083c8a18cb88c6e05f4a71f84714ba01c765e8deded8b4e04b4bb66971d1ebdebc08cd22717c09d6e07926a94d022f4c008364afd49cc3afb6700486dcf36773a4a7eff059a7a97905740821391b819f536c4beb6df803bc798a01c450e7322f09cecde943da2372b10f1c13f5fa6382730820d5789463038f6356eee7ef02da085449d5179a72231ea408209c38f19a29325954769d2d2910132ae45ceed5982a9c0e654f09fbef9bf49ed209eb50dcd24bef2ace70ce1f718df527ffae65418cb7597c765ac5417318ceb3a62ad361aacf474c37891031b0732dccc5976756eb86c66ccc98e9b1d0622a0b91ff6da9c553aa2be338e57851b70357e5a2e6901df33afa2c341082c873c5a8b3294c9b9b241dd0a9e5dc00dccfc2c2400a087a41568242b61a06cfa59c3bc9f5f7ad59d1641d811f41dbf86d14e09a795de4eadbcc0f9b229af0f434ff7437e2a5ec57343f6477985e79fb0c508ebbf11d114e01dd4b95d73c9aa8352fc6608240452019b97703e9febe59430d00ebf0308c8eddac58f51698cde48a81e44a10db72630e9a353210316f15082e65e05ef1056693d45a89a5e0260ef7cd067e32a70dde0d1eaa4ea244692e0aa8677e5dbefaab0426f8d33030f09ed14bd699a34e42733f0fe82f00e5ff661e83d3c34e76d1df5a719001d48dff205d525477dd699c185e3b62a46137e05fd0e40670eab6a1ea9c44438d1577699a263c0b85be5e6efa9c9cd1b738eaee07647690d609ffb4b424486237bf2f5f84bb890b44e1fb64cdcb12ddb4f8d8409b405788d89ee211493fdac7e790d727b3529c01af0c9e57881f78021cc83c28f6df83871a323464f493bf5730ff5e3ed9467e48d6cfac1fd8b4eabb296e8b1de6f4eb9838326e1f0129e6dbe980f3d59ed269b64eed207d8d11415b2d92d94784558e08c13e784f170bfe8a8ed9baab7589104f9ffbdf9058d3dec0c881a99ca099f892576565d616addb08ed29c6b71b3d26bc5d79c0406db425fc716793347f02273abe88a6284bc789e400c973081d0b27a46ffb3f11fa11b4c5069e02b60f338737b165b202c6b56da1b2ad5c277b536fb7105c3a9373358b6e12fde396da281c630b34249ffbb1f5184811fd2c621f332a3701dc605f836b9599c0d06010f8e856d1dc48515053917eaa4de28910fd6b6219d70b8cd79cea06ab1f7650786a55f4e752f22e747c59722e50d9bef16aa52c3a437fd0ff19b08f0115db5f1aa8084089e0d826612f372d7243745bc3822fb58e30dfc7f0664768fb2a5beb42b3b30430abd20b585920dd7ec882cd7c84c9c6ea662bcf8356707522ec52b6b8c518cc41bd0d2e91361e7497041c52d1cf60581597aa86f0d024def2ece71ffa283e12ac8e054e1e1a0d1a12093578be01e7724a99fa0a37e5fcbbf5313988114c7107026000a5a4cf6c3d6be7c510aedd3a056a5873910fe55fbb44f6178a3124bbee15ce56e6989a2e5e9f42ee826826feb507597697de0a9924192d11644be5f2f678aed2bcbad0136d6a27c0f0bd634d60333a7961af8bb635dfe22d415af504db4cd078f6291bdf771b23881176b476dbb345c1edca114d11ab193ee02367fa7b353af833f4477be74f3075601ba4b44d218445a6f1730deb254a830f9b1a0b075371412907cb2d2ef8d2510e3ddeb46211ce025b2ad15c3da6baf079ad000be4f91fca206342aea074812b2bfc360dee9beedce5e27cf247e222220346bd68988a83b7acafd7ab0d5fe5c186f164df8c00cd0b926060753aacec50bacd4d09a8b1c3e8121535708b94afddae12229c1003e2f05979838f34bf148366aaa66f916bd02f8a3eeaee4de50aad32c858e11867d50fc49bbd969fc633776e859060bd3dad82c25e68ef99ee8c362e6f728962f1b7bfcdce6e961a0b6cddcf24459afec6e63c3f171d2d68e33c09a995c9ad15388764ec2bb48af275ffb9623a9318820fd7e5bc9ebf2a9522a846a0005691327d129a57b660dd15a81f90855804fa86296ad595fa83f1b73808d4940d067c24df5ffd19c5f1d1d94d6f22ca7893d39cb503fc77d784448b8d7f78e2e3522c462878efc93a13d2afb550e146d4047796cf74143d1519a9648b567ee5857572f6c96a4ba712f63fa738bad1033aa4681037d2d864ec813df3022fbacc3e9714f30edc936c6886aa9378e76595732aeedecd1110828f97f72739dc6655360aff842916561f5a63c9e139cd29a85b076a8da76d242ddea8d7a9a8fcab356f6c02ab5638b7b9a85b23e4cb2715477be07a8cc2f25d649c3aac0201d17d8bad5e4b055739784b2577d9715ffac73acd50b7c2e48e6efc86591329346382228938491fdb866ec4c738e443c3330c9286f34d0ae050cf5527c9cd473c68104ee8a6642ec0a2cc8520b0b8d09966492f8a12e2c9f557552734a569ecfcd581997eef6f86e276f0c7882595efa4cc609b49dece628020abe411b5fb21e02ab0fceb8952981a141a06b12204cfaf0f6619ff907dc5670a9352723f2438798ac80ee2ef0779de3a2e033548bee3adf3a867cc4a7b0d12d9fcf6af17261f15a31361cc81198accaaf7f2ff82dfd9495bdfad129ea38a08e0c205f7067128c6fb541b0c3b946a5bb2ff848e54e38495f9b779827915b36e3f4acdee19e6b894a9d5276918f17e6eb34cd6e72c6f6c16853727321cf0b6d586c4b73614c4be7b0c2d9093ae691f98f35309ba1df9da5dabd108b2e9f686cc5d48cd2cb6d2d2cff9627c0410553ec19f1e9dc4bee4d9b41a38349483a52a15fde2e4a24e199c0ca30fdff937271a515a4380dbbf97dfecb638bb2d96717e5dc7338f87b3bbb898eb6d60f2db104c741b776244efcba44171b00900e60f7b03f0a91489a2da3dd783a474207cb55c2565245944441971a89c5441a2b58bbd7ddbb105877ad34b6326d58cbaf991a38502a2360a81c6dc6ff6eae8664317e8fee1e80c0ba8e66a30c840652285956cf55388d4fb37ada9e297fe8ec0754bcb3d3317ec05cb47e6b44fc6f611976c239002acb35399ac5fa0f93e485257f6bf8f7e36dc6ede53a9487dda6d3232a119cd2ba61f1afff5fe8ca5b48997fd3c108cbc2132b292c7a2d609e14174b4954cbf8417f1284f9b9ef9e441de5c7f9c18311f03bad871c0e6ab31a5e593df88fc648d49085b7bbf7997d4dedd2fb1fa0ca9c057cadaefe8cc426ed8c2f476b64d04cb8bfac86bf67eeba47df3543fe5f19c44719f2c1237080c52bf98b06514d01ed075cac5417374a421b32e870346abb37a8d58ffad3015472936d231113b6e336ea23a2a1d697818c3c21f6a885b11c431e6b4ec05a3a60720f3d571b8dc32fd19e7992f1078957997e140f5a04bfd7689a6fa14206f2733aaa6e17dc8ef29066b374d35c3aff5da5db792408da47ffd8cf85bca7ab8c202b35b0bc96ce2c36a8771355e4db89d04282aed0cd5bca9f98f319e268b27bbf9e0c1c1c42b6898c38c40af8696175c9b8d8264ba8a68038c0a51050a0f072f47ce0caaf64efe0acc7df6ebe748ddd76be359d80283965e8229447f1c20393b86c564718c99d092fffdc911e8d4c9457814768aabeafd82ab4d99b8b19b3dc6774e208204a97ea791bae1355d10eceb224587531c558f29ce00b41718dfde8017b400ac66ae1e9706f7fb6817978c1dcb80e46469a290983566fe29ede5d502648524b4fb7bd4d02d3c932ba3b8aae517b72af4bb8134e023a72e703c094e4f191e0c02bcabfc70639ae2ea3e2d9118c488ec499609856c05b871bec7090f121bafea718bd1312a829fc302dd915728b8ed9cc24fe154e0a452937dde44b7e965458d4d73a141b1fd81642cd5d4350953f86e813610f7a5ccdb78467bcd7dcbac618394fb27aef80639bea49fb76ea72986175f02ed0e8e89025964c93af1265546518b0aa39d638929495e7e111ec5e13b4efb6ec9aa5c4e212f7ca3af769f4e5955eb3f4037bd06c23fc1074c3a37abb82c7d02a0c2afc79475baa71ef6971dc82a1a32a451f4b617081093d8587554f591305d60bbc8575dc2d6570064cf8ba342d9da1ff09464c161c794e463c0a6e17978f4e06c71149edbbf3edac0b737d750db59d05252b09871f4b2af7df370cd4c93050257b0eaf0f3e2976f43d941fb5b1d5ad277b8dba7f39bdb318127d6decf55fae7e3f55c6954b00881385e49abc20e7b2b1452fa8cecc28e56da3180478583edbe9fb83ba37c794c45fc69b4fad9ec4a253afd110328ad0a2ac3572964f4c4229fa7ab85fe95891f5779715b8491e1cbe4b07815fa37b7b182d8f54e80335d61c74d96f3bac76feaa6cd18a6a2fc1327d7616de98fd1b513ba0b122dd1be1075a744c4c758c849d10f7b8106b86322cc00ab8e2dbd805c0284f5627b77a02d9ec902d41dfb972430cd13de3ab8661ec92df2bac5216eaaaa2046dde4022eeec3d8a29be2fd791262d2abdb0fc7647d227288fd2cf5d439d02ac6e3fcbf2b6c30e8fa205265b08ad3912f95a77179b242249a5da8e6580b7a248c0e59265fc4c0ea6bad1fd9d1e181b133e5adfa92cad0cfb71132f094f769b2665016749f7e8faf0c37f928fd28ccdca5f44f8c4a422fea2e02531e8dbba6de5dc0f1a1436ff5cf923fb682c1efb6193cde0613d6809653ca294b4900721a7680315ff747e1c320c554caa97816fc696b3e3bdccda7ffa2784a1857e79c4420af2110152432231e7d2d4962d54c839086b874b066b937239f4afd86fc670040b7a5081d17660fda8f349187214997f3ab4ba8cc03abd03b2c8cfe665a16364e93f41988b4d5e7738a40dcf49e125920c095373aee6d2ffa95a95d21bf815e9d0a56943b45661de4224f92a1b07b58c6c2e3ab27d95e1182dcb1385b7543622c06848a39a1d612fdecf2ba6abcb00bdef418b29bff3ae4b07fcf6e80a066c5e572dac7267386ab3d41cbaf0dafd3d22a699e286650f94ee102bdd06b1cb0d74acf16c19c205045869a19f24600252beab89fbb4cbe9d416d886de6a91e9d21384113bdd568d1677a4927929ffa09f353d4cadd2106c20cd772c0e1b76b066cd79bec85c05fbb659e5ab3ee95d034e24089641be9016e585d1c8e30710fe07646e7af1d68758859decf2449920f1cbf7ab2132a9afee24bc052a42fc93fd3cb70e8facbdc2964721ed21f47c5d544bc04673997169cdbac48e174cfadaab1cd6533ed67f54a631573be5d01256b9190da1e100ef85e1167c9724f0d12feb2ff4e293d5b4c5478271457faaccf80a611760a403df1576a0404b8b114291466d152bcd81be18ac212864c62cde893033871c181a22ba395f9333b6d", 0x1000}, {&(0x7f00000045c0)="4780fe990d665d53d381e24901552281f5f04107df77873a4e6274e0e342004b527b4ab8f911c51b117f88ac1aa747b88aa04f551eee0e4fa038a01e8b7c17279763bc5aa4eb3f7da09572180f6be8dedf38e311cbea78cf028fa594a0aed27c5177133f007a055e59f73eea9dd211f261c6fab325eec2f3e90bdc24071a6e4a052a92", 0x83}], 0x8, 0x0, 0x0, 0x44080}], 0x5, 0x85) 2033/05/18 03:44:57 executing program 0: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f0000000040)="240000001a0025f0006bb404feff1436020b5aff6e10b500000780cc0800010023020000", 0xffffffffffffff80) setsockopt$inet_tcp_int(r0, 0x6, 0x1e, &(0x7f0000001180)=0x7f, 0x4) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000000c0)={0x0, 0x1000, "d727994198868a8cb830270088f13e4f51898d300f508279d13959916f2bc3c7e5efeaf22ffae0e5797244f1247f9f8d0945d01e2a04f674be096ca325a1673f22665c9c5d1620dfaf93ecc075775cba7788e086a59536df54792c0e717abd8001fcc7c873870a79acd3f764d88c30a80a036fd7d89c724cf18a297dbd8396946f734a544b1e75156c9776be02c03848bbb54d7217a19300e2781e17a2c99ca36eb1c335cafd6b05b51f3cd95f1895f58cbd3335da06959a9c8fec82a8e65962f55840061fda2aefb7cdab6734ffd16e6dcbd1d7df6359cc7dfc15ab0809a01a0024fb7794ac8712cafb5ff4b62c60a9ae9f178ef75c3065a1f50e368f14530ab75a9bf26e45a8b07ad279b72f03e733e1fb6a53ce27e00e32f2c970cfed13358468f65dc1ef4ee7951754cd81bcd41a80985dc740000c5b962a59d609d0a25e665e2cecf66b7c0ce85987cc39adb4a3b4abcde114070ee2ab4c33f1fb8e19faeaa5655e51a74441e757e290957a4e3ef872d86b54a78cfd366cc423a9ab0512d46e7f0941fdce622c270d9c0d3825c1275fa2b49f4f4451493ffb7828e60882c316a91ac479a25c750b3baddc58b8a0b3c75b5cef02b247327a68dc6ab313622513cc7fe6770cea4ef0105089d57ff40004a08fcea7c2726f0ea993167a9c5ba3b4e3a313a4c04a6bcbedd5c1640c052480b6bdbf400e882dec2877c2c79013a3aa34efc9c2e13bbfa0d8cd77e0fe74d131986ad7d0ddb2c5ef60ff6c80762ddeb75aaba719cb3243312b221c178113a798a4052fe68bfaca143b8cf71c4abac3a1577163bfb9d150d625719d22184d73238e64de01c4d540f61499141f818ccb4eed66689f93c613d24dbce33add6a8378d674aed420167b40e851bc5941342ee2650865358d06707b5ee8a249390f58a58daa0e37718c6b99cb323d7578482884fc00cbc02ff4e4350070ef85a0800ba39d4faffa59f6d6a119ac2899d9ba9d7a8fcfe4fa7b5e1a2ade41689b5c1e6695eba51c58c3fd74786dced31f6aee684b59ecad44bd2f09e5cdab544fc25711f127fa44a6a5a2c289e3909f5d077bb6e7b680bb2a46c4a86ac5879057bc1dd0d7df0ef65e5c7ecbab2281b3d043f3cd1238b74401c0947f705694fe3eeee4f8af8f3a0f01e5482f58dd342cbd318137a31038b1b7f956f62a08f2b958c6f85ada2f4fcd93255ac75f0db486f12ccfa80e16fca987b23fa8baad439cfc53638735a2bb8e49adc6b8dc431ca9f67061d37ad59863fcbcb62dcf0d6a0d9073c2cd8caaa50871902431c95268b845a89f6d859183168a445ae6f36504e0f1182cf3f6661007daa2da411727fcff097f8b267001eff6f43c404eb832af2776d8d12c75e5e47770f8b2cbdf4e88ed6eae318ce59f2da2ebbaef2582147a06f9e1924e0b00f83cf196066e045ef5925cd2866eba0ceb74e6021aadfe37bfe857feba421244a5836d72793e1047303ba3bae2309d57c5850248aa6edbfcab5733c543f86ea1065e07742fa329046d0f9a999299dc53a2dfcf4b51141c2e9e9838c25602ee61cf79c03f27421ea2cab9496b6aa28fcaf911afcfe4fa9f2c84958466fe014078edcd8739772e08b91ac31329311ae1e14ad4597cf0f7e4ff60332a0a17fa777f057feff787ca695b0487584b366425fd0d65c143e1fa563bef8ad1931bc3fbe97084da608551fa8c7924627de47be15cceaf9aa0b6ad8ed40a36dd740303fce4b0c3170ab781370aef0869ab06b4927d4b190477682e2ac8f1d1267d07d61990ad6514772688f1b551ef7e410a164a0bcbb86be67a3c6e754e7a33dddd290b0abbe6cdddd8bcc6ab5f59c2119b34d2e128a0ffcc8da31d51afcc98c120771c43731e49ffbd23dba9cfcbc1212d8e515a4e4b1b367d1570d558bcd2f2aa84c0d6984884710edaf8accdfb9fb3783db96f1cfabf84e89107a5322275663c41829dc0586e2e9b901c21e054d878331039f8bdef8d1cb9e7859db759b2f822e1a91cf14bbaa2ab49d4182b1d65ac41ba0aaf31bd7845edb1d35b145c4d50a6119474cba18a1c0a41070bc1e0b6a13b29daf893f73619083fff3e287677c5051a1d9cea175d615992f1aa7d00a63f477dd99548ad7fcd37878ea1187f7b2b78925e3786bcaa28a832809281377ac6eb8c679da638a96f5e19eef6954308ab35017c5b13a55b462792636b7557fabe044d2bfa01af230e2b91ee76d3d631943e111ab6599998b2986df1a63e1e7bc94e06164ae65ed939253f3756b0c9ac5370398e4a9640e122a582736667b58e58606590ac4b7e4a9f1f0d12b79525fa5af68b815ff2896c38c3f8d838e1d6dc5897da984823c2a0189c768cc87814191b70a2b13f56c464bdbfe2ecf2ad52f24591fe344cfbc0960bb6c77773b064dfbbaf301bda28f1fd9f870b539d145ec8b7f335db8d867a716f17aa6e8ca04546b5a27ca2c7c51a31ae4811f819013b9fa9e0e7fc687144934d593d9251dea80abe39befddf1437a40698a0e3932870cbb2909e906c9c47008c23ff6d6f1c53ca958ae776d72181982ec058a5671af7c1ed27165d4b0bad4611f4b6666ea152cbfdc20032dbbd19badb8f629bdd7e3c813849d08e65d05d1000e0c235e377659b829f6896c4affbd6ffc216f489462f0ab76aba455a0202265c5e14f7c2e19a936c826b704c92195c235be5b871115837958fc96caafff256fadce04988047997fdcfb31d0c666dc25e3c78205c933a3647aac1fc008b72fbe1d230b744af7f449dc952d5cd948032a5e6af74456f501858f969a038d4e876e5318fb186c08ac404f875d39ce5f4a80cff34cb4fe078be7ac5db755fb75236ea96cdaeb072b333c18b8a03edb32ce63f972e56bd6f43554c78446e2f9d8c7d91b86bfcf8f076c072c324135b0e27640bcd2b0a2e50d3f406bf64df09cf589aa16ebf96cedd92bcc60845b34863680f9fa4e560e36f4891137b9c967b893de7f1621e04b35dfa68facba80814227a86b9326054b71af22c860e07053dfc596b3419b00c8acc4fdb40b8e71658005e494eeec27f6c19db5997b9ae6572fcb52788b44a5c8b4843ec75a7a980c64398a4ee67ce8688a67f42e603e6fd036a40a6e89d73ced125408da681390b93406d95a06345961efa3ed8a4025afe204cdf1f51b2f866096b69aa0fe37ac892c1402139dd09c7925c9de35bdf90bdf75e860d45828bfc4363fa942e1c761bcc241b0ff6cc82c05b0265f9c5c0c0d6ffad49389d070ea107224efe047d941e97219a2c049d0c091156b82db4a79fb299d67f967bb63bb7ab7497889682612ca4240006e3b267d998097d3c9cad04ad258df7b668dd36373f8c7a07cbd2797baab22d437f9246b22d2329acf9985c15a55c2306a9b8a0d0700ae487b66d85de27be95882b8dbe1727828e3d03561632210646703d04543021bfe5d91b98ec8a238bb690b7eb4f27dac8ca7c3646360e5023549984b09db1feee4102e24e99aaadff414068fe92fc150030f7f861c6930e9567c9f3b45b0778b88daa5b0f73a69139a8027b376a6a7861a2ff39d85025c785173bfd1a2792cc0bf49ab20ffc9c246421e449bda3e88f7d99413eef1977a63e20fde22683c76fdb4602c217958d6a80dfef1f4c7b5410573aa7f76d1dccf27f97805d934e92c99c1bbd26297b3b978e7f8c95af818a972332114d71f8c1e3f75bea9cb061174c4c3d3fc726b1f2605274364d9633f4a682e1c7800f40a8193730bffbea8f3ea2a3e49b701dabb723ccc12ed3d5c2ce2044feea461a4c8eae7f5936f6eb248cf5ba3f5445480a5f958a15e6142365389f6950f854b72e67136072a8f3d5f00385d431c447de4f4b31caaa0dcce50454cbf01ac811e953d7a6066a7659180b1dc964dc70b0df771f946cdeb5b7b633c821531124640975e5a3466130b7c593f6b2bb4e18a6e35816695f2906a2cba1b0394c4eda9d980d0007640b0982bd8c740dcf0b3fc378fbacb714d3c06127bda2c1adb3eb051d15b6d94a9f31a117b384bf7a02498b7236b08e33a0d15e675be1ee677f779db6e6739a1e9cc40f21acc5ed91b8602ec48dc4e6ff0751b61e70bd1ab14503ff87fdb0a0aa8a123d5c373b16f581e644142ed7c9b364345c07f4a0955bd1984310d0458da3623ce40f8c6d43b7cc956da846f1b3ae863ce95dc5bd9672f6dc024af52fec8c417dc44b5aa4c51a701ccace33d91a40a4f23b3a881d27af812a5da3f3f4a754d154c56cb5755fb078d03596c87a953c8e95041830329f57a1dfc7c6119925dadd1cb90ce75488072c2dbc5093997059d7191c07ed6dbf7c37845fddf1a93abdf9adb63f7da09e7b4e30283742bbff49a5730715baa2753ec704a1890b09411eddc775bd2f365b4f570ffb78c3a6f0814d1b680c822ce6627a3c22dc98fe35a66e9deb86fa28ede20131869a530bd7bb03e682b2093b4387d3f750473b340206fde9783ae6df9861b3071a951468308099a95fb8b14892519d795461e121566034c1c8ab9abd3db019f7c2bf4b68d40c2ff8ec6699249176c91a07656a2ae80e9822ed4a751109d4b2be03b33c568261c28f13f73f0127a6e1f12b0b764c104a00a0ddca782ac10c4bf248095b17c16982a529883bd6b95e9abfeb822476faef73858128a526eddeace727d126a6243ac1f1401f4587bed80081e5ebb7a7fae302cbef0c0a7242f0417f63ae282373e4cbc593bb944890b8435f197b0ee9c169bffe8c1332840751ae78e319a89f7620d3957ea98651896d73bb18715d67ed52b204e0fb0235e8347a211f7af2015e5eac11698c3633743bbc9eca949a5b70e2c586a30e26170b4fc7966f4bf3f348d6c75e1136dda78d4c4cb925304beeb2d0b13bc1133d71c3959a28ec8a127055f7319229248c8824bc27b6aea932e68670d13e19982c87b64ad7f8df9429502af0604f415d088fc34ed7b1450064dc010c7300ec4b3356f6a98d25055ae24000747e5ca8d16b0e8692a48f02184fe9ba24a667b4b6f67e8d86f308683273d824802c5ce247e53c99e3baaf311d01133365b8853d9bc40aa12ff4cb4f18c4d2e89ed63d05772a3222c31a9f2356a3cf77453891314830f3f8098979f5e1f6a42650ffc417bc46d1dba830763ef4b2ce7a533d8da265fe0e58b69a300cac0acec0c56bcf0bcd69c1b220b9d9fe11242dbf570c6350e62cd5aec36ce5d60d4f9aa41556cd9b5eb19c56d35368207b553511269e3c1b406c38f6e55b4831e8d73b7000eb1947443f23d33dd1bd0484884716c4951d18234c796b26eeae5001b40aa28a5753f023d4700f8a41273f1bc92c5627d9d88a273da0f17756f2465a68955c9bb6d3b89d94c5a89323e187e77b39a134364708428fa9be9f8a664e4e8023f6ea1c92ce4eda88f457a0fb6ed25d5ce6bda319a75859ef104ba2bd626d748374f6f5cc7d7d9cebb1822020d6c665d51ce83eb3087ea1eb3e6db562a97e6e6539faea62196c1eea5193c975fb1a58f09499d581edbce233b088905847659bd7083c457dace7edbde659387f1cc45404b1c2905adb1640abb2f49f1c88263498128a1c9f1ee52fbd8df1238560e5f711046414e2e0cee2b8ed044b3681c91bcb56e5bc1de6a192f6a56aa174b98f50c58d2304cc144a7928584e5ef038f786e6a6c2d5feaa4f56c1b528c5b943eb5d24ec6710fa62173be0bfd621b173330e11031d86ea0f67cfcbec3e307b2391491b650dd678e6f60f575a43bc0f6c9957d030d3c75f6b95cbb465e656380f81"}, &(0x7f0000001100)=0x1008) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000001140)={0xe, 0x13f9, 0x200, 0x4, 0x2, 0x101, 0x85, 0x20, r1}, 0x20) getsockname$netlink(r0, &(0x7f0000000000), &(0x7f0000000080)=0xc) 2033/05/18 03:44:57 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000080)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_RUN(r2, 0x4138ae84, 0x0) 2033/05/18 03:44:57 executing program 4 (fault-call:4 fault-nth:81): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) 2033/05/18 03:44:57 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c6530000000000000000000000000000000000000000000000000000000000000ffff00"}, 0x6e) 2033/05/18 03:44:58 executing program 0: socket$inet6(0xa, 0x0, 0x9) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000001440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000001580)=0x0) syz_open_procfs(r1, &(0x7f0000001340)='gid_map\x00') r2 = socket$inet_udp(0x2, 0x2, 0x0) msgget(0x1, 0x405) r3 = msgget(0x3, 0x80) msgctl$IPC_STAT(r3, 0x2, &(0x7f0000001480)=""/226) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) r4 = socket(0xa, 0x1, 0x0) ioctl(r4, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000000040)={0x2, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x88) setsockopt$bt_BT_POWER(r4, 0x112, 0x9, &(0x7f00000012c0)=0x8, 0x1) setsockopt$sock_timeval(r2, 0x1, 0x14, &(0x7f0000000100)={0x0, 0x7530}, 0x10) getsockopt$bt_hci(r4, 0x0, 0x1, &(0x7f0000000280)=""/4096, &(0x7f0000001280)=0x1000) [ 999.381764] binder: 5583:5587 got reply transaction with no transaction stack [ 999.389175] binder: 5583:5587 transaction failed 29201/-71, size 0-0 line 2763 [ 999.403285] gfs2: not a GFS2 filesystem 2033/05/18 03:44:58 executing program 7: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000000), 0x0) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e22, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x8, 0x80000001, 0x8000, 0xfd}, &(0x7f00000002c0)=0x98) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000300)={0x0, 0x7, 0x9, 0x0, 0xd6, 0x73, 0x7, 0x1, {0x0, @in={{0x2, 0x4e21, @broadcast=0xffffffff}}, 0x10001, 0x3, 0x6, 0x5, 0x14}}, &(0x7f00000003c0)=0xb0) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000400)={r3, 0x89f, 0xe2, 0x837e, 0x4, 0x2, 0x2, 0x6, {r4, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x0, 0x3, 0x9, 0x7f, 0x24cd}}, &(0x7f00000004c0)=0xb0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000040)={0x0}) ioctl$DRM_IOCTL_DMA(r2, 0xc0406429, &(0x7f0000000180)={r5, 0x9, &(0x7f0000000080)=[0xffff, 0x100, 0x8000, 0x80, 0x82, 0x8, 0x8, 0x7, 0x0], &(0x7f00000000c0)=[0xffffffff, 0x94, 0x1, 0x0], 0x0, 0x1, 0xffffffffffff0001, &(0x7f0000000100)=[0x81], &(0x7f0000000140)=[0x3ff, 0xa0, 0x6]}) 2033/05/18 03:44:58 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='syz_tun\x00', 0x10) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000140)=@file={0x0, "2e2f66696c653000000000000000000000000000000000000000000000000000000000000000fd00"}, 0x6e) 2033/05/18 03:44:58 executing program 6: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000c85000)) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000040)={0x7, 0x7, 0x2, 0x10001, 0x44f4, 0x4, 0x135c, 0xed0e, 0x7, 0x9, 0x9}, 0xb) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x84000, 0x0) epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0x7, &(0x7f0000000140)={0x717c}, 0x8) socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000080)) 2033/05/18 03:44:58 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000002000)}) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000380)=[@increfs={0x40046305}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000280)}}], 0x0, 0x0, &(0x7f0000000480)}) [ 999.450096] gfs2: not a GFS2 filesystem [ 999.460061] binder: BINDER_SET_CONTEXT_MGR already set [ 999.491537] binder: 5583:5587 ioctl 40046207 0 returned -16 [ 999.520994] binder: 5583:5597 got reply transaction with no transaction stack [ 999.528441] binder: 5583:5597 transaction failed 29201/-71, size 0-0 line 2763 [ 999.538800] binder: 5592:5600 Acquire 1 refcount change on invalid ref 3 ret -22 [ 999.546564] binder: 5592:5600 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 999.554149] binder: 5592:5600 unknown command 0 [ 999.572736] Unknown ioctl -1069521879 2033/05/18 03:44:58 executing program 4 (fault-call:4 fault-nth:82): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getgid() syz_fuseblk_mount(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x8000, r1, r2, 0x0, 0x0, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001300)=""/75, &(0x7f00000000c0)=0x7e) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'teql0\x00', @ifru_map={0x70be, 0x0, 0x0, 0x100000000, 0x1ff, 0x7}}}) [ 999.615838] binder: undelivered TRANSACTION_ERROR: 29201 [ 999.621916] binder: undelivered TRANSACTION_ERROR: 29201 2033/05/18 03:44:58 executing program 7: r0 = socket(0xa, 0x5, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") setsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000000), 0x4) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000040)={'filter\x00', 0xe1, "0d23feed70ffd806e1afd9fa5bb9a609303ed6cf2787c95b079216661712e7c7c123ceb01616eb8d3788687c7c6a4971bbec57c14742d112b917d07fb24fabbed147f9039b8c56202510583879c9f861ccf5cfbe622aafc7d6fb9328f981aede474eeb345bdda4d7d84385487f6e9f3b07d1ded71e2ad4326463656f11a262c150cb0f5321524907d3a6a6a1a9e0b9d4b4f2905cdec29c03e7c5f97d680f71d3d1bf77845a69d6a0ba47688cbae9ca97fcad7f249917c42ff81f332b68714752531dad8b9395661b3cee0bba425ce8d4ac523f5fb5b27cfd315dc855ab71ea187e"}, &(0x7f0000000180)=0x105) [ 999.693824] device bridge_slave_1 left promiscuous mode [ 999.699456] bridge0: port 2(bridge_slave_1) entered disabled state [ 999.751367] device bridge_slave_0 left promiscuous mode [ 999.756961] bridge0: port 1(bridge_slave_0) entered disabled state [ 999.785943] binder: 5592:5600 ioctl c0306201 20000540 returned -22 [ 999.835768] IPVS: ftp: loaded support on port[0] = 21 [ 999.846953] binder: BINDER_SET_CONTEXT_MGR already set [ 999.852753] team0 (unregistering): Port device team_slave_1 removed [ 999.865198] team0 (unregistering): Port device team_slave_0 removed [ 999.878117] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 999.885526] binder: 5592:5600 ioctl 40046207 0 returned -16 [ 999.893120] binder: 5592:5626 Acquire 1 refcount change on invalid ref 3 ret -22 [ 999.900786] binder: 5592:5626 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 999.908356] binder: 5592:5626 unknown command 0 [ 999.913739] binder: 5592:5626 ioctl c0306201 20000540 returned -22 [ 999.926438] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 999.984096] bond0 (unregistering): Released all slaves [ 1000.018372] sctp: [Deprecated]: syz-executor7 (pid 5624) Use of int in maxseg socket option. [ 1000.018372] Use struct sctp_assoc_value instead [ 1000.034583] binder: 5621:5622 got reply transaction with no transaction stack [ 1000.041959] binder: 5621:5622 transaction failed 29201/-71, size 0-0 line 2763 [ 1000.071154] sctp: [Deprecated]: syz-executor7 (pid 5627) Use of int in maxseg socket option. [ 1000.071154] Use struct sctp_assoc_value instead [ 1000.074898] binder: BINDER_SET_CONTEXT_MGR already set [ 1000.125655] binder: 5621:5622 ioctl 40046207 0 returned -16 [ 1000.156981] binder: 5621:5628 got reply transaction with no transaction stack [ 1000.164392] binder: 5621:5628 transaction failed 29201/-71, size 0-0 line 2763 [ 1000.276979] binder: undelivered TRANSACTION_ERROR: 29201 [ 1000.284307] binder: undelivered TRANSACTION_ERROR: 29201 [ 1001.039254] bridge0: port 1(bridge_slave_0) entered blocking state [ 1001.045686] bridge0: port 1(bridge_slave_0) entered disabled state [ 1001.053677] device bridge_slave_0 entered promiscuous mode [ 1001.119348] bridge0: port 2(bridge_slave_1) entered blocking state [ 1001.126812] bridge0: port 2(bridge_slave_1) entered disabled state [ 1001.143916] device bridge_slave_1 entered promiscuous mode [ 1001.207656] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1001.259289] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1001.504912] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1001.593082] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1001.638412] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 1001.645341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1001.718788] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 1001.725713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1001.915254] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1001.923151] team0: Port device team_slave_0 added [ 1001.961011] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1001.969011] team0: Port device team_slave_1 added [ 1002.005953] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1002.047904] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1002.089004] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1002.096205] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1002.112390] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1002.143810] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1002.150981] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1002.161181] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1002.546689] bridge0: port 2(bridge_slave_1) entered blocking state [ 1002.553107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1002.559811] bridge0: port 1(bridge_slave_0) entered blocking state [ 1002.566189] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1002.574385] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 1003.572261] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1003.951504] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1004.077541] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1004.205958] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 1004.212203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1004.221074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1004.354401] 8021q: adding VLAN 0 to HW filter on device team0 [ 1005.115592] FAULT_INJECTION: forcing a failure. [ 1005.115592] name failslab, interval 1, probability 0, space 0, times 0 [ 1005.127004] CPU: 0 PID: 5884 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 1005.134199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1005.143555] Call Trace: [ 1005.146160] dump_stack+0x1b9/0x294 [ 1005.149807] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1005.155028] should_fail.cold.4+0xa/0x1a [ 1005.159113] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 1005.164231] ? save_stack+0x43/0xd0 [ 1005.167873] ? kasan_kmalloc+0xc4/0xe0 [ 1005.171769] ? kmem_cache_alloc+0x12e/0x760 [ 1005.176101] ? fuse_alloc_inode+0x96/0x4f0 [ 1005.180343] ? alloc_inode+0x63/0x190 [ 1005.184151] ? iget5_locked+0x20e/0x570 [ 1005.188145] ? graph_lock+0x170/0x170 [ 1005.191965] ? print_usage_bug+0xc0/0xc0 [ 1005.196038] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 1005.200806] ? do_mount+0x564/0x3070 [ 1005.204529] ? ksys_mount+0x12d/0x140 [ 1005.208339] ? __x64_sys_mount+0xbe/0x150 [ 1005.212505] ? find_held_lock+0x36/0x1c0 [ 1005.216585] ? __lock_is_held+0xb5/0x140 [ 1005.220684] ? check_same_owner+0x320/0x320 [ 1005.225015] ? __mutex_init+0x1ef/0x280 [ 1005.229005] ? rcu_note_context_switch+0x710/0x710 [ 1005.233944] ? __ia32_sys_membarrier+0x150/0x150 [ 1005.238718] __should_failslab+0x124/0x180 [ 1005.242970] should_failslab+0x9/0x14 [ 1005.246783] kmem_cache_alloc_trace+0x2cb/0x780 [ 1005.251460] ? init_wait_entry+0x1b0/0x1b0 [ 1005.255731] fuse_alloc_inode+0x3ae/0x4f0 [ 1005.259892] ? fuse_dev_alloc+0x4e0/0x4e0 [ 1005.264047] ? lock_downgrade+0x8e0/0x8e0 [ 1005.268222] ? kasan_check_read+0x11/0x20 [ 1005.272381] ? do_raw_spin_unlock+0x9e/0x2e0 [ 1005.276801] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 1005.281403] ? kasan_check_write+0x14/0x20 [ 1005.285647] ? find_inode.isra.19+0xc3/0x1d0 [ 1005.290073] ? fuse_dev_alloc+0x4e0/0x4e0 [ 1005.294233] alloc_inode+0x63/0x190 [ 1005.297872] iget5_locked+0x20e/0x570 [ 1005.301678] ? fuse_inode_eq+0x80/0x80 [ 1005.305584] ? fuse_init_file_inode+0x70/0x70 [ 1005.310095] ? inode_lru_isolate+0x580/0x580 [ 1005.314510] ? cgwb_kill+0x630/0x630 [ 1005.318237] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1005.323785] ? print_usage_bug+0xc0/0xc0 [ 1005.327863] fuse_iget+0x1cc/0x820 [ 1005.331427] ? fuse_change_attributes+0x810/0x810 [ 1005.336299] fuse_get_root_inode+0x121/0x190 [ 1005.340718] ? fuse_iget+0x820/0x820 [ 1005.344460] ? _raw_spin_unlock_bh+0x30/0x40 [ 1005.348879] ? bdi_set_max_ratio+0x112/0x150 [ 1005.353302] fuse_fill_super+0x11e0/0x1e20 [ 1005.357565] ? fuse_get_root_inode+0x190/0x190 [ 1005.362172] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1005.367720] ? vsnprintf+0x242/0x1b40 [ 1005.371547] ? pointer+0xa10/0xa10 [ 1005.375123] ? vsprintf+0x40/0x40 [ 1005.378599] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1005.384069] ? set_blocksize+0x2c4/0x350 [ 1005.388148] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1005.393703] mount_bdev+0x30c/0x3e0 [ 1005.397345] ? fuse_get_root_inode+0x190/0x190 [ 1005.401944] fuse_mount_blk+0x34/0x40 [ 1005.405760] mount_fs+0xae/0x328 [ 1005.409151] vfs_kern_mount.part.34+0xd4/0x4d0 [ 1005.413753] ? may_umount+0xb0/0xb0 [ 1005.417395] ? _raw_read_unlock+0x22/0x30 [ 1005.421551] ? __get_fs_type+0x97/0xc0 [ 1005.425459] do_mount+0x564/0x3070 [ 1005.429022] ? copy_mount_string+0x40/0x40 [ 1005.433268] ? rcu_pm_notify+0xc0/0xc0 [ 1005.437185] ? copy_mount_options+0x5f/0x380 [ 1005.441603] ? rcu_read_lock_sched_held+0x108/0x120 [ 1005.446630] ? kmem_cache_alloc_trace+0x616/0x780 [ 1005.451494] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1005.457047] ? _copy_from_user+0xdf/0x150 [ 1005.461217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1005.466767] ? copy_mount_options+0x285/0x380 [ 1005.471368] ksys_mount+0x12d/0x140 [ 1005.475011] __x64_sys_mount+0xbe/0x150 [ 1005.478996] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 1005.484031] do_syscall_64+0x1b1/0x800 [ 1005.487936] ? finish_task_switch+0x1ca/0x840 [ 1005.492449] ? syscall_return_slowpath+0x5c0/0x5c0 [ 1005.497396] ? syscall_return_slowpath+0x30f/0x5c0 [ 1005.502348] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 1005.507738] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1005.512608] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1005.517807] RIP: 0033:0x455a09 [ 1005.521002] RSP: 002b:00007f287979db08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1005.528731] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 1005.536009] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 1005.543292] RBP: 0000000020000140 R08: 00007f287979db20 R09: 0000000000000000 [ 1005.550576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1005.557854] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1005.576059] ================================================================== [ 1005.583444] BUG: KASAN: use-after-free in __lock_acquire+0x3888/0x5140 [ 1005.590103] Read of size 8 at addr ffff8801afe4d988 by task syz-executor4/5884 [ 1005.597443] [ 1005.599067] CPU: 0 PID: 5884 Comm: syz-executor4 Not tainted 4.17.0-rc5+ #59 [ 1005.606245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1005.615587] Call Trace: [ 1005.618176] dump_stack+0x1b9/0x294 [ 1005.621803] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1005.626989] ? printk+0x9e/0xba [ 1005.630264] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 1005.635015] ? kasan_check_write+0x14/0x20 [ 1005.639249] print_address_description+0x6c/0x20b [ 1005.644086] ? __lock_acquire+0x3888/0x5140 [ 1005.648403] kasan_report.cold.7+0x242/0x2fe [ 1005.652810] __asan_report_load8_noabort+0x14/0x20 [ 1005.657733] __lock_acquire+0x3888/0x5140 [ 1005.661884] ? lock_downgrade+0x8e0/0x8e0 [ 1005.666031] ? rcu_is_watching+0x85/0x140 [ 1005.670179] ? debug_check_no_locks_freed+0x310/0x310 [ 1005.675369] ? is_bpf_text_address+0xd7/0x170 [ 1005.679864] ? kernel_text_address+0x79/0xf0 [ 1005.684270] ? __unwind_start+0x166/0x330 [ 1005.688415] ? __kernel_text_address+0xd/0x40 [ 1005.692912] ? unwind_get_return_address+0x61/0xa0 [ 1005.697837] ? __save_stack_trace+0x7e/0xd0 [ 1005.702166] ? save_stack+0xa9/0xd0 [ 1005.705793] ? save_stack+0x43/0xd0 [ 1005.709418] ? __kasan_slab_free+0x11a/0x170 [ 1005.713826] ? kasan_slab_free+0xe/0x10 [ 1005.717800] ? kfree+0xd9/0x260 [ 1005.721081] ? unregister_shrinker+0x216/0x3a0 [ 1005.725662] ? deactivate_locked_super+0x70/0x100 [ 1005.730499] ? mount_bdev+0x37d/0x3e0 [ 1005.734295] ? fuse_mount_blk+0x34/0x40 [ 1005.738266] ? mount_fs+0xae/0x328 [ 1005.741805] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 1005.746556] ? do_mount+0x564/0x3070 [ 1005.750263] ? ksys_mount+0x12d/0x140 [ 1005.754058] ? graph_lock+0x170/0x170 [ 1005.757858] ? kasan_check_read+0x11/0x20 [ 1005.762002] ? do_raw_spin_unlock+0x9e/0x2e0 [ 1005.766422] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 1005.770996] ? print_usage_bug+0xc0/0xc0 [ 1005.775052] ? kasan_check_write+0x14/0x20 [ 1005.779282] ? do_raw_spin_lock+0xc1/0x200 [ 1005.783512] lock_acquire+0x1dc/0x520 [ 1005.787308] ? fuse_kill_sb_blk+0x50/0xb0 [ 1005.791449] ? lock_release+0xa10/0xa10 [ 1005.795419] ? check_same_owner+0x320/0x320 [ 1005.799737] ? quarantine_put+0xeb/0x190 [ 1005.803794] ? rcu_note_context_switch+0x710/0x710 [ 1005.808720] ? __might_sleep+0x95/0x190 [ 1005.812691] down_write+0x87/0x120 [ 1005.816227] ? fuse_kill_sb_blk+0x50/0xb0 [ 1005.820368] ? down_read+0x1b0/0x1b0 [ 1005.824078] ? perf_trace_mm_vmscan_writepage+0x750/0x750 [ 1005.829612] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1005.834626] fuse_kill_sb_blk+0x50/0xb0 [ 1005.838595] deactivate_locked_super+0x97/0x100 [ 1005.843275] mount_bdev+0x37d/0x3e0 [ 1005.846895] ? fuse_get_root_inode+0x190/0x190 [ 1005.851472] fuse_mount_blk+0x34/0x40 [ 1005.855266] mount_fs+0xae/0x328 [ 1005.858628] vfs_kern_mount.part.34+0xd4/0x4d0 [ 1005.863202] ? may_umount+0xb0/0xb0 [ 1005.866825] ? _raw_read_unlock+0x22/0x30 [ 1005.870965] ? __get_fs_type+0x97/0xc0 [ 1005.874848] do_mount+0x564/0x3070 [ 1005.878384] ? copy_mount_string+0x40/0x40 [ 1005.882613] ? rcu_pm_notify+0xc0/0xc0 [ 1005.886494] ? copy_mount_options+0x5f/0x380 [ 1005.890895] ? rcu_read_lock_sched_held+0x108/0x120 [ 1005.895908] ? kmem_cache_alloc_trace+0x616/0x780 [ 1005.900751] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1005.906283] ? _copy_from_user+0xdf/0x150 [ 1005.910427] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1005.915956] ? copy_mount_options+0x285/0x380 [ 1005.920447] ksys_mount+0x12d/0x140 [ 1005.924074] __x64_sys_mount+0xbe/0x150 [ 1005.928047] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 1005.933060] do_syscall_64+0x1b1/0x800 [ 1005.936939] ? finish_task_switch+0x1ca/0x840 [ 1005.941429] ? syscall_return_slowpath+0x5c0/0x5c0 [ 1005.946357] ? syscall_return_slowpath+0x30f/0x5c0 [ 1005.951285] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 1005.956647] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1005.961486] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1005.966666] RIP: 0033:0x455a09 [ 1005.969845] RSP: 002b:00007f287979db08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1005.977547] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 1005.984818] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 1005.992078] RBP: 0000000020000140 R08: 00007f287979db20 R09: 0000000000000000 [ 1005.999340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1006.006603] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1006.013862] [ 1006.015483] Allocated by task 5884: [ 1006.019109] save_stack+0x43/0xd0 [ 1006.022557] kasan_kmalloc+0xc4/0xe0 [ 1006.026265] kmem_cache_alloc_trace+0x152/0x780 [ 1006.030927] fuse_fill_super+0xc92/0x1e20 [ 1006.035071] mount_bdev+0x30c/0x3e0 [ 1006.038692] fuse_mount_blk+0x34/0x40 [ 1006.042489] mount_fs+0xae/0x328 [ 1006.045847] vfs_kern_mount.part.34+0xd4/0x4d0 [ 1006.050421] do_mount+0x564/0x3070 [ 1006.053958] ksys_mount+0x12d/0x140 [ 1006.057578] __x64_sys_mount+0xbe/0x150 [ 1006.061547] do_syscall_64+0x1b1/0x800 [ 1006.065428] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1006.070602] [ 1006.072220] Freed by task 10843: [ 1006.075582] save_stack+0x43/0xd0 [ 1006.079033] __kasan_slab_free+0x11a/0x170 [ 1006.083261] kasan_slab_free+0xe/0x10 [ 1006.087056] kfree+0xd9/0x260 [ 1006.090157] rcu_process_callbacks+0xa69/0x15f0 [ 1006.094819] __do_softirq+0x2e0/0xaf5 [ 1006.098602] [ 1006.100225] The buggy address belongs to the object at ffff8801afe4d6c0 [ 1006.100225] which belongs to the cache kmalloc-1024 of size 1024 [ 1006.113417] The buggy address is located 712 bytes inside of [ 1006.113417] 1024-byte region [ffff8801afe4d6c0, ffff8801afe4dac0) [ 1006.125368] The buggy address belongs to the page: [ 1006.130289] page:ffffea0006bf9300 count:1 mapcount:0 mapping:ffff8801afe4c040 index:0x0 compound_mapcount: 0 [ 1006.140335] flags: 0x2fffc0000008100(slab|head) [ 1006.145007] raw: 02fffc0000008100 ffff8801afe4c040 0000000000000000 0000000100000007 [ 1006.152882] raw: ffffea0007652ea0 ffffea00061c7ea0 ffff8801da800ac0 0000000000000000 [ 1006.160747] page dumped because: kasan: bad access detected [ 1006.166439] [ 1006.168052] Memory state around the buggy address: [ 1006.172974] ffff8801afe4d880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1006.180326] ffff8801afe4d900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1006.187674] >ffff8801afe4d980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1006.195019] ^ [ 1006.198636] ffff8801afe4da00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1006.205993] ffff8801afe4da80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 1006.213334] ================================================================== [ 1006.220676] Disabling lock debugging due to kernel taint [ 1006.226113] Kernel panic - not syncing: panic_on_warn set ... [ 1006.226113] [ 1006.233474] CPU: 0 PID: 5884 Comm: syz-executor4 Tainted: G B 4.17.0-rc5+ #59 [ 1006.242035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1006.251371] Call Trace: [ 1006.253957] dump_stack+0x1b9/0x294 [ 1006.257584] ? dump_stack_print_info.cold.2+0x52/0x52 [ 1006.262765] ? lock_downgrade+0x8e0/0x8e0 [ 1006.266904] ? vprintk_default+0x28/0x30 [ 1006.270957] ? __lock_acquire+0x37b0/0x5140 [ 1006.275273] panic+0x22f/0x4de [ 1006.278462] ? add_taint.cold.5+0x16/0x16 [ 1006.282602] ? add_taint.cold.5+0x5/0x16 [ 1006.286656] ? do_raw_spin_unlock+0x9e/0x2e0 [ 1006.291056] ? __lock_acquire+0x3888/0x5140 [ 1006.295372] kasan_end_report+0x47/0x4f [ 1006.299341] kasan_report.cold.7+0x76/0x2fe [ 1006.303657] __asan_report_load8_noabort+0x14/0x20 [ 1006.308578] __lock_acquire+0x3888/0x5140 [ 1006.312739] ? lock_downgrade+0x8e0/0x8e0 [ 1006.316881] ? rcu_is_watching+0x85/0x140 [ 1006.321028] ? debug_check_no_locks_freed+0x310/0x310 [ 1006.326223] ? is_bpf_text_address+0xd7/0x170 [ 1006.330711] ? kernel_text_address+0x79/0xf0 [ 1006.335115] ? __unwind_start+0x166/0x330 [ 1006.339254] ? __kernel_text_address+0xd/0x40 [ 1006.343745] ? unwind_get_return_address+0x61/0xa0 [ 1006.348668] ? __save_stack_trace+0x7e/0xd0 [ 1006.352991] ? save_stack+0xa9/0xd0 [ 1006.356610] ? save_stack+0x43/0xd0 [ 1006.360228] ? __kasan_slab_free+0x11a/0x170 [ 1006.364628] ? kasan_slab_free+0xe/0x10 [ 1006.368595] ? kfree+0xd9/0x260 [ 1006.371882] ? unregister_shrinker+0x216/0x3a0 [ 1006.376460] ? deactivate_locked_super+0x70/0x100 [ 1006.381296] ? mount_bdev+0x37d/0x3e0 [ 1006.385108] ? fuse_mount_blk+0x34/0x40 [ 1006.389076] ? mount_fs+0xae/0x328 [ 1006.392611] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 1006.397360] ? do_mount+0x564/0x3070 [ 1006.401069] ? ksys_mount+0x12d/0x140 [ 1006.404863] ? graph_lock+0x170/0x170 [ 1006.408662] ? kasan_check_read+0x11/0x20 [ 1006.412805] ? do_raw_spin_unlock+0x9e/0x2e0 [ 1006.417207] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 1006.421781] ? print_usage_bug+0xc0/0xc0 [ 1006.425836] ? kasan_check_write+0x14/0x20 [ 1006.430068] ? do_raw_spin_lock+0xc1/0x200 [ 1006.434298] lock_acquire+0x1dc/0x520 [ 1006.438092] ? fuse_kill_sb_blk+0x50/0xb0 [ 1006.442234] ? lock_release+0xa10/0xa10 [ 1006.446201] ? check_same_owner+0x320/0x320 [ 1006.450514] ? quarantine_put+0xeb/0x190 [ 1006.454569] ? rcu_note_context_switch+0x710/0x710 [ 1006.459494] ? __might_sleep+0x95/0x190 [ 1006.463464] down_write+0x87/0x120 [ 1006.466997] ? fuse_kill_sb_blk+0x50/0xb0 [ 1006.471138] ? down_read+0x1b0/0x1b0 [ 1006.474845] ? perf_trace_mm_vmscan_writepage+0x750/0x750 [ 1006.480380] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1006.485389] fuse_kill_sb_blk+0x50/0xb0 [ 1006.489362] deactivate_locked_super+0x97/0x100 [ 1006.494024] mount_bdev+0x37d/0x3e0 [ 1006.497644] ? fuse_get_root_inode+0x190/0x190 [ 1006.502222] fuse_mount_blk+0x34/0x40 [ 1006.506021] mount_fs+0xae/0x328 [ 1006.509381] vfs_kern_mount.part.34+0xd4/0x4d0 [ 1006.513958] ? may_umount+0xb0/0xb0 [ 1006.517577] ? _raw_read_unlock+0x22/0x30 [ 1006.521718] ? __get_fs_type+0x97/0xc0 [ 1006.525597] do_mount+0x564/0x3070 [ 1006.529130] ? copy_mount_string+0x40/0x40 [ 1006.533356] ? rcu_pm_notify+0xc0/0xc0 [ 1006.537236] ? copy_mount_options+0x5f/0x380 [ 1006.541635] ? rcu_read_lock_sched_held+0x108/0x120 [ 1006.546647] ? kmem_cache_alloc_trace+0x616/0x780 [ 1006.551489] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1006.557019] ? _copy_from_user+0xdf/0x150 [ 1006.561162] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1006.566695] ? copy_mount_options+0x285/0x380 [ 1006.571183] ksys_mount+0x12d/0x140 [ 1006.574803] __x64_sys_mount+0xbe/0x150 [ 1006.578773] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 1006.583785] do_syscall_64+0x1b1/0x800 [ 1006.587668] ? finish_task_switch+0x1ca/0x840 [ 1006.592160] ? syscall_return_slowpath+0x5c0/0x5c0 [ 1006.597083] ? syscall_return_slowpath+0x30f/0x5c0 [ 1006.602007] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 1006.607366] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1006.612203] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1006.617381] RIP: 0033:0x455a09 [ 1006.620559] RSP: 002b:00007f287979db08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1006.628262] RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000455a09 [ 1006.635525] RDX: 00000000004ba385 RSI: 0000000020000100 RDI: 0000000020000140 [ 1006.642788] RBP: 0000000020000140 R08: 00007f287979db20 R09: 0000000000000000 [ 1006.650048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1006.657312] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1006.665013] Dumping ftrace buffer: [ 1006.668534] (ftrace buffer empty) [ 1006.672219] Kernel Offset: disabled [ 1006.675818] Rebooting in 86400 seconds..