10 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0470044000000000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:10 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x0, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1136.954610][T26636] hfs: unable to parse mount options 14:20:10 executing program 5: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffff9c, 0x84, 0x66, &(0x7f0000000040)={0x0, 0x9}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000180)={r1, 0x1800000}, 0x8) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) ioctl$PPPIOCGIDLE(r0, 0x8010743f, &(0x7f0000000340)) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f0000000140)="a1fafc72121e4b9ba2c4c573703ba0ca", 0x10) ioctl$PPPIOCSFLAGS1(r2, 0x40047459, &(0x7f0000000300)=0x520808) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f00000001c0)={r1, 0x3}, &(0x7f0000000200)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000240)={r3, @in={{0x2, 0x4e23, @multicast1}}, 0x8, 0x872}, 0x90) [ 1137.072588][T26647] binder: 26645:26647 unknown command 1074032644 [ 1137.079187][T26647] binder: 26645:26647 ioctl c0306201 20000680 returned -22 14:20:10 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x5, &(0x7f0000000400)=[{&(0x7f0000000140)="f5f9b140e3efb1c0fe74075c57a563cc2149e60026037e723f9316e8de88d774ea10aaeb944e456f0f290f9cb200b35aeb7e451ee9acf6e07e80760e03e85385e07a467bca1b1d9df2e6a1bb92a4864a751da2fbaae44b009f173dda29117c31c5475e87bf521a5ea8f7d022f31f955cd3dfd350", 0x74, 0x881a}, {&(0x7f0000000240)="46d7925e3d5d5dd7e9bd997aed0feb9105f4ebf69d5446f3550b5b3fa69ebdb5f61d5c52a8d75b3b8cd0a08ecc744347e0b7e69ac2e54d3eb2029ed77e953624b532b43f5e1518ffcbacc8f18ae5010e0bb070e52dff28ab9ff3052608d4758de0294093c2cf6c8fd803c10a066342d9f7b8477bb1f3f29cbf42b221677875f0921122284fcb56017210f81fb1a53fd1081b015e6d8db2a7d341ec5d9665fff9bd6636417464843c5a450f3e3c", 0xad, 0x4}, {&(0x7f0000000300)="a1375aee1949be88334314807f5e87c1a58d7b76ce782cf6451c3a85770d4ff540dff0efa22258207f493d808dec74716370e5ee95cf9dc0440032a75b15c63698e9834afd6ff3e1cae0af9c34fe0e984b2e6f31fccfb5052f49a1c5d58252930222540f7b79f9", 0x67, 0xfffffffffffffffd}, {&(0x7f00000001c0)="c7e15c3d16b54003e1e0", 0xa, 0x9}, {&(0x7f0000000380)="06b759bdabfdddeb887814deba3c2a6fe77c9b7ba23a88d09c74259eba41b03dc27d75e8fa935281e283088aa4c5d5169a8fc93289b0d909722ab137feb53afeef9fae3b169ecae6f891f9a82aad474f5fe46ea25457401d3f70e215a88dc20539ddcfce1299705f4964f8c823279067149887a6", 0x74, 0x8}], 0x810, &(0x7f0000000480)={[{@creator={'creator', 0x3d, "bb69c933"}}, {@file_umask={'file_umask', 0x3d, 0x3b7}}, {@codepage={'codepage', 0x3d, 'cp857'}}, {@part={'part', 0x3d, 0x5}}, {@type={'type', 0x3d, "be6c36dc"}}, {@type={'type', 0x3d, "bdfd8daf"}}], [{@permit_directio='permit_directio'}, {@context={'context', 0x3d, 'root'}}, {@smackfsroot={'smackfsroot'}}, {@dont_appraise='dont_appraise'}]}) 14:20:10 executing program 3: r0 = socket$tipc(0x1e, 0x5, 0x0) ioctl$SIOCGETNODEID(r0, 0x89e1, &(0x7f0000000200)) r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x200000000000, 0xc0) bind$rds(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) 14:20:10 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x12}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) [ 1137.153744][T26648] FAT-fs (loop1): bogus number of reserved sectors [ 1137.178715][T26648] FAT-fs (loop1): Can't find a valid FAT filesystem 14:20:10 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x0, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1137.213932][T26648] FAT-fs (loop1): bogus number of reserved sectors [ 1137.220490][T26648] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1137.283132][T26699] hfs: unable to parse mount options 14:20:10 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x74000000, 0x0) 14:20:10 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x8, 0x11, [@generic="e2ab"]}]}, 0x1c}}, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) ioctl$EVIOCGABS20(r2, 0x80184560, &(0x7f0000000240)=""/4096) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x80001, 0x0) write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000100)={0x2d, 0x4, 0x0, {0x4, 0x6, 0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2d) ioctl$SIOCGETNODEID(r1, 0x89e1, &(0x7f0000000200)) 14:20:10 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000003440)='./file0\x00', 0x2, 0x8) bind$netlink(r0, &(0x7f0000003480)={0x10, 0x0, 0x25dfdbff, 0x50083fd}, 0xc) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x4000, 0x0) 14:20:10 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0473044000000000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:10 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x810, &(0x7f0000000480)={[{@creator={'creator', 0x3d, "bb69c933"}}, {@file_umask={'file_umask', 0x3d, 0x3b7}}, {@codepage={'codepage', 0x3d, 'cp857'}}, {@part={'part', 0x3d, 0x5}}, {@type={'type', 0x3d, "be6c36dc"}}, {@type={'type', 0x3d, "bdfd8daf"}}], [{@permit_directio='permit_directio'}, {@context={'context', 0x3d, 'root'}}, {@smackfsroot={'smackfsroot'}}, {@dont_appraise='dont_appraise'}]}) 14:20:10 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a], [0xc1]}) [ 1137.407009][T26765] FAT-fs (loop1): bogus number of reserved sectors [ 1137.429480][T26765] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1137.468487][T26772] binder: 26768:26772 unknown command 1074033412 [ 1137.497610][T26772] binder: 26768:26772 ioctl c0306201 20000680 returned -22 14:20:10 executing program 5: perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0xeffffffffffffffa, 0x0, 0xffffffffffffae1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000000c0), 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x200000) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) [ 1137.536830][T26774] hfs: unable to parse mount options [ 1137.537220][T26765] FAT-fs (loop1): bogus number of reserved sectors [ 1137.554431][T26765] FAT-fs (loop1): Can't find a valid FAT filesystem 14:20:10 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x7a000000, 0x0) 14:20:10 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={[{@creator={'creator', 0x3d, "bb69c933"}}, {@file_umask={'file_umask', 0x3d, 0x3b7}}, {@codepage={'codepage', 0x3d, 'cp857'}}, {@part={'part', 0x3d, 0x5}}, {@type={'type', 0x3d, "be6c36dc"}}, {@type={'type', 0x3d, "bdfd8daf"}}], [{@permit_directio='permit_directio'}, {@context={'context', 0x3d, 'root'}}, {@smackfsroot={'smackfsroot'}}, {@dont_appraise='dont_appraise'}]}) 14:20:10 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000840)='/dev/snd/pcmC#D#c\x00', 0x20, 0x100) 14:20:10 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0475044000000000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:10 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a], [0xc1]}) 14:20:10 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000, 0x0, 0x0, 0x910, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x2, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x1) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) [ 1137.877678][T26988] FAT-fs (loop1): bogus number of reserved sectors [ 1137.918312][T27013] hfs: unable to parse mount options [ 1137.952295][T26988] FAT-fs (loop1): Can't find a valid FAT filesystem 14:20:11 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r1, &(0x7f0000000700)=0xce9, 0x12) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_ASSIGN_SET_INTX_MASK(r1, 0x4040aea4, &(0x7f0000000740)={0x0, 0xfffffffffffffffb, 0x3, 0x1, 0x3}) mkdir(&(0x7f0000000040)='./control\x00', 0x0) chmod(&(0x7f00000000c0)='./control\x00', 0x9c32f69e6caa24eb) lsetxattr$system_posix_acl(&(0x7f0000000100)='./control\x00', &(0x7f0000000140)='system.posix_acl_default\x00', &(0x7f0000000a40), 0x24, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x801, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000780)=0x7fffffff0000000) execveat(r2, &(0x7f00000001c0)='./control\x00', &(0x7f0000000480)=[&(0x7f0000000200)='\x00', &(0x7f0000000240)=':nodevem0%nodev@em11em0{\xec[eth1\x00', &(0x7f0000000280)='lo}\x00', &(0x7f00000002c0)='-\x00', &(0x7f0000000300)='\x00', &(0x7f0000000340)='\x00', &(0x7f0000000380)='[\xef\x00', &(0x7f00000003c0)='%\x00', &(0x7f0000000400)='system.posix_acl_default\x00', &(0x7f0000000440)=')\x00'], &(0x7f0000000680)=[&(0x7f0000000500)='*#wlan0', &(0x7f0000000540)='system.posix_acl_default\x00', &(0x7f0000000600)='*vmnet0#ppp1proc\'keyring\\*lo\x00', &(0x7f0000000640)='system.posix_acl_default\x00'], 0x1400) capset(&(0x7f0000000580)={0x19980330}, &(0x7f00000005c0)) r3 = open(&(0x7f0000000000)='./control\x00', 0xc40beb2474dfd22a, 0xf6ffffff) write$P9_RLERROR(r3, &(0x7f0000000080)={0x10, 0x7, 0x0, {0x7, '*#wlan0'}}, 0x10) 14:20:11 executing program 5: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) getsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000), &(0x7f0000000040)=0x4) epoll_ctl$EPOLL_CTL_DEL(r0, 0x2, r0) 14:20:11 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0478044000000000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:11 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a], [0xc1]}) 14:20:11 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:11 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x8cffffff, 0x0) [ 1138.141174][T27100] binder: 27098:27100 unknown command 1074034692 14:20:11 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x7b8f, 0x80000) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000040), &(0x7f00000000c0)=0x4) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) [ 1138.201087][T27107] hfs: can't find a HFS filesystem on dev loop0 [ 1138.205969][T27100] binder: 27098:27100 ioctl c0306201 20000680 returned -22 14:20:11 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0x0, 0x1b], [0xc1]}) 14:20:11 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463024000000000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:11 executing program 5: syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) 14:20:11 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r1, &(0x7f0000000700)=0xce9, 0x12) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_ASSIGN_SET_INTX_MASK(r1, 0x4040aea4, &(0x7f0000000740)={0x0, 0xfffffffffffffffb, 0x3, 0x1, 0x3}) mkdir(&(0x7f0000000040)='./control\x00', 0x0) chmod(&(0x7f00000000c0)='./control\x00', 0x9c32f69e6caa24eb) lsetxattr$system_posix_acl(&(0x7f0000000100)='./control\x00', &(0x7f0000000140)='system.posix_acl_default\x00', &(0x7f0000000a40), 0x24, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x801, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000780)=0x7fffffff0000000) execveat(r2, &(0x7f00000001c0)='./control\x00', &(0x7f0000000480)=[&(0x7f0000000200)='\x00', &(0x7f0000000240)=':nodevem0%nodev@em11em0{\xec[eth1\x00', &(0x7f0000000280)='lo}\x00', &(0x7f00000002c0)='-\x00', &(0x7f0000000300)='\x00', &(0x7f0000000340)='\x00', &(0x7f0000000380)='[\xef\x00', &(0x7f00000003c0)='%\x00', &(0x7f0000000400)='system.posix_acl_default\x00', &(0x7f0000000440)=')\x00'], &(0x7f0000000680)=[&(0x7f0000000500)='*#wlan0', &(0x7f0000000540)='system.posix_acl_default\x00', &(0x7f0000000600)='*vmnet0#ppp1proc\'keyring\\*lo\x00', &(0x7f0000000640)='system.posix_acl_default\x00'], 0x1400) capset(&(0x7f0000000580)={0x19980330}, &(0x7f00000005c0)) r3 = open(&(0x7f0000000000)='./control\x00', 0xc40beb2474dfd22a, 0xf6ffffff) write$P9_RLERROR(r3, &(0x7f0000000080)={0x10, 0x7, 0x0, {0x7, '*#wlan0'}}, 0x10) 14:20:11 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xc0ed0000, 0x0) 14:20:11 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1138.396749][T27216] kvm_set_msr_common: 11 callbacks suppressed [ 1138.396763][T27216] kvm [27215]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1138.437237][T27218] binder: 27217:27218 unknown command 1073898244 14:20:11 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0x0, 0x1b], [0xc1]}) 14:20:11 executing program 5: r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x9, 0x2000) ioctl$SCSI_IOCTL_STOP_UNIT(r0, 0x6) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f0000000040)={0x40000000, 0x81, 0xe}) [ 1138.482074][T27218] binder: 27217:27218 ioctl c0306201 20000680 returned -22 [ 1138.499765][T27225] FAT-fs (loop1): bogus number of reserved sectors [ 1138.519438][T27225] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1138.567693][T27225] FAT-fs (loop1): bogus number of reserved sectors [ 1138.577478][T27227] hfs: can't find a HFS filesystem on dev loop0 [ 1138.578046][T27225] FAT-fs (loop1): Can't find a valid FAT filesystem 14:20:11 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463034000000000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:11 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xebffffff, 0x0) 14:20:11 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = shmat(0xffffffffffffffff, &(0x7f0000ffd000/0x2000)=nil, 0x2000) shmdt(r0) syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) 14:20:11 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r1, &(0x7f0000000700)=0xce9, 0x12) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_ASSIGN_SET_INTX_MASK(r1, 0x4040aea4, &(0x7f0000000740)={0x0, 0xfffffffffffffffb, 0x3, 0x1, 0x3}) mkdir(&(0x7f0000000040)='./control\x00', 0x0) chmod(&(0x7f00000000c0)='./control\x00', 0x9c32f69e6caa24eb) lsetxattr$system_posix_acl(&(0x7f0000000100)='./control\x00', &(0x7f0000000140)='system.posix_acl_default\x00', &(0x7f0000000a40), 0x24, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x801, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000780)=0x7fffffff0000000) execveat(r2, &(0x7f00000001c0)='./control\x00', &(0x7f0000000480)=[&(0x7f0000000200)='\x00', &(0x7f0000000240)=':nodevem0%nodev@em11em0{\xec[eth1\x00', &(0x7f0000000280)='lo}\x00', &(0x7f00000002c0)='-\x00', &(0x7f0000000300)='\x00', &(0x7f0000000340)='\x00', &(0x7f0000000380)='[\xef\x00', &(0x7f00000003c0)='%\x00', &(0x7f0000000400)='system.posix_acl_default\x00', &(0x7f0000000440)=')\x00'], &(0x7f0000000680)=[&(0x7f0000000500)='*#wlan0', &(0x7f0000000540)='system.posix_acl_default\x00', &(0x7f0000000600)='*vmnet0#ppp1proc\'keyring\\*lo\x00', &(0x7f0000000640)='system.posix_acl_default\x00'], 0x1400) capset(&(0x7f0000000580)={0x19980330}, &(0x7f00000005c0)) r3 = open(&(0x7f0000000000)='./control\x00', 0xc40beb2474dfd22a, 0xf6ffffff) write$P9_RLERROR(r3, &(0x7f0000000080)={0x10, 0x7, 0x0, {0x7, '*#wlan0'}}, 0x10) [ 1138.636529][T27303] kvm [27282]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:20:11 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:11 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0x0, 0x1b], [0xc1]}) [ 1138.779976][T27343] binder: 27337:27343 unknown command 1073963780 14:20:11 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) personality(0x6) [ 1138.825816][T27343] binder: 27337:27343 ioctl c0306201 20000680 returned -22 14:20:11 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xf4ffffff, 0x0) 14:20:11 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r1, &(0x7f0000000700)=0xce9, 0x12) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_ASSIGN_SET_INTX_MASK(r1, 0x4040aea4, &(0x7f0000000740)={0x0, 0xfffffffffffffffb, 0x3, 0x1, 0x3}) mkdir(&(0x7f0000000040)='./control\x00', 0x0) chmod(&(0x7f00000000c0)='./control\x00', 0x9c32f69e6caa24eb) lsetxattr$system_posix_acl(&(0x7f0000000100)='./control\x00', &(0x7f0000000140)='system.posix_acl_default\x00', &(0x7f0000000a40), 0x24, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x801, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000780)=0x7fffffff0000000) execveat(r2, &(0x7f00000001c0)='./control\x00', &(0x7f0000000480)=[&(0x7f0000000200)='\x00', &(0x7f0000000240)=':nodevem0%nodev@em11em0{\xec[eth1\x00', &(0x7f0000000280)='lo}\x00', &(0x7f00000002c0)='-\x00', &(0x7f0000000300)='\x00', &(0x7f0000000340)='\x00', &(0x7f0000000380)='[\xef\x00', &(0x7f00000003c0)='%\x00', &(0x7f0000000400)='system.posix_acl_default\x00', &(0x7f0000000440)=')\x00'], &(0x7f0000000680)=[&(0x7f0000000500)='*#wlan0', &(0x7f0000000540)='system.posix_acl_default\x00', &(0x7f0000000600)='*vmnet0#ppp1proc\'keyring\\*lo\x00', &(0x7f0000000640)='system.posix_acl_default\x00'], 0x1400) capset(&(0x7f0000000580)={0x19980330}, &(0x7f00000005c0)) open(&(0x7f0000000000)='./control\x00', 0xc40beb2474dfd22a, 0xf6ffffff) [ 1138.889930][T27347] hfs: can't find a HFS filesystem on dev loop0 14:20:11 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0xe9, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xb4, 0xcc, 0x1ff, {"d3da9626997d18e1506b57fdce050970aabae94ab3109140b3818ddcfb485b53edd09f4ac06011017e427649ddfd258707d18342957862a420ec8f53ffa0b5781f1eaf3369944038688609c63bbe9170a0bf296640ee0d6040b69c0d0fccc148825aa4d07c8419434e0d1df2d6f9ea776ac06348a65b896c02011137f62b3d8c10c0ab3c3bc3bdcbc3142c62ffabe764d9adfff8baf8f66e5e56c890a13b4dc8605042d427323022494fce40e45d95caa6880ce1"}}, {0x0, "d179969cf86070b12edb122e9e318dd9e10bf8c3782acaeba70448341afec9fc96b6739d254e5e643fdcbcbd29ec1fa9a79513a5dc42c8ff6152e85f32b007b97345c822208112bd4becc24b2af18f0649a484433f273e1b5aeba60d1ba6408b81877a91c38a57fcf06e666cc7a8884778e5611e3dddc4ee030a48f5cb0c084a7788da6e006e95bf68418e4065321ee33417219c48023fee0c11431331bda7a610901e86ae4af1"}}, &(0x7f0000000000)=""/53, 0x175, 0x35, 0x1}, 0x20) r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) getpeername$ax25(r0, &(0x7f00000002c0)={{0x3, @bcast}, [@default, @remote, @null, @null, @default, @netrom, @netrom, @netrom]}, &(0x7f00000003c0)=0xffffffffffffffc8) [ 1138.935728][T27374] kvm [27348]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:20:12 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463054000000000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:12 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x0, 0xff0b017a, 0x1b], [0xc1]}) 14:20:12 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r1, &(0x7f0000000700)=0xce9, 0x12) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_ASSIGN_SET_INTX_MASK(r1, 0x4040aea4, &(0x7f0000000740)={0x0, 0xfffffffffffffffb, 0x3, 0x1, 0x3}) mkdir(&(0x7f0000000040)='./control\x00', 0x0) chmod(&(0x7f00000000c0)='./control\x00', 0x9c32f69e6caa24eb) lsetxattr$system_posix_acl(&(0x7f0000000100)='./control\x00', &(0x7f0000000140)='system.posix_acl_default\x00', &(0x7f0000000a40), 0x24, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x801, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000780)=0x7fffffff0000000) execveat(r2, &(0x7f00000001c0)='./control\x00', &(0x7f0000000480)=[&(0x7f0000000200)='\x00', &(0x7f0000000240)=':nodevem0%nodev@em11em0{\xec[eth1\x00', &(0x7f0000000280)='lo}\x00', &(0x7f00000002c0)='-\x00', &(0x7f0000000300)='\x00', &(0x7f0000000340)='\x00', &(0x7f0000000380)='[\xef\x00', &(0x7f00000003c0)='%\x00', &(0x7f0000000400)='system.posix_acl_default\x00', &(0x7f0000000440)=')\x00'], &(0x7f0000000680)=[&(0x7f0000000500)='*#wlan0', &(0x7f0000000540)='system.posix_acl_default\x00', &(0x7f0000000600)='*vmnet0#ppp1proc\'keyring\\*lo\x00', &(0x7f0000000640)='system.posix_acl_default\x00'], 0x1400) capset(&(0x7f0000000580)={0x19980330}, &(0x7f00000005c0)) 14:20:12 executing program 5: pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x80000) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000040)=0x6) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) 14:20:12 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x6000000, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:12 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xf5ffffff, 0x0) [ 1139.190875][T27464] binder: 27463:27464 unknown command 1074094852 [ 1139.233978][T27469] binder: BINDER_SET_CONTEXT_MGR already set [ 1139.236357][T27464] binder: 27463:27464 ioctl c0306201 20000680 returned -22 14:20:12 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x0, 0xff0b017a, 0x1b], [0xc1]}) 14:20:12 executing program 5: r0 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f00000001c0)="db12f6173efd9de21a6ce725c4fe5ce5411ba7aa95e37ebd9d3c8da2996ef70a216ef9c8e9e9a4a489a1f9adcd42f85c9722532338a3947bc30fe62c2617a7407388a689f5625e06095a3a2d5a87b61840a0f1d0654bfd1498c70ff196ab38141164bc39765b77912a80fcbd76f42d7129025ffe5f961c1cb201d985387e7df3dd35a7d1a65ca2a87f962924e6798add4e7d3d36db97590d9eacfa9e220a5e7ddb7c7bf7d5413690f8bf70b65f00aa2d76a2e0ebd93aca3ac08760fc76837c50fbe08df03fba1b9a2218ff8f9adc4dca4b3d3051b8c2cfc4e4a582891dd6cebe", 0xe0, 0xfffffffffffffffe) r1 = add_key(&(0x7f00000000c0)='ceph\x00', &(0x7f0000000100)={'syz', 0x1}, &(0x7f00000002c0)="7a5dfbc8ff0fd2c46384019340519bdfde3e49db11c9abe36b003a0b0c5967e4a2249550bc", 0x25, 0xfffffffffffffffa) r2 = add_key$user(&(0x7f0000000300)='user\x00', &(0x7f0000000340)={'syz', 0x2}, &(0x7f0000000380)="680ede8ad947093e8eb4d1642247ae7eba732625676255640eda3042a443fbfb0023305e8c72316d3cf5b6b8e28e3ce8f6cbca8a91372ca389fc9a6c14ae0b4779dd464fa4e5125dabe9f71bea42ed76ebd7a7e850733579bf36a1be19182d4b94195e5f19b2687576aa87dce232baf164fb927b4c5014aacf0028428a3ea0659c688c9f13", 0x85, 0xfffffffffffffffc) keyctl$dh_compute(0x17, &(0x7f0000000440)={r0, r1, r2}, &(0x7f0000000480)=""/164, 0xa4, &(0x7f0000000680)={&(0x7f0000000540)={'nhpoly1305-neon\x00'}, &(0x7f0000000580)="d13cda9d44b4f6863fc6886249ee07807a55bb4802f2c000db79416a46f9b7e742621207791ecc77a03bcd5685251cc4cb193c6c80f18a8c6b8e26d06e6550a36fa681ba215e32bcadb8328ba10ff9bcb778d4f3a287428b430ac21493b9439b5a8330790d3a5d8e495027233d0d5f20e11d25440446e603212e74e8a69496e21ee67a4433595939964afef0fd5a23a34970006f8cef6efa7e104d5fe45e6c188efe87c7a1b9940d9794f5845426f368ada4fd1e516888597fae2f56b5dc5d5b04ece172b5f719", 0xc7}) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0xe61) [ 1139.300585][T27469] binder: 27467:27469 ioctl 40046207 0 returned -16 14:20:12 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r1, &(0x7f0000000700)=0xce9, 0x12) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_ASSIGN_SET_INTX_MASK(r1, 0x4040aea4, &(0x7f0000000740)={0x0, 0xfffffffffffffffb, 0x3, 0x1, 0x3}) mkdir(&(0x7f0000000040)='./control\x00', 0x0) chmod(&(0x7f00000000c0)='./control\x00', 0x9c32f69e6caa24eb) lsetxattr$system_posix_acl(&(0x7f0000000100)='./control\x00', &(0x7f0000000140)='system.posix_acl_default\x00', &(0x7f0000000a40), 0x24, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x801, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000780)=0x7fffffff0000000) execveat(r2, &(0x7f00000001c0)='./control\x00', &(0x7f0000000480)=[&(0x7f0000000200)='\x00', &(0x7f0000000240)=':nodevem0%nodev@em11em0{\xec[eth1\x00', &(0x7f0000000280)='lo}\x00', &(0x7f00000002c0)='-\x00', &(0x7f0000000300)='\x00', &(0x7f0000000340)='\x00', &(0x7f0000000380)='[\xef\x00', &(0x7f00000003c0)='%\x00', &(0x7f0000000400)='system.posix_acl_default\x00', &(0x7f0000000440)=')\x00'], &(0x7f0000000680)=[&(0x7f0000000500)='*#wlan0', &(0x7f0000000540)='system.posix_acl_default\x00', &(0x7f0000000600)='*vmnet0#ppp1proc\'keyring\\*lo\x00', &(0x7f0000000640)='system.posix_acl_default\x00'], 0x1400) 14:20:12 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x6000000, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:12 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463064000000000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:12 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xf6ffffff, 0x0) 14:20:12 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x0, 0xff0b017a, 0x1b], [0xc1]}) 14:20:12 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0xc0000) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000300)={{{@in=@broadcast, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in6=@empty}}, &(0x7f0000000400)=0xe8) getresgid(&(0x7f0000000440)=0x0, &(0x7f0000000480), &(0x7f00000004c0)) lchown(&(0x7f00000002c0)='./file0\x00', r1, r2) r3 = request_key(&(0x7f00000000c0)='logon\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f00000001c0)='$])[}\x00', 0xfffffffffffffffa) keyctl$read(0xb, r3, &(0x7f0000000200)=""/185, 0xb9) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000040)={0x5, 0x80, 0x9, 0x0, 0x16}) 14:20:12 executing program 0 (fault-call:0 fault-nth:0): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:12 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r1, &(0x7f0000000700)=0xce9, 0x12) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_ASSIGN_SET_INTX_MASK(r1, 0x4040aea4, &(0x7f0000000740)={0x0, 0xfffffffffffffffb, 0x3, 0x1, 0x3}) mkdir(&(0x7f0000000040)='./control\x00', 0x0) chmod(&(0x7f00000000c0)='./control\x00', 0x9c32f69e6caa24eb) lsetxattr$system_posix_acl(&(0x7f0000000100)='./control\x00', &(0x7f0000000140)='system.posix_acl_default\x00', &(0x7f0000000a40), 0x24, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x801, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000780)=0x7fffffff0000000) [ 1139.588315][T27592] binder: 27587:27592 unknown command 1074160388 [ 1139.620489][T27592] binder: 27587:27592 ioctl c0306201 20000680 returned -22 14:20:12 executing program 5: r0 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x40000, 0x0) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000100)=0x1008000, 0x4) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x611, 0x301083) ioctl$TIOCLINUX2(r1, 0x541c, &(0x7f0000000040)={0x2, 0x7, 0x1, 0x3b, 0x0, 0x1}) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) [ 1139.722800][T27633] FAULT_INJECTION: forcing a failure. [ 1139.722800][T27633] name failslab, interval 1, probability 0, space 0, times 0 [ 1139.742411][T27633] CPU: 1 PID: 27633 Comm: syz-executor.0 Not tainted 5.1.0-rc5+ #77 [ 1139.755926][T27633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1139.755939][T27633] Call Trace: [ 1139.776681][T27633] dump_stack+0x172/0x1f0 [ 1139.782669][T27633] should_fail.cold+0xa/0x15 [ 1139.788070][T27633] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1139.798480][T27633] ? ___might_sleep+0x163/0x280 [ 1139.798498][T27633] __should_failslab+0x121/0x190 [ 1139.798513][T27633] should_failslab+0x9/0x14 [ 1139.798527][T27633] __kmalloc+0x2dc/0x740 [ 1139.798538][T27633] ? fput_many+0x12c/0x1a0 [ 1139.798554][T27633] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1139.798567][T27633] ? strnlen_user+0x1f0/0x280 [ 1139.798579][T27633] ? __x64_sys_memfd_create+0x13c/0x470 [ 1139.798594][T27633] __x64_sys_memfd_create+0x13c/0x470 [ 1139.798608][T27633] ? memfd_fcntl+0x1550/0x1550 [ 1139.798621][T27633] ? do_syscall_64+0x26/0x610 [ 1139.798636][T27633] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1139.798644][ C0] net_ratelimit: 25 callbacks suppressed [ 1139.798655][T27633] ? trace_hardirqs_on+0x67/0x230 [ 1139.798658][ C0] neighbour: arp_cache: neighbor table overflow! [ 1139.798672][T27633] do_syscall_64+0x103/0x610 [ 1139.798691][T27633] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1139.798702][T27633] RIP: 0033:0x458c29 [ 1139.798715][T27633] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1139.798727][T27633] RSP: 002b:00007f8382e21a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1139.940963][T27633] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458c29 [ 1139.948941][T27633] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bdb87 [ 1139.957302][T27633] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1139.969994][T27633] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8382e226d4 [ 1139.984086][T27633] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:20:13 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xf9fdffff, 0x0) 14:20:13 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463074000000000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:13 executing program 4 (fault-call:5 fault-nth:0): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1140.013678][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1140.027457][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1140.037288][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1140.044381][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1140.050686][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1140.057375][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:20:13 executing program 0 (fault-call:0 fault-nth:1): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:13 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r1, &(0x7f0000000700)=0xce9, 0x12) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_ASSIGN_SET_INTX_MASK(r1, 0x4040aea4, &(0x7f0000000740)={0x0, 0xfffffffffffffffb, 0x3, 0x1, 0x3}) mkdir(&(0x7f0000000040)='./control\x00', 0x0) chmod(&(0x7f00000000c0)='./control\x00', 0x9c32f69e6caa24eb) lsetxattr$system_posix_acl(&(0x7f0000000100)='./control\x00', &(0x7f0000000140)='system.posix_acl_default\x00', &(0x7f0000000a40), 0x24, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x801, 0x0) [ 1140.172671][T27710] binder: 27708:27710 unknown command 1074225924 [ 1140.189753][T27710] binder: 27708:27710 ioctl c0306201 20000680 returned -22 14:20:13 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0xe09, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x7d27, 0xffffffffff7ffffe) [ 1140.227608][T27707] FAULT_INJECTION: forcing a failure. [ 1140.227608][T27707] name failslab, interval 1, probability 0, space 0, times 0 [ 1140.262119][T27707] CPU: 1 PID: 27707 Comm: syz-executor.4 Not tainted 5.1.0-rc5+ #77 [ 1140.276534][T27707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1140.276542][T27707] Call Trace: [ 1140.276569][T27707] dump_stack+0x172/0x1f0 [ 1140.276594][T27707] should_fail.cold+0xa/0x15 [ 1140.304398][T27707] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1140.310217][T27707] ? ___might_sleep+0x163/0x280 [ 1140.316526][T27707] __should_failslab+0x121/0x190 [ 1140.316542][T27707] should_failslab+0x9/0x14 [ 1140.316558][T27707] __kmalloc_track_caller+0x2d8/0x740 [ 1140.316677][T27707] ? msr_io+0xf6/0x2e0 [ 1140.338060][T27707] memdup_user+0x26/0xb0 [ 1140.342435][T27707] msr_io+0xf6/0x2e0 [ 1140.346787][T27707] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1140.354066][T27707] ? do_get_msr+0x150/0x150 [ 1140.358578][T27707] ? emulator_post_leave_smm+0x20/0x20 [ 1140.366313][T27707] ? lock_acquire+0x16f/0x3f0 [ 1140.370989][T27707] ? kvm_arch_vcpu_ioctl+0x578/0x2fc0 [ 1140.376389][T27707] kvm_arch_vcpu_ioctl+0x5c7/0x2fc0 [ 1140.382208][T27707] ? kvm_arch_vcpu_ioctl+0x578/0x2fc0 [ 1140.382232][T27707] ? kvm_arch_vcpu_put+0x460/0x460 [ 1140.382251][T27707] ? mark_held_locks+0xf0/0xf0 [ 1140.382263][T27707] ? perf_trace_lock+0x510/0x510 [ 1140.382277][T27707] ? find_held_lock+0x35/0x130 [ 1140.382298][T27707] ? lock_acquire+0x16f/0x3f0 [ 1140.382311][T27707] ? kvm_vcpu_ioctl+0x181/0xf90 [ 1140.382335][T27707] ? __mutex_lock+0x3cd/0x1310 [ 1140.392996][T27707] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1140.393009][T27707] ? kvm_vcpu_ioctl+0x181/0xf90 [ 1140.393033][T27707] ? mutex_trylock+0x1e0/0x1e0 [ 1140.393051][T27707] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1140.393065][T27707] ? _kstrtoull+0x14c/0x200 [ 1140.393077][T27707] ? _parse_integer+0x190/0x190 [ 1140.393099][T27707] ? __lock_acquire+0x548/0x3fb0 [ 1140.432108][ C0] neighbour: arp_cache: neighbor table overflow! [ 1140.435964][T27707] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1140.435988][T27707] kvm_vcpu_ioctl+0x8f6/0xf90 [ 1140.436006][T27707] ? kvm_set_memory_region+0x50/0x50 [ 1140.464628][T27707] ? tomoyo_path_number_perm+0x263/0x520 [ 1140.464646][T27707] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1140.464672][T27707] ? __fget+0x35a/0x550 [ 1140.487284][T27707] ? kvm_set_memory_region+0x50/0x50 [ 1140.487307][T27707] do_vfs_ioctl+0xd6e/0x1390 [ 1140.487329][T27707] ? ioctl_preallocate+0x210/0x210 [ 1140.487348][T27707] ? smack_file_ioctl+0x196/0x310 [ 1140.501508][T27707] ? smack_inode_rename+0x2d0/0x2d0 [ 1140.501533][T27707] ? ksys_dup3+0x3e0/0x3e0 [ 1140.501558][T27707] ? tomoyo_file_ioctl+0x23/0x30 [ 1140.501578][T27707] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1140.516893][T27707] ? security_file_ioctl+0x93/0xc0 [ 1140.516916][T27707] ksys_ioctl+0xab/0xd0 [ 1140.516936][T27707] __x64_sys_ioctl+0x73/0xb0 [ 1140.516954][T27707] do_syscall_64+0x103/0x610 [ 1140.516975][T27707] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1140.516986][T27707] RIP: 0033:0x458c29 [ 1140.517001][T27707] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1140.517009][T27707] RSP: 002b:00007f3d664a5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 14:20:13 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xfbffffff, 0x0) 14:20:13 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0xfffffffffffffffe, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x80) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0xc04c5349, &(0x7f00000000c0)={0x3, 0x8000, 0xc6}) r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vfio/vfio\x00', 0x20000, 0x0) ioctl$KVM_GET_ONE_REG(r1, 0x4010aeab, &(0x7f00000002c0)={0x10001, 0x3c7a539e}) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000380)={r1, &(0x7f0000000400)="9d971f72fb45434e07aa1625ecf7ff2e559e03203a37d2564655a97cdc39147e97c059be787de697b427e10565e72a689ac98a9e8a00b688159117564d6c17a963e4c95c0cc300e9915a8c9463e321451ac20048845a11ff8a82657380e36065508bff076c5be74e85a298f070478e3d98ed0ea0e706e41e9e164b77bb84b176e52d73a59e3178733a078d040d563de69540b9d04e894ac3a4acedbe67a2ee88fa3e949937a513c55176b19a6e718fb0950434c2ffeb77b5c3dec6ff385c7db213db95f2da72d2eb686215dc4e58bc281ab058f29abc0c2530b0d59cb4ebbd17407d037071f9f1e69c0f347b5ee5212187f39153a3b7db2cbdf1883b9283e6a262648b2494b4aef3af310109f79f0397d3fa476edbb1040709efdf611b0cf868f7d4a14c0c112dfcdc4039574333b4d1f6db929a11afea5a4a4b612d59fbbdb4bbe1fedf2cddd1c53a667ce7099781554826afb8e97e6d4ffbc96612de9b1fdf47fda5fb657acbeb5c946c32a4b679f1c1b8c8109d80d8615668dfe7853d5306ffe70e351487541c9d70bc2c4d5f90deffbf0e0634bcd96c609691e05147a8072daf458de098f234cf1c6ffbc31149568f99e2071fdda691c01590645b70993fca7c3c516b3134337079a00f844eaa53d1cac1bbdeedef64a603aa360e91f214d6a3f33f7418ba31df86b08619bc861ec1b55a950cbb02a4a0be7e711bf66f677a0b082dc6850759be3f8cb5b09e8016debfb1a582894de324c6bcb2f7fd9dfe2e15856aa6e9fb5aaee3bd8ff14586530b579da185f54347c9abaa1d75977a9e89ec30b33a4845c4e78cdf22404e4a264da5bc28b90e56953c995c64d60c4b1fec6899abfe2ccc74fa11ef5209ddca757d4b1ee03238d012410510486bb83410b11b77418d84188c88376e44cfafa6edcf89859936cb106aadb4c70a996409f3c2c91b1aca35a56ac7ed2bf4c4728cc2ca2df7c9e7f1977cb6358fefde247699e18fa04e62072b2c34580601abe9ae322dd91d23584f50d24abbf05c9435c59081446f5fed5661296b3308b78c4c7787548f7342c9bfdb5fddcc4417280744805c554f913b2080531b5259ece3aaa7046baece07183d3acb38843ec4112d5193f273b18b175475b5453aa30b0bb326b8ae87081f27b20f2b0a837f727bae5cc6d00ec70e9b77dcdf57fd26090397b902921b40d36a167502b570c872a527f0ad8bd8ca50dc680106c63ea35404d9a41e1933d7745c0234d664d9730b5f0246c2491e972bf16034ac527a5c547c20892aec44b688f178df63d7e964c8408c6462cecd69b27607904ad1299bd0a11aba511a728105983784a1342dff0990e451d4c06f285d44b3ddf310236733a658163751aa9f3ecf3a698195133f8c3effefad193c0f31abad6bed4306e83dbc2414c54f8f4aa41cc7c3c2c0fc1459fe3553a5369a1d53dabbf3aa7c4dc70729725dd3193e5c6f6fe2b24169abb6b45d7cea7280a80039394c70ab44d994c313bc81225db32f907906b81bb8f070b29cfdc7fc5ca2c77d37e2e4eeb1bb09982e01cc1d7c2aa4d4ca9d1b7d9dd56f41ff73fe330e9a480659726f334142257810253dcf6c3c7d4cda294b26cd83f09b52a1d7d3349e9e7d5e585ce2b921696451e5565119e6c01c2035a8fd58fc98d2ebf7bf13171df8f1d0363cc6efb70ca5168bb2b2078bf522c1cd9dcce42d8e71dcec39a7bab41e803165ac7eb2248009e75b59cf20df505b9515c51ef9216cd3ecdb68c853c8eb2dc2e8c7f1b804580f3ce5edbf379fd545fcbb1719a10a1181a2c518d68e6baa14d9c2328aafebf1d9cb8bf81ed22e6404457237aae00c3da62b9f0b3f62ba8dbe769a0ee69a70ac629e0baf184b9dcb58898a1fba67343528f9d94c0266cd131de6db30244fc1a7fdfe14851c8ccfe4903c1341c2bbf5d332a072812873ccbce0f54bf136cff7c252eca77769e1dda26044943da8b8800737a661b92f431ec795a150df9160708ffb4e785a865a3cbec6306d8367653994e412adac2660e1f55c93fc1400fb7f059c69a4f9522e58f163074538f137b829b2cc07383d8ad1dcd28bc2d3630a8882924a810b53db91287a82653b1058252fdf0b2d1da2eeb70a42bcc9c218985675e8f47606550c0951dca5a14b9edb1dcc989ba147bc8da0524b4d8c06e8433ddab29c5c1733481070424c5d6366b8aef582bd1d60b98dfb8ba8b8226548cd4740e3fe41d75de902f85cf9df1ba3f9d9fceb618eb9c9545acf7706f57762c14f71f24d0d9f9c92b1722fe4a99df121641aa63352babbb7a922bf4c30bdbd0f83fdfca5fd469b67cf3b2bc2a78c5be185ab1fced619f812e217dcadb43f81814c431af3278317e373ae419c5a6c9881d1232bf91675b62822baf6a8145c35226fd1c2e5dfcb295105b5bff9af79b2d66ac1050f67d808ec775e4ad5777979335c303ad70ad7a479081eb7fcd7e9a0e7fb23d434225440f2790f87d3df48f532c18a80c4627f3688aed42b7765c71a14312860dfb3891d7305fa2212e2683b56e8c3e3234e534f4782c31318ea59ea16d1aeb79fd603d2e76690a2a8f8dc168b38b7dcdd17ec8099de5721bd7e405f69391b2cbe67092b26d530bb45c0d1d4a752e939d04e4df06829a0cb321d0f196cd2d113b865e32d073dc64bf216344cdd123de6322b708dea1bae683183da9ec94c29299cb13da855f48eb2c6d18e26cb8de7492b7eee6496de3ba066cd6fa6b5b7753cf43f2aeae5f690951ccd7ebc5929ce22407e3301860db2f609e9d7172bf5a2713567083ef50ee5aa0bebe549a998bcadac86d1b9e58fd8a2de131f31fa3a93d79b913a1bc3419dbf08db68491176f7714d8ea8af7cb0403ff55646ad2ec6a69c2e7088df187e0a68288b65c29a1acd9205d905b875646801674bd3a0f37f9a90eb5c8bdd2124554fd6eb4e63729864f938ab29df6310e11208e309343cba17c30afab9da37a32014ea8096d9b5de220fa2c5bd163477b2d55d905fadf274ea84da180ada91ba74ed583905525647856d70cf992c3e787f13a9567decfad394fb0392e5fe8876c3678a97cca7e50930286b740e27ab4e518791e2748800c87949d7e44743be65554196dd2f31f627a9c24a93dcbd9c5726743fb9be9f2073cf0174fa3aeaaba9ccfe26c7a7e69b29f2486f7b026f0e303aa7529746c7ce55b88b84c57ee49bfc6b85571e94a17d3d5587ff1fa81e8e718239197474ea1b34a2f088c245d1d136a6e854518c681d00898c7bfa99dae4cd3e0417a23d3c2c5b20dcf9dde1f22fd4af3e78e1c407fc24b9729bc20005e63fdb5126bf8b365f956d981c8deb1b597297b4f250d93cf6c63bdc25893142890ccf9779b29aab0add3f02c22ce2301c2f9ac5b8c5cbb595b6570ed22d68525d55ce8cd8b1231b2405fe254474a28093ce1b280c856c0824b2b07112f0127edce09781e5cbf636e10136ef8f759f35fcdb09964763b71cdae902499825d5b06c5e31885ea5f69c04c73b62282ec1e3fa63a2198b73059cb25e59022de58725055a11fd8201657133c4538ef9ad2458639de20178e0be1255b69fe309732a15c2d79dd153c7c44a58f27a4ac62a0a8d141f069f079730cd13e957e36fbcc4cbdf842dafd22b69b75ec072bef484388ee9c97849effdebe7d4e908cd62cb97c78108778e519812bf4290fc5503d6dec34783fee32d8f099cad5607ba27c43c68cc99b28c0b38fe07029d626a4cae6849c09375f722df7434c6d76f45dbc8e45895853001108b66bf353047426a5e0b8976b2a4a478271596b488fe36d06d53059075e1230b15baa9c33c75ba6ccbca4a22fcf482017ca4ab150310d8b44d8cd4adaeb16626a711aa91c46edc62a3ff666be04c89c163f84de38a35ac32c15bff5c7a764c6f0860006f47595d9413e3109bc9c19b954fa94b7b64ecbe0308d4cfa6b52474e3ed68bedbceff77c751b6e87a171833af83f9ba7202b5c4dea2e7a6e43b934658c6375141e3ebccdeaaa66f74ac8354777a1204e15008e139f7f347bf2371cbe036c5ba3c8c748d93e1af33c3ec8ecface6398ffc9717fb75abf46c35cabd1758a17924d14f46907d6c960e9f728106de98a01c078c29de64e6884d17ff978d99601ca190e7b36923bdba142d44c3a9e2d59363e4efa2e2056b64f1c85204cb63045d742c21211ac3bc89ac78282ad374e551b16ffe189a439e0e5457f1946e349c28ae895506d204977da9034773692cf25ca760e8d34109caf55dbc396d253be47f1c52e1af7920d442eece77a282d2dc1085b21fb96b4da691c0f1334ba7668b858a4cb1537c34a23dd0abaf4b6cd89a0a43a8dd18979c9c012247ab9f76d9a520fd82ae64ddf29f86e20a87541eb95e62e9af9be519b165cfacca85aa0556dceb45c934df028f5d4f57e4a124eaac9f491b70db707e00bdf6710a60bee1967131918277e2de257f39098b3c69c4af896f8c0e2833b64c41377692cc2254314850ffdc794a1d639c7572179048878b8547f08a98b41635bb853b1ca4d21542f594d5f3e044a5b8e32fac75c636315a6da00aca34dc48df002455452ab4360b72ec544ed2686549ace7cfe7cce8b64ea9d1ee86f89ae29be9f0132e344983f592b291d7a72b3ea014536c0f61dde64c507b33a5501880e774d9d264af9bae988c85d4c127da253718f1b3bde6b54d230b369a8e5c8908c9c176eb7f5d167213e9449b0817b97b3a9c036c03943560dad1f30387b75a969f4d9fe35c80d4c327195fd23009f8792c95766a768b213f54ff2866aab6f3e20a632df60c081608d7155d24e96f5237cfb7a6718922946d648f2ba394373bc0810d261e441f82c18ae6dab070faf41160f3b1ac22152199ce434d314fe55b841456e43496895b29bd503f847dfe2647f8e5ee4828aa737ffb7b85906d0bdbb951ac50647632de8ed3d491725a11c459b4760ec4c8c73093ceac8ef4e077b1cc4bd2faffce7f5982176a4a61d53a62bea055fd1d57f1de2c5888f596807a8931a905061cbf132c41eaa9c4a755c66bdc3d702151fa8f830f93ea3df4d2d9c21dc3466c48a45154eaea4bb9c0ef952f8e9f476a7932f2c642647091a584db58c34630f9bfa671b970455aee45e537307b6ae13c6d5aff03a6a0389f11f2e9754520be55679ec23388cada8a7417fd3227854833d8a55775eea3e25806020206eed4d0daed1d28996d13848dae51f8152e5f08ef30a6993e3c20edd08a4c5514a5772fa07b32cc1b7776b98916652fe7eae164adc8d6bb7307c8076baf5fed7c2605ef56f9a9e68c0af02c0d07074fea01398bb5dca1dff78d184360a09a8ec7119aececa190eb1b62dc1fab6b6e2b951469c144128f1607e4075f5bd4fa8a50977925911ac22a062021ed5ee977c5204214d9b17be2f64587ae8ab48fdc310e4bdc61c6667cafc58f81803e8cc63b3f0bcaab1654158d08a393bc3a3fb88a77ca77905a98ae7c76bcd41601684db019f9d8999c0920835705c1c18d9496feb717ef43b3a11df6ae9b33250c6039cc0fad5e1271124d53105693017419d1a106fce8fb33b235bcc989d8e87d601dbc7d408bd83ddd815389743f06881465ac8eb47bfeeb4cb17a5d66567fc0009344ce403bed9a1707530b70779e2033cd5811f14e0f5ab9d1edc34b1c262c551eb1254cdeab61e01b3d53f09a1cd0a13f430f6b0e5fa9fafb23a08273f2f4d09a8f9f28054b980eb7b285eaa62950fb51caafaa6a4df6da9bea40c53546e3d9d320d2497c686dba", &(0x7f0000001400)=""/169}, 0x18) r2 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x4}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000200)={r3, 0x2}, &(0x7f0000000240)=0x8) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000003c0)={r1, &(0x7f0000000340)="8bb0ee06fefb97418b23370e4a55a6d9ceaf8f29795aa3", &(0x7f0000000380)}, 0x18) 14:20:13 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463124000000000086310400000000080"], 0x0, 0x0, 0x0}) [ 1140.517024][T27707] RAX: ffffffffffffffda RBX: 00007f3d664a5c90 RCX: 0000000000458c29 [ 1140.517033][T27707] RDX: 0000000020000040 RSI: 000000004008ae89 RDI: 0000000000000006 [ 1140.517040][T27707] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1140.517048][T27707] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d664a66d4 [ 1140.517056][T27707] R13: 00000000004c17fe R14: 00000000004d3fe0 R15: 0000000000000007 [ 1140.667174][T27818] FAULT_INJECTION: forcing a failure. [ 1140.667174][T27818] name failslab, interval 1, probability 0, space 0, times 0 [ 1140.712717][T27818] CPU: 0 PID: 27818 Comm: syz-executor.0 Not tainted 5.1.0-rc5+ #77 [ 1140.738287][T27823] binder: 27821:27823 unknown command 1074946820 [ 1140.741714][T27818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1140.741720][T27818] Call Trace: [ 1140.741746][T27818] dump_stack+0x172/0x1f0 [ 1140.741769][T27818] should_fail.cold+0xa/0x15 [ 1140.741787][T27818] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1140.741807][T27818] ? ___might_sleep+0x163/0x280 [ 1140.741827][T27818] __should_failslab+0x121/0x190 [ 1140.741844][T27818] ? shmem_destroy_callback+0xc0/0xc0 [ 1140.741858][T27818] should_failslab+0x9/0x14 [ 1140.741879][T27818] kmem_cache_alloc+0x2b2/0x6f0 [ 1140.820622][T27818] ? __alloc_fd+0x44d/0x560 [ 1140.827381][T27818] ? shmem_destroy_callback+0xc0/0xc0 [ 1140.837558][T27818] shmem_alloc_inode+0x1c/0x50 [ 1140.843277][T27818] alloc_inode+0x66/0x190 [ 1140.849610][T27818] new_inode_pseudo+0x19/0xf0 [ 1140.860242][T27818] new_inode+0x1f/0x40 [ 1140.865202][T27818] shmem_get_inode+0x84/0x7e0 [ 1140.873844][T27818] __shmem_file_setup.part.0+0x7e/0x2b0 [ 1140.882461][T27818] shmem_file_setup+0x66/0x90 [ 1140.887628][T27818] __x64_sys_memfd_create+0x2a2/0x470 [ 1140.897042][T27818] ? memfd_fcntl+0x1550/0x1550 [ 1140.914074][T27818] ? do_syscall_64+0x26/0x610 [ 1140.923393][T27818] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1140.928753][T27818] ? trace_hardirqs_on+0x67/0x230 [ 1140.934111][T27818] do_syscall_64+0x103/0x610 [ 1140.938780][T27818] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1140.944831][T27818] RIP: 0033:0x458c29 [ 1140.950275][T27818] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1140.974172][T27818] RSP: 002b:00007f8382e21a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1140.987541][T27818] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458c29 [ 1141.003302][T27818] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bdb87 [ 1141.023110][T27818] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1141.038194][T27818] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8382e226d4 [ 1141.048890][T27818] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1141.059952][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1141.062072][ C1] protocol 88fb is buggy, dev hsr_slave_0 14:20:14 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r1, &(0x7f0000000700)=0xce9, 0x12) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_ASSIGN_SET_INTX_MASK(r1, 0x4040aea4, &(0x7f0000000740)={0x0, 0xfffffffffffffffb, 0x3, 0x1, 0x3}) mkdir(&(0x7f0000000040)='./control\x00', 0x0) chmod(&(0x7f00000000c0)='./control\x00', 0x9c32f69e6caa24eb) lsetxattr$system_posix_acl(&(0x7f0000000100)='./control\x00', &(0x7f0000000140)='system.posix_acl_default\x00', &(0x7f0000000a40), 0x24, 0x0) [ 1141.082720][T27823] binder: 27821:27823 ioctl c0306201 20000680 returned -22 14:20:14 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x200000e000) ioctl$KVM_SET_XSAVE(r0, 0x5000aea5, &(0x7f00000001c0)={"e4d36e0f1f0edd1e10791b49172074adb2898ca8cf45caad82e3d7e1c3fedeb65c1d4dc541af8569e25a01daf4881095ae30a00542867119df3afcead3f3ca5a1664a23efaa24dc164ae002fa543537566a5fcfe2ef9698d023b7680c4708597e34e3ac3cfce2e4b6e4c9627f895b86c464bb420fd9ef591b2ea088aeffe915438d93adcd64a01133831ff80963a81e7001146dc662d742c2e5825a0fa1cb8997e08b5ab677527ca229a54716f74fd904f933a60c16f437c4026ae351657a6c7cadbd22afba32f40b62a38b5910f1816cd950ff208cca1f642c75047d739d36116a15040992faaae851ae054b8fda441df06a54e9d5cbbe0979d68b225afae8cb67a4a0f1fb3e77ce24b998c724b22d639fbda53177e6ab2189bcab2c23cb28e70dc90accabca3b324470319f69caf5a995262d473cc63144514694cb6564f77125ef62f86c2c5fde01b7908b47e091e6fa36c46d1b6dd8d7aef25cba7359eeb23e21cb9d345fad2dab2556f585e0d8eb867a64084905bc3e16c03ae173c4959893cfa505422ab55ca7ffab6e80170a3a28ce99170d8bf1ae4d937fc69926d341dbcdbcfb44eabd44aebd6662cd25a951ad19229eb6dfd3b2fce2808ed6e5f4a42c9f0a0b6402f441085f4ef7003f2bdcf1ee742a19ac4630d0f3c2a03a069d1e7ba595a0f2ef8f615f4ed9c25839ab37d54f441dab5ff4cedc82a4c6218a69e3d03a727c18f508c7a273d90b87147bc4369ff34b54804e3cdadfa44f6c042fc72243b9f885e624385396d142f2aaa6d53a6859249713a6fa977c675085bdad60759d77c2fb3c973b5e69e2c0ea27cdea6bfa18a6b9737e401582404e57928eef2deb38c54afd4ee0795383dec1be35075af8bebfe9df37db5b193196d371469ab052ce7ef0af93e1de346f83727d2f88a29413cd7c53c8a90c769cda9b35c860844cae434be9a23c9e509dd40bc08d4da19bb0ac81edcae10c06b9ad7b16a3de4559561f71ab96c87c6f6219ea5daa696f7eaed3fabd2e22f190fe4ee01582a9709fbbe8da2aefc940d8fd36485886ae32e96c088845b274f3a95e7b9dd1c18bc32ff5cb6027f21e6423a99c060a9f63177636897050c91b2285c53e85e3812981693fbd8e589ba0d05628c530ed60f928116436c2954a40ad681454d038bc10ea4e71ec1f31fbf8a89cb7e72ac9cbaddada774d8eb9361101d99c3dcbc2e3359f0cec03e5313192f9be59650085062eacc31cb0bbe61ed89d148fa799faa532c065c56a8a25117c4b9cb89b51d91adbc0ed99fb3531f3f538730fd4f869fe4568059c8fe9cc31da60acf1e4bb3d1cc2a748a9c9b124b1512efb1b013dea82cb7f6d38e4fc3f0b7606630c4f8e53f22a48a951af253dd9bd88b740d5ee8ff63e290483e0fea019c6129cff8e55ea5fab6819b6b964cbd93d6cc09f965d1baa5"}) 14:20:14 executing program 4 (fault-call:5 fault-nth:1): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:20:14 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xfcfdffff, 0x0) 14:20:14 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463544000000000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:14 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r1, &(0x7f0000000700)=0xce9, 0x12) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_ASSIGN_SET_INTX_MASK(r1, 0x4040aea4, &(0x7f0000000740)={0x0, 0xfffffffffffffffb, 0x3, 0x1, 0x3}) mkdir(&(0x7f0000000040)='./control\x00', 0x0) chmod(&(0x7f00000000c0)='./control\x00', 0x9c32f69e6caa24eb) [ 1141.293521][T27933] kvm [27920]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:20:14 executing program 0 (fault-call:0 fault-nth:2): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:14 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000000)={r0, 0x0, 0xfffffffff0000000, 0x4000}) 14:20:14 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1141.369747][T27939] binder: 27936:27939 unknown command 1079272196 [ 1141.396860][T27939] binder: 27936:27939 ioctl c0306201 20000680 returned -22 14:20:14 executing program 5: perf_event_open(&(0x7f0000000140)={0x4000000002, 0x70, 0x3e7, 0x0, 0xffffffff7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) [ 1141.515063][T28050] FAULT_INJECTION: forcing a failure. [ 1141.515063][T28050] name failslab, interval 1, probability 0, space 0, times 0 [ 1141.542230][T28050] CPU: 0 PID: 28050 Comm: syz-executor.0 Not tainted 5.1.0-rc5+ #77 [ 1141.552539][T28050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1141.562787][T28050] Call Trace: [ 1141.566098][T28050] dump_stack+0x172/0x1f0 [ 1141.570569][T28050] should_fail.cold+0xa/0x15 [ 1141.576465][T28050] ? find_held_lock+0x35/0x130 [ 1141.581247][T28050] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1141.587104][T28050] ? ___might_sleep+0x163/0x280 [ 1141.592097][T28050] __should_failslab+0x121/0x190 [ 1141.597079][T28050] should_failslab+0x9/0x14 [ 1141.601583][T28050] kmem_cache_alloc+0x2b2/0x6f0 [ 1141.606427][T28050] ? __put_user_ns+0x70/0x70 14:20:14 executing program 5: r0 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffffff) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000000)={0x4, 0x20493859, 0x100000001, 0x9, 0x3, @stepwise={{0xfff, 0x2}, {0x6, 0xffffffff}, {0x3, 0x6}}}) perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$KVM_GET_API_VERSION(r1, 0xae00, 0x0) 14:20:14 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463045400000000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:14 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xfdfdffff, 0x0) [ 1141.606442][T28050] ? shmem_alloc_inode+0x1c/0x50 [ 1141.606462][T28050] ? rcu_read_lock_sched_held+0x110/0x130 [ 1141.617663][T28050] security_inode_alloc+0x39/0x160 [ 1141.617682][T28050] inode_init_always+0x56e/0xb50 [ 1141.617699][T28050] alloc_inode+0x83/0x190 [ 1141.617713][T28050] new_inode_pseudo+0x19/0xf0 [ 1141.617726][T28050] new_inode+0x1f/0x40 14:20:14 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r1, &(0x7f0000000700)=0xce9, 0x12) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_ASSIGN_SET_INTX_MASK(r1, 0x4040aea4, &(0x7f0000000740)={0x0, 0xfffffffffffffffb, 0x3, 0x1, 0x3}) mkdir(&(0x7f0000000040)='./control\x00', 0x0) [ 1141.617741][T28050] shmem_get_inode+0x84/0x7e0 [ 1141.617762][T28050] __shmem_file_setup.part.0+0x7e/0x2b0 [ 1141.617783][T28050] shmem_file_setup+0x66/0x90 [ 1141.617801][T28050] __x64_sys_memfd_create+0x2a2/0x470 [ 1141.617815][T28050] ? memfd_fcntl+0x1550/0x1550 [ 1141.617831][T28050] ? do_syscall_64+0x26/0x610 [ 1141.617847][T28050] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1141.617869][T28050] ? trace_hardirqs_on+0x67/0x230 [ 1141.635512][T28050] do_syscall_64+0x103/0x610 [ 1141.635532][T28050] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1141.635544][T28050] RIP: 0033:0x458c29 [ 1141.635558][T28050] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1141.635565][T28050] RSP: 002b:00007f8382e21a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1141.635577][T28050] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458c29 14:20:14 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x10000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x1, 0x101080) ioctl$KVM_SET_NESTED_STATE(r3, 0x4080aebf, &(0x7f0000000200)={0x2, 0x0, 0x2080, {0x7000, 0xd000, 0x1}, [], "b72d3cd08404afe042c1aafad802cd46bfd5dc8047c88d22b0162cc184e85a90d6ec85829cd348fad46ca918baabaee72d88f87d63573338c891308212903fe8fafc944b1c283221679842e9bd0a979b00ebe784c98fe6b3ff675e2dbc4ca88a0c4415029c5d2a75442b4c6e55b79f442c5beed1c701e1299f6d773ddd154c06cdf13b2f7479773f1726bff26f1f570d3dfeb7748428ee87ad5697bcf5565b79c9b903809795e0218a7579f23fd809a444364200a84c9dd68001b56992c79ceb40b8b028d2dfc56ea007f7d6bb852788d84fcde1c710633949eb0f0887d4dc82e7629cb07b3d713190c9d4819d83deb2883ef679fe608a2712455137d766eaad882f808cc61e72d43c660b6a5e84dde6394d537d62a34ce0c596f5b3250acd40135ba5cb7d090fd53bc4ad45f50f2fe5f4bc47d1db5c7549c56236c296ccee2582047b599ec8b3cde53c7844588a8000573e09a026e735efd896ac4c3f1bdb9c53e7e6fe8a7db09eaf6b237e74ae50621afb101ffc7321be9aeb6f2c706253b66d0185988090359a6191a782f02deed9c94dd83d5d7a5f9f12d9164da856fe4f16100d4d9b378cf6ca95b6b50754474a5fb1b7c5f854e0b4e253306b7ba73f10e3b0875ff7a1e958a57ca4aa66c026aa145504d03bb9aba57b467c935ace771722c335128add1ea49d0dd68de3596797f50cb6e6932bf53b1b3e0a063f418e3d7627051e3415a27a26d486a4507990270017e3a913638761a347d47bdb7e90ad0a1051c8427bcb22f7eb7c87938953ec2e5845309449bc5f524e5d0d7274bc44d257766ae84bdeba97583a0240cd9b48b67857ac5eafb5ea4a57a9e979a1dc372d940f8ea4d6c777b18390854e0d629a712f682dc618a060b5dc2ca867cf3f274fa07eacf3446df52a440429d81e49803f667fe9efb3c8fd2b9114ba133015e8d55d98f466909cc63755c2d4573ff2ff3afe95d6dc82ea8b5d28c37201b0df548f74b3542222ca24df2fc185221aeb6c6bd1824f61d8cb89c61db981bfb2c7f39c50847849b3f9c2cc3a39ebb3b1dbb416d938ba3a7964ccfa34cacce43fd23151f88d4d7c734d80b094304ade48e5d273b827ad6ad2eb237cdb3e186ced65d0e0b13fb688d9d127689a1d9001020769fdd8f119d8a6b5150e06f4045c6f0b3a4fcb09c16d057a4d2826d0fb9051274582c9d174cb7372f0ffe99012682b7b237736041dcad184f25056c2076e5687158580117131f1b78c0ea636b68f1b4d75f617fbe537d6eddb24632122b797b433e396715908688e335861069af5c644cc84bac01db2a381ae3aa4d66c4593306d26defebfdc9b7f745ce4a102f033db45e721fc20548d219af681a737205212fa509f94afc743e064104f5b32e875d1586ef16a02e096722c1a6d9faaaead8b9040748ee2f3a8520b9ce387e142b100f1c52327d3f1c66f2f61b0e9d1202c8932e209be85a25c2830d3e100abf11e58c883fb181e4f542a919f2086a4d892977a26e5817b6f347f4d6ee52e785e791a292c33ea7bf7f74a5222e494d75dc307014705b19cec6340968b332c0f3c1e8e9d6c87e8068a6eee99c5868ee08bf9537b3b5bdf18815132273925d29d85fe049225d74854edfd13ae788b2dc940e2087cce3b478f2ff3353f2a8270949673db878b59005aa4e622258c92634768910ffa44dc661ecd688dcb06e38e500e21cb5e02356da295a41330f7ed69f00f52cd4d754f4fc238f4edd67623290f066079619ace4c87f435390ba81479345131f610bfeddb5ab6a9949ebe2f28b3dbc49561eed969f4728f6e8a615eb7df2134b03bef5af90455dc52cc572423eb81008118a7955de1a86c81085f956622c6dc8ac49a054a7af71adef1ae59a24557a08634caaa5eca2f68f74b87a7d0e129392d310365ed24f55cc34586ecb1791730f458fad4522e103ae3f12bbb7d0b5722f10155943553d876916a75049efacdf0ca342d7b1168f153799bc257b6d3a08d67026a17f121faa21222b46d8f89394c1d5747d7fcb495aa415e66fa7d01e5bdb95e515dcecccd17d7220f1ca4cc73e3b5873049fa31ef515ade22c8eafca6963751de13a79e934c3021d62ea3f90b5dc8c3647034869926d012399845e0a6bb935df70c2754f08269926dafaf6ffb95fe7bcb7f0b8dfd3857cf43949c6d460c32bc40ec98458ff204cb6f0260a813fd79985cec7b4d917676494dff5c443e94fad1b83b45252589d09157bbc74f979735f8b505082a106a46f95f4e0450f3e331c7a8588d51728274932f0f8913922a2bf2542a39deeb648b24f670bed1a5a062d761b859f48a386ab7d22b676e29b0eb74fc6eb284a80308318afba9778d656af019aef6819c70a0e880f1cf144cbbb794355493e81845f435074845ec4d404d645cf973e918d640cc919309ba20745b26e63a63593abcb09da89dfc30c5c75ef0e310617c8222799403f46670faab285d282767949ca7faa9ac04f8e3dc13d996ffab006479ce66fb94aa2cdc5481431fb6f866cc3b12a8f625d1f617000a8f4357329dd8f68b045eb2d1e4aa8f126a34f2ad8f2ee9a322fcb9d8f26ffbe04aefe7abaeb3427f4ded6c760e63a4b8f5959f04c33a5a5e9579a6d1ef19818da8f4e69060bed4a50805288701e01589441fa0124dffe0e10cd5f1e7efab4743651b4d4e2e8ebb3d30e349195c3fd227b90a6dbe9a02610c41c94d394d2d4bb474867a47e8aa9e86f4b78b2c4000171399359b777825ea93bc288f51d2f94e7aecbaf922798844dc8b7b21b8c25c1c42994738ae288323fbc76b880f9e61dd1175b0ba1b8e3cd0cc2625a14798ca2090fb8b6bf57853cffbbd3cebbac807fe62ad92741a496236afc9af163b8e322ffa6a216dfb60950ebb2dccf612ab129a0ee0957c84c534e41335b712ca9d6afab592bf8c51638c2a506926279dce8b40c6644948994b237a1ac4f92a5cd2feccc3a4ae601c3148da13918786b257b41f3815eda1c759b3bdc4f002285540eaae7f087374f11e5ef72b744c9ac4f548ec4745840c3957ddf1e5ad7bd8518f02a8c1dcc207c89cc00532877ee2a65d9bd3cdf87146b2e3bf8b319e99851588e5c580ad298b8272f814e58054068f7d33e449da428e28c9eba85e27eb38196465237a6c40e4320164ecd00181ecdf8a67fd7f19fb0092a3b2bc8eb39996ef7ec711c886721e6d9f3640d8fdb1204abf25308b80153a627614c470e33e2dbbce15c2b5f7e2e7070262a72be4d0f85b28db727c5ec71be1e5786c4e87bf6000cccc86f534c6cfe0de00f094b0dd550ffa633159a575cfeecde6afa3e46d1a8e0ec93769238d71b02de8ca75c471fe2340ae12a65aa35a6080ab17400f2531b38fac366257cbe6079395c665ba15d31f6c40f53dc360a512ca14e9fb8a271e7f6f845b577b37319c68418014e16654cbc18ae3f2b0c36eb67cdf3f531ff4f5f0090253c962987609ec3e1d20ab446a742e09726d7593baec41469e1ceaa8db086f92bc28687b54db28aacdb43418d228c4aca98995ba8f13c1bca21db34a9b481f5c8eb68986ba9a9404bffd5800d3e31dc97b864f00ba06173ebd359088de614bd739c9c11b8db38860a881997390ffb41d8fae6ff105608f473e32a60689bab8451e0cc497764364097433b90fcefe61aaddfca6efe15e1daecc16ba5225edda1bf32de5116a48429de26cdfd027e2950c2be5fb97a7ba1264979424dbad8c556fa87cc8c79fbaf68e67440d0537ddc529ba16f8d450ab3c77a8fb1dcddf718a67f588fd50b2099ff4655321b2c4ec0aaf4abfa1c4d17dbfe25c440e0cc326c98e4e87a110e0a0fe56f2d0daa5a74ca5293a68b6035fcfbdaa030e22d499aa5fdc897be1e985d94a38721269846dd0505cda02ad75b5acb81a8f7b300c6a622b6c6d854b9d822bd4c7ee299c95f1f9e4f3298728cf399e591f365d96dd155bc8e24929afdb822cff2c233e8996185b942f20140b4f44569e30bfcf6dd28df564d797fcef542306c57c173fb492e61321b5c53707c52a1af6209728cd50ff4cc67372646fc55d81955d86cac8db9de4120aa774421f73e15d070ec6ab0c8bf6f758c222c8e39fa91cba8f7c651d37d668c8ec0744e4a9843362ddee036d0604a94c1fefddc8b52eab2c0c59d972dcdad4bbc09bfdcd3e7fef4e9849c03b40d3b542196e4c1274ff668a5821b60c2f03d5db35a82bfb71604c169602f60c5836f9db8c92349c0bf364830fbe24f6f406ea551a4cdc86fc4fee3333fd3a8703dc54acb3553adf111ded382f71e184d82bec0e5f1e48ba53fe0a131a0e1e9186fbfb37bc8c1f9ed926dd7740e2a1005244653b50bfbc6ac7c3739d480ee7649e88ee5158898f602b6c016ce4f3e840fa52a10d612cb67f68e5c2679acb8a4fdb056fb06c4fbec25fbe1eb51ef028a0331c1542f9c16429cc75bf53921653a63ce8bb4cd36890d0d2fb410588a7393b0c3f1387063114cd432ef15bed3683eed7ef1b86d4b19eba280d8ea89697fed26b68ae8749c6debe26d2dd7843c7abfe60b6f5c8e8a5ac6815811dd1bb781ae81ed5e0e1271506f4cd8663fd1e7dfc639985727e58fd70cab668efb35aa3082eea1e60b3f284668548476b0d7f2d8b04677e6ee0dd189c8e909b44538755affe740e8c9f6c551a0b5dd1004a7d3d7da4aba2ba3a96002f285a5255fde4f4b3c5de2b2435a0738f7e6e96d0e08663b63babb220eeb731a9414311fce6b0b2925435efe5c85305fe440ce48790e7150052a225be0f93adca39aa3cacb09136607b48bff99938941ff860b9de5513b5cd3efcfcff5f6ba99ce756cba1e3911bad6c01d118db60dfb8d427712b00d5f67ac7307117aa83f68638d308ab099aa1c86901f9a4e0bedc76c8d41f2e26d063e7fd1f31dc21ecb88b3c40bb3064420ba248e273c09c3c2bc41f4972892b976684a5de162da204eff8a59eea40f37a849a3339014d5f859de2194fe9cbcda15e100e33936b7fa3cf4c1bb4f474776658a067de3c392e7cdbe5db0e7fe9dc9d4791efd22a51a50db9678e0ac35b586b334aada8807eefe3c1fca189a668ebffda010cfbd707b0c7d4109b72d21ae09eaa59aa4296073b3b93b8a59131452fe3ea3a96318a9b991e8de51061fa1db602c999d87e8f341e2edb671d38b550c7beafc8e77644f6b5255833f81e3d301f37b5b620826238501e271364abca69eaf178804bf4ef227064f040e44128dd10f3be367419d27f78d73a75ef1d967045d424f1a46f71a9102f7c9ed687f3d54d16f8041a1a3573d5e350e257b1ff0fc27a96b1de319ebf9405ccfb971a8b7812d3d1a291e5f19d34d418bd3cd48f452e29fd7271235587221024570b27de916164a0317c76e11bb445828e73ee916cb83f1256001ed40421d42843fa5c2b51a454b72fafc4b20c78bb14ad35146ec17ad66897e4331bfed7ed538cb20a795ac38f0808eb2b5b8bf9342e5a58e2dde0990e2aafc128b076e553d7214840d584cc8592e9aea4be2907ee389942e261449bf4806e457b38caca1f5d04c2708db234bc7275a6129a7a9729b5d6a28fef1eb782edf061d2a350ef81c7695775a8b01a9c83cdb53ad9b8767663344cc8c8b9c425f411d99ad8e21225a173202bca47017c349f3a63680ae2a54f75ff8f6648e802e33701171a94df7f8038382253e2a0de2802b3af497a2074bda12208468b4d084d99d302fc9c202b5a5090448098dfd0f266746ac73545ff87ed2c2a550461c54b9e50ae5303076dd1becf", "afc3e15b3974df71414c99488d6de656e80bd95d0ec5f2541168b3b94b1f55623bff709bd0e5817a8474cf6cdc9bd546fb22a0163b7f96db2ec9814a0e4c575546f2ae918efd62def3c139b22fc72ab222141681bbd9f56437c156c6a4053ebab0cf3f2e16c6f928ad8c1bff8e68d978b20ebd7f707e194a426c39504975aacfbd62db9833f7dadf8b833a6cfa89bbd79304d71aff40d672d6045b749646e57ebb8ebfcd8f69cff710ee8dbfacd57b9205b1441b167f5a1e303ad947933dc085809db803ba634f6ab30693e4e4028c3dd3195f73f7a3d2badf10b4a1e24be5567f0c3fc2b2a68175735ba14a6e26b4c56c04c196d6e614d865c29e5d741fffa31a5aca66b8852228e7584f2870ce3ee1704575c08cd83374760e48306318e5f829baae6a42ff6327282a25ef8eda65838b3872e2be256da38ba8ccda93ba2d37aa9c531c8d1d9b4b21b058f438a0b90f945849afb0630284b31b05330f5b18cf07d943c5466de56e1f4c6e8bda13c6b8901866236131c5d0150119cd0907c39c08ba17a8abcc09137f70c69233265544dde7119dc1e36ebf3263a482add00e875c26ee86bfbd6ade610e9d9d57f88b81733cfc0448c8339a166ef24f2f3988b04e7826eb2eb1f9f148e6117bd7825b77076e8e1ad65eb43fec7b70eb5a8cb3a6da57e715aed05b48304245006aab04aa7b731d185d8b88939b15cfc175396eb642a1a4fcfa3ef1f77eb4379decda68e8a5fe92cb7ed31a01a86791884bc4b1debf98472970d65253e834af6a38a9a433007753826c3f9b8452837bb6340e7344537e9fe64d865bb2a21295f805e9bf8ffdf63aa3cbe021a2b8f36f2723569568d375b4832390d443d14c6492a0f5b101dae137518b39c2f7d7d205b9ab307502b701b33709e2ac4945e46df569df4dbebea8d1532842a837dd00bbd4df8b7b9b368c79a09a23c261816b16d44ad782309b73a7a95fb522a29fb7d542a395b23b50b26a13ca41f0e126316d80b809b23bbe0bf8976948fc3b5d81375af1815218d9e306c111b03d40c226e76a74156446abb271e6558543324d8cb7dc47502ac0393a40ad812c82998128d47b96f1cb736886bdba7b545d213158fccbdaad5fe8865e024c2fcd3ecd083b4c758ad80185f81e0c3ecd429031649dd692b51e00233f3f390528eeb40fdff3cde9dde9d4e049151476cc625fc175416f0a18058cd9e9c75cf329ed0908fb081bdff6613706ad4936405b57044b51197cc7ab86eddbbb894c7951ee60eb21fcc2949410b3013b29e4725d768637f211bf01b09716f85b11c55f70c38dcae836f4f374989a10f47f3c29039da8757d869f252f63a68a0adf38ee17452341ee0e42b055694d4353b6d5cc448f1205e23fff77877ba5baf6d6b4a364725c7bac24146b8046c530ffeb80c8a4807070a367a9953a829dc16c993830a4bf63a441eb290ed4d2d19dfc353e8875b5c69807747704b41fa119ec8f72ec6b7446a50843d4d34e362467561578d8aae30d2a487827a6023e7edcdddf34bb0f298bc174a99e403dbac97b975c589690b1814f25aeb443234ba01682ed110eb5bd59dd76acde5ce480ee32d77c93dac644eeb26f8c9067a3a83ff79ff573a617adabed800184b5714fb9ee530e0bb8b8ed72b26f9cb3f6a20854077fda1031f9b829294a8709c5eb6f2614ee95b59040926646bd575d17490a006d86a80260bad8e179c1e218401be165816b4131c327da3cfa14f4c8ede0ca6b054507eddeaef0d957ea50356956d53a6462c729dde60daa3a7b67f8f3f6fce2fcbd788c1bec67e2f1dbb93bf46cbdb23934144397e5c661035b162dcda3870d214f674909ca6696edca75f4300e675a6025e526db3468b0a4273f9dc555a04efe4a5dd68989e824d05130e29bbc66852a8e4fc68941535bd84d2b85e690677a02b6d709d9c2124a0278f9294b35eebf089d3fa88d6312df8a357378b90944697490d9c8c3a80512f7eebc021b3fa52d3816ab3440e8a8de0f8b56933ad47172f82d8c1434a76cfd51a63c8690df76e89d1d9351dd93587a9e6ab99121ca784810dc4a88df7d4a9a614ed93754788110adb7bce95eb8be2332933eaac3c609bd210bb7ba83b287c55df7d6885dfe94cba62f297a4a553528cb69aa52e5006dcd957627279aa073d79370705b6d8b900dd77bfaa28fb894dc60777bdf6b581348bd196d025bdc090850119ec68236f1ca61d825338d99dd6c792cc9ed7cabb3215037da898b4d91e35dc93baa1e0b1ad14eeacb257b0af958c737fbc61d1d5a28f2c3c7806a48a5f79dc3773a5ab862057738f5607f8e89ab5276f0fede6bd708ac970f2b1402aab8e7ce0a46c6ef2eacc08908b173a7b52f5a6f15630459be820b174a674369746952b92997d0f49ded09558522a5e528bc22005b80a9db7f8d6a8b2fa2069bec36f14b491676a2b8ab208c6f254f236cfc0aeedf40dbfcb878afa32a62010b63aca43417f31b137ff7103016707370243a34f9aacd2b65539c4a81405a73037e5f7253726f3e552681bc2a2cb8672c06ba95ebce88a5788bfe93807e5a5c68990e9e4290bbfb4cbd95b4fe4b312a3519041c44da8ca74ca2f70f68c504e27e733556c962324352e518841860b76f98f8cb5fc5c12fa11bee168ec776e611e3eceb348173ef33dbd0935c06075e6631aaa853b3f144dee1c68355de81ff2be5257675c76b200c45c5372d91beeb607cb24fdf276bcf9b663e2cf71d60923a5bcb85818b52b01f6bdee8115addd3a896c54db67e3e0f28386fa0a4e15f5fe5b82f2b351c29a7b5979b882baa33bc06197a776c64c3031fbb0b2d3cf95533cd543563eac6f0fa80812af18e5bd76a4ba9ea7337fac752c78d8578259c444b17e06d76e1717f3bada14ef0b9ded31deecc7e1dc92ce59439b69d375d07b30b35b2c667086e222201268939b64f69dc121b8bcca1dcec54820409dea06cb9cee3b2fa76fcf3cc378a3b18492739e2105917a73e9e001c4733b0207b8eac3ffb57e2708b3bd0202fba3128c592886a069fa6bf4c62af61de4746248dacc909623b6f39fabaf17a737bd0ac275b7a110f9808519fa33eb5e8ccc067156f081a4a38f15f10181bd28adbb6378d16c243dc9d34b493bd7d5170cd7993d0acd8da481c4d8e62112db898c88a3ee6d89942deee6e6381a2251b07128c9f471f3bd647beb0d1624576ab89f24e68ccb745abc9da838490d2ff29f5533e043508d9c31bd4bf123d2c61929846647b8fcdaabfea30409d90763cf229162d2fb97ce880d9b8db02706813425c37f262bec3cd2c032fa2aed155e8affe1eba9f39dde0b26be876c83000b9cf086701fb190eb7dd2c3f08ed2f70a6c1f79cddd762cb67935614d876199211705a9c5a31dca6ba64a7275e9d05760958c6a84630bb4511e3c76e38b45d8ff36b5c2a05dcd88bf7fa34985574553e947d21c01dc8bb90217ef38e0b3da8680571f83ab2d8eb2ecfbf89e231bcbfd6da4a73a5c9ccc6558da855bf8a1fe815306c844b9d0df0d7b3374079c7f6e1160271977a8f0e93c45a996dc413e5d8490e46274dd8c4cdd8de2636c37100b189b14547f0317a5fea18d7e625a609061c25b0496032261690e6ac6cb19a0cc9bb6b71bad1b5051f712c09a4a25f6bd2aca0e4a8c0b1b55b64afa486f233526ed42c16621743209eb81900fa586405989746e22f8049ab2e95b44bfd14d2ea002ac80b9695ed7a20b55302f40cad7ecea1f0e16e99ebce91409e84822293f5404677a6aa113a918ee35ac69a59eec6a673992b59ec3180e60bafeef6e2fa0555397b47ed6033e37c4445c6dee693cb70490bcb085dd867eff57332d80b354adca9854da4a95b2d67986ecb176c53bdf78ff70a05a5ce8e5f4fbf9348fb7fd68297760eb4cb6f2bbabae01673b0b2c1b1d29175ec6726b7690dd669317616b28917fef612e8b4ee34d5f3285f28238118cd5c3b21fd28bf91212ef4751bd93ac6836e957dc3f402d3ee6a2ec9b93ffc1ef674043a440f9cdeb9b30bf81306e10ef8c7a8f73560f8d5963af66337c49598e480b609b0800fd7e363e2db7eddf5d898c13b366d847eb30758cf20bd270f1762bd6051fb117c47cb743d3235a93df50b9319f89cc9a44a79c1773d5d24035e5388d3dd9c73f9545c105ef53c08bf1c8e23984a138c6b5dc7bd1ad66dab2a060e0983afef5c4df234217105e6d3c23c170a0368e5353a325688c947b0824edced19dfeafedb37d322fd16f3760a583401e8bdb24cd589d47032860180afdc667502d238baa748b6b2b514afc82408004550b3350a2fe2478b8ccaf83db4be1b8e89f731c4c1a01c03957d0b90e4e258f318cfe1eacaee141fca83b4ff3ac14ff7f0f2e11bd1e4da8626aba790b0211320680b7fc952a261385221d00cf9df2a1c3eeff5cff92ed1b4bc71bad438761f4a2ac7a63a2bdffaefbb4a078287e411fd480b9c68949a0e9ab4c581bac9f0cb83d37731070131ee74d519e092a17ce995ef3bdaaa512408f91e486a70af93d88a6aebeb21bc11b16e5c0bb65a42a1576270521893beba001213bb2ea957ab55ce19a0199c697d024536167eb265a2642df8799c53b3c67bd1db0aecdba5c2945493c3f0258f6a1b2ee99770e13cb0cccd2d41a9e4ccbc95835e2869fb860516e2bdf0336c9d248cfc7893fb429495510c1158100e711ed7bbbd64d52d879067a0dc2da08cf129388acfacea5e4ddc724ffd1d74af79293dd3b2127f33d6bd59c505a5be51468b9eba9d995c595261f4a4965573a580bcb037a28498e6bf82f7281350d7aabd2d04c4dc1b99dd5651437c864cc5cef9bd0028e43065e0bc4e677f93c6ce906b678979c87d7fc1b7e7e73f880dbb41a4dfeba180cd2ce773af74b03de7703ba227ba43f081802f0648785841739c6b3094f51550388994501b39189ea6c09d1272c159e1337856b96e0d122f6b9c2b19b0497783694b28ef5aadf747f11566f8fe3f3d48196711de04161d277160641ee4c62c8cded478a1593eef66775536502a84529d359514268c141f666ddf90b99058ae6d7d7ace05d0ac5b0f793e4548a4755f850515577b647e8180c72c7bc4c54b36a1c222f4b782dd5a0cb0694a394d9a705ab4932f103c335b983e5f6699fd3d53cf4c61816253a74457cb60a287c8473c029ac24ca5da10801f4415994ad9319942e8ac7dc0ae445c4b67378fbd0edccbab982fa0a20b45587274e29f7445eeaf25700d2fe2ca08504b07d70ee305173ec350d925c69dcbb29f32b66a6a74db77b4ab55b8a62692a21fe7aec74a2a83b05f58ba1178611881243a0f5538200c761e62ed414684f2e18961739d5c07251e9063fbeca4d9ef9d33229b668a00f85e85b38a17a4b78f810913921d76cf52233742391719f9bcaf427f0b14f0513c970dccdeedbf7b5b2ec07f09480ebcd58fc4ec30df7169fea5d5accdf20bc475516a71e0ba1a10b8114571ecbbe6dff334cd11a45fa483500b9cb6953607ced1f898c3af1934271ef14cccabfd8a26f9b5e7cb8ff516b35fb89d68dad2c15e8405a1d7c74add0d7bedadc0d007c2836401462c46fa5a33fd4279c017b0b9fbe18edd2bcc065dfbd14bfd31c5292a13008c4881ca6091d66f9ea6beac58cb933dbac25b3798a7bdc6df0377dc73986e39b8924d88ab09e9a219efe4b6a8854b5368e1c5397660e0e1ac48f2ca7bbdc29ad5f39d23a4292ec37aee45a2187c47a9a6ecbd4a6f9c19892c84a35d3e8e4544e8"}) ioctl$PERF_EVENT_IOC_ID(r4, 0x80082407, &(0x7f0000000100)) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:20:14 executing program 0 (fault-call:0 fault-nth:3): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1141.635585][T28050] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bdb87 [ 1141.635592][T28050] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1141.635599][T28050] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8382e226d4 [ 1141.635606][T28050] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1141.829312][T28155] binder: 28154:28155 unknown command 1409573636 [ 1141.858591][T28155] binder: 28154:28155 ioctl c0306201 20000680 returned -22 [ 1141.869176][T28162] FAULT_INJECTION: forcing a failure. [ 1141.869176][T28162] name failslab, interval 1, probability 0, space 0, times 0 [ 1141.892962][T28162] CPU: 0 PID: 28162 Comm: syz-executor.0 Not tainted 5.1.0-rc5+ #77 [ 1141.901104][T28162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1141.913083][T28162] Call Trace: [ 1141.916409][T28162] dump_stack+0x172/0x1f0 [ 1141.920875][T28162] should_fail.cold+0xa/0x15 [ 1141.925928][T28162] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1141.931760][T28162] ? ___might_sleep+0x163/0x280 [ 1141.936818][T28162] __should_failslab+0x121/0x190 [ 1141.941859][T28162] should_failslab+0x9/0x14 [ 1141.946388][T28162] kmem_cache_alloc+0x2b2/0x6f0 [ 1141.951777][T28162] ? current_time+0x6b/0x140 [ 1141.956384][T28162] ? ktime_get_coarse_real_ts64+0xf0/0x2b0 [ 1141.962307][T28162] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1141.968491][T28162] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1141.979100][T28162] ? timespec64_trunc+0xf0/0x180 [ 1141.984229][T28162] __d_alloc+0x2e/0x8c0 [ 1141.988433][T28162] d_alloc_pseudo+0x1e/0x30 [ 1141.993735][T28162] alloc_file_pseudo+0xe2/0x280 [ 1141.998608][T28162] ? alloc_file+0x4d0/0x4d0 [ 1142.003679][T28162] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 1142.010050][T28162] __shmem_file_setup.part.0+0x108/0x2b0 [ 1142.016752][T28162] shmem_file_setup+0x66/0x90 [ 1142.021727][T28162] __x64_sys_memfd_create+0x2a2/0x470 [ 1142.029190][T28162] ? memfd_fcntl+0x1550/0x1550 [ 1142.034224][T28162] ? do_syscall_64+0x26/0x610 [ 1142.039092][T28162] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1142.044379][T28162] ? trace_hardirqs_on+0x67/0x230 [ 1142.049412][T28162] do_syscall_64+0x103/0x610 [ 1142.054279][T28162] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1142.062442][T28162] RIP: 0033:0x458c29 [ 1142.066866][T28162] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1142.087177][T28162] RSP: 002b:00007f8382e21a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1142.102047][T28162] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458c29 [ 1142.110455][T28162] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bdb87 [ 1142.122556][T28162] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 14:20:15 executing program 5: syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xfff, 0x3) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x3, 0x0) 14:20:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044002000000086310400000000080"], 0x0, 0x0, 0x0}) [ 1142.130547][T28162] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8382e226d4 [ 1142.138520][T28162] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:20:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) r4 = syz_open_dev$adsp(&(0x7f0000000180)='/dev/adsp#\x00', 0x6, 0x8000) ioctl$RTC_AIE_ON(r4, 0x7001) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x1, &(0x7f0000000100)=0x1b, 0x4) 14:20:15 executing program 0 (fault-call:0 fault-nth:4): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:15 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r1, &(0x7f0000000700)=0xce9, 0x12) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_ASSIGN_SET_INTX_MASK(r1, 0x4040aea4, &(0x7f0000000740)={0x0, 0xfffffffffffffffb, 0x3, 0x1, 0x3}) mkdir(&(0x7f0000000040)='./control\x00', 0x0) [ 1142.271582][T28374] binder: 28370:28374 IncRefs 0 refcount change on invalid ref 2 ret -22 [ 1142.308978][T28378] FAULT_INJECTION: forcing a failure. 14:20:15 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xff0f0000, 0x0) [ 1142.308978][T28378] name failslab, interval 1, probability 0, space 0, times 0 [ 1142.317201][T28374] binder: 28370:28374 BC_INCREFS_DONE u0000008000000000 no match [ 1142.360800][T28376] kvm [28372]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1142.381852][T28378] CPU: 1 PID: 28378 Comm: syz-executor.0 Not tainted 5.1.0-rc5+ #77 [ 1142.389967][T28378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1142.400030][T28378] Call Trace: [ 1142.403345][T28378] dump_stack+0x172/0x1f0 [ 1142.407687][T28378] should_fail.cold+0xa/0x15 [ 1142.412290][T28378] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1142.418100][T28378] ? ___might_sleep+0x163/0x280 [ 1142.422950][T28378] __should_failslab+0x121/0x190 [ 1142.427969][T28378] should_failslab+0x9/0x14 [ 1142.432465][T28378] kmem_cache_alloc+0x2b2/0x6f0 [ 1142.437323][T28378] __alloc_file+0x27/0x300 [ 1142.442128][T28378] alloc_empty_file+0x72/0x170 [ 1142.446881][T28378] alloc_file+0x5e/0x4d0 [ 1142.451197][T28378] alloc_file_pseudo+0x189/0x280 [ 1142.456131][T28378] ? alloc_file+0x4d0/0x4d0 [ 1142.460968][T28378] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 1142.467202][T28378] __shmem_file_setup.part.0+0x108/0x2b0 [ 1142.473089][T28378] shmem_file_setup+0x66/0x90 [ 1142.477751][T28378] __x64_sys_memfd_create+0x2a2/0x470 [ 1142.483109][T28378] ? memfd_fcntl+0x1550/0x1550 [ 1142.487881][T28378] ? do_syscall_64+0x26/0x610 [ 1142.492569][T28378] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1142.498031][T28378] ? trace_hardirqs_on+0x67/0x230 [ 1142.503143][T28378] do_syscall_64+0x103/0x610 [ 1142.507899][T28378] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1142.513787][T28378] RIP: 0033:0x458c29 [ 1142.517667][T28378] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1142.538393][T28378] RSP: 002b:00007f8382e21a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1142.546961][T28378] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458c29 [ 1142.555003][T28378] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bdb87 [ 1142.563804][T28378] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1142.572627][T28378] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8382e226d4 14:20:15 executing program 5: r0 = syz_open_dev$cec(&(0x7f0000000240)='/dev/cec#\x00', 0x0, 0x2) accept$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f00000001c0)={@dev={0xfe, 0x80, [], 0x21}, @empty, @ipv4={[], [], @local}, 0x80000000, 0x6, 0x4, 0x100, 0xffffffff, 0x40000, r1}) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x6}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) 14:20:15 executing program 0 (fault-call:0 fault-nth:5): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1142.580669][T28378] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:20:15 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r1, &(0x7f0000000700)=0xce9, 0x12) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_ASSIGN_SET_INTX_MASK(r1, 0x4040aea4, &(0x7f0000000740)={0x0, 0xfffffffffffffffb, 0x3, 0x1, 0x3}) 14:20:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044003000000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:15 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getuid() stat(&(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = request_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000700)={'syz', 0x1}, &(0x7f0000000740)='-\\\x00', 0xfffffffffffffffb) keyctl$get_persistent(0x16, r0, r2) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000240)={{{@in=@loopback, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in6=@local}}, &(0x7f0000000100)=0xe8) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000340)={{{@in6, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@local}}, &(0x7f0000000780)=0xe8) lstat(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getresuid(&(0x7f0000000540)=0x0, &(0x7f0000000580), &(0x7f00000005c0)) r7 = getuid() r8 = syz_open_dev$swradio(&(0x7f0000000980)='/dev/swradio#\x00', 0x1, 0x2) getsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f00000007c0)={{{@in6=@dev}}, {{@in=@initdev}, 0x0, @in=@local}}, &(0x7f00000008c0)=0xe8) getgroups(0x4000000000000172, &(0x7f00000006c0)=[0xffffffffffffffff, 0xee01]) setxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f0000000640)={{}, {0x1, 0x6}, [{0x2, 0x5, r0}, {0x2, 0x4, r1}, {0x2, 0x0, r3}, {0x2, 0x1, r4}, {0x2, 0x6, r5}, {0x2, 0x1, r6}, {0x2, 0x0, r7}], {0x4, 0xf100711657faa3a3}, [{0x8, 0x0, r9}], {0x10, 0x2}, {0x20, 0x4}}, 0x64, 0x1) ioctl$sock_SIOCGSKNS(r8, 0x894c, &(0x7f0000000900)=0x2) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) 14:20:15 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xfffffdf9, 0x0) 14:20:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$LOOP_SET_FD(r1, 0x4c00, r0) r2 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0x1, 0x2) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r2, 0x29, 0x41, &(0x7f0000000180)={'nat\x00', 0x3, [{}, {}, {}]}, 0x58) ioctl$KVM_KVMCLOCK_CTRL(r2, 0xaead) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r5, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1142.841716][T28592] binder: 28588:28592 IncRefs 0 refcount change on invalid ref 3 ret -22 [ 1142.865534][T28592] binder: 28588:28592 BC_INCREFS_DONE u0000008000000000 no match [ 1142.895308][T28597] FAULT_INJECTION: forcing a failure. [ 1142.895308][T28597] name failslab, interval 1, probability 0, space 0, times 0 [ 1142.922192][T28597] CPU: 1 PID: 28597 Comm: syz-executor.0 Not tainted 5.1.0-rc5+ #77 [ 1142.930966][T28597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1142.944660][T28597] Call Trace: [ 1142.948055][T28597] dump_stack+0x172/0x1f0 [ 1142.952547][T28597] should_fail.cold+0xa/0x15 [ 1142.957268][T28597] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1142.963379][T28597] ? ___might_sleep+0x163/0x280 [ 1142.969358][T28597] __should_failslab+0x121/0x190 [ 1142.974906][T28597] should_failslab+0x9/0x14 [ 1142.980021][T28597] kmem_cache_alloc+0x2b2/0x6f0 [ 1142.985418][T28597] ? rcu_read_lock_sched_held+0x110/0x130 [ 1142.992803][T28597] ? kmem_cache_alloc+0x32e/0x6f0 [ 1143.003715][T28597] security_file_alloc+0x39/0x170 [ 1143.012138][T28597] __alloc_file+0xac/0x300 [ 1143.016826][T28597] alloc_empty_file+0x72/0x170 [ 1143.021590][T28597] alloc_file+0x5e/0x4d0 [ 1143.025840][T28597] alloc_file_pseudo+0x189/0x280 [ 1143.030778][T28597] ? alloc_file+0x4d0/0x4d0 [ 1143.035311][T28597] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 1143.041560][T28597] __shmem_file_setup.part.0+0x108/0x2b0 [ 1143.047210][T28597] shmem_file_setup+0x66/0x90 [ 1143.056059][T28597] __x64_sys_memfd_create+0x2a2/0x470 [ 1143.061465][T28597] ? memfd_fcntl+0x1550/0x1550 [ 1143.066230][T28597] ? do_syscall_64+0x26/0x610 [ 1143.070907][T28597] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1143.076203][T28597] ? trace_hardirqs_on+0x67/0x230 [ 1143.081235][T28597] do_syscall_64+0x103/0x610 [ 1143.085833][T28597] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1143.091722][T28597] RIP: 0033:0x458c29 [ 1143.095615][T28597] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1143.115219][T28597] RSP: 002b:00007f8382e21a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1143.123628][T28597] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458c29 [ 1143.131963][T28597] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bdb87 14:20:16 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r1, &(0x7f0000000700)=0xce9, 0x12) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 14:20:16 executing program 5: getpid() r0 = getpgid(0xffffffffffffffff) r1 = getpgid(r0) perf_event_open(&(0x7f0000000000)={0x7, 0x70, 0x1f, 0xa000000000000, 0x6, 0x40, 0x0, 0x7, 0x6001, 0x0, 0x7, 0xfff, 0x8, 0xffffffff80000000, 0x2, 0x3, 0x9, 0x2, 0x4, 0x6bb, 0x5, 0x400, 0x80000000, 0x6, 0x50a1, 0x8000, 0x7, 0xc, 0x4, 0xfffffffffffffff8, 0x939, 0x8000, 0x6, 0x6e9, 0x2, 0x0, 0x6, 0xfffffffffffffffc, 0x0, 0x0, 0x2, @perf_config_ext={0x8001, 0x8}, 0x8, 0x5, 0x1f, 0x0, 0x6, 0xf6d, 0x9}, r1, 0x4, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) [ 1143.140458][T28597] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1143.148430][T28597] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8382e226d4 [ 1143.156402][T28597] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:20:16 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0x1, 0x400) setsockopt$RDS_CANCEL_SENT_TO(r3, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x4e23, @remote}, 0x10) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:20:16 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xfffffdfc, 0x0) 14:20:16 executing program 0 (fault-call:0 fault-nth:6): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:16 executing program 5: r0 = open(&(0x7f0000000000)='./file0\x00', 0x840, 0x1) ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000100)={0x0, 0x6, 0x8a13, [], &(0x7f00000000c0)={0x990bf6, 0x81, [], @p_u8=&(0x7f0000000040)=0x4}}) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) 14:20:16 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700)=0xce9, 0x12) 14:20:16 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044004000000086310400000000080"], 0x0, 0x0, 0x0}) [ 1143.366998][T28707] kvm [28706]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1143.375275][T28713] FAULT_INJECTION: forcing a failure. [ 1143.375275][T28713] name failslab, interval 1, probability 0, space 0, times 0 [ 1143.398421][T28713] CPU: 1 PID: 28713 Comm: syz-executor.0 Not tainted 5.1.0-rc5+ #77 [ 1143.406438][T28713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1143.416496][T28713] Call Trace: [ 1143.419790][T28713] dump_stack+0x172/0x1f0 [ 1143.424129][T28713] should_fail.cold+0xa/0x15 [ 1143.428749][T28713] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1143.434652][T28713] ? ___might_sleep+0x163/0x280 [ 1143.439506][T28713] __should_failslab+0x121/0x190 [ 1143.444518][T28713] should_failslab+0x9/0x14 [ 1143.449007][T28713] kmem_cache_alloc+0x2b2/0x6f0 [ 1143.453839][T28713] ? rcu_read_lock_sched_held+0x110/0x130 [ 1143.459628][T28713] ? kmem_cache_alloc+0x32e/0x6f0 [ 1143.464649][T28713] security_file_alloc+0x39/0x170 [ 1143.469655][T28713] __alloc_file+0xac/0x300 [ 1143.474054][T28713] alloc_empty_file+0x72/0x170 [ 1143.478799][T28713] alloc_file+0x5e/0x4d0 [ 1143.483113][T28713] alloc_file_pseudo+0x189/0x280 [ 1143.488039][T28713] ? alloc_file+0x4d0/0x4d0 [ 1143.492959][T28713] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 1143.499190][T28713] __shmem_file_setup.part.0+0x108/0x2b0 [ 1143.504821][T28713] shmem_file_setup+0x66/0x90 [ 1143.509487][T28713] __x64_sys_memfd_create+0x2a2/0x470 [ 1143.514929][T28713] ? memfd_fcntl+0x1550/0x1550 [ 1143.519674][T28713] ? do_syscall_64+0x26/0x610 [ 1143.524334][T28713] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1143.529600][T28713] ? trace_hardirqs_on+0x67/0x230 [ 1143.534613][T28713] do_syscall_64+0x103/0x610 [ 1143.539197][T28713] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1143.545067][T28713] RIP: 0033:0x458c29 [ 1143.548945][T28713] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1143.568632][T28713] RSP: 002b:00007f8382e21a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1143.577033][T28713] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458c29 [ 1143.584989][T28713] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bdb87 [ 1143.592944][T28713] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1143.600898][T28713] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8382e226d4 [ 1143.608851][T28713] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:20:16 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x11) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x7, {0x3, 0x6, 0x6, 0x9, 0x8, 0x98}}) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) 14:20:16 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x8000, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000180)="69895d975f266867d0d8aa022cb3381bc76a0660332013d03f5584a8dc73b83de6231810274dca087ba03ecb495a4d46ee81267474b66116fe001065db82a63854202a923fc0ab71bf4501cd066f327e0e81c654861e94", &(0x7f0000000200)="c6e3110c68cb295f3b0ec7b269bcf89435be89b7f3bf2fb8a26ec9ed361c44fb15d24feb4bd436956558553d9328c980b8c7691b4eae16ec0df9072b1e76c4bcf4fdb9f929bc946831519dc6e8a98872f5ea27764eb238f314c44cdbf3cf43c24db9a33e7492b5358d05dd379c242e3c0c1b97510276070468736a206372995463400bfec468e41cfecdbae7ec88297beb714954676dd46da1952275c043871767c9c581cc432abf891a121ecf4c04fef28a8f056182a336355b2185201d4e9b679f19df13f0b93044d92292a51871171ccf85e9efa6eba6f41fd2abb2cb4ea7e639257c5790c0ae98d62d6f97f0f42acd16c3d653f1", 0x2}, 0x20) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:20:16 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xfffffdfd, 0x0) [ 1143.682536][T28720] binder: 28719:28720 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 1143.707908][T28720] binder: 28719:28720 BC_INCREFS_DONE u0000008000000000 no match 14:20:16 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000700)=0xce9, 0x12) 14:20:16 executing program 0 (fault-call:0 fault-nth:7): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:16 executing program 5: r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x7, 0x40000) getsockopt$packet_buf(r0, 0x107, 0x17, &(0x7f00000000c0)=""/84, &(0x7f00000001c0)=0x54) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040), 0x4) r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fdatasync(r1) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0xfffffffffffffffe) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000240)=@assoc_value, &(0x7f0000000280)=0x8) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000200)='/dev/hwrng\x00', 0x200000, 0x0) [ 1143.823824][T28747] kvm [28722]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:20:16 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044005000000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:16 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000700)=0xce9, 0x12) 14:20:16 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x80000000, 0x2000) 14:20:17 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xffffff7f, 0x0) 14:20:17 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x2000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r2, 0x4008ae48, &(0x7f00000000c0)=0x2004) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1144.013758][T28937] binder: 28917:28937 IncRefs 0 refcount change on invalid ref 5 ret -22 14:20:17 executing program 5: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x0) ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f0000000040)) eventfd2(0x7f, 0x80001) lookup_dcookie(0x6, &(0x7f00000000c0)=""/4096, 0x1000) syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x4, 0x1) [ 1144.056737][T28937] binder: 28917:28937 BC_INCREFS_DONE u0000008000000000 no match [ 1144.065119][T28939] FAULT_INJECTION: forcing a failure. [ 1144.065119][T28939] name failslab, interval 1, probability 0, space 0, times 0 [ 1144.088538][T28939] CPU: 0 PID: 28939 Comm: syz-executor.0 Not tainted 5.1.0-rc5+ #77 [ 1144.096571][T28939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1144.106643][T28939] Call Trace: [ 1144.106671][T28939] dump_stack+0x172/0x1f0 [ 1144.106692][T28939] should_fail.cold+0xa/0x15 [ 1144.106710][T28939] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1144.106730][T28939] ? ___might_sleep+0x163/0x280 [ 1144.106747][T28939] __should_failslab+0x121/0x190 [ 1144.106763][T28939] should_failslab+0x9/0x14 [ 1144.106780][T28939] kmem_cache_alloc+0x2b2/0x6f0 [ 1144.106794][T28939] ? notify_change+0x6d5/0xfb0 [ 1144.106807][T28939] ? do_sys_ftruncate+0x41e/0x550 14:20:17 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044006000000086310400000000080"], 0x0, 0x0, 0x0}) [ 1144.106825][T28939] getname_flags+0xd6/0x5b0 [ 1144.106841][T28939] getname+0x1a/0x20 [ 1144.106855][T28939] do_sys_open+0x2c9/0x5d0 [ 1144.106872][T28939] ? filp_open+0x80/0x80 [ 1144.106888][T28939] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1144.106904][T28939] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1144.106923][T28939] ? do_syscall_64+0x26/0x610 [ 1144.124932][T28939] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1144.124950][T28939] ? do_syscall_64+0x26/0x610 [ 1144.124973][T28939] __x64_sys_open+0x7e/0xc0 14:20:17 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000700)=0xce9, 0x12) 14:20:17 executing program 0 (fault-call:0 fault-nth:8): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1144.124988][T28939] do_syscall_64+0x103/0x610 [ 1144.125005][T28939] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1144.125017][T28939] RIP: 0033:0x412bc1 [ 1144.125032][T28939] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1144.125039][T28939] RSP: 002b:00007f8382e21a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 1144.125052][T28939] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000412bc1 [ 1144.125061][T28939] RDX: 00007f8382e21b0a RSI: 0000000000000002 RDI: 00007f8382e21b00 [ 1144.125069][T28939] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1144.125077][T28939] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 1144.125093][T28939] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1144.345088][T29054] binder: 29050:29054 IncRefs 0 refcount change on invalid ref 6 ret -22 [ 1144.380185][T29048] kvm [28951]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:20:17 executing program 5: openat$userio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/userio\x00', 0x458800, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='sysfs\x00*\x86OK\xc0\v\xce\x1b\xdb cr\x13\xb1\xe8\x94\xd1 q_\x9d\xc1\x12[\x04,r&\xeb\x016\xd9bN\xa1\xd23t\xa6`\xfeZ\xc1sr/\xd3g\xad\"\xe8U0\x05\xa2\xe8\xbe\v\xc5QCy\xafr\x13\xd3+\x8d]\x06\xdc\x8f\xbf,\x84\x9e\xd9\xcd\xef\xc7K\x03\xdf\xa9\xcbZ\x90\xb2\x8bK$\xd7\x86,=f\xfc\xa51g\xd5BB5CZ=\xbbv\xbc} 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1144.671812][T29267] RSP: 002b:00007f8382e21a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 1144.671827][T29267] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000412bc1 14:20:17 executing program 3: r0 = syz_open_dev$mice(0x0, 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700)=0xce9, 0x12) [ 1144.671836][T29267] RDX: 00007f8382e21b0a RSI: 0000000000000002 RDI: 00007f8382e21b00 [ 1144.671843][T29267] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1144.671851][T29267] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 1144.671859][T29267] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:20:18 executing program 3: r0 = syz_open_dev$mice(0x0, 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700)=0xce9, 0x12) 14:20:18 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044048000000086310400000000080"], 0x0, 0x0, 0x0}) [ 1144.989768][T29348] kvm [29280]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:20:18 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xfffffff4, 0x0) [ 1145.069121][T29381] FAULT_INJECTION: forcing a failure. [ 1145.069121][T29381] name failslab, interval 1, probability 0, space 0, times 0 [ 1145.103949][T29265] IPVS: ftp: loaded support on port[0] = 21 [ 1145.121078][T29381] CPU: 0 PID: 29381 Comm: syz-executor.0 Not tainted 5.1.0-rc5+ #77 [ 1145.129294][T29381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1145.129301][T29381] Call Trace: [ 1145.129326][T29381] dump_stack+0x172/0x1f0 [ 1145.129356][T29381] should_fail.cold+0xa/0x15 [ 1145.129377][T29381] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1145.129398][T29381] ? ___might_sleep+0x163/0x280 [ 1145.129417][T29381] __should_failslab+0x121/0x190 [ 1145.129437][T29381] should_failslab+0x9/0x14 [ 1145.168151][T29381] kmem_cache_alloc+0x2b2/0x6f0 [ 1145.168172][T29381] ? rcu_read_lock_sched_held+0x110/0x130 [ 1145.168188][T29381] ? kmem_cache_alloc+0x32e/0x6f0 [ 1145.168211][T29381] security_file_alloc+0x39/0x170 [ 1145.168229][T29381] __alloc_file+0xac/0x300 [ 1145.168245][T29381] alloc_empty_file+0x72/0x170 [ 1145.168264][T29381] path_openat+0xef/0x46e0 [ 1145.168279][T29381] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1145.168295][T29381] ? kasan_slab_alloc+0xf/0x20 [ 1145.188526][T29381] ? kmem_cache_alloc+0x11a/0x6f0 [ 1145.188542][T29381] ? getname_flags+0xd6/0x5b0 [ 1145.188554][T29381] ? getname+0x1a/0x20 [ 1145.188567][T29381] ? do_sys_open+0x2c9/0x5d0 [ 1145.188579][T29381] ? __x64_sys_open+0x7e/0xc0 [ 1145.188594][T29381] ? do_syscall_64+0x103/0x610 [ 1145.188610][T29381] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1145.188627][T29381] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1145.188644][T29381] ? debug_smp_processor_id+0x3c/0x280 [ 1145.188663][T29381] ? __lock_acquire+0x548/0x3fb0 [ 1145.188681][T29381] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 1145.203818][T29381] ? __alloc_fd+0x44d/0x560 [ 1145.203839][T29381] do_filp_open+0x1a1/0x280 [ 1145.203856][T29381] ? may_open_dev+0x100/0x100 [ 1145.203876][T29381] ? lock_downgrade+0x880/0x880 [ 1145.203897][T29381] ? kasan_check_read+0x11/0x20 [ 1145.203910][T29381] ? do_raw_spin_unlock+0x57/0x270 [ 1145.203926][T29381] ? _raw_spin_unlock+0x2d/0x50 [ 1145.203939][T29381] ? __alloc_fd+0x44d/0x560 [ 1145.203967][T29381] do_sys_open+0x3fe/0x5d0 [ 1145.203983][T29381] ? filp_open+0x80/0x80 14:20:18 executing program 3: r0 = syz_open_dev$mice(0x0, 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700)=0xce9, 0x12) [ 1145.204010][T29381] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1145.312766][T29381] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1145.312784][T29381] ? do_syscall_64+0x26/0x610 [ 1145.312801][T29381] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1145.312813][T29381] ? do_syscall_64+0x26/0x610 [ 1145.312833][T29381] __x64_sys_open+0x7e/0xc0 [ 1145.312855][T29381] do_syscall_64+0x103/0x610 [ 1145.321489][T29381] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1145.321502][T29381] RIP: 0033:0x412bc1 [ 1145.321517][T29381] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1145.321526][T29381] RSP: 002b:00007f8382e21a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 1145.321539][T29381] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000412bc1 [ 1145.321547][T29381] RDX: 00007f8382e21b0a RSI: 0000000000000002 RDI: 00007f8382e21b00 [ 1145.321555][T29381] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1145.321563][T29381] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 1145.321571][T29381] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1145.321862][ C0] net_ratelimit: 27 callbacks suppressed [ 1145.321869][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1145.327994][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1145.333436][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1145.338072][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1145.387684][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1145.447605][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:20:18 executing program 5: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f00000000c0), &(0x7f00000001c0)=0x4) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$TCSETAF(r1, 0x5408, &(0x7f0000000000)={0x401, 0x3, 0x0, 0x400, 0xc, 0x65d, 0xc09, 0x4, 0x7, 0x8001}) ioctl$KDGKBLED(r1, 0x4b64, &(0x7f0000000040)) mkdirat$cgroup(r1, &(0x7f0000000240)='syz0\x00', 0x1ff) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000100)={0xfbc1, 0x5, 0x6, 0x5, 0x7f, 0x3}) ioctl$KDGETMODE(r1, 0x4b3b, &(0x7f0000000200)) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r1, 0xc04c5349, &(0x7f0000000280)={0xb26, 0x8, 0x2}) 14:20:18 executing program 3: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x0) write$cgroup_int(r0, &(0x7f0000000700)=0xce9, 0x12) 14:20:18 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="046304404c000000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:18 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = syz_open_dev$cec(&(0x7f00000000c0)='/dev/cec#\x00', 0x0, 0x2) ioctl$SNDRV_RAWMIDI_IOCTL_DROP(r2, 0x40045730, &(0x7f00000001c0)=0x1) ioctl$TIOCGPTPEER(r2, 0x5441, 0x0) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000100)={'icmp\x00'}, &(0x7f0000000180)=0x1e) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017e, 0x1b, 0x800000000000], [0xc1]}) 14:20:18 executing program 0 (fault-call:0 fault-nth:10): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1145.597147][T29596] binder: 29593:29596 IncRefs 0 refcount change on invalid ref 76 ret -22 [ 1145.627700][T29596] binder: 29593:29596 BC_INCREFS_DONE u0000008000000000 no match 14:20:18 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xfffffff5, 0x0) 14:20:18 executing program 5: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x5, 0x101000) ioctl$EVIOCGBITSND(r0, 0x80404532, &(0x7f0000000040)=""/17) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) 14:20:18 executing program 3: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x0) write$cgroup_int(r0, &(0x7f0000000700)=0xce9, 0x12) [ 1145.737327][T29649] FAULT_INJECTION: forcing a failure. [ 1145.737327][T29649] name failslab, interval 1, probability 0, space 0, times 0 [ 1145.797094][T29649] CPU: 1 PID: 29649 Comm: syz-executor.0 Not tainted 5.1.0-rc5+ #77 [ 1145.805132][T29649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1145.815367][T29649] Call Trace: [ 1145.818674][T29649] dump_stack+0x172/0x1f0 [ 1145.823021][T29649] should_fail.cold+0xa/0x15 [ 1145.827618][T29649] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1145.833436][T29649] ? ___might_sleep+0x163/0x280 [ 1145.838297][T29649] __should_failslab+0x121/0x190 [ 1145.843242][T29649] should_failslab+0x9/0x14 [ 1145.847747][T29649] kmem_cache_alloc+0x2b2/0x6f0 [ 1145.852598][T29649] ? rcu_read_lock_sched_held+0x110/0x130 [ 1145.858320][T29649] ? kmem_cache_alloc+0x32e/0x6f0 [ 1145.863439][T29649] security_file_alloc+0x39/0x170 [ 1145.868476][T29649] __alloc_file+0xac/0x300 [ 1145.872904][T29649] alloc_empty_file+0x72/0x170 [ 1145.877673][T29649] path_openat+0xef/0x46e0 [ 1145.882096][T29649] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1145.887910][T29649] ? kasan_slab_alloc+0xf/0x20 [ 1145.892684][T29649] ? kmem_cache_alloc+0x11a/0x6f0 [ 1145.897712][T29649] ? getname_flags+0xd6/0x5b0 [ 1145.902390][T29649] ? getname+0x1a/0x20 [ 1145.906472][T29649] ? do_sys_open+0x2c9/0x5d0 [ 1145.911069][T29649] ? __x64_sys_open+0x7e/0xc0 [ 1145.915752][T29649] ? do_syscall_64+0x103/0x610 [ 1145.920533][T29649] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1145.926607][T29649] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1145.926622][T29649] ? debug_smp_processor_id+0x3c/0x280 [ 1145.926642][T29649] ? __lock_acquire+0x548/0x3fb0 [ 1145.926660][T29649] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 1145.926685][T29649] ? __alloc_fd+0x44d/0x560 [ 1145.926702][T29649] do_filp_open+0x1a1/0x280 [ 1145.926721][T29649] ? may_open_dev+0x100/0x100 [ 1145.962596][T29649] ? lock_downgrade+0x880/0x880 [ 1145.962621][T29649] ? kasan_check_read+0x11/0x20 [ 1145.962635][T29649] ? do_raw_spin_unlock+0x57/0x270 [ 1145.962652][T29649] ? _raw_spin_unlock+0x2d/0x50 [ 1145.962666][T29649] ? __alloc_fd+0x44d/0x560 [ 1145.962694][T29649] do_sys_open+0x3fe/0x5d0 [ 1145.962712][T29649] ? filp_open+0x80/0x80 [ 1145.995440][T29649] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1146.001716][T29649] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1146.007173][T29649] ? do_syscall_64+0x26/0x610 [ 1146.011846][T29649] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1146.017897][T29649] ? do_syscall_64+0x26/0x610 [ 1146.022564][T29649] __x64_sys_open+0x7e/0xc0 [ 1146.027068][T29649] do_syscall_64+0x103/0x610 [ 1146.031642][T29649] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1146.037523][T29649] RIP: 0033:0x412bc1 [ 1146.041403][T29649] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1146.060985][T29649] RSP: 002b:00007f8382e21a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 1146.069567][T29649] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000412bc1 [ 1146.077529][T29649] RDX: 00007f8382e21b0a RSI: 0000000000000002 RDI: 00007f8382e21b00 [ 1146.085484][T29649] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a 14:20:19 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x2000, 0x0) ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f0000000100)) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") fcntl$addseals(r1, 0x409, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1146.093437][T29649] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 1146.101492][T29649] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:20:19 executing program 5: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x200000, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x400000, 0x40) write$FUSE_BMAP(r0, &(0x7f00000000c0)={0x18, 0xffffffffffffffda, 0x6, {0x5}}, 0x18) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x2, 0x0) ioctl$EVIOCSABS3F(r1, 0x401845ff, &(0x7f0000000000)={0x1, 0x6, 0x1, 0x7, 0x101, 0x9}) 14:20:19 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044060000000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:19 executing program 0 (fault-call:0 fault-nth:11): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:19 executing program 3: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x0) write$cgroup_int(r0, &(0x7f0000000700)=0xce9, 0x12) 14:20:19 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xfffffff6, 0x0) [ 1146.273664][T29817] binder: 29814:29817 IncRefs 0 refcount change on invalid ref 96 ret -22 [ 1146.300493][T29818] kvm [29813]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1146.310499][T29817] binder: 29814:29817 BC_INCREFS_DONE u0000008000000000 no match [ 1146.352067][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1146.358044][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1146.364061][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1146.369875][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:20:19 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) 14:20:19 executing program 3: syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000700)=0xce9, 0x12) [ 1146.466330][T29999] FAULT_INJECTION: forcing a failure. [ 1146.466330][T29999] name failslab, interval 1, probability 0, space 0, times 0 [ 1146.500541][T29999] CPU: 0 PID: 29999 Comm: syz-executor.0 Not tainted 5.1.0-rc5+ #77 [ 1146.508660][T29999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1146.519564][T29999] Call Trace: [ 1146.522888][T29999] dump_stack+0x172/0x1f0 [ 1146.527260][T29999] should_fail.cold+0xa/0x15 [ 1146.531874][T29999] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1146.537713][T29999] ? ___might_sleep+0x163/0x280 [ 1146.542613][T29999] __should_failslab+0x121/0x190 [ 1146.547571][T29999] should_failslab+0x9/0x14 [ 1146.552091][T29999] kmem_cache_alloc+0x2b2/0x6f0 [ 1146.556971][T29999] __kernfs_new_node+0xef/0x690 [ 1146.561847][T29999] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1146.567327][T29999] ? __lock_acquire+0x548/0x3fb0 [ 1146.567366][T29999] kernfs_new_node+0x99/0x130 [ 1146.567387][T29999] kernfs_create_dir_ns+0x52/0x160 [ 1146.576996][T29999] internal_create_group+0x7f8/0xc40 [ 1146.577013][T29999] ? bd_set_size+0x89/0xb0 [ 1146.577036][T29999] ? remove_files.isra.0+0x190/0x190 [ 1146.577063][T29999] sysfs_create_group+0x20/0x30 [ 1146.577100][T29999] lo_ioctl+0x10af/0x2150 [ 1146.577121][T29999] ? lo_rw_aio+0x1120/0x1120 [ 1146.577144][T29999] blkdev_ioctl+0x6f2/0x1d10 [ 1146.577161][T29999] ? blkpg_ioctl+0xa90/0xa90 [ 1146.577178][T29999] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1146.577204][T29999] ? __fget+0x35a/0x550 [ 1146.577223][T29999] block_ioctl+0xee/0x130 [ 1146.634400][T29999] ? blkdev_fallocate+0x410/0x410 [ 1146.639442][T29999] do_vfs_ioctl+0xd6e/0x1390 [ 1146.644045][T29999] ? ioctl_preallocate+0x210/0x210 [ 1146.649165][T29999] ? smack_file_ioctl+0x196/0x310 [ 1146.654203][T29999] ? smack_inode_rename+0x2d0/0x2d0 [ 1146.659432][T29999] ? do_sys_open+0x31d/0x5d0 [ 1146.664050][T29999] ? tomoyo_file_ioctl+0x23/0x30 [ 1146.669007][T29999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1146.675530][T29999] ? security_file_ioctl+0x93/0xc0 [ 1146.680665][T29999] ksys_ioctl+0xab/0xd0 [ 1146.684941][T29999] __x64_sys_ioctl+0x73/0xb0 [ 1146.689575][T29999] do_syscall_64+0x103/0x610 [ 1146.694182][T29999] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1146.700175][T29999] RIP: 0033:0x458a97 [ 1146.704079][T29999] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1146.723693][T29999] RSP: 002b:00007f8382e21a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1146.732121][T29999] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458a97 [ 1146.740107][T29999] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1146.748089][T29999] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1146.756096][T29999] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 14:20:19 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044068000000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:19 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0xfffffffffffffffe, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:20:19 executing program 5: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) r2 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) dup2(r2, r0) [ 1146.764081][T29999] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:20:19 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xfffffffb, 0x0) [ 1146.839157][T29999] hfs: can't find a HFS filesystem on dev loop0 [ 1146.856310][T30035] binder: 30031:30035 IncRefs 0 refcount change on invalid ref 104 ret -22 [ 1146.899535][T30035] binder: 30031:30035 BC_INCREFS_DONE u0000008000000000 no match 14:20:20 executing program 5: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x20802, 0x0) ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000080)={0x1f000000}) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x4000, 0x2) r1 = memfd_create(&(0x7f0000001200)='proc\x00', 0x2) pwrite64(r1, &(0x7f0000001240)="77ba8037caa9ddd452a371d524a04e5557ccc9cc7adf296d472f5958af5ca2e4240d1b86586cd105755e94df49e7a6938b95d4c77da78c8303a0107ce1eb1593169bb6a95cf72638da6b810a7cf554cdf3a37e6de3875e16a87a00d5f26cfce2cd4081648f38a0d518a1942799e509656c9b6877c9001fd6f8da4156311027b1b2f32516235ab5845795448e39024f91956a8c05c794a69575013b0b19743e4fae228ed052fe98c3f2e7c6e5fdb6ac94fa0729c8", 0xb4, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) ioctl$PPPIOCGL2TPSTATS(r2, 0x80487436, &(0x7f0000001300)="6f4531228c6f9cb5003e3f35fe977ec7d4a675d10482b28c9e13a824ba27f46a468200718a51716e35053421ab591dadf5e6b63b09224076f8e93aad76ea438932d338fbdb86422c2c13e3a9be48dd26f55961ffa5a7c10ee6273f473f8f852e9adf718892975b08e6e242db8f49ed153abedac95a345b91d46366802315e664e2c0eea6e827ea2209ab7aafc4c946c048bbf1bfde0baec2a6c35390f54e1c31b9b613116502c7b0914cd17b7eb16a2c52a70c853b70f3b806d6f33b92d7c781d93cd4124ec3ed053407d6c5959c57be3db9f8051e9189fdc61337f3360c32e3c76b34612230ba197eecd5cc864b7eb7d15724054db1396ce801d0e4f62aceee9627c4903c0a08456114e518e264c7c3e43816af8bad7df197e8b1b0bc2a39c938a6a6bce381ff5756aba6d6c7991ab97ada655123fd113d2a33ce669ee0ac9ed4092c9e59bebe30bd13fa4b7c32ef0ebd94b619ca416dd538091a67a834f630ce50f9f6e33369c6f612cce802722483b04612a924564abe72845949bc02ca7efc38ddaac8b554bb42cf65e325c4ac0e7d661f141fd6e351e2087daa7683f773af4865306b00e307d48459fa6acffa0652c2355c2329294b63d277bcd5f2883abf01b7a1ee8bee3ba18cdae905eec3ef3491d899e6dfb52516dd5f5ecaa12b7116bb05892c65f0e5f192fd45132bd1b3b49c0cc245cfb8d4d8baab80c75fa5991eb8c1cd468f6988eb5ef1dbe511811ac8d2bd7ea5ed4e2399d773c54cf9e411d60ad3a22249024179a27520f349fc178e1ea8b820eb668ebc97a1577587e3154f54ece66fdc753895f7d80e0217e835ffd51516d8840d403a6b09c79e93065e54eeb7438867f76d13773f18fe27fbcad74421fe7895c008d99f36860ff6dd6b05b0b89dfb96c57fc4a6a504a3daafc064b273e7cd092c4da47c7ddbce684ddee1b562fb9b61020f64c5b13bf253a9edcd11480bd82d0eca2e14cb9989effd95e5c44bc7f37e310f2ea5ae0605c208c3f99acb11d6491cc29f070dfdffeb53a6b02238c1c1d101bed0908d24281161732c077ae495da2796a84423f294305c8a6ac8ae71c50d804921aa352a32318bf8412b3dfc3e3948705edf9a83b3ad925a579ce40b4293f3822b6f9c0961a4b822cbcf10f134ac46c854b195ab2c252cc383c37fcbe8da04e57a926328a2f33eb46c745a3997a8495e3a66dbce39d1067f5dc3665121e1ca6e551f84eb2c6656eb976a9d42f105598f56c528fb4338f034717d00047f77ed16b37f75fd202ab057456b02db9b0cd3efb3920c44e5507984c99150cda58b3ae9609fc8f90dbd760a7398ce2c3d08363a187f2d5a6fe983773dc7072c3f41f305dcfbfcce0bae73addbf86d701d3e3da49387ef6a09d04004fbd64493c72b055e9204eb32c2acf9d00dcf375797a422e4c74e3b03a71f8411bc9238e6e479e2fc1a023e8ec28f36af4d9f24d19bee59e31b99660a1cba6b4bf9f8cd2b882d75e9fd39c99f71769dc7ec3036cbeaf7b80a5f8acd67ab8c15cfddd1593c562491385a51f6a8d6fdd9e1608f85c59ba0afdda026132a87478d5d6c2d42a1c9003034bd2b42c0dfbaecce511a420b3f6f046345c8e5d0e510772cf66a0dc08cf346d231cbe51b4440507f521a3621f0e606aaad54d6eb84033f00ac325171b8104469e68ca00f5bce857859dfa82951b2cb74556966678d141ccaf92adc569434764ab258982c816ab45bbc5fc57fc1ff49cda413820cc5e919785e94966806e2bd014a398c9244b890a5b76fbd119cf478a9db10e0b99b0f8adb856fcbd3b899b386a9788a2e57500d5223059e1014f2431010e69bc87dbf241c739967174fcdfe8789ca9f6bcd257e64e5c50aa375a4ef15f00a37c88bc41d4de924f1f79cecb6899becaff5780c0042d758b5ee177eba3a7c7e448bd8338844a90e004bd21be9d187d550455c133fce88aa2980db11718f1357aef66d7215436b3526849e33f12fd2e2d247749e3343fb075c416cd3bb9a83c67712417104d342d2e51ffcf5cc803c107d79dfc3b8ac74066be81a016e7fd0c15adae1624de33bbf31c90a1c212094d95593cde400b435976dce5cedc3cc0fda53db65729f26d8bc6445f7af15fd4c1a11a23675415fe460703175dad27194577d71e2bd3d5a37083d639cd7ddd849a30aed77121afd74539c08dcefd4cc05d7d2fa18dbc84a1a2a31dd5208f81f0c0db5a776f06d0015e10984568d71920e7834a83c0e2a7a3b2a58d2ce7a03821adb3df97485952a1d217b899bbed07dd8d6f05615fd1ebcd50f3f9968f97bd53cbb0c061a0fe2d5e3cee09c392bfe056aeee06d00c75e39c756d5b1ad50fa6ec9dcf7206d0b390173a201107b573d50baa04a7dd48a6d11145443b366fe0b16ec7a6f4e0f1b526462c89780bfabd36ca74f3b04c06d2025d9b7a835e94b352baa13823a95cd309efe7dcb70380f7f67e979aa3ba44510f61f4357f9c1a3c0f598f5f6971cb5f1f1400fde542cfd59c252230696a67676ed9135d12841ba44b8fd3567d93f68369639df318f16684b3242b00b980293dd132851aa313d523a86249d035465cc3685aae0aaf3dc9bd59c338e197a908f69cb94ab4a1067148ebccb9b0b7961ccb4e1e9f93bf5c64624df93fa94d809ff611a9ae8f534224f457af6620447a7225041c1731f538cab0a8cbcd7838ac63e2b556e4ae62f6a38b388cf0959ad927e2c44fed1f94b569d66ea7801a582e58a58232665999dfd32e1d83d6996c38ad4cc4569c9435a322138889430054881975ffc7363146a9ba97d5a42f8949717003ba8cf033883465adb49835909f0adaa109cd4240269a42a3f524abcc01ed9d7880cfe7b85c4cc7c3e43bc0f073809218934c3252eda49f97e96d3cf9ce6595f22eaf4fd1eec2ab039147a580f483b8d4c71566ba93cab3888df0c9843d87c024813ab951f061f011f4961777969c604f20e410e25a1a2f19921b7443150f0d1ee4d2b05dcbfea39852313490cee369e27ebe9275dd8cca41f6d839de80bea23fdd56e36f1d124f71b4b51c85c1d22706d6a6bf250715b84cb1699717ff97b333f403778cf3cbddbcac20104b295bcbdf8686e57a4c8c55a2080c6b5fa1a077ab57545a2ee355cceafb9af2dc0acc0a891a254a963ac54adf67443a0362058636d43cb53ff4d969aafe7492265955f763a02fea5b5e6d441c8a4257a7a76fbe6ac843ed5347ec1e27bfaf3943994a947e89d61412eebc2d7922abe2b5d16535b86ebfd5aa6ee861c6625e60fd35d537984fca29c32073760dce427fc92a4156c2b4aef21dce24b2a9f7259b6d3e71d8cf96756028ee0aadff6b83e580f961fb8f5331e2062529ffbb4eb45bddad8c666bf8083fd2e1e792ef183587a234c576c3560cb1bb6744018d6621d8e35eb9fc737252719672f235e7e3fe9551dc1e958f5174a16e52c0d3021fea4b3ec0f89e4ffd4ec818837504c98955d0c7d1362709ee262a94d6a0fe93ab37b5b8e041968954f5e3ad61184a148a51bb47467cf11e9521574fcef575e39b34cc72afc5f84b9dc8db1836a8549237ff1a2d0f8138cba39d4f8f00c833a2b41a5cafd5f01530ad2ead87332b0a2bab8648957c469768c5267a59c600cfa60275ac374dfaeb358f94f11c541970377a81d7ba7eb5e8f2253ffda1f786212a9603e31ec404f2609006ef18b800c8b7de92e19d5adbfa699f7e2dbc65b5de823b2c7469018b7a8edb8584cfaac4c1d9288bae1a33337e851b37da1e958cfb3436bdb67c25fd9a4de8bcb745761acc9f8e3fa6066b1ede7dae2ba4720863043a8e0b762bfe4c5dc67372670b8881ea652d843d603dce178322bd9c8407370d66fabdf6afbb4b2895b8809bf821a0e2e56bd5163677827173e0385500bfb099fed9a6e77d197d83d7b554565e658742374d324cbc0a5309ec5f0545dee40454f0c2483a3388cb50bf4289079c0b567a4baf2f7a0e504dab6c94f74d90dcf005f5b6ae62436186cfa18e1fbca51f00e036ea3c791e4cd431bf6234d4f5f5bdc47eac0ca83100661999120f9b5c0f3b92bb7cedab8a8e827fbab47d5a36f4c628785707e67ae7ef5a743fb3911c78833f012e1de255ce4743d93eb13fe3a80c9b24378978d3ff7adbbe4f34fafa921b8ac976b686e0cd8cb05eeceaca757a38c4c3b5199ce48843ee74e31e54928ca6626fbe738c6f9de9cba0f855788c35784d39197961eaeca43a0f8b62807e7baa26259c72602b65320e7ea27a3bf33c332e591744b864e06405f3c661ced7f2f5987dfd6f08b39bbefcd55c66b2b92f3889522198610db4a8a3072b171dd943f8cdde5693000b79bfc54ee56d2dee3cf9fa157364d85a4fe6d6f06278a4bea91714805771e5b8c0529564d2d55f8baa94e47b6bb6bf28d4351fcf884d5d0b9e5a5ffc6dc639a7c23921bd26619e9c2442de56c5d99d718a93c31ce952049d51fef1d40e9fad52c18f481faaba0d572d48393176ca553040b97cc37e3fdd840d283415a61f33e789e86cf0fe4ce6f270b33610cd69c55ae5cfed5055dbf3728632f0936696b6e7b072bd8de310daba485b289d9c32dc8deb0868a7368d151350f75165b4c793a52e5b394547657125fb66de5ce352fe8628ff7ff73b69bfb21e08c2ac98bd5b2383cee1b41f7ad3d74af7202679639af6fff9756047b3623b3b19ada6e66ef8aedbdc2bd5b4b7ab2500515fc89c5d42cb4692558dcf71654f8f2fef65ea899b4fecc15ac738c779647f4315fe373eff0f26442a4ab93933c502ecdc31adb862b98bee116ed4ce1c311ff35b1234a7f9c27322f874363dfda9f29e9e8d764fd7edcf2600581436e2d19d67f4b87270e30ee98130c63f575f2c680d8f137dffe892047278ef084325d331d196e0225e50445da3718f0089a8f62e136eb30e68f443dd558a91cda002f848aebb479b4d11aed70af6fd31843d434d776c46bb7e88aad52ed1a7586670cd2fec1b88ef3d9b831ffa09888a32500331862055037a33cc02d94e5cd1f5ef29fad2dc87c63591d3777233d4c2640d507dad66ee9a05c328d0cb9a7dc5c03f97b37842c7205849e55305dbb738453616cf3686fc4afc88a7fd5510f7f80b74a172ad88f6baa2fe8bb3e2b52129079f6c5a17b1035d3ff28abe232976b17be2630d8c4f0dca1ec627623ee54c75f2976029edd1b1b544b373823861dde1541c3aa3fcb401e24eaa27d4a62662d0c8f59bf8b1f84c2a6829a3517ee6039b9ed309c15c88faca2d28bcd71441f12c555eb43d91ce04a66bf6127d8f5097e09f15cd490c6a348cabea7ee7907263e3c24d64f73a72c9d738afe32e1f2a91a74edb5a9b76b8e31100aed95451f25fd735fa7de563f1b1a82325256b8ceb07d57134d0c677a6edbed8c5198bf029a428c578656ceb76332e7d2d525634f026f59d2e55bba63b03116683be213962d10aead3809f04ee078eb3fd68308c5b131cb96b317dad836a4f3982a1a76d4c4c51b7bd92ba455a21b405d6825a9596c4ac0cdeda638a3e3a66e826f2743393712a13b72d7cab33356cc2bda1f39e049a041117a7b189a66e0ef81ffa15d7c6215f56a39b6a8352ae9b8d9e86e93f6d5f2a4a2d64df0ea02f8b19674ff78bc9af3cdf53d5f6ad8e36a33ce6a4aae88326cf48967ea788a402aca02e793575f396c5ee49186bd799e0845499b9a4f7f886aad6a3daccebf2f53aca4789645ed569e9067b43681a9a26e2f9a2a35bdd30fa92fd093c4f7c44240ff86772d8dd0beb817") setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000040), 0x4) syz_open_dev$sndpcmc(&(0x7f00000001c0)='/dev/snd/pcmC#D#c\x00', 0xffffffffffff84dc, 0x3) 14:20:20 executing program 0 (fault-call:0 fault-nth:12): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:20 executing program 3: syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000700)=0xce9, 0x12) 14:20:20 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c121e319aba70") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='oom_score_adj\x00') setsockopt$RXRPC_SECURITY_KEY(r2, 0x110, 0x1, &(0x7f0000000340)='9p\x00', 0x3) ioctl$sock_netdev_private(0xffffffffffffffff, 0x89f6, &(0x7f00000001c0)="143b82d3cb9fbe52b1e77a74032f4e9d14530b7b0d9417ec64e5c1486c74da0a4ef25bb7a871c2857f7760cbaab1ba879cfe18ae6bcf26acd3b74e3a3e0adea03080167386ae38c301ec70993128990c2022b5b7499fafdf5b541d5ff68cbc4edb3dc9d49ee3fe250bee9a05f2bf679223213424941cd2a048c8ac7c344e52e33ec5a5e67fb68860e974d2a0f49807698d09fa199d") mount$9p_rdma(&(0x7f00000003c0)='127.0.0.1\t', &(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000180)={&(0x7f0000000140)='./file0\x00'}, 0x10) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305616, 0x0) linkat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000380)={0x0, 0x5, 0x10}, &(0x7f0000000400)=0xc) getsockopt$inet_sctp6_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000440)=@assoc_id=r3, &(0x7f0000000480)=0x4) r4 = socket$netlink(0x10, 0x3, 0x10000000c) r5 = socket$netlink(0x10, 0x3, 0xc) writev(r5, &(0x7f00000004c0)=[{&(0x7f0000000180)="1f00000002031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) writev(r4, &(0x7f0000fb5ff0)=[{0x0}], 0x1) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000580)={0xffffffffffffffff, r2, 0x0, 0xa, &(0x7f0000000100)='127.0.0.1\t'}, 0x30) perf_event_open(&(0x7f0000000500)={0x3, 0x70, 0x100, 0x8, 0x20, 0x1, 0x0, 0x100, 0x2, 0x8, 0x885, 0x8, 0x0, 0x100, 0x80000000, 0x5, 0x8, 0x0, 0xffffffff, 0x2, 0x101, 0x401, 0x10000, 0x2, 0x263f, 0xffff, 0x20, 0x8000, 0x5, 0x9, 0x4, 0x401, 0x0, 0x200, 0x9, 0xfffffffffffff0ee, 0xff4, 0x9, 0x0, 0x9, 0x5, @perf_config_ext={0x3, 0x1}, 0x8000, 0x7fffffff, 0x1, 0x3, 0x5, 0x20}, r6, 0xa, r2, 0x25dea3aee9f67656) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) r7 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r8, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:20:20 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="046304406c000000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:20 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x1000000000, 0x0) 14:20:20 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x2e2499b9a821d86e, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffff9c, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={0x0, 0x8, 0x9}, &(0x7f0000000100)=0xc) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000001c0)={r1, 0x0, 0x7, 0x5}, 0x10) socket$rxrpc(0x21, 0x2, 0x0) r2 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SIOCX25SDTEFACILITIES(r2, 0x89eb, &(0x7f0000000000)={0x53e, 0x7, 0xfffffffffffffffd, 0x30e6, 0x3, 0x9, 0x12, "4a83f72f4c56ff6670f18f2b2dd8a2ec3e832413", "414fa4a7f83d701177b0ee89d02e272064a7bb58"}) [ 1147.133274][T30248] FAULT_INJECTION: forcing a failure. [ 1147.133274][T30248] name failslab, interval 1, probability 0, space 0, times 0 [ 1147.147040][T30248] CPU: 1 PID: 30248 Comm: syz-executor.0 Not tainted 5.1.0-rc5+ #77 [ 1147.159555][T30248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1147.169714][T30248] Call Trace: [ 1147.173078][T30248] dump_stack+0x172/0x1f0 [ 1147.177433][T30248] should_fail.cold+0xa/0x15 [ 1147.182042][T30248] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1147.187868][T30248] ? __save_stack_trace+0x99/0x100 [ 1147.192990][T30248] __should_failslab+0x121/0x190 [ 1147.197928][T30248] should_failslab+0x9/0x14 [ 1147.202432][T30248] kmem_cache_alloc+0x47/0x6f0 [ 1147.207372][T30248] ? save_stack+0xa9/0xd0 [ 1147.211965][T30248] ? save_stack+0x45/0xd0 [ 1147.216309][T30248] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1147.222120][T30248] ? kasan_slab_alloc+0xf/0x20 [ 1147.226886][T30248] ? kmem_cache_alloc+0x11a/0x6f0 [ 1147.231924][T30248] radix_tree_node_alloc.constprop.0+0x1eb/0x340 [ 1147.238265][T30248] idr_get_free+0x474/0x890 [ 1147.242788][T30248] idr_alloc_u32+0x19e/0x330 [ 1147.247676][T30248] ? __fprop_inc_percpu_max+0x230/0x230 [ 1147.253231][T30248] ? mark_held_locks+0xf0/0xf0 [ 1147.258012][T30248] ? perf_trace_lock+0x510/0x510 [ 1147.262975][T30248] idr_alloc_cyclic+0x132/0x270 [ 1147.267868][T30248] ? idr_alloc+0x150/0x150 [ 1147.272299][T30248] __kernfs_new_node+0x171/0x690 [ 1147.277265][T30248] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1147.282727][T30248] ? kasan_check_read+0x11/0x20 [ 1147.287586][T30248] ? _raw_spin_unlock_irq+0x5e/0x90 [ 1147.292786][T30248] ? __schedule+0x1383/0x1cc0 [ 1147.297473][T30248] ? __lock_acquire+0x548/0x3fb0 [ 1147.302416][T30248] kernfs_new_node+0x99/0x130 [ 1147.307107][T30248] kernfs_create_dir_ns+0x52/0x160 [ 1147.312222][T30248] internal_create_group+0x7f8/0xc40 [ 1147.317506][T30248] ? bd_set_size+0x89/0xb0 [ 1147.321931][T30248] ? remove_files.isra.0+0x190/0x190 [ 1147.328126][T30248] sysfs_create_group+0x20/0x30 [ 1147.332983][T30248] lo_ioctl+0x10af/0x2150 [ 1147.337321][T30248] ? lo_rw_aio+0x1120/0x1120 [ 1147.341914][T30248] blkdev_ioctl+0x6f2/0x1d10 [ 1147.346511][T30248] ? blkpg_ioctl+0xa90/0xa90 [ 1147.351105][T30248] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1147.356924][T30248] ? __fget+0x35a/0x550 [ 1147.361084][T30248] block_ioctl+0xee/0x130 [ 1147.365416][T30248] ? blkdev_fallocate+0x410/0x410 [ 1147.370444][T30248] do_vfs_ioctl+0xd6e/0x1390 [ 1147.375150][T30248] ? ioctl_preallocate+0x210/0x210 [ 1147.380269][T30248] ? smack_file_ioctl+0x196/0x310 [ 1147.385297][T30248] ? smack_inode_rename+0x2d0/0x2d0 [ 1147.390603][T30248] ? do_sys_open+0x31d/0x5d0 [ 1147.395205][T30248] ? tomoyo_file_ioctl+0x23/0x30 [ 1147.400517][T30248] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1147.406866][T30248] ? security_file_ioctl+0x93/0xc0 [ 1147.411985][T30248] ksys_ioctl+0xab/0xd0 [ 1147.416417][T30248] __x64_sys_ioctl+0x73/0xb0 [ 1147.421011][T30248] do_syscall_64+0x103/0x610 [ 1147.425617][T30248] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1147.431505][T30248] RIP: 0033:0x458a97 [ 1147.435401][T30248] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1147.455399][T30248] RSP: 002b:00007f8382e21a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1147.463826][T30248] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458a97 [ 1147.471807][T30248] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1147.479875][T30248] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1147.487857][T30248] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1147.495919][T30248] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1147.559523][T30248] hfs: can't find a HFS filesystem on dev loop0 14:20:20 executing program 3: syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000700)=0xce9, 0x12) [ 1147.617717][T30257] binder: 30254:30257 IncRefs 0 refcount change on invalid ref 108 ret -22 14:20:20 executing program 0 (fault-call:0 fault-nth:13): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1147.669125][T30257] binder: 30254:30257 BC_INCREFS_DONE u0000008000000000 no match 14:20:20 executing program 5: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x2000, 0x0) setsockopt$inet_opts(r0, 0x0, 0xd, &(0x7f0000000040)="4c336b4a45514c209af405c91f6ea1e17b8a13ab061624ac48db5f66058cf62202d9aae8f405b05c04aeac3bfb797f94eee0beafad70c3b78155c7d6c6da0ee8c2cd481b997a8e8e1c7dffbd9e5969cbcee07a9d3ef32fbd9f5a50a6e3909bb927c3e67ed288f9638d358dded41b83f13e2549c4c1b8817abee1eb17bca66c6fd4a3ba969057ca5267082e6d2ec30efa95f34302cc53511fc3737dc1866e51d511c3b5e886132a1f847eec2d7335386f887382072b43d34c9b57257a2dc4938b36c83fc7601024269aba5f0721c0", 0xce) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000300)) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x0) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000240)=0x0) ptrace$getregs(0xffffffffffffffff, r1, 0x3, &(0x7f0000000280)=""/87) syz_open_dev$sndctrl(&(0x7f0000000340)='/dev/snd/controlC#\x00', 0x7a6ddc1d, 0x40001) setsockopt$inet_udp_int(r0, 0x11, 0x6f, &(0x7f0000000200)=0x7, 0x4) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f00000001c0)=0xd0) 14:20:20 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xedc000000000, 0x0) [ 1147.838674][T30293] FAULT_INJECTION: forcing a failure. [ 1147.838674][T30293] name failslab, interval 1, probability 0, space 0, times 0 [ 1147.873693][T30293] CPU: 0 PID: 30293 Comm: syz-executor.0 Not tainted 5.1.0-rc5+ #77 [ 1147.881747][T30293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1147.891846][T30293] Call Trace: [ 1147.895166][T30293] dump_stack+0x172/0x1f0 [ 1147.899519][T30293] should_fail.cold+0xa/0x15 [ 1147.904135][T30293] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1147.909964][T30293] ? ___might_sleep+0x163/0x280 [ 1147.914839][T30293] __should_failslab+0x121/0x190 [ 1147.919963][T30293] should_failslab+0x9/0x14 [ 1147.924477][T30293] kmem_cache_alloc+0x2b2/0x6f0 [ 1147.929337][T30293] ? find_held_lock+0x35/0x130 [ 1147.934126][T30293] ? kernfs_activate+0x192/0x1f0 [ 1147.939084][T30293] __kernfs_new_node+0xef/0x690 [ 1147.943964][T30293] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1147.949446][T30293] ? lock_downgrade+0x880/0x880 [ 1147.954326][T30293] ? kasan_check_write+0x14/0x20 [ 1147.959278][T30293] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 1147.964820][T30293] ? wait_for_completion+0x440/0x440 [ 1147.970283][T30293] kernfs_new_node+0x99/0x130 [ 1147.975109][T30293] __kernfs_create_file+0x51/0x340 [ 1147.980256][T30293] sysfs_add_file_mode_ns+0x222/0x560 [ 1147.985644][T30293] internal_create_group+0x35b/0xc40 [ 1147.991707][T30293] ? bd_set_size+0x89/0xb0 [ 1147.996157][T30293] ? remove_files.isra.0+0x190/0x190 [ 1148.001458][T30293] sysfs_create_group+0x20/0x30 [ 1148.006309][T30293] lo_ioctl+0x10af/0x2150 [ 1148.010644][T30293] ? lo_rw_aio+0x1120/0x1120 [ 1148.015241][T30293] blkdev_ioctl+0x6f2/0x1d10 [ 1148.019834][T30293] ? blkpg_ioctl+0xa90/0xa90 [ 1148.024442][T30293] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1148.030258][T30293] ? __fget+0x35a/0x550 [ 1148.034418][T30293] block_ioctl+0xee/0x130 [ 1148.038749][T30293] ? blkdev_fallocate+0x410/0x410 [ 1148.043795][T30293] do_vfs_ioctl+0xd6e/0x1390 [ 1148.048389][T30293] ? ioctl_preallocate+0x210/0x210 [ 1148.053500][T30293] ? smack_file_ioctl+0x196/0x310 [ 1148.058524][T30293] ? smack_inode_rename+0x2d0/0x2d0 [ 1148.063733][T30293] ? do_sys_open+0x31d/0x5d0 [ 1148.068337][T30293] ? tomoyo_file_ioctl+0x23/0x30 [ 1148.073273][T30293] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1148.079517][T30293] ? security_file_ioctl+0x93/0xc0 [ 1148.084631][T30293] ksys_ioctl+0xab/0xd0 [ 1148.088800][T30293] __x64_sys_ioctl+0x73/0xb0 [ 1148.093404][T30293] do_syscall_64+0x103/0x610 [ 1148.098022][T30293] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1148.103914][T30293] RIP: 0033:0x458a97 [ 1148.107811][T30293] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1148.127414][T30293] RSP: 002b:00007f8382e21a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 14:20:20 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000500)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r1, 0xc05c5340, &(0x7f0000000540)={0x3, 0xa00, 0x6, {0x0, 0x1c9c380}, 0x0, 0x5e50}) timer_create(0x6, &(0x7f0000000380)={0x0, 0x1f, 0x5, @thr={&(0x7f0000000200)="20ebfda0b69f864ad841262394b762746a390caca946b5e755a945936f83f9211ad86dad45bd41e9f4647566cc45d78d7c95ecf3281db10f80382e6c7786ee187e8614204532c345169eacf409a81cfb94287f522f65e8dbc102193bfdec7af55a33f5fdb456fc55275f02762e7c5ae8da280ce1d887512895947e46e9e07dd8dce381b246306b63cfe7475937f24789d191768dd914021f88ddddcd0cc4ff9a354295abada574c5c4484f97ddf74c52ad6f6f5b741ee7eaa2631c4c540aa186400604c32a7074b2e7ced1340c599da3e98ce6ed3a7e15528b3bf72881414368b50c524ea674c29c6fc74eab06bf5d", &(0x7f0000000300)="39f46744072c30bc7145f020fbb391fa7104bcba735622502eb55fcd611709533a528bffe1830524b819ff48a6a36f947ee04ccaa84d36928bc0bd7f1d8ad7ff27ba07411946e7a189"}}, &(0x7f00000003c0)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$netrom(r5, &(0x7f0000000480)={{0x3, @bcast}, [@netrom, @bcast, @remote, @null, @rose, @netrom, @null, @default]}, &(0x7f0000000400)=0x48) shmget$private(0x0, 0x4000, 0x200, &(0x7f0000ffa000/0x4000)=nil) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) r6 = syz_open_dev$audion(&(0x7f0000000440)='/dev/audio#\x00', 0x10001, 0x44000) accept4$netrom(r6, &(0x7f0000000180)={{0x3, @bcast}, [@remote, @remote, @rose, @remote, @remote, @netrom, @default]}, &(0x7f0000000100)=0x48, 0x0) 14:20:21 executing program 3: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, 0x0, 0x0) 14:20:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044074000000086310400000000080"], 0x0, 0x0, 0x0}) [ 1148.137650][T30293] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458a97 [ 1148.146698][T30293] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1148.154768][T30293] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1148.162736][T30293] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1148.170713][T30293] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:20:21 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) [ 1148.241405][T30293] hfs: can't find a HFS filesystem on dev loop0 [ 1148.279032][T30376] binder: 30371:30376 IncRefs 0 refcount change on invalid ref 116 ret -22 14:20:21 executing program 3: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, 0x0, 0x0) [ 1148.350304][T30376] binder: 30371:30376 BC_INCREFS_DONE u0000008000000000 no match 14:20:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x7b, 0x2, [0x6, 0xff0b017a, 0x1b], [0xc1]}) 14:20:21 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x1000000000000, 0x0) 14:20:21 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) 14:20:21 executing program 0 (fault-call:0 fault-nth:14): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="046304407a000000086310400000000080"], 0x0, 0x0, 0x0}) [ 1148.606263][T30494] binder: 30489:30494 IncRefs 0 refcount change on invalid ref 122 ret -22 [ 1148.616506][T30493] FAULT_INJECTION: forcing a failure. [ 1148.616506][T30493] name failslab, interval 1, probability 0, space 0, times 0 [ 1148.629650][T30494] binder: 30489:30494 BC_INCREFS_DONE u0000008000000000 no match [ 1148.638434][T30493] CPU: 0 PID: 30493 Comm: syz-executor.0 Not tainted 5.1.0-rc5+ #77 [ 1148.646427][T30493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1148.656494][T30493] Call Trace: [ 1148.659800][T30493] dump_stack+0x172/0x1f0 [ 1148.664153][T30493] should_fail.cold+0xa/0x15 [ 1148.668764][T30493] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1148.674698][T30493] ? ___might_sleep+0x163/0x280 [ 1148.679562][T30493] __should_failslab+0x121/0x190 [ 1148.684502][T30493] should_failslab+0x9/0x14 [ 1148.689095][T30493] kmem_cache_alloc+0x2b2/0x6f0 [ 1148.693953][T30493] ? lock_downgrade+0x880/0x880 [ 1148.698860][T30493] ? kasan_check_read+0x11/0x20 [ 1148.703724][T30493] __kernfs_new_node+0xef/0x690 [ 1148.708583][T30493] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1148.714042][T30493] ? wait_for_completion+0x440/0x440 [ 1148.719343][T30493] ? mutex_unlock+0xd/0x10 [ 1148.723763][T30493] ? kernfs_activate+0x192/0x1f0 [ 1148.728703][T30493] kernfs_new_node+0x99/0x130 [ 1148.733408][T30493] __kernfs_create_file+0x51/0x340 [ 1148.738518][T30493] sysfs_add_file_mode_ns+0x222/0x560 [ 1148.743899][T30493] internal_create_group+0x35b/0xc40 [ 1148.749185][T30493] ? bd_set_size+0x89/0xb0 [ 1148.753697][T30493] ? remove_files.isra.0+0x190/0x190 [ 1148.759100][T30493] sysfs_create_group+0x20/0x30 [ 1148.763954][T30493] lo_ioctl+0x10af/0x2150 [ 1148.768287][T30493] ? lo_rw_aio+0x1120/0x1120 [ 1148.772881][T30493] blkdev_ioctl+0x6f2/0x1d10 [ 1148.777472][T30493] ? blkpg_ioctl+0xa90/0xa90 [ 1148.782079][T30493] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1148.787915][T30493] ? __fget+0x35a/0x550 [ 1148.792084][T30493] block_ioctl+0xee/0x130 [ 1148.796411][T30493] ? blkdev_fallocate+0x410/0x410 [ 1148.801725][T30493] do_vfs_ioctl+0xd6e/0x1390 [ 1148.806318][T30493] ? ioctl_preallocate+0x210/0x210 [ 1148.811436][T30493] ? smack_file_ioctl+0x196/0x310 [ 1148.816476][T30493] ? smack_inode_rename+0x2d0/0x2d0 [ 1148.821685][T30493] ? do_sys_open+0x31d/0x5d0 [ 1148.826286][T30493] ? tomoyo_file_ioctl+0x23/0x30 [ 1148.831222][T30493] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1148.837456][T30493] ? security_file_ioctl+0x93/0xc0 [ 1148.842582][T30493] ksys_ioctl+0xab/0xd0 [ 1148.846831][T30493] __x64_sys_ioctl+0x73/0xb0 [ 1148.851422][T30493] do_syscall_64+0x103/0x610 [ 1148.856015][T30493] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1148.861992][T30493] RIP: 0033:0x458a97 [ 1148.865886][T30493] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1148.885587][T30493] RSP: 002b:00007f8382e21a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1148.893998][T30493] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458a97 14:20:21 executing program 5: r0 = socket$kcm(0x29, 0x2, 0x0) fcntl$setsig(r0, 0xa, 0x35) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) 14:20:21 executing program 3: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, 0x0, 0x0) [ 1148.901966][T30493] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1148.909936][T30493] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1148.917905][T30493] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1148.925888][T30493] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1149.011675][T30493] hfs: can't find a HFS filesystem on dev loop0 14:20:22 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x2000000000000, 0x0) 14:20:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) fsync(r2) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:20:22 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000030000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:22 executing program 5: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x80000000000000, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) write$binfmt_elf32(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="7f454c460209a56000000000000000000200000080000000d5030000380000006102000009000000f8ff200001000600000006000000000007000000000000000800000006000000020000000800000073000000310000006a6f304063cac260fdad103231df843cbe70b31caa9a78d91603d4d6a8c2bc06e1ef2c8f0cfc9532ceed7e7e7b8b0522649aa97111ca5e68f4bb1ddf707ccfc1834db10b52607ac429e25974f73f3f00a3725d71287ee64924baa2f95e6518f1f2047bf009e76a840c0f199a7e5123f6d872a4c2645ef0fd2502e5dbcba8517e9e2ec2d1755ed75a5d913f6ac557f135ea2d0f5f9623f1a055a4396d8d38e8d7f07d76a633b67cd91b973b380b8d75000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f000"/1031], 0x407) 14:20:22 executing program 3: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) [ 1149.238742][T30709] binder: 30703:30709 IncRefs 0 refcount change on invalid ref 768 ret -22 [ 1149.267269][T30708] kvm [30705]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:20:22 executing program 5: syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) [ 1149.288377][T30709] binder: 30703:30709 BC_INCREFS_DONE u0000008000000000 no match 14:20:22 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x7ffffffffffff, 0x0) 14:20:22 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f00000001c0)=""/182) ioctl$EVIOCGABS2F(r0, 0x8018456f, &(0x7f0000000000)=""/28) 14:20:22 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:22 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x200000e000) ioctl$KVM_SET_XSAVE(r0, 0x5000aea5, &(0x7f00000001c0)={"e4d36e0f1f0edd1e10791b49172074adb2898ca8cf45caad82e3d7e1c3fedeb65c1d4dc541af8569e25a01daf4881095ae30a00542867119df3afcead3f3ca5a1664a23efaa24dc164ae002fa543537566a5fcfe2ef9698d023b7680c4708597e34e3ac3cfce2e4b6e4c9627f895b86c464bb420fd9ef591b2ea088aeffe915438d93adcd64a01133831ff80963a81e7001146dc662d742c2e5825a0fa1cb8997e08b5ab677527ca229a54716f74fd904f933a60c16f437c4026ae351657a6c7cadbd22afba32f40b62a38b5910f1816cd950ff208cca1f642c75047d739d36116a15040992faaae851ae054b8fda441df06a54e9d5cbbe0979d68b225afae8cb67a4a0f1fb3e77ce24b998c724b22d639fbda53177e6ab2189bcab2c23cb28e70dc90accabca3b324470319f69caf5a995262d473cc63144514694cb6564f77125ef62f86c2c5fde01b7908b47e091e6fa36c46d1b6dd8d7aef25cba7359eeb23e21cb9d345fad2dab2556f585e0d8eb867a64084905bc3e16c03ae173c4959893cfa505422ab55ca7ffab6e80170a3a28ce99170d8bf1ae4d937fc69926d341dbcdbcfb44eabd44aebd6662cd25a951ad19229eb6dfd3b2fce2808ed6e5f4a42c9f0a0b6402f441085f4ef7003f2bdcf1ee742a19ac4630d0f3c2a03a069d1e7ba595a0f2ef8f615f4ed9c25839ab37d54f441dab5ff4cedc82a4c6218a69e3d03a727c18f508c7a273d90b87147bc4369ff34b54804e3cdadfa44f6c042fc72243b9f885e624385396d142f2aaa6d53a6859249713a6fa977c675085bdad60759d77c2fb3c973b5e69e2c0ea27cdea6bfa18a6b9737e401582404e57928eef2deb38c54afd4ee0795383dec1be35075af8bebfe9df37db5b193196d371469ab052ce7ef0af93e1de346f83727d2f88a29413cd7c53c8a90c769cda9b35c860844cae434be9a23c9e509dd40bc08d4da19bb0ac81edcae10c06b9ad7b16a3de4559561f71ab96c87c6f6219ea5daa696f7eaed3fabd2e22f190fe4ee01582a9709fbbe8da2aefc940d8fd36485886ae32e96c088845b274f3a95e7b9dd1c18bc32ff5cb6027f21e6423a99c060a9f63177636897050c91b2285c53e85e3812981693fbd8e589ba0d05628c530ed60f928116436c2954a40ad681454d038bc10ea4e71ec1f31fbf8a89cb7e72ac9cbaddada774d8eb9361101d99c3dcbc2e3359f0cec03e5313192f9be59650085062eacc31cb0bbe61ed89d148fa799faa532c065c56a8a25117c4b9cb89b51d91adbc0ed99fb3531f3f538730fd4f869fe4568059c8fe9cc31da60acf1e4bb3d1cc2a748a9c9b124b1512efb1b013dea82cb7f6d38e4fc3f0b7606630c4f8e53f22a48a951af253dd9bd88b740d5ee8ff63e290483e0fea019c6129cff8e55ea5fab6819b6b964cbd93d6cc09f965d1baa5"}) 14:20:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f00000000c0)={'nlmon0\x00', {0x2, 0x4e23, @remote}}) 14:20:22 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000050000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:22 executing program 5: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) ioctl$PPPIOCSFLAGS(r1, 0x40047459, &(0x7f00000000c0)=0x8000040) r2 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x0, 0x2) bind$isdn(r2, &(0x7f0000000040)={0x22, 0x7, 0x3, 0x10000, 0x80000000}, 0x6) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) fgetxattr(r3, &(0x7f0000000100)=@random={'os2.', 'proc\x00'}, &(0x7f00000001c0)=""/187, 0xbb) 14:20:22 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xe000000000000, 0x0) 14:20:23 executing program 5 (fault-call:1 fault-nth:0): r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) [ 1149.923008][T30931] binder: 30927:30931 IncRefs 0 refcount change on invalid ref 1280 ret -22 [ 1149.949945][T30931] binder: 30927:30931 BC_INCREFS_DONE u0000008000000000 no match 14:20:23 executing program 3 (fault-call:0 fault-nth:0): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1150.003170][T30933] kvm [30925]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:20:23 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x40000000000000, 0x0) [ 1150.092848][T30938] hfs: can't find a HFS filesystem on dev loop0 14:20:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000060000086310400000000080"], 0x0, 0x0, 0x0}) [ 1150.180771][T31087] FAULT_INJECTION: forcing a failure. [ 1150.180771][T31087] name failslab, interval 1, probability 0, space 0, times 0 14:20:23 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) 14:20:23 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='\nfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1150.271227][T31087] CPU: 1 PID: 31087 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1150.279267][T31087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1150.289349][T31087] Call Trace: [ 1150.292786][T31087] dump_stack+0x172/0x1f0 [ 1150.297141][T31087] should_fail.cold+0xa/0x15 [ 1150.301754][T31087] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1150.307586][T31087] ? ___might_sleep+0x163/0x280 [ 1150.312463][T31087] __should_failslab+0x121/0x190 [ 1150.317622][T31087] should_failslab+0x9/0x14 [ 1150.322127][T31087] __kmalloc+0x2dc/0x740 [ 1150.326376][T31087] ? fput_many+0x12c/0x1a0 [ 1150.330811][T31087] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1150.337254][T31087] ? strnlen_user+0x1f0/0x280 [ 1150.342799][T31087] ? __x64_sys_memfd_create+0x13c/0x470 [ 1150.348451][T31087] __x64_sys_memfd_create+0x13c/0x470 [ 1150.353843][T31087] ? memfd_fcntl+0x1550/0x1550 [ 1150.358784][T31087] ? do_syscall_64+0x26/0x610 [ 1150.363465][T31087] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1150.368770][T31087] ? trace_hardirqs_on+0x67/0x230 [ 1150.373802][T31087] do_syscall_64+0x103/0x610 [ 1150.378400][T31087] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1150.384298][T31087] RIP: 0033:0x458c29 [ 1150.388194][T31087] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1150.407803][T31087] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f 14:20:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x4002, 0x0) setsockopt$inet_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040), 0x4) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x7b, 0x2, [0x40000090, 0x8000ff0b0176, 0x1], [0xc1]}) [ 1150.416220][T31087] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458c29 [ 1150.424190][T31087] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bdb87 [ 1150.432157][T31087] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1150.440123][T31087] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66a1e036d4 [ 1150.448090][T31087] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1150.495331][T31153] binder: 31151:31153 IncRefs 0 refcount change on invalid ref 1536 ret -22 [ 1150.517104][T31153] binder: 31151:31153 BC_INCREFS_DONE u0000008000000000 no match [ 1150.525044][ C1] net_ratelimit: 24 callbacks suppressed [ 1150.525053][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1150.525152][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:20:23 executing program 3 (fault-call:0 fault-nth:1): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1150.525292][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1150.525363][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1150.525474][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1150.525612][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:20:23 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x2) 14:20:23 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x100000000000000, 0x0) 14:20:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x2, &(0x7f0000000100)="fc08000000000000001539bdf8e9e0a34857ca63ab9f919bd070") r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f00000000c0)={0x2}) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000bc0)='/dev/video36\x00', 0x2, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000b00)={&(0x7f0000000ac0)='./file0\x00', r1}, 0x10) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_GET_LAPIC(r4, 0x8400ae8e, &(0x7f0000000180)={"f2050290d0b516312d58d4686434e850eba7237777405af4f4f7c28c49e2b93b487188b12693a976e249bbbbef97ced9f4b48e20837a1ddf526d82b8018f988e75309c7915f5ac41624bc636e39857c29d3bc6f35fb31ff0a5d90a9c9c1d7ff8cddcfe29dd5b2c76ffc42190c5d245b012ddd1f292ea04db79a0f141df2f3a75dde0b4d1ef4e1820775ecc3a3caedbfaad361d60186f3645b91f913a1b812193351530ce0492ab8ad01b678cad7e257759f9c60d51bf58e538d26417136a1b810096ea28196513671e461efb51d4bf122866ab3204b6231f2ccd516ed5f73c1573b7a37012d1a5c4e5e4f36e3e722d9dc258bd5dd7752b7e0624da46b7dbee9ba037bd94ba74e9751e9c9365b6486ce1c90ac2b2c1f964806afdff21dd53f371c1d6c44165d454b7745acd5f1bcfb9fccd12df5737ff92dd7f5e78945b9fedd389b4f43c41ddc0e9c3a89f63443385096786ad212a5d484313b173fd32ba8fa3b21fb552f75752f0532facbeda7d7d16587221b94b0215e09d3c6dcf7f21ef1e5cb2ae06df06d8a376ea4848e8261b9980e068d0692f92db09d17557cdffb1e17e0beb22db944e4b060624d0c1c7fc5022ef9717dc94a7cd494494e4c7bc0bc24246c886a2b8861107a87d86f8eba412a8eb97ffc2248be7f8605a4b9508194123363074f486d2d3e9183ccdd00cdd76fd09c7ced79575906f004c8172b91796695fa5c0fb4957dc92ef83e594d7c47b328efe98a83f0f2a6f61d468dc22cc63f87d2e2c0a38d8fb3f4c1339dfd63cd3150a2d8fa5117351095a350ac9f12c1fbcf4c8404dda88a091bf0714e4813e5c57c088542f94fb4bcb47aac64d7882770f6a167ed7408f769ce719d7311a0b7b4bd5972c93514b47e815bbf6a093b9c688e124484cf579f82958f85c664dfae4d2ebd33281fce52b11f8a349d881b590c91c5a7dc61670f526cf0758f024c24e1c45ff4ad6fb85f42411a2c1ee41bfc92c20197572090aa6916ad559b70d6d1e9f14385a71a79300b1f8ea5db5336082f35dbc874ddb450345c49b97fa7002c677409749e32acc8bf27a52584ef2a0138c2dd8cc60822046abd68cfa00973071902f6df780532e90aef6079750af58c4111db617febca72d708e5d263c9c35f4caa3af32e22e5705c891bae9301becb08bb87a40614bd55936fdc8737cf78eef777a519fb579588fc46b06bfefd31cde93155443c9190a19e85ead610eba594b82d11cd7773bc1f9739c09f62a248bcc510f17fc01e709c0a2b575d7c5599086d867385b47ded2f856a2ec54fc54208398c727140f41e5a9d3b15ce77c5d8b1c17773d84db0e5a84a69acc39137fc8746ed298f7a228ebd823d1cf7d3e6c57173b4ed9657888e9a7e3fe39547aa62bcad14d1b17604a4a0aebfa41d383d0cce0625b2d26b6e0b74ed4bb1c6897ac5181"}) r5 = getpgrp(0x0) sendmsg$SEG6_CMD_DUMPHMAC(r3, &(0x7f0000000cc0)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c00)={0x64, 0x0, 0x302, 0x70bd2d, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRET={0x8, 0x4, [0xff]}, @SEG6_ATTR_DST={0x14, 0x1, @dev={0xfe, 0x80, [], 0xe}}, @SEG6_ATTR_ALGID={0x8, 0x6, 0x10001}, @SEG6_ATTR_SECRETLEN={0x8, 0x5, 0x5}, @SEG6_ATTR_SECRET={0x10, 0x4, [0xb26e, 0x1ff, 0x3]}, @SEG6_ATTR_DST={0x14, 0x1, @remote}]}, 0x64}, 0x1, 0x0, 0x0, 0x80}, 0x8000) syz_open_procfs(r5, &(0x7f0000000b40)='cgroup\x00') preadv(r1, &(0x7f0000000a40)=[{&(0x7f0000000580)=""/53, 0x35}, {&(0x7f00000005c0)=""/124, 0x7c}, {&(0x7f0000000640)=""/245, 0xf5}, {&(0x7f0000000740)=""/175, 0xaf}, {&(0x7f0000000800)=""/121, 0x79}, {&(0x7f0000000880)=""/163, 0x32c}, {&(0x7f0000000940)=""/203, 0xcb}], 0x7, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1150.672285][ C0] neighbour: arp_cache: neighbor table overflow! [ 1150.699197][T31324] FAULT_INJECTION: forcing a failure. [ 1150.699197][T31324] name failslab, interval 1, probability 0, space 0, times 0 [ 1150.769264][T31324] CPU: 1 PID: 31324 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1150.777294][T31324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1150.787371][T31324] Call Trace: [ 1150.787405][T31324] dump_stack+0x172/0x1f0 [ 1150.787429][T31324] should_fail.cold+0xa/0x15 [ 1150.787448][T31324] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1150.787470][T31324] ? ___might_sleep+0x163/0x280 [ 1150.795078][T31324] __should_failslab+0x121/0x190 14:20:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000070000086310400000000080"], 0x0, 0x0, 0x0}) [ 1150.795099][T31324] ? shmem_destroy_callback+0xc0/0xc0 [ 1150.795115][T31324] should_failslab+0x9/0x14 [ 1150.795130][T31324] kmem_cache_alloc+0x2b2/0x6f0 [ 1150.795149][T31324] ? __alloc_fd+0x44d/0x560 [ 1150.834462][T31324] ? shmem_destroy_callback+0xc0/0xc0 [ 1150.839841][T31324] shmem_alloc_inode+0x1c/0x50 [ 1150.844613][T31324] alloc_inode+0x66/0x190 [ 1150.848947][T31324] new_inode_pseudo+0x19/0xf0 [ 1150.853633][T31324] new_inode+0x1f/0x40 [ 1150.857713][T31324] shmem_get_inode+0x84/0x7e0 [ 1150.862411][T31324] __shmem_file_setup.part.0+0x7e/0x2b0 [ 1150.867970][T31324] shmem_file_setup+0x66/0x90 [ 1150.872659][T31324] __x64_sys_memfd_create+0x2a2/0x470 [ 1150.878040][T31324] ? memfd_fcntl+0x1550/0x1550 [ 1150.882804][T31324] ? do_syscall_64+0x26/0x610 [ 1150.887659][T31324] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1150.892960][T31324] ? trace_hardirqs_on+0x67/0x230 [ 1150.898009][T31324] do_syscall_64+0x103/0x610 [ 1150.902608][T31324] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1150.908504][T31324] RIP: 0033:0x458c29 [ 1150.912410][T31324] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1150.932026][T31324] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1150.940463][T31324] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458c29 [ 1150.948439][T31324] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bdb87 [ 1150.956412][T31324] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1150.964931][T31324] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66a1e036d4 [ 1150.973148][T31324] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:20:24 executing program 3 (fault-call:0 fault-nth:2): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:24 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='%fs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1151.047675][T31374] binder: 31373:31374 IncRefs 0 refcount change on invalid ref 1792 ret -22 [ 1151.074904][T31371] kvm [31369]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:20:24 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x3) [ 1151.102916][T31374] binder: 31373:31374 BC_INCREFS_DONE u0000008000000000 no match 14:20:24 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x200000000000000, 0x0) [ 1151.216019][T31492] FAULT_INJECTION: forcing a failure. [ 1151.216019][T31492] name failslab, interval 1, probability 0, space 0, times 0 [ 1151.271958][T31492] CPU: 0 PID: 31492 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1151.279987][T31492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1151.290050][T31492] Call Trace: [ 1151.293359][T31492] dump_stack+0x172/0x1f0 [ 1151.297710][T31492] should_fail.cold+0xa/0x15 [ 1151.302312][T31492] ? find_held_lock+0x35/0x130 [ 1151.307093][T31492] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1151.312928][T31492] ? ___might_sleep+0x163/0x280 [ 1151.317806][T31492] __should_failslab+0x121/0x190 [ 1151.322753][T31492] should_failslab+0x9/0x14 [ 1151.322771][T31492] kmem_cache_alloc+0x2b2/0x6f0 [ 1151.322786][T31492] ? __put_user_ns+0x70/0x70 [ 1151.322800][T31492] ? shmem_alloc_inode+0x1c/0x50 [ 1151.322817][T31492] ? rcu_read_lock_sched_held+0x110/0x130 [ 1151.322839][T31492] security_inode_alloc+0x39/0x160 [ 1151.332164][T31492] inode_init_always+0x56e/0xb50 [ 1151.332182][T31492] alloc_inode+0x83/0x190 [ 1151.332199][T31492] new_inode_pseudo+0x19/0xf0 [ 1151.332212][T31492] new_inode+0x1f/0x40 [ 1151.332227][T31492] shmem_get_inode+0x84/0x7e0 [ 1151.332248][T31492] __shmem_file_setup.part.0+0x7e/0x2b0 [ 1151.332268][T31492] shmem_file_setup+0x66/0x90 [ 1151.385510][T31492] __x64_sys_memfd_create+0x2a2/0x470 [ 1151.390900][T31492] ? memfd_fcntl+0x1550/0x1550 [ 1151.395675][T31492] ? do_syscall_64+0x26/0x610 [ 1151.400368][T31492] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1151.405675][T31492] ? trace_hardirqs_on+0x67/0x230 [ 1151.410710][T31492] do_syscall_64+0x103/0x610 [ 1151.415306][T31492] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1151.421194][T31492] RIP: 0033:0x458c29 [ 1151.425088][T31492] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1151.444779][T31492] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1151.453193][T31492] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458c29 [ 1151.461176][T31492] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bdb87 14:20:24 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000200000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:24 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x200, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x1810c0, 0x8) openat$cgroup_ro(r2, &(0x7f0000000200)='cpuacct.stat\x00', 0x0, 0x0) getresgid(&(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1151.469164][T31492] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1151.477135][T31492] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66a1e036d4 [ 1151.485106][T31492] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:20:24 executing program 3 (fault-call:0 fault-nth:3): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1151.552056][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1151.558014][ C0] protocol 88fb is buggy, dev hsr_slave_1 14:20:24 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x4) 14:20:24 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='h\ns\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1151.616331][T31595] binder: 31593:31595 IncRefs 0 refcount change on invalid ref 8192 ret -22 [ 1151.633996][T31597] FAULT_INJECTION: forcing a failure. [ 1151.633996][T31597] name failslab, interval 1, probability 0, space 0, times 0 [ 1151.646824][ C1] protocol 88fb is buggy, dev hsr_slave_0 14:20:24 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x300000000000000, 0x0) [ 1151.660872][T31595] binder: 31593:31595 BC_INCREFS_DONE u0000008000000000 no match [ 1151.699210][T31596] kvm [31594]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1151.710522][T31597] CPU: 1 PID: 31597 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1151.718565][T31597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1151.718571][T31597] Call Trace: [ 1151.718596][T31597] dump_stack+0x172/0x1f0 [ 1151.718623][T31597] should_fail.cold+0xa/0x15 [ 1151.731964][T31597] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1151.731986][T31597] ? ___might_sleep+0x163/0x280 [ 1151.732006][T31597] __should_failslab+0x121/0x190 [ 1151.732020][T31597] should_failslab+0x9/0x14 [ 1151.732039][T31597] kmem_cache_alloc+0x2b2/0x6f0 [ 1151.765786][T31597] ? current_time+0x6b/0x140 [ 1151.770357][T31597] ? ktime_get_coarse_real_ts64+0xf0/0x2b0 [ 1151.776146][T31597] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1151.781413][T31597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1151.787643][T31597] ? timespec64_trunc+0xf0/0x180 [ 1151.792590][T31597] __d_alloc+0x2e/0x8c0 [ 1151.796741][T31597] d_alloc_pseudo+0x1e/0x30 [ 1151.801225][T31597] alloc_file_pseudo+0xe2/0x280 [ 1151.806161][T31597] ? alloc_file+0x4d0/0x4d0 [ 1151.810737][T31597] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 1151.816968][T31597] __shmem_file_setup.part.0+0x108/0x2b0 [ 1151.822587][T31597] shmem_file_setup+0x66/0x90 [ 1151.827248][T31597] __x64_sys_memfd_create+0x2a2/0x470 [ 1151.832623][T31597] ? memfd_fcntl+0x1550/0x1550 [ 1151.837373][T31597] ? do_syscall_64+0x26/0x610 [ 1151.842035][T31597] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1151.847309][T31597] ? trace_hardirqs_on+0x67/0x230 [ 1151.852331][T31597] do_syscall_64+0x103/0x610 [ 1151.856908][T31597] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1151.862799][T31597] RIP: 0033:0x458c29 [ 1151.866678][T31597] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1151.886281][T31597] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1151.894679][T31597] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458c29 [ 1151.902632][T31597] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bdb87 [ 1151.914155][T31597] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1151.922118][T31597] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66a1e036d4 [ 1151.930078][T31597] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1151.975404][T31596] kvm [31594]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:20:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000480000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:25 executing program 3 (fault-call:0 fault-nth:4): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:25 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x400000) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) sendfile(r3, r1, 0x0, 0xd3) 14:20:25 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x5) 14:20:25 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='h%s\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:25 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x400000000000000, 0x0) [ 1152.151778][T31710] FAULT_INJECTION: forcing a failure. [ 1152.151778][T31710] name failslab, interval 1, probability 0, space 0, times 0 [ 1152.202766][T31716] binder: 31711:31716 IncRefs 0 refcount change on invalid ref 18432 ret -22 [ 1152.211591][T31716] binder: 31711:31716 BC_INCREFS_DONE u0000008000000000 no match 14:20:25 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000000c0)={0x4}) 14:20:25 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x6) 14:20:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440004c0000086310400000000080"], 0x0, 0x0, 0x0}) [ 1152.412336][T31710] CPU: 0 PID: 31710 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1152.420499][T31710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1152.430734][T31710] Call Trace: [ 1152.430768][T31710] dump_stack+0x172/0x1f0 [ 1152.430789][T31710] should_fail.cold+0xa/0x15 [ 1152.442984][T31710] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1152.448805][T31710] ? ___might_sleep+0x163/0x280 [ 1152.453664][T31710] __should_failslab+0x121/0x190 [ 1152.453681][T31710] should_failslab+0x9/0x14 [ 1152.453695][T31710] kmem_cache_alloc+0x2b2/0x6f0 [ 1152.453719][T31710] __alloc_file+0x27/0x300 [ 1152.472395][T31710] alloc_empty_file+0x72/0x170 [ 1152.477178][T31710] alloc_file+0x5e/0x4d0 [ 1152.481442][T31710] alloc_file_pseudo+0x189/0x280 [ 1152.486386][T31710] ? alloc_file+0x4d0/0x4d0 [ 1152.490909][T31710] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 1152.497169][T31710] __shmem_file_setup.part.0+0x108/0x2b0 [ 1152.502819][T31710] shmem_file_setup+0x66/0x90 [ 1152.507505][T31710] __x64_sys_memfd_create+0x2a2/0x470 [ 1152.512889][T31710] ? memfd_fcntl+0x1550/0x1550 [ 1152.518092][T31710] ? do_syscall_64+0x26/0x610 [ 1152.522779][T31710] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1152.528062][T31710] ? trace_hardirqs_on+0x67/0x230 [ 1152.533093][T31710] do_syscall_64+0x103/0x610 [ 1152.537687][T31710] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1152.543581][T31710] RIP: 0033:0x458c29 [ 1152.547473][T31710] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1152.567073][T31710] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1152.575494][T31710] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458c29 [ 1152.583549][T31710] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bdb87 [ 1152.591608][T31710] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1152.599574][T31710] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66a1e036d4 14:20:25 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x500000000000000, 0x0) [ 1152.607542][T31710] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:20:25 executing program 3 (fault-call:0 fault-nth:5): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:25 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='h.s\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1152.686335][T31928] kvm [31926]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1152.716576][T31934] binder: 31931:31934 IncRefs 0 refcount change on invalid ref 19456 ret -22 [ 1152.767316][T31938] FAULT_INJECTION: forcing a failure. [ 1152.767316][T31938] name failslab, interval 1, probability 0, space 0, times 0 [ 1152.782147][T31934] binder: 31931:31934 BC_INCREFS_DONE u0000008000000000 no match [ 1152.803865][T31928] kvm [31926]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1152.806491][T31938] CPU: 0 PID: 31938 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1152.820756][T31938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1152.830824][T31938] Call Trace: [ 1152.834137][T31938] dump_stack+0x172/0x1f0 [ 1152.838489][T31938] should_fail.cold+0xa/0x15 [ 1152.843096][T31938] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1152.848923][T31938] ? ___might_sleep+0x163/0x280 [ 1152.853796][T31938] __should_failslab+0x121/0x190 [ 1152.858772][T31938] should_failslab+0x9/0x14 [ 1152.863295][T31938] kmem_cache_alloc+0x2b2/0x6f0 [ 1152.868161][T31938] __alloc_file+0x27/0x300 [ 1152.872591][T31938] alloc_empty_file+0x72/0x170 [ 1152.877371][T31938] alloc_file+0x5e/0x4d0 [ 1152.881636][T31938] alloc_file_pseudo+0x189/0x280 [ 1152.886578][T31938] ? alloc_file+0x4d0/0x4d0 [ 1152.891092][T31938] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 1152.897364][T31938] __shmem_file_setup.part.0+0x108/0x2b0 [ 1152.903011][T31938] shmem_file_setup+0x66/0x90 [ 1152.903029][T31938] __x64_sys_memfd_create+0x2a2/0x470 [ 1152.903050][T31938] ? memfd_fcntl+0x1550/0x1550 [ 1152.917807][T31938] ? do_syscall_64+0x26/0x610 [ 1152.922488][T31938] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1152.927782][T31938] ? trace_hardirqs_on+0x67/0x230 [ 1152.932801][T31938] do_syscall_64+0x103/0x610 [ 1152.937400][T31938] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1152.943276][T31938] RIP: 0033:0x458c29 [ 1152.947154][T31938] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1152.966741][T31938] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1152.977007][T31938] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458c29 [ 1152.984965][T31938] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004bdb87 [ 1152.992919][T31938] RBP: 000000000073bf00 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1153.000871][T31938] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66a1e036d4 [ 1153.008830][T31938] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:20:26 executing program 3 (fault-call:0 fault-nth:6): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:26 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x7) 14:20:26 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x600000000000000, 0x0) 14:20:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000600000086310400000000080"], 0x0, 0x0, 0x0}) [ 1153.149655][T32146] FAULT_INJECTION: forcing a failure. [ 1153.149655][T32146] name failslab, interval 1, probability 0, space 0, times 0 [ 1153.177379][T32146] CPU: 0 PID: 32146 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1153.185408][T32146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1153.195638][T32146] Call Trace: [ 1153.198941][T32146] dump_stack+0x172/0x1f0 [ 1153.203281][T32146] should_fail.cold+0xa/0x15 [ 1153.207879][T32146] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1153.213712][T32146] ? ___might_sleep+0x163/0x280 [ 1153.218687][T32146] __should_failslab+0x121/0x190 [ 1153.223656][T32146] should_failslab+0x9/0x14 [ 1153.228180][T32146] kmem_cache_alloc+0x2b2/0x6f0 [ 1153.233043][T32146] ? notify_change+0x6d5/0xfb0 [ 1153.237813][T32146] ? do_sys_ftruncate+0x41e/0x550 [ 1153.242850][T32146] getname_flags+0xd6/0x5b0 [ 1153.247616][T32146] getname+0x1a/0x20 [ 1153.251507][T32146] do_sys_open+0x2c9/0x5d0 [ 1153.255930][T32146] ? filp_open+0x80/0x80 [ 1153.260171][T32146] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1153.266413][T32146] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1153.271871][T32146] ? do_syscall_64+0x26/0x610 [ 1153.276549][T32146] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1153.282612][T32146] ? do_syscall_64+0x26/0x610 [ 1153.287322][T32146] __x64_sys_open+0x7e/0xc0 [ 1153.291840][T32146] do_syscall_64+0x103/0x610 [ 1153.296431][T32146] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1153.302326][T32146] RIP: 0033:0x412bc1 [ 1153.306223][T32146] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1153.325913][T32146] RSP: 002b:00007f66a1e02a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 1153.334421][T32146] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000412bc1 [ 1153.342387][T32146] RDX: 00007f66a1e02b0a RSI: 0000000000000002 RDI: 00007f66a1e02b00 14:20:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) memfd_create(&(0x7f00000000c0)='\x00', 0x2) 14:20:26 executing program 3 (fault-call:0 fault-nth:7): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1153.350364][T32146] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1153.358367][T32146] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 1153.366368][T32146] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1153.480351][T32156] FAULT_INJECTION: forcing a failure. [ 1153.480351][T32156] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1153.493591][T32156] CPU: 0 PID: 32156 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1153.493602][T32156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1153.493607][T32156] Call Trace: [ 1153.493634][T32156] dump_stack+0x172/0x1f0 [ 1153.493655][T32156] should_fail.cold+0xa/0x15 [ 1153.493670][T32156] ? __lock_acquire+0x548/0x3fb0 [ 1153.493694][T32156] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1153.493709][T32156] ? __lock_acquire+0x548/0x3fb0 [ 1153.493727][T32156] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1153.493752][T32156] should_fail_alloc_page+0x50/0x60 [ 1153.511792][T32156] __alloc_pages_nodemask+0x1a1/0x7e0 [ 1153.511816][T32156] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 1153.511832][T32156] ? find_held_lock+0x35/0x130 [ 1153.511857][T32156] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1153.511879][T32156] cache_grow_begin+0x9c/0x860 [ 1153.511896][T32156] ? getname_flags+0xd6/0x5b0 [ 1153.511909][T32156] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1153.511927][T32156] kmem_cache_alloc+0x62d/0x6f0 [ 1153.511939][T32156] ? notify_change+0x6d5/0xfb0 [ 1153.511954][T32156] ? do_sys_ftruncate+0x41e/0x550 [ 1153.511970][T32156] getname_flags+0xd6/0x5b0 [ 1153.511986][T32156] getname+0x1a/0x20 [ 1153.511999][T32156] do_sys_open+0x2c9/0x5d0 [ 1153.512017][T32156] ? filp_open+0x80/0x80 [ 1153.512030][T32156] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1153.512046][T32156] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1153.512059][T32156] ? do_syscall_64+0x26/0x610 [ 1153.512079][T32156] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1153.643164][T32156] ? do_syscall_64+0x26/0x610 [ 1153.647832][T32156] __x64_sys_open+0x7e/0xc0 [ 1153.652585][T32156] do_syscall_64+0x103/0x610 [ 1153.657268][T32156] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1153.663139][T32156] RIP: 0033:0x412bc1 [ 1153.667019][T32156] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1153.686606][T32156] RSP: 002b:00007f66a1e02a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 1153.695258][T32156] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000412bc1 [ 1153.703488][T32156] RDX: 00007f66a1e02b0a RSI: 0000000000000002 RDI: 00007f66a1e02b00 [ 1153.711442][T32156] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1153.719485][T32156] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 1153.727453][T32156] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1153.740062][T32155] kvm [32151]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:20:26 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x8) 14:20:26 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='h/s\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1153.802838][T32258] binder: 32157:32258 IncRefs 0 refcount change on invalid ref 24576 ret -22 [ 1153.822120][T32258] binder: 32157:32258 BC_INCREFS_DONE u0000008000000000 no match 14:20:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000680000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) io_setup(0x7f, &(0x7f00000000c0)=0x0) io_getevents(r1, 0x5, 0x3, &(0x7f0000000180)=[{}, {}, {}], 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000100)='/dev/usbmon#\x00', 0xfffffffffffffffb, 0x410001) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000240)={r2, &(0x7f0000000200)="448e9864e670b324750f9ddf8663b84a576ca3056d508664"}, 0x10) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r5, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:20:26 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x700000000000000, 0x0) 14:20:27 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x9) 14:20:27 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x2, 0x0) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x82000, 0x0) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000180)={0x1, r2}) epoll_pwait(r2, &(0x7f0000000240)=[{}, {}, {}, {}, {}], 0x5, 0x80000001, &(0x7f0000000280)={0x68d}, 0x8) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$VIDIOC_SUBDEV_G_EDID(r1, 0xc0285628, &(0x7f0000000200)={0x0, 0x0, 0x1, [], &(0x7f00000001c0)=0x1d73}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r5, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1154.051853][T32371] binder: 32364:32371 IncRefs 0 refcount change on invalid ref 26624 ret -22 [ 1154.069176][T32156] hfs: can't find a HFS filesystem on dev loop3 [ 1154.089954][T32371] binder: 32364:32371 BC_INCREFS_DONE u0000008000000000 no match 14:20:27 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hf\n\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:27 executing program 3 (fault-call:0 fault-nth:8): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440006c0000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:27 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x800000000000000, 0x0) [ 1154.287987][T32478] kvm [32475]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:20:27 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0xa) [ 1154.376946][T32543] binder: 32501:32543 IncRefs 0 refcount change on invalid ref 27648 ret -22 [ 1154.390167][T32543] binder: 32501:32543 BC_INCREFS_DONE u0000008000000000 no match 14:20:27 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) munlockall() ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f00000000c0)=0x7) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:20:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000740000086310400000000080"], 0x0, 0x0, 0x0}) 14:20:27 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hf#\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:27 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x900000000000000, 0x0) [ 1154.612446][T32696] kvm [32693]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1154.653991][T32699] binder: 32697:32699 IncRefs 0 refcount change on invalid ref 29696 ret -22 [ 1154.674889][T32699] binder: 32697:32699 BC_INCREFS_DONE u0000008000000000 no match [ 1154.692864][T32691] FAULT_INJECTION: forcing a failure. [ 1154.692864][T32691] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1154.706282][T32691] CPU: 1 PID: 32691 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1154.714291][T32691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1154.724354][T32691] Call Trace: [ 1154.727656][T32691] dump_stack+0x172/0x1f0 [ 1154.732001][T32691] should_fail.cold+0xa/0x15 [ 1154.736597][T32691] ? __lock_acquire+0x548/0x3fb0 [ 1154.741562][T32691] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1154.747372][T32691] ? __lock_acquire+0x548/0x3fb0 14:20:27 executing program 4: pkey_alloc(0x0, 0x2) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x100) r1 = socket$alg(0x26, 0x5, 0x0) r2 = open(&(0x7f0000000140)='./file0\x00', 0x80, 0x20) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000180)={r1, r2}) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r2, 0x6611) fcntl$getflags(r1, 0x408) ioctl$BLKTRACESTART(r2, 0x1274, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) getsockname$packet(r0, &(0x7f0000000500)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000540)=0x14) ioctl$sock_inet6_SIOCDIFADDR(r2, 0x8936, &(0x7f0000000580)={@loopback, 0x74, r5}) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f00000003c0)={0x80000, 0x0, [0x7, 0x40, 0x40, 0x4, 0x6, 0x4, 0x6, 0x5]}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000002c0)='9p\x00', 0x1, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@loose='loose'}, {@access_client='access=client'}], [{@fsname={'fsname', 0x3d, '/dev/kvm\x00'}}, {@smackfsfloor={'smackfsfloor'}}]}}) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r6, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f0000000480)=0x1f, 0x4) getsockname$netrom(r0, &(0x7f00000001c0)={{0x3, @default}, [@netrom, @default, @bcast, @default, @default, @rose, @bcast, @rose]}, &(0x7f0000000240)=0x48) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000280)={'icmp\x00'}, &(0x7f0000000440)=0x1e) [ 1154.752317][T32691] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1154.758570][T32691] should_fail_alloc_page+0x50/0x60 [ 1154.763781][T32691] __alloc_pages_nodemask+0x1a1/0x7e0 [ 1154.769162][T32691] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 1154.775667][T32691] ? find_held_lock+0x35/0x130 [ 1154.780440][T32691] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1154.786603][T32691] cache_grow_begin+0x9c/0x860 [ 1154.791365][T32691] ? getname_flags+0xd6/0x5b0 [ 1154.796049][T32691] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1154.802299][T32691] kmem_cache_alloc+0x62d/0x6f0 [ 1154.807155][T32691] ? notify_change+0x6d5/0xfb0 [ 1154.811921][T32691] ? do_sys_ftruncate+0x41e/0x550 [ 1154.816949][T32691] getname_flags+0xd6/0x5b0 [ 1154.821461][T32691] getname+0x1a/0x20 [ 1154.825358][T32691] do_sys_open+0x2c9/0x5d0 [ 1154.831170][T32691] ? filp_open+0x80/0x80 [ 1154.836249][T32691] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1154.842588][T32691] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1154.848837][T32691] ? do_syscall_64+0x26/0x610 [ 1154.854313][T32691] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1154.861939][T32691] ? do_syscall_64+0x26/0x610 [ 1154.866957][T32691] __x64_sys_open+0x7e/0xc0 [ 1154.872179][T32691] do_syscall_64+0x103/0x610 [ 1154.876787][T32691] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1154.883564][T32691] RIP: 0033:0x412bc1 14:20:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440007a0000086310400000000080"], 0x0, 0x0, 0x0}) [ 1154.887470][T32691] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1154.908650][T32691] RSP: 002b:00007f66a1e02a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 1154.917157][T32691] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000412bc1 [ 1154.926178][T32691] RDX: 00007f66a1e02b0a RSI: 0000000000000002 RDI: 00007f66a1e02b00 [ 1154.934265][T32691] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1154.942253][T32691] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 1154.951208][T32691] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:20:28 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0xb) [ 1155.043688][T32691] hfs: can't find a HFS filesystem on dev loop3 [ 1155.064353][ T445] binder: 442:445 IncRefs 0 refcount change on invalid ref 31232 ret -22 [ 1155.074954][ T26] audit: type=1804 audit(1555770028.103:39): pid=444 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir256795100/syzkaller.JJg271/2133/file0" dev="sda1" ino=16621 res=1 14:20:28 executing program 3 (fault-call:0 fault-nth:9): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0x3ff, 0x6840) ioctl$sock_inet6_tcp_SIOCATMARK(r3, 0x8905, &(0x7f0000000100)) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1155.142667][ T445] binder: 442:445 BC_INCREFS_DONE u0000008000000000 no match 14:20:28 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hf%\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000001086310400000000080"], 0x0, 0x0, 0x0}) [ 1155.239515][ T528] FAULT_INJECTION: forcing a failure. [ 1155.239515][ T528] name failslab, interval 1, probability 0, space 0, times 0 [ 1155.312462][ T552] kvm [520]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1155.317888][ T528] CPU: 0 PID: 528 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1155.328991][ T528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1155.328998][ T528] Call Trace: [ 1155.329024][ T528] dump_stack+0x172/0x1f0 [ 1155.329046][ T528] should_fail.cold+0xa/0x15 [ 1155.329064][ T528] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1155.329084][ T528] ? ___might_sleep+0x163/0x280 [ 1155.329103][ T528] __should_failslab+0x121/0x190 [ 1155.329120][ T528] should_failslab+0x9/0x14 [ 1155.329137][ T528] kmem_cache_alloc+0x2b2/0x6f0 [ 1155.329154][ T528] ? __save_stack_trace+0x99/0x100 [ 1155.329174][ T528] __alloc_file+0x27/0x300 [ 1155.329200][ T528] alloc_empty_file+0x72/0x170 [ 1155.344029][ T528] path_openat+0xef/0x46e0 [ 1155.344049][ T528] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1155.344061][ T528] ? kasan_slab_alloc+0xf/0x20 [ 1155.344073][ T528] ? kmem_cache_alloc+0x11a/0x6f0 [ 1155.344085][ T528] ? getname_flags+0xd6/0x5b0 [ 1155.344097][ T528] ? getname+0x1a/0x20 [ 1155.344111][ T528] ? do_sys_open+0x2c9/0x5d0 [ 1155.344124][ T528] ? __x64_sys_open+0x7e/0xc0 [ 1155.344138][ T528] ? do_syscall_64+0x103/0x610 [ 1155.344158][ T528] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1155.443773][ T528] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1155.449999][ T528] ? debug_smp_processor_id+0x3c/0x280 [ 1155.455448][ T528] ? __lock_acquire+0x548/0x3fb0 [ 1155.460372][ T528] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 1155.465738][ T528] ? __alloc_fd+0x44d/0x560 [ 1155.470324][ T528] do_filp_open+0x1a1/0x280 [ 1155.474825][ T528] ? may_open_dev+0x100/0x100 [ 1155.479496][ T528] ? lock_downgrade+0x880/0x880 [ 1155.484518][ T528] ? kasan_check_read+0x11/0x20 [ 1155.489366][ T528] ? do_raw_spin_unlock+0x57/0x270 [ 1155.494526][ T528] ? _raw_spin_unlock+0x2d/0x50 [ 1155.499362][ T528] ? __alloc_fd+0x44d/0x560 [ 1155.503859][ T528] do_sys_open+0x3fe/0x5d0 [ 1155.508263][ T528] ? filp_open+0x80/0x80 [ 1155.512487][ T528] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1155.518733][ T528] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1155.524190][ T528] ? do_syscall_64+0x26/0x610 [ 1155.528852][ T528] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1155.535017][ T528] ? do_syscall_64+0x26/0x610 [ 1155.539682][ T528] __x64_sys_open+0x7e/0xc0 [ 1155.544256][ T528] do_syscall_64+0x103/0x610 [ 1155.548850][ T528] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1155.554726][ T528] RIP: 0033:0x412bc1 [ 1155.558605][ T528] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 2a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 73 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1155.578366][ T528] RSP: 002b:00007f66a1e02a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 1155.586934][ T528] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000412bc1 [ 1155.594902][ T528] RDX: 00007f66a1e02b0a RSI: 0000000000000002 RDI: 00007f66a1e02b00 [ 1155.602868][ T528] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a 14:20:28 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xa00000000000000, 0x0) 14:20:28 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0xc) [ 1155.610909][ T528] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 1155.619307][ T528] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1155.697457][ T571] binder: 554:571 IncRefs 0 refcount change on invalid ref 16777216 ret -22 [ 1155.722632][ T571] binder: 554:571 BC_INCREFS_DONE u0000008000000000 no match 14:20:28 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hf*\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1155.792147][ C0] net_ratelimit: 22 callbacks suppressed [ 1155.792165][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1155.797954][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1155.803696][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1155.815231][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1155.821134][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1155.827030][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:20:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x406, r0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r2, 0x4010ae74, &(0x7f00000000c0)={0x401, 0x0, 0x5}) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) fsetxattr$trusted_overlay_upper(r4, &(0x7f0000000100)='trusted.overlay.upper\x00', &(0x7f0000000180)={0x0, 0xfb, 0x99, 0x1, 0x8001, "16bfe1ba7da60a6c8e08a4e680ab6f9f", "81238ff2850c4831d38e7871409e64ebe4b68fdec1ec648de4d41f6a32e90aee9670009f91a11a82c750835a571d15472f6ab0f614ff2c9cdca2f9d99f8368ba9b63da54df187720e564d88bb499fcc29e4af0b9fae886505dedfac5ef55adfe2de441be75642648b46efcb43c768256bb2feaf5c893b808e8d3dc26233ffd3a26eaad51"}, 0x99, 0x3) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x200000000000001b, 0x2], [0xc1]}) 14:20:28 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xb00000000000000, 0x0) 14:20:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000002086310400000000080"], 0x0, 0x0, 0x0}) 14:20:29 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0xd) 14:20:29 executing program 3 (fault-call:0 fault-nth:10): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1156.012443][ T773] binder: 771:773 IncRefs 0 refcount change on invalid ref 33554432 ret -22 [ 1156.025115][ T773] binder: 771:773 BC_INCREFS_DONE u0000008000000000 no match 14:20:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000001240)='/dev/vga_arbiter\x00', 0x82, 0x0) connect$bt_rfcomm(r2, &(0x7f0000001280)={0x1f, {0x5, 0x4, 0x8000, 0x7012, 0x3ab902eb, 0x100000000}, 0x6}, 0xa) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x4e21, @multicast2}, 0x10) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) clock_adjtime(0x2, &(0x7f0000000180)={0x8000, 0x60000, 0x7fff, 0x6, 0x2, 0xfffffffffffffffd, 0x0, 0x9, 0x6, 0x2, 0x3ff, 0x6, 0x4, 0x80, 0x9717, 0xffff, 0x7, 0x2, 0x1, 0x20000000000000, 0x7f, 0x1f1, 0x9, 0x100, 0x2}) 14:20:29 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xc00000000000000, 0x0) 14:20:29 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hf+\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1156.196880][ T981] FAULT_INJECTION: forcing a failure. [ 1156.196880][ T981] name failslab, interval 1, probability 0, space 0, times 0 [ 1156.222515][ T981] CPU: 0 PID: 981 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1156.230544][ T981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1156.240604][ T981] Call Trace: [ 1156.243906][ T981] dump_stack+0x172/0x1f0 [ 1156.248251][ T981] should_fail.cold+0xa/0x15 [ 1156.252858][ T981] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1156.258854][ T981] ? ___might_sleep+0x163/0x280 [ 1156.263720][ T981] __should_failslab+0x121/0x190 [ 1156.268667][ T981] ? loop_info64_to_compat+0x6d0/0x6d0 [ 1156.274135][ T981] should_failslab+0x9/0x14 [ 1156.278641][ T981] kmem_cache_alloc_trace+0x2d1/0x760 [ 1156.284016][ T981] ? lockdep_init_map+0x1be/0x6d0 [ 1156.289042][ T981] ? loop_info64_to_compat+0x6d0/0x6d0 [ 1156.294498][ T981] __kthread_create_on_node+0xf2/0x460 [ 1156.299953][ T981] ? lock_acquire+0x16f/0x3f0 [ 1156.304636][ T981] ? kthread_parkme+0xb0/0xb0 [ 1156.309324][ T981] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1156.315586][ T981] ? kasan_check_read+0x11/0x20 [ 1156.320438][ T981] ? mutex_trylock+0x1e0/0x1e0 [ 1156.325209][ T981] ? loop_info64_to_compat+0x6d0/0x6d0 [ 1156.330670][ T981] kthread_create_on_node+0xbb/0xf0 [ 1156.335867][ T981] ? __kthread_create_on_node+0x460/0x460 [ 1156.341587][ T981] ? lockdep_init_map+0x1be/0x6d0 [ 1156.346612][ T981] ? lockdep_init_map+0x1be/0x6d0 [ 1156.351644][ T981] lo_ioctl+0xc1b/0x2150 [ 1156.355890][ T981] ? lo_rw_aio+0x1120/0x1120 [ 1156.360482][ T981] blkdev_ioctl+0x6f2/0x1d10 [ 1156.365076][ T981] ? blkpg_ioctl+0xa90/0xa90 [ 1156.369672][ T981] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1156.375495][ T981] ? __fget+0x35a/0x550 [ 1156.379667][ T981] block_ioctl+0xee/0x130 [ 1156.383996][ T981] ? blkdev_fallocate+0x410/0x410 [ 1156.389025][ T981] do_vfs_ioctl+0xd6e/0x1390 [ 1156.393618][ T981] ? ioctl_preallocate+0x210/0x210 [ 1156.398724][ T981] ? smack_file_ioctl+0x196/0x310 [ 1156.403744][ T981] ? smack_inode_rename+0x2d0/0x2d0 [ 1156.408952][ T981] ? do_sys_open+0x31d/0x5d0 [ 1156.413890][ T981] ? tomoyo_file_ioctl+0x23/0x30 [ 1156.418829][ T981] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1156.425070][ T981] ? security_file_ioctl+0x93/0xc0 [ 1156.430194][ T981] ksys_ioctl+0xab/0xd0 [ 1156.434354][ T981] __x64_sys_ioctl+0x73/0xb0 [ 1156.438947][ T981] do_syscall_64+0x103/0x610 [ 1156.443543][ T981] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1156.449450][ T981] RIP: 0033:0x458a97 [ 1156.453342][ T981] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1156.472939][ T981] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1156.481350][ T981] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458a97 [ 1156.489319][ T981] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 14:20:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000003086310400000000080"], 0x0, 0x0, 0x0}) [ 1156.497373][ T981] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1156.505339][ T981] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1156.513304][ T981] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:20:29 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0xe) [ 1156.548070][ T983] kvm [982]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:20:29 executing program 3 (fault-call:0 fault-nth:11): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1156.627328][ T1019] binder: 1009:1019 IncRefs 0 refcount change on invalid ref 50331648 ret -22 [ 1156.642140][ T1019] binder: 1009:1019 BC_INCREFS_DONE u0000008000000000 no match 14:20:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$sndpcmp(&(0x7f0000000200)='/dev/snd/pcmC#D#p\x00', 0x0, 0x40) ioctl$INOTIFY_IOC_SETNEXTWD(r1, 0x40044900, 0x100000000000) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) r5 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0xd6, 0x400000) sendto$ax25(r5, &(0x7f0000000100)="75e197d1890cb8b039ad4039a5fa929fd62bae62519f20a59368e2fe54450140855937f148dd08e048", 0x29, 0x8000, &(0x7f0000000180)={{0x3, @default, 0x6}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) [ 1156.752039][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1156.757959][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1156.763935][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1156.769749][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1156.789856][ T1195] FAULT_INJECTION: forcing a failure. 14:20:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000004086310400000000080"], 0x0, 0x0, 0x0}) [ 1156.789856][ T1195] name failslab, interval 1, probability 0, space 0, times 0 [ 1156.807819][ T1195] CPU: 0 PID: 1195 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1156.815750][ T1195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1156.825810][ T1195] Call Trace: [ 1156.829116][ T1195] dump_stack+0x172/0x1f0 [ 1156.833457][ T1195] should_fail.cold+0xa/0x15 [ 1156.838054][ T1195] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1156.843873][ T1195] ? ___might_sleep+0x163/0x280 [ 1156.848734][ T1195] __should_failslab+0x121/0x190 [ 1156.853669][ T1195] should_failslab+0x9/0x14 [ 1156.858180][ T1195] kmem_cache_alloc+0x2b2/0x6f0 [ 1156.863030][ T1195] ? find_held_lock+0x35/0x130 [ 1156.867800][ T1195] ? kernfs_activate+0x192/0x1f0 [ 1156.872744][ T1195] __kernfs_new_node+0xef/0x690 [ 1156.877633][ T1195] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1156.883175][ T1195] ? lock_downgrade+0x880/0x880 [ 1156.888025][ T1195] ? kasan_check_write+0x14/0x20 [ 1156.892965][ T1195] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 1156.898516][ T1195] ? wait_for_completion+0x440/0x440 [ 1156.903805][ T1195] kernfs_new_node+0x99/0x130 [ 1156.908487][ T1195] __kernfs_create_file+0x51/0x340 [ 1156.913600][ T1195] sysfs_add_file_mode_ns+0x222/0x560 [ 1156.918977][ T1195] internal_create_group+0x35b/0xc40 [ 1156.924256][ T1195] ? bd_set_size+0x89/0xb0 [ 1156.928679][ T1195] ? remove_files.isra.0+0x190/0x190 [ 1156.933975][ T1195] sysfs_create_group+0x20/0x30 [ 1156.938822][ T1195] lo_ioctl+0x10af/0x2150 [ 1156.943165][ T1195] ? lo_rw_aio+0x1120/0x1120 [ 1156.947760][ T1195] blkdev_ioctl+0x6f2/0x1d10 [ 1156.952350][ T1195] ? blkpg_ioctl+0xa90/0xa90 [ 1156.957009][ T1195] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1156.962829][ T1195] ? __fget+0x35a/0x550 [ 1156.966987][ T1195] block_ioctl+0xee/0x130 [ 1156.972797][ T1195] ? blkdev_fallocate+0x410/0x410 [ 1156.977834][ T1195] do_vfs_ioctl+0xd6e/0x1390 [ 1156.982434][ T1195] ? ioctl_preallocate+0x210/0x210 [ 1156.987542][ T1195] ? smack_file_ioctl+0x196/0x310 [ 1156.992736][ T1195] ? smack_inode_rename+0x2d0/0x2d0 [ 1156.997943][ T1195] ? do_sys_open+0x31d/0x5d0 [ 1157.002538][ T1195] ? tomoyo_file_ioctl+0x23/0x30 [ 1157.007479][ T1195] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1157.013718][ T1195] ? security_file_ioctl+0x93/0xc0 [ 1157.018832][ T1195] ksys_ioctl+0xab/0xd0 [ 1157.022993][ T1195] __x64_sys_ioctl+0x73/0xb0 [ 1157.027585][ T1195] do_syscall_64+0x103/0x610 [ 1157.032178][ T1195] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1157.038080][ T1195] RIP: 0033:0x458a97 [ 1157.041969][ T1195] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1157.061656][ T1195] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1157.070071][ T1195] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458a97 [ 1157.078035][ T1195] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1157.086008][ T1195] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1157.093975][ T1195] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1157.101941][ T1195] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:20:30 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xe00000000000000, 0x0) 14:20:30 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0xf) [ 1157.187881][ T1195] hfs: can't find a HFS filesystem on dev loop3 [ 1157.217164][ T1223] binder: 1222:1223 IncRefs 0 refcount change on invalid ref 67108864 ret -22 [ 1157.241548][ T1224] kvm [1220]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1157.253258][ T1223] binder: 1222:1223 BC_INCREFS_DONE u0000008000000000 no match 14:20:30 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hf-\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:30 executing program 3 (fault-call:0 fault-nth:12): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000005086310400000000080"], 0x0, 0x0, 0x0}) 14:20:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x1, 0x0) io_uring_register$IORING_UNREGISTER_FILES(r2, 0x3, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:20:30 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x10) [ 1157.550647][ T1525] FAULT_INJECTION: forcing a failure. [ 1157.550647][ T1525] name failslab, interval 1, probability 0, space 0, times 0 [ 1157.567530][ T1518] kvm [1493]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1157.581526][ T1525] CPU: 0 PID: 1525 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1157.589456][ T1525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1157.599511][ T1525] Call Trace: [ 1157.599537][ T1525] dump_stack+0x172/0x1f0 [ 1157.599562][ T1525] should_fail.cold+0xa/0x15 [ 1157.599581][ T1525] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1157.599603][ T1525] ? ___might_sleep+0x163/0x280 [ 1157.599621][ T1525] __should_failslab+0x121/0x190 [ 1157.599640][ T1525] should_failslab+0x9/0x14 [ 1157.599656][ T1525] kmem_cache_alloc+0x2b2/0x6f0 [ 1157.599670][ T1525] ? find_held_lock+0x35/0x130 [ 1157.599687][ T1525] ? kernfs_activate+0x192/0x1f0 [ 1157.599706][ T1525] __kernfs_new_node+0xef/0x690 [ 1157.599727][ T1525] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1157.617699][ T1525] ? lock_downgrade+0x880/0x880 [ 1157.661810][ T1525] ? kasan_check_write+0x14/0x20 [ 1157.666740][ T1525] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 1157.672360][ T1525] ? wait_for_completion+0x440/0x440 [ 1157.677817][ T1525] kernfs_new_node+0x99/0x130 [ 1157.682482][ T1525] __kernfs_create_file+0x51/0x340 [ 1157.687588][ T1525] sysfs_add_file_mode_ns+0x222/0x560 [ 1157.692968][ T1525] internal_create_group+0x35b/0xc40 [ 1157.698244][ T1525] ? bd_set_size+0x89/0xb0 [ 1157.702650][ T1525] ? remove_files.isra.0+0x190/0x190 [ 1157.707925][ T1525] sysfs_create_group+0x20/0x30 [ 1157.712760][ T1525] lo_ioctl+0x10af/0x2150 [ 1157.717085][ T1525] ? lo_rw_aio+0x1120/0x1120 [ 1157.721673][ T1525] blkdev_ioctl+0x6f2/0x1d10 [ 1157.726246][ T1525] ? blkpg_ioctl+0xa90/0xa90 [ 1157.730819][ T1525] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1157.736616][ T1525] ? __fget+0x35a/0x550 [ 1157.740757][ T1525] block_ioctl+0xee/0x130 [ 1157.745067][ T1525] ? blkdev_fallocate+0x410/0x410 [ 1157.750078][ T1525] do_vfs_ioctl+0xd6e/0x1390 [ 1157.754656][ T1525] ? ioctl_preallocate+0x210/0x210 [ 1157.759756][ T1525] ? smack_file_ioctl+0x196/0x310 [ 1157.764770][ T1525] ? smack_inode_rename+0x2d0/0x2d0 [ 1157.769960][ T1525] ? do_sys_open+0x31d/0x5d0 [ 1157.774542][ T1525] ? tomoyo_file_ioctl+0x23/0x30 [ 1157.779461][ T1525] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1157.785682][ T1525] ? security_file_ioctl+0x93/0xc0 [ 1157.790779][ T1525] ksys_ioctl+0xab/0xd0 [ 1157.794920][ T1525] __x64_sys_ioctl+0x73/0xb0 [ 1157.799498][ T1525] do_syscall_64+0x103/0x610 [ 1157.804072][ T1525] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1157.809951][ T1525] RIP: 0033:0x458a97 [ 1157.813837][ T1525] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1157.833420][ T1525] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1157.841817][ T1525] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458a97 14:20:30 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x1000000000000000, 0x0) 14:20:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000006086310400000000080"], 0x0, 0x0, 0x0}) [ 1157.849771][ T1525] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1157.857740][ T1525] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1157.865690][ T1525] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1157.873643][ T1525] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1157.951726][ T1549] binder_thread_write: 1 callbacks suppressed [ 1157.951741][ T1549] binder: 1548:1549 IncRefs 0 refcount change on invalid ref 100663296 ret -22 [ 1157.984042][ T1525] hfs: can't find a HFS filesystem on dev loop3 14:20:31 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hf.\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1158.012507][ T1549] binder_thread_write: 1 callbacks suppressed [ 1158.012520][ T1549] binder: 1548:1549 BC_INCREFS_DONE u0000008000000000 no match 14:20:31 executing program 3 (fault-call:0 fault-nth:13): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:31 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x11) 14:20:31 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:20:31 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x1f00000000000000, 0x0) [ 1158.236352][ T1779] FAULT_INJECTION: forcing a failure. [ 1158.236352][ T1779] name failslab, interval 1, probability 0, space 0, times 0 [ 1158.270399][ T1779] CPU: 0 PID: 1779 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1158.278899][ T1779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1158.288983][ T1779] Call Trace: [ 1158.292308][ T1779] dump_stack+0x172/0x1f0 [ 1158.296656][ T1779] should_fail.cold+0xa/0x15 [ 1158.301238][ T1779] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1158.307041][ T1779] ? ___might_sleep+0x163/0x280 [ 1158.311885][ T1779] __should_failslab+0x121/0x190 [ 1158.316819][ T1779] should_failslab+0x9/0x14 [ 1158.321323][ T1779] kmem_cache_alloc+0x2b2/0x6f0 [ 1158.326174][ T1779] ? lock_downgrade+0x880/0x880 [ 1158.331017][ T1779] ? kasan_check_read+0x11/0x20 [ 1158.335876][ T1779] __kernfs_new_node+0xef/0x690 [ 1158.340739][ T1779] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1158.346201][ T1779] ? wait_for_completion+0x440/0x440 [ 1158.351495][ T1779] ? mutex_unlock+0xd/0x10 [ 1158.355910][ T1779] ? kernfs_activate+0x192/0x1f0 [ 1158.360854][ T1779] kernfs_new_node+0x99/0x130 [ 1158.365531][ T1779] __kernfs_create_file+0x51/0x340 [ 1158.370639][ T1779] sysfs_add_file_mode_ns+0x222/0x560 [ 1158.376016][ T1779] internal_create_group+0x35b/0xc40 [ 1158.381302][ T1779] ? bd_set_size+0x89/0xb0 [ 1158.385727][ T1779] ? remove_files.isra.0+0x190/0x190 [ 1158.391021][ T1779] sysfs_create_group+0x20/0x30 [ 1158.395871][ T1779] lo_ioctl+0x10af/0x2150 [ 1158.400210][ T1779] ? lo_rw_aio+0x1120/0x1120 [ 1158.404896][ T1779] blkdev_ioctl+0x6f2/0x1d10 [ 1158.409485][ T1779] ? blkpg_ioctl+0xa90/0xa90 [ 1158.414074][ T1779] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1158.419891][ T1779] ? __fget+0x35a/0x550 [ 1158.424075][ T1779] block_ioctl+0xee/0x130 [ 1158.428399][ T1779] ? blkdev_fallocate+0x410/0x410 [ 1158.433435][ T1779] do_vfs_ioctl+0xd6e/0x1390 [ 1158.438027][ T1779] ? ioctl_preallocate+0x210/0x210 [ 1158.443133][ T1779] ? smack_file_ioctl+0x196/0x310 [ 1158.448155][ T1779] ? smack_inode_rename+0x2d0/0x2d0 [ 1158.453361][ T1779] ? do_sys_open+0x31d/0x5d0 [ 1158.457961][ T1779] ? tomoyo_file_ioctl+0x23/0x30 [ 1158.462895][ T1779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1158.469132][ T1779] ? security_file_ioctl+0x93/0xc0 [ 1158.474244][ T1779] ksys_ioctl+0xab/0xd0 [ 1158.478404][ T1779] __x64_sys_ioctl+0x73/0xb0 [ 1158.482995][ T1779] do_syscall_64+0x103/0x610 [ 1158.487585][ T1779] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1158.493493][ T1779] RIP: 0033:0x458a97 [ 1158.497381][ T1779] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1158.516980][ T1779] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1158.525387][ T1779] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458a97 14:20:31 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000007086310400000000080"], 0x0, 0x0, 0x0}) [ 1158.533350][ T1779] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1158.541314][ T1779] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1158.549282][ T1779] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1158.557353][ T1779] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:20:31 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hf0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1158.610457][ T1779] hfs: can't find a HFS filesystem on dev loop3 [ 1158.640163][ T1787] binder: 1783:1787 IncRefs 0 refcount change on invalid ref 117440512 ret -22 14:20:31 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x20000712) [ 1158.654728][ T1786] kvm [1781]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1158.658392][ T1787] binder: 1783:1787 BC_INCREFS_DONE u0000008000000000 no match 14:20:31 executing program 3 (fault-call:0 fault-nth:14): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:31 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x2000000000000000, 0x0) 14:20:31 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="3f7c118edaef34fef21bef319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x0, 0x0) ioctl$LOOP_CLR_FD(r3, 0x4c01) ioctl$KVM_X86_SET_MCE(r3, 0x4040ae9e, &(0x7f0000000000)={0x3000000000000000, 0xd000, 0x2, 0xc, 0x18}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1158.828788][ T1996] FAULT_INJECTION: forcing a failure. [ 1158.828788][ T1996] name failslab, interval 1, probability 0, space 0, times 0 [ 1158.842825][ T1996] CPU: 1 PID: 1996 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1158.850740][ T1996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1158.860837][ T1996] Call Trace: [ 1158.864322][ T1996] dump_stack+0x172/0x1f0 [ 1158.868675][ T1996] should_fail.cold+0xa/0x15 [ 1158.873283][ T1996] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1158.879104][ T1996] ? ___might_sleep+0x163/0x280 [ 1158.883965][ T1996] __should_failslab+0x121/0x190 [ 1158.888921][ T1996] should_failslab+0x9/0x14 [ 1158.893438][ T1996] kmem_cache_alloc+0x2b2/0x6f0 [ 1158.898287][ T1996] ? find_held_lock+0x35/0x130 [ 1158.903057][ T1996] ? kernfs_activate+0x192/0x1f0 [ 1158.908006][ T1996] __kernfs_new_node+0xef/0x690 [ 1158.912865][ T1996] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1158.918331][ T1996] ? lock_downgrade+0x880/0x880 [ 1158.923184][ T1996] ? kasan_check_write+0x14/0x20 14:20:31 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000020086310400000000080"], 0x0, 0x0, 0x0}) [ 1158.928122][ T1996] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 1158.933678][ T1996] ? wait_for_completion+0x440/0x440 [ 1158.939068][ T1996] ? snd_hda_create_hwdep+0x1c0/0x400 [ 1158.944450][ T1996] kernfs_new_node+0x99/0x130 [ 1158.949131][ T1996] __kernfs_create_file+0x51/0x340 [ 1158.954276][ T1996] sysfs_add_file_mode_ns+0x222/0x560 [ 1158.959664][ T1996] internal_create_group+0x35b/0xc40 [ 1158.964951][ T1996] ? bd_set_size+0x89/0xb0 [ 1158.969376][ T1996] ? remove_files.isra.0+0x190/0x190 [ 1158.975228][ T1996] sysfs_create_group+0x20/0x30 [ 1158.980083][ T1996] lo_ioctl+0x10af/0x2150 [ 1158.984427][ T1996] ? lo_rw_aio+0x1120/0x1120 [ 1158.989017][ T1996] blkdev_ioctl+0x6f2/0x1d10 [ 1158.993616][ T1996] ? blkpg_ioctl+0xa90/0xa90 [ 1158.998214][ T1996] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1159.004035][ T1996] ? __fget+0x35a/0x550 [ 1159.008201][ T1996] block_ioctl+0xee/0x130 [ 1159.012701][ T1996] ? blkdev_fallocate+0x410/0x410 [ 1159.017739][ T1996] do_vfs_ioctl+0xd6e/0x1390 [ 1159.022513][ T1996] ? ioctl_preallocate+0x210/0x210 [ 1159.027620][ T1996] ? smack_file_ioctl+0x196/0x310 [ 1159.032651][ T1996] ? smack_inode_rename+0x2d0/0x2d0 [ 1159.037863][ T1996] ? do_sys_open+0x31d/0x5d0 [ 1159.042467][ T1996] ? tomoyo_file_ioctl+0x23/0x30 [ 1159.047406][ T1996] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1159.054027][ T1996] ? security_file_ioctl+0x93/0xc0 [ 1159.059150][ T1996] ksys_ioctl+0xab/0xd0 [ 1159.063313][ T1996] __x64_sys_ioctl+0x73/0xb0 [ 1159.067923][ T1996] do_syscall_64+0x103/0x610 [ 1159.072522][ T1996] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1159.078416][ T1996] RIP: 0033:0x458a97 [ 1159.082309][ T1996] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1159.101999][ T1996] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1159.110419][ T1996] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458a97 [ 1159.118393][ T1996] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1159.126891][ T1996] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1159.134864][ T1996] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1159.143340][ T1996] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1159.405491][ T1996] hfs: can't find a HFS filesystem on dev loop3 [ 1159.425449][ T2002] binder: 2000:2002 IncRefs 0 refcount change on invalid ref 536870912 ret -22 14:20:32 executing program 3 (fault-call:0 fault-nth:15): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1159.468558][ T2005] kvm [2004]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1159.481923][ T2002] binder: 2000:2002 BC_INCREFS_DONE u0000008000000000 no match 14:20:32 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000048086310400000000080"], 0x0, 0x0, 0x0}) 14:20:32 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfX\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:32 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x2010000000000000, 0x0) [ 1159.628027][ T2205] FAULT_INJECTION: forcing a failure. [ 1159.628027][ T2205] name failslab, interval 1, probability 0, space 0, times 0 [ 1159.655421][ T2205] CPU: 0 PID: 2205 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1159.663358][ T2205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1159.673420][ T2205] Call Trace: [ 1159.676726][ T2205] dump_stack+0x172/0x1f0 [ 1159.681048][ T2205] should_fail.cold+0xa/0x15 [ 1159.685649][ T2205] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1159.691580][ T2205] ? ___might_sleep+0x163/0x280 [ 1159.696447][ T2205] __should_failslab+0x121/0x190 [ 1159.696462][ T2205] should_failslab+0x9/0x14 [ 1159.696482][ T2205] kmem_cache_alloc+0x2b2/0x6f0 [ 1159.705890][ T2205] ? lock_downgrade+0x880/0x880 [ 1159.705912][ T2205] ? kasan_check_read+0x11/0x20 [ 1159.720405][ T2205] __kernfs_new_node+0xef/0x690 [ 1159.725251][ T2205] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1159.730711][ T2205] ? wait_for_completion+0x440/0x440 [ 1159.736006][ T2205] ? mutex_unlock+0xd/0x10 [ 1159.740416][ T2205] ? kernfs_activate+0x192/0x1f0 [ 1159.745349][ T2205] kernfs_new_node+0x99/0x130 [ 1159.750021][ T2205] __kernfs_create_file+0x51/0x340 [ 1159.755126][ T2205] sysfs_add_file_mode_ns+0x222/0x560 [ 1159.760496][ T2205] internal_create_group+0x35b/0xc40 [ 1159.765771][ T2205] ? bd_set_size+0x89/0xb0 [ 1159.770178][ T2205] ? remove_files.isra.0+0x190/0x190 [ 1159.775450][ T2205] sysfs_create_group+0x20/0x30 [ 1159.780286][ T2205] lo_ioctl+0x10af/0x2150 [ 1159.784605][ T2205] ? lo_rw_aio+0x1120/0x1120 [ 1159.789187][ T2205] blkdev_ioctl+0x6f2/0x1d10 [ 1159.793767][ T2205] ? blkpg_ioctl+0xa90/0xa90 [ 1159.798339][ T2205] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1159.804137][ T2205] ? __fget+0x35a/0x550 [ 1159.808280][ T2205] block_ioctl+0xee/0x130 [ 1159.812588][ T2205] ? blkdev_fallocate+0x410/0x410 [ 1159.817595][ T2205] do_vfs_ioctl+0xd6e/0x1390 [ 1159.822187][ T2205] ? ioctl_preallocate+0x210/0x210 [ 1159.827280][ T2205] ? smack_file_ioctl+0x196/0x310 [ 1159.832287][ T2205] ? smack_inode_rename+0x2d0/0x2d0 [ 1159.837485][ T2205] ? do_sys_open+0x31d/0x5d0 [ 1159.842070][ T2205] ? tomoyo_file_ioctl+0x23/0x30 [ 1159.846990][ T2205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1159.853213][ T2205] ? security_file_ioctl+0x93/0xc0 [ 1159.858322][ T2205] ksys_ioctl+0xab/0xd0 [ 1159.862462][ T2205] __x64_sys_ioctl+0x73/0xb0 [ 1159.867246][ T2205] do_syscall_64+0x103/0x610 [ 1159.871844][ T2205] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1159.877719][ T2205] RIP: 0033:0x458a97 [ 1159.881608][ T2205] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1159.901190][ T2205] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1159.909588][ T2205] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458a97 [ 1159.917539][ T2205] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1159.925499][ T2205] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1159.933449][ T2205] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1159.941401][ T2205] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1160.103849][ T2205] hfs: can't find a HFS filesystem on dev loop3 [ 1160.140286][ T2221] binder: 2217:2221 IncRefs 0 refcount change on invalid ref 1207959552 ret -22 [ 1160.162976][ T2221] binder: 2217:2221 BC_INCREFS_DONE u0000008000000000 no match 14:20:33 executing program 3 (fault-call:0 fault-nth:16): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:20:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="046304400000004c086310400000000080"], 0x0, 0x0, 0x0}) 14:20:33 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x880, 0x0) setsockopt$bt_hci_HCI_DATA_DIR(r2, 0x0, 0x1, &(0x7f0000000180)=0x1, 0x4) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, &(0x7f00000000c0), &(0x7f0000000100)=0x30) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1160.349532][ T2332] binder: 2330:2332 IncRefs 0 refcount change on invalid ref 1275068416 ret -22 [ 1160.372895][ T2333] kvm [2331]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1160.379628][ T2332] binder: 2330:2332 BC_INCREFS_DONE u0000008000000000 no match [ 1160.556721][ T2544] FAULT_INJECTION: forcing a failure. [ 1160.556721][ T2544] name failslab, interval 1, probability 0, space 0, times 0 [ 1160.588480][ T2544] CPU: 1 PID: 2544 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1160.596413][ T2544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1160.606472][ T2544] Call Trace: [ 1160.609784][ T2544] dump_stack+0x172/0x1f0 [ 1160.614439][ T2544] should_fail.cold+0xa/0x15 [ 1160.619037][ T2544] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1160.624857][ T2544] ? ___might_sleep+0x163/0x280 [ 1160.629723][ T2544] __should_failslab+0x121/0x190 [ 1160.634668][ T2544] should_failslab+0x9/0x14 [ 1160.639172][ T2544] kmem_cache_alloc+0x2b2/0x6f0 [ 1160.644025][ T2544] ? lock_downgrade+0x880/0x880 [ 1160.648874][ T2544] ? kasan_check_read+0x11/0x20 [ 1160.653737][ T2544] __kernfs_new_node+0xef/0x690 [ 1160.658606][ T2544] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1160.664086][ T2544] ? wait_for_completion+0x440/0x440 [ 1160.669400][ T2544] ? mutex_unlock+0xd/0x10 [ 1160.674165][ T2544] ? kernfs_activate+0x192/0x1f0 [ 1160.679110][ T2544] kernfs_new_node+0x99/0x130 [ 1160.683801][ T2544] __kernfs_create_file+0x51/0x340 [ 1160.688918][ T2544] sysfs_add_file_mode_ns+0x222/0x560 [ 1160.694299][ T2544] internal_create_group+0x35b/0xc40 [ 1160.699580][ T2544] ? bd_set_size+0x89/0xb0 [ 1160.704012][ T2544] ? remove_files.isra.0+0x190/0x190 [ 1160.709311][ T2544] sysfs_create_group+0x20/0x30 [ 1160.714167][ T2544] lo_ioctl+0x10af/0x2150 [ 1160.718504][ T2544] ? lo_rw_aio+0x1120/0x1120 [ 1160.723095][ T2544] blkdev_ioctl+0x6f2/0x1d10 [ 1160.727691][ T2544] ? blkpg_ioctl+0xa90/0xa90 [ 1160.732370][ T2544] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1160.738186][ T2544] ? __fget+0x35a/0x550 [ 1160.742345][ T2544] block_ioctl+0xee/0x130 [ 1160.746675][ T2544] ? blkdev_fallocate+0x410/0x410 [ 1160.751702][ T2544] do_vfs_ioctl+0xd6e/0x1390 [ 1160.756299][ T2544] ? ioctl_preallocate+0x210/0x210 [ 1160.761410][ T2544] ? smack_file_ioctl+0x196/0x310 [ 1160.766431][ T2544] ? smack_inode_rename+0x2d0/0x2d0 [ 1160.771638][ T2544] ? do_sys_open+0x31d/0x5d0 [ 1160.776326][ T2544] ? tomoyo_file_ioctl+0x23/0x30 [ 1160.781262][ T2544] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1160.787504][ T2544] ? security_file_ioctl+0x93/0xc0 [ 1160.792622][ T2544] ksys_ioctl+0xab/0xd0 [ 1160.796866][ T2544] __x64_sys_ioctl+0x73/0xb0 [ 1160.801473][ T2544] do_syscall_64+0x103/0x610 [ 1160.806073][ T2544] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1160.812044][ T2544] RIP: 0033:0x458a97 [ 1160.815934][ T2544] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1160.835541][ T2544] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1160.843960][ T2544] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458a97 [ 1160.851939][ T2544] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1160.859910][ T2544] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1160.867878][ T2544] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1160.875848][ T2544] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1160.901137][ T2544] hfs: can't find a HFS filesystem on dev loop3 [ 1160.912184][ C1] net_ratelimit: 20 callbacks suppressed [ 1160.912193][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1160.923794][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1160.929683][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1160.935517][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1160.941379][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1160.947224][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1162.032045][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1162.032116][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1162.037919][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1162.049445][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1166.192049][ C0] net_ratelimit: 17 callbacks suppressed [ 1166.192057][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1166.192181][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1166.197792][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1166.203618][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1166.220849][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1167.152072][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1167.157943][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1167.163856][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1167.169654][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1167.175875][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1171.312061][ C1] net_ratelimit: 17 callbacks suppressed [ 1171.312070][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1171.323592][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1171.329463][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1171.335283][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1171.341100][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1171.346985][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1172.432049][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1172.432120][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1172.437980][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1172.449481][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1176.592048][ C1] net_ratelimit: 20 callbacks suppressed [ 1176.592055][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1176.592118][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1176.597813][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1176.615071][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1176.620991][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1177.552049][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1177.557964][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1177.563895][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1177.570378][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1177.576383][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1181.712044][ C1] net_ratelimit: 18 callbacks suppressed [ 1181.712053][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1181.723629][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1181.729496][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1181.735299][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1181.741150][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1181.746950][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1182.832051][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1182.832119][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1182.837933][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1182.849423][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1186.992049][ C0] net_ratelimit: 18 callbacks suppressed [ 1186.992057][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1186.992177][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1186.997783][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1187.003628][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1187.020755][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1187.952057][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1187.957915][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1187.963813][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1187.969667][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1187.975573][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1192.112062][ C1] net_ratelimit: 16 callbacks suppressed [ 1192.112071][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1192.123641][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1192.129510][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1192.136229][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1192.142095][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1192.147926][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1193.232043][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1193.232048][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1193.232142][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1193.237866][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1197.392092][ C0] net_ratelimit: 19 callbacks suppressed [ 1197.392101][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1197.402049][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1197.403612][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1197.409420][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1197.420982][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1197.426895][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:21:10 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) sched_setattr(0x0, &(0x7f00000003c0)={0x0, 0x2, 0x0, 0x0, 0x2}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) gettid() capset(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x0) setxattr$security_smack_entry(0x0, &(0x7f0000000180)='security.SMACK64\x00', &(0x7f00000001c0)='/dev/ptmx\x00', 0xa, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0) msgget(0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000003c0)=0x5) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00') msgctl$MSG_STAT(0x0, 0xb, &(0x7f0000000640)=""/176) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) keyctl$negate(0xd, 0x0, 0x0, 0x0) close(r2) connect$caif(0xffffffffffffffff, 0x0, 0x0) getsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f0000000140), &(0x7f0000000200)=0x4) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)) r3 = socket(0x15, 0x0, 0x0) shutdown(r3, 0x0) r4 = creat(&(0x7f0000000140)='./file0\x00', 0x0) fallocate(r4, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf32(r1, &(0x7f00000017c0)=ANY=[@ANYBLOB="7f454c465e08002eff0f00000000000003003e00010000000a01000038000000ed02000007000000030020000200ff7f1c38ff7f00000000070000003f000000810000000600000000100000fc3c000009000000313900005e5434465feeca7ceedc6cf042cd34f45a9bb13764238a0f087d314e5cb78d70fd950cccb1d08f856702ecd72df2d13d96426944a5bbefd71f1aa174d3bebe914a9d962327d5de9c8a0b71270ecf91565f09dedda855175640f388e70e401846aaac05405e9d313fa2024c65e450c8902c7e31db135e33a4e6732d60bb9aa95b7602edaca140a0e014943f0390041e54de63f99ae884026ce409b5b05ba8cf7846ebfd3cb358fabc3d539da4cfd985e6656e7c45a6d96dcfde707eb31a90627171858fbc97e5aa8de38a060cd1fc781a8b9a1fb579cb4652c8f4349e4625990cd160db2ab09f59bbdf323d575695be8bc9459a22796124b3184be4827b4a921fcc5e1520d4fd36b236171966244876d1122fca921db94b5cbc59a1c3e177b86103ba31d52804792f48760a693634a70ae6a3c9c3488bec26c09f0d7a4dab459d35772414a2be8c35a522bba2c02726ac4f7a6e7177fdd48340a59554eb9224ffb173ae2760bce3360d45d2a09eec2716552148a0b77a54220191e7794afd20ab4051306548de332ebfced56f484a5ae1861af67e7d2c08ecc1de27e994bb1391e5cfeb0595561368fed9ac8c8c194930b721ef9966b71f41fc439d09b8221589535c2a89865a1b5207f1f37d9e77270259836548d8f640cf4af0ab5cc0b6ab9bb05bc044bb399f1dd599cb9faf4db8685f739a5b0f6909d6afc14510fa4dce9cfc135740c15bc116b7406051805212a59dbe9791d6a6c3e149c519545af222059f672ed1ae8d28cb991ae41cb97beba614b08587092940b20e3ab3ae35be82fc9a22b2a6dcec899c8cf1f76133fad2e24df75b2425520fc88463f5857a6377840184c0cd5f4279c35fac95d7221f867f9b62ab124aebcbecb33e932f572b5d25ac62eef97046ffbb24ee69146b1b3bb6edaa96d62137b552486142a92e06dba47e1d3e1e545cc893f8330636b82512739ac4ac945aadad535c87c0bacda460f4dcbc624d3698f6c14348a8815a80b2410784383de7b9fe02c63452ae1747d39e044630078979d655638af33b60df0a8afeaaf6a9c8bda583278b4926487ec5ff535daf4db40925472a4d6615e98033330a7958fd1a2e2b9f8735f47be2e2c4832b2c7b2f778033a66c4fd1eb51d30daea0bf1da89df4dff0bfcdb92a425388bd07f0da352763e420e44b910a44f4494b4235452c0800a0a2e8707473acc5199e40621730215c0445e09ec91acef13489b4cc16de87ab9f351c0170774fda808a3acd38d317c41a1462bea7ca63ff3544c9752637845d6dc05b3268b7bfb1b8702e11bf3894ad6d5a75040402d054b32b1fed8eb61b29e009388e87f1c8dd25c3e748eb0d513ee3ba982f275ea6f5bab615245c19c88abaf8532bc2f37f7a2cf39338ea801b1ae7bed09ca49af972295ab8fbc5ad33916698348b7387f77470f059eaaf8bffdb26a45cd318d54092af7c2043f61504d34b218ac7571e37fe0987903402df58368132917ab292f309e51d0690755325b7507d9617ac92a1fd6ebd0a6003d8e13c12b5898b6d6878fbbbe730a14ce99f313994e22a5b8c581290465f99750787ca1757e349c2f4c6bf6bb65dd8f4edd6e53d4e0af9f3240cf0f7d4f0e39dc56caf773850011e2af23b81943abf5541fd5776284e166ddd88e5fcd0667c1b02230ef9f9b153949bb1929306678a36e58ba476f1be6b8a7f6648d9b4afe0baeef895ed40b5ce65aa104f5cc126925b35f81d2b97f82b5f7f8a041b6618041ecd60c746dee6bd3f2e0fba31199e290e0bb7d16d301f1345d3a1d416a877f6191a0afc255ecb3ac12cad0ae70b832b1d8de679a0868c3983912daefb958f6a3349b19fea3f110bc872ea9856384867e329c9dac6a7e9643797fecdfc0db4078a530d71ac876d680009cc9587bf3941d3b1b6e73dfa0e45dfef00f3c47863e2483f440c8b469bbfb8979036b3699e8cd7c4a4d78a4297e3d8076b6d098ba99ddce444f7199f97930e8b3ab94ca03706092b617d7bf8888515f57da4e1785b73e020b1d1d2313f05aca82403c4b0e26926c64061cb31d4687fba584190e9568f878558709bd18d81c6bf429a98cb0a412645b58490d9968e5e6672fa12318d56a0f6c27ebf48e4db3f3ba32acd88a2104e75ffdfc72b602b5d62a3b9252be335241516275400369506ac3544ea055dec532b8909d2cdce539f13cf491d67c7b3527c34db34569cb1969c59b868f3e9ba2c26c92ccbddd249f6488e05801409e40c7e223b032060e52ae5ca8f3394413f7b114a81e29ce057188c09a8bc2b1c0d59a9f14896ba1b513bf5f3d43ee6022b396776431613d6d0c197efc6b7e6fb193f6ab8aebca84927582c2c23be8721c14a6e864166d7a9f897e66d76cb012ac27472a35d3862292ad1ff94aede765a85cf6c78c4621891d87bb330ee1a1c942b2c1b8dffcd818eac5d6c903d7edef45082ac9249686fc2701e8b2bf211d01b0b605038f106251455e4a063ca703b80a3c37e7ea87b90af60f7425fb124c63af5a5ea269173ce93ea6142ed473016e94ec0a37c5e0009af1750f5a5ca312abb2c52fd3bd86593f461aed50cec74b45ff312d10639f79a6fa0cf63fd21ff47d9a6fa5b35835de47cfc5802005f72b1341c2adf1ff752ab9857ff44efc6b492607b00a7be5469ed51e7d622c5b5d73f56399a3f2292cf22f49ee269a3ef69ce513674ea066083271f9e42ab2f46ffff4ddf4309447e56a60c80be56f92930728eac1457e032c9d440aa01637cf4360543fd732a59e15746a80919d2f359274258a3c41379040bfdd749700ce9e358b8a86cf0d1f21842646467b3c9da9ac8287cd035c7a4ace9ff03d0fc5944779248d72537c2ceb3ea8eaa2a4b61454542cbaf60c4754f50daba965c081c452462063060bce54cf2c3483712a5ba847d3187a571d4181417308e8a75d6928f3d953c6ce1710882ccb2fc2253c721cf1f1e020a00ead450c682db76afdc728ecaa9a158281cf93afdafbe10da5ffcbc258a55e65832400773f789419e043488dacc127fb4a68ab091223841f1fba66ce21c9ff2a9b5cf1b56e86bd48a3b3b210ce253887e5c3d16d13e567015e7d0b0b05a08e45a5d6545489fb68b376589e62dbd71b109bd5fd8c3cfaa2b58360b0c382052129ca66573ef9c7398e4fe0da632402a6d920b3b578f17e2ce99e060d2a1c953d1e8d6a87fafc08b8cbd93e0ed9821eaeac63fbc080a8492f79ab769d01079bd0a4b97da1f061613b97c2adf1023bc9d507ecd3d3ab1696b93120f380a5f40f6325d7c49e51a7351f5947e35f7025c25d8281d67627c86f3fea9010285a00eb147cd32aaf989f2c75206f32beb405a9ea6cd7e687dcb57313b6ef13c24b391e396fd13438baecb42a8721d4c43ec3b74a4a6fcae9f077da7a09193a9feba04873fd2b2e26316251799f0c70793e1977c93047bbb0812f1580ca3ee385d2053bcfa82d992c174b6bb52c818e73023628f240e397c5d98f3370d8a7b55509bbf1eedb2b17cb341b12091027afbc0e378778baddcc9f7421290127a4da2fc10009160e17c119cdab63680114510a6d1a1173214f11b26d655cd0c4b138c091d0ab097fe1d20eed2dec43cf9fe335e0716bdba7e76f1bc774dbe1cd24e1d39386614411592474145af40b4031ef91c6318e963222e6e62287fd8b8a95d59d0c02bd8f60defc1134b7b89c4fb02467a17e8e6d77e8f015de3179df19d6839712d0b09ff6b43cdb95886ed8e448a376087bac24453e35f354ef702544e2ca1ca7474e1e679bf10c5d095071d772423e794f67169b0da35af1513476a61119626b1e3a17d7dd9cb828aee6707e9167c0306c1abe5167c148f7032c795b1c5d40dba7948e7574e40f0552135d612bf042f1cae3ed2933c610ed67af2128ca8e7dedd836b21417cf820e0ade61a4db66eaedf63880fbc1f93e3db30274c68e2f6c001da8571907a3663c68ce10471d4f9b9c78fbcba545df6e4be7c0a1c73040a6c7e59285960e3e9e158eae5a21bdff44f7962d3a64c50e9d659277dda9464f19ae5b7ead139caae1e22b30b954b894af1f1ab159e36c9f8cc98de73247b64d356f4d4f3316f59ae0773f7d0191c7d795d2dcb5c88cda87d7f22c319009d7d9497a17dec1fc09dc979a8a0ec97d38424a4269a4c0a04e0228d4bc394b01e79a9c4f6463e3f9c5bd4bea1dd654e5e8cfcd780508a6ffbe65797d9bc2ad6f8253a3094ea58a8f85908c25bb3db39b2fe08c1492f1eefe405ee486dfcc2c66abcbdbf34a4ed1085769f7833ed13e2d9933bc8755a16709cfd850b1138ba8a0886138f019b5d0be84fe1079a9683ef645012192290ff93ab0cd8ce57fd9a6c80c6259579e57c6e6bd1113895df0d0d976ec5eee5f6e5d6362adb2cf3e8fd5fefbddc054f0ac2b5235eedc38d90a88e1fa40ac23bfceafec255f18474f0bf56a8d89368fca24214bc56b8caab5d1b6c22aec3da6db18f71a8601525553213a36839b7b1c3420c721a14eac22e63781d1e9699f8af8ae10f4e2ffff1f8815995f42c54e5cffe905afac6f46d08d5888fb364f4c1acdc1ebdce9db8b7d63ecf03b697fe2ae38a50f5b2c9a0af1dc74a6e603086c1ea572eab8b578e56ba5e07296654c97d352b1697aff4cabfde741a39eb8da452b5a50d9eebba25b58b7b5775f370baedac17d7944a687f10fa793fa3a085891a50ad807487fcde523a612c35b4395dcd936b7856e2ecfc2df08cd4ad2b84f54143b8b810abcde0e7b287f19ab57f4da271501727522f4abbdada034b165e6cbb69d8197fd4b642c8f4b4dd107015650c9dc06e7a79f8b9b71156f4312ba2925bf8b85c9772b23a7747b6798e712d1b4234950bf05492416e103bd42f835d89301396e959c303ea44eaac3d0c810f317eaf995b1ad9fc4d21a50416a51f3f1e4690e59dc624f3938c4c7cfa03f486bbe896a00e8d177da52caea758eb812ff42bf53f121d9d2f49c37337c7e8ecf5c7273fd776ee4854d137f7a6f5daad8bf8ef1882351a77d2811683722539b395519a98f4e5aaf9bf78c692f1c9b502f0473b3e3686d37aa1ff59cc244f38c9dbb51e04a95679cd8fbf3a05159bdf33bdfba6fcb15b5c5bd034692ab2533e69e94329e530c93d864b4514d4c669cb2ef147c2fd88c1b324d83b5cf394650bd129ed6e57c6e302ceb6bedc5e77a44260822f889c9c53198652c711b5acc274f850380b407527c76983ead05654c311fd361b0038196c411a2fbe35570d9ac4ed5f62d83bd64b0db8b0c778d4923b5cb18cd26c7b99981d70cb81c111645abf7db3a81ae8d2f9591ddcbd3ee967e91db2b76128992611b7ed2ca3fb5fc24ac02438e0b76e02b131edde25f52d3288f27826eb54e57e85ed76b120e6c41d4746cab8503ce9070170c8eea8dc2fe16b408aec0b02d89da756fe77b7b1b347b1774e0561f5804d001a2ac68e2b399d1a511d201793b0684f9da0763354e2d05ce679980c3f0133fd3b30d113480b51268f12de45ec3fcc0d3cf9cff3cfb4f7ac00d18f2c3b5d3be8dff3d9d41c0c1ca4e835d5323706915b433e1cd83b6bfead08f83d8bac597bbe4fc2f415f33605837fb79e8a59eef9ee927bc3f985d294496b9d5748ee78904ad98d514f40be7165eb98105a58b123591acbb1555520c4fa78bb2cb2a3ac721698702de91312162a83921706968562100ea0d3446a6c0b585404f463f55a4acdf995bea41666492f9bb33634f2cd1dad69f44e575c75301dccdc2464f8d600000000000000"], 0x105d) 14:21:10 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x2300000000000000, 0x0) 14:21:10 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfc\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:10 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) socket$can_bcm(0x1d, 0x2, 0x2) 14:21:10 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000060086310400000000080"], 0x0, 0x0, 0x0}) 14:21:10 executing program 3 (fault-call:0 fault-nth:17): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1197.534436][ T2552] binder: 2549:2552 IncRefs 0 refcount change on invalid ref 1610612736 ret -22 [ 1197.545109][ T2554] FAULT_INJECTION: forcing a failure. [ 1197.545109][ T2554] name failslab, interval 1, probability 0, space 0, times 0 [ 1197.570355][ T2554] CPU: 1 PID: 2554 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1197.578282][ T2554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1197.588337][ T2554] Call Trace: [ 1197.591630][ T2554] dump_stack+0x172/0x1f0 [ 1197.595956][ T2554] should_fail.cold+0xa/0x15 [ 1197.600533][ T2554] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1197.606329][ T2554] ? ___might_sleep+0x163/0x280 [ 1197.611180][ T2554] __should_failslab+0x121/0x190 [ 1197.616278][ T2554] should_failslab+0x9/0x14 [ 1197.621045][ T2554] kmem_cache_alloc+0x2b2/0x6f0 [ 1197.626147][ T2554] ? lock_downgrade+0x880/0x880 [ 1197.630992][ T2554] ? kasan_check_read+0x11/0x20 [ 1197.635840][ T2554] __kernfs_new_node+0xef/0x690 [ 1197.640775][ T2554] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 1197.646226][ T2554] ? wait_for_completion+0x440/0x440 [ 1197.651513][ T2554] ? mutex_unlock+0xd/0x10 [ 1197.655915][ T2554] ? kernfs_activate+0x192/0x1f0 [ 1197.660841][ T2554] kernfs_new_node+0x99/0x130 [ 1197.665521][ T2554] __kernfs_create_file+0x51/0x340 [ 1197.670655][ T2554] sysfs_add_file_mode_ns+0x222/0x560 [ 1197.676017][ T2554] internal_create_group+0x35b/0xc40 [ 1197.681282][ T2554] ? bd_set_size+0x89/0xb0 [ 1197.685696][ T2554] ? remove_files.isra.0+0x190/0x190 [ 1197.690982][ T2554] sysfs_create_group+0x20/0x30 [ 1197.695824][ T2554] lo_ioctl+0x10af/0x2150 [ 1197.700243][ T2554] ? lo_rw_aio+0x1120/0x1120 [ 1197.704827][ T2554] blkdev_ioctl+0x6f2/0x1d10 [ 1197.709400][ T2554] ? blkpg_ioctl+0xa90/0xa90 [ 1197.713974][ T2554] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1197.719769][ T2554] ? __fget+0x35a/0x550 [ 1197.723918][ T2554] block_ioctl+0xee/0x130 [ 1197.728227][ T2554] ? blkdev_fallocate+0x410/0x410 [ 1197.733241][ T2554] do_vfs_ioctl+0xd6e/0x1390 [ 1197.737819][ T2554] ? ioctl_preallocate+0x210/0x210 [ 1197.742926][ T2554] ? smack_file_ioctl+0x196/0x310 [ 1197.747932][ T2554] ? smack_inode_rename+0x2d0/0x2d0 [ 1197.753121][ T2554] ? do_sys_open+0x31d/0x5d0 [ 1197.757698][ T2554] ? tomoyo_file_ioctl+0x23/0x30 [ 1197.762709][ T2554] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1197.769042][ T2554] ? security_file_ioctl+0x93/0xc0 [ 1197.774138][ T2554] ksys_ioctl+0xab/0xd0 [ 1197.778278][ T2554] __x64_sys_ioctl+0x73/0xb0 [ 1197.782853][ T2554] do_syscall_64+0x103/0x610 [ 1197.787439][ T2554] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1197.793310][ T2554] RIP: 0033:0x458a97 [ 1197.797187][ T2554] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1197.816876][ T2554] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1197.825268][ T2554] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458a97 [ 1197.833223][ T2554] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1197.841177][ T2554] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1197.849134][ T2554] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1197.857271][ T2554] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1197.874551][ T2552] binder: 2549:2552 BC_INCREFS_DONE u0000008000000000 no match [ 1197.920187][ T2556] kvm [2546]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:11 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000068086310400000000080"], 0x0, 0x0, 0x0}) [ 1198.014362][ T2554] hfs: can't find a HFS filesystem on dev loop3 [ 1198.040272][ T2665] mkiss: ax0: crc mode is auto. 14:21:11 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x230f000000000000, 0x0) 14:21:11 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfd\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:11 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:11 executing program 3 (fault-call:0 fault-nth:18): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1198.261535][ T2665] mkiss: ax0: crc mode is auto. [ 1198.262574][ T2777] binder: 2776:2777 IncRefs 0 refcount change on invalid ref 1744830464 ret -22 [ 1198.297435][ T2777] binder: 2776:2777 BC_INCREFS_DONE u0000008000000000 no match [ 1198.352052][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1198.358054][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1198.364006][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1198.369811][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:21:11 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000000)) 14:21:11 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="046304400000006c086310400000000080"], 0x0, 0x0, 0x0}) [ 1198.486062][ T2886] kvm [2846]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1198.499726][ T2888] FAULT_INJECTION: forcing a failure. [ 1198.499726][ T2888] name failslab, interval 1, probability 0, space 0, times 0 [ 1198.541717][ T2888] CPU: 0 PID: 2888 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1198.549666][ T2888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1198.559821][ T2888] Call Trace: [ 1198.563133][ T2888] dump_stack+0x172/0x1f0 [ 1198.567486][ T2888] should_fail.cold+0xa/0x15 [ 1198.572104][ T2888] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1198.577992][ T2888] ? ___might_sleep+0x163/0x280 [ 1198.582853][ T2888] __should_failslab+0x121/0x190 [ 1198.587803][ T2888] should_failslab+0x9/0x14 [ 1198.592585][ T2888] kmem_cache_alloc_trace+0x2d1/0x760 [ 1198.598268][ T2888] kobject_uevent_env+0x2fb/0x1030 [ 1198.603403][ T2888] kobject_uevent+0x20/0x26 [ 1198.607920][ T2888] lo_ioctl+0x112b/0x2150 [ 1198.612268][ T2888] ? lo_rw_aio+0x1120/0x1120 [ 1198.616870][ T2888] blkdev_ioctl+0x6f2/0x1d10 [ 1198.621471][ T2888] ? blkpg_ioctl+0xa90/0xa90 [ 1198.626089][ T2888] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1198.631917][ T2888] ? __fget+0x35a/0x550 [ 1198.636093][ T2888] block_ioctl+0xee/0x130 [ 1198.640428][ T2888] ? blkdev_fallocate+0x410/0x410 [ 1198.645466][ T2888] do_vfs_ioctl+0xd6e/0x1390 [ 1198.650075][ T2888] ? ioctl_preallocate+0x210/0x210 [ 1198.655193][ T2888] ? smack_file_ioctl+0x196/0x310 [ 1198.660219][ T2888] ? smack_inode_rename+0x2d0/0x2d0 [ 1198.665434][ T2888] ? do_sys_open+0x31d/0x5d0 [ 1198.670039][ T2888] ? tomoyo_file_ioctl+0x23/0x30 [ 1198.674989][ T2888] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1198.681242][ T2888] ? security_file_ioctl+0x93/0xc0 [ 1198.686370][ T2888] ksys_ioctl+0xab/0xd0 [ 1198.690543][ T2888] __x64_sys_ioctl+0x73/0xb0 [ 1198.695142][ T2888] do_syscall_64+0x103/0x610 [ 1198.699747][ T2888] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1198.705633][ T2888] RIP: 0033:0x458a97 [ 1198.709542][ T2888] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1198.729146][ T2888] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 14:21:11 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x2804000000000000, 0x0) [ 1198.737559][ T2888] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458a97 [ 1198.745531][ T2888] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1198.754371][ T2888] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1198.762343][ T2888] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1198.770399][ T2888] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1198.833811][ T2888] hfs: can't find a HFS filesystem on dev loop3 [ 1198.863819][ T3000] binder: 2960:3000 IncRefs 0 refcount change on invalid ref 1811939328 ret -22 [ 1198.881401][ T3000] binder: 2960:3000 BC_INCREFS_DONE u0000008000000000 no match 14:21:11 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) mremap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0xe000, 0x2, &(0x7f0000fef000/0xe000)=nil) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x200, 0x0) setsockopt$inet_dccp_buf(r1, 0x21, 0xcf, &(0x7f0000000180)="37c6982caa7fc6c6b2da2ebfe0f1314ef457e5a6f50e408b9e123b390f231ba410677ca6ae931d4ca1465ccaa6a24d217de163c73c3a14467f4e908d405ebd4aafca936a58472ab3dbaf5834a4c22a92c99cd4dd8781ae1f5b79d9fbef28fd4582ba18117d0b48a86414f3f69ddd45ef411083748da7523f5bf9d04b13c148499bebce901fdeaf04822d331d36ad35d25535497176b6d0e0d3d78640dd33296c7fe3a603833810fe6bbe142457940b391ded56bfd298c878a8f2cb87ee10a8541be5bd81f0d5bce53d58dbc90e296c07b895c4721ba2507809d6b9345eea39c6572d9aef40", 0xe5) ioctl$SIOCAX25NOUID(r1, 0x89e3, &(0x7f0000000100)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:11 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfi\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:12 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000074086310400000000080"], 0x0, 0x0, 0x0}) 14:21:12 executing program 3 (fault-call:0 fault-nth:19): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:12 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) setsockopt$TIPC_MCAST_BROADCAST(r0, 0x10f, 0x85) write$cgroup_int(r0, &(0x7f0000000000), 0x12) 14:21:12 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x3b26000000000000, 0x0) [ 1199.076708][ T3120] kvm [3118]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1199.099203][ T3125] binder: 3124:3125 IncRefs 0 refcount change on invalid ref 1946157056 ret -22 [ 1199.158731][ T3146] FAULT_INJECTION: forcing a failure. [ 1199.158731][ T3146] name failslab, interval 1, probability 0, space 0, times 0 [ 1199.174096][ T3125] binder: 3124:3125 BC_INCREFS_DONE u0000008000000000 no match [ 1199.187838][ T3146] CPU: 0 PID: 3146 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1199.195761][ T3146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1199.205930][ T3146] Call Trace: [ 1199.209235][ T3146] dump_stack+0x172/0x1f0 [ 1199.213581][ T3146] should_fail.cold+0xa/0x15 [ 1199.218188][ T3146] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1199.224011][ T3146] ? ___might_sleep+0x163/0x280 [ 1199.228879][ T3146] __should_failslab+0x121/0x190 [ 1199.233824][ T3146] should_failslab+0x9/0x14 [ 1199.238329][ T3146] __kmalloc+0x2dc/0x740 [ 1199.242580][ T3146] ? kobject_uevent_env+0x2fb/0x1030 [ 1199.247863][ T3146] ? rcu_read_lock_sched_held+0x110/0x130 [ 1199.253753][ T3146] ? kobject_get_path+0xc4/0x1b0 [ 1199.258705][ T3146] kobject_get_path+0xc4/0x1b0 [ 1199.263470][ T3146] kobject_uevent_env+0x31f/0x1030 [ 1199.268593][ T3146] kobject_uevent+0x20/0x26 [ 1199.273112][ T3146] lo_ioctl+0x112b/0x2150 [ 1199.277451][ T3146] ? lo_rw_aio+0x1120/0x1120 [ 1199.282045][ T3146] blkdev_ioctl+0x6f2/0x1d10 [ 1199.286638][ T3146] ? blkpg_ioctl+0xa90/0xa90 [ 1199.291236][ T3146] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1199.297061][ T3146] ? __fget+0x35a/0x550 [ 1199.301224][ T3146] block_ioctl+0xee/0x130 [ 1199.305558][ T3146] ? blkdev_fallocate+0x410/0x410 [ 1199.310587][ T3146] do_vfs_ioctl+0xd6e/0x1390 [ 1199.315196][ T3146] ? ioctl_preallocate+0x210/0x210 [ 1199.320303][ T3146] ? smack_file_ioctl+0x196/0x310 [ 1199.325323][ T3146] ? smack_inode_rename+0x2d0/0x2d0 [ 1199.330527][ T3146] ? do_sys_open+0x31d/0x5d0 [ 1199.335232][ T3146] ? tomoyo_file_ioctl+0x23/0x30 [ 1199.340172][ T3146] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1199.346411][ T3146] ? security_file_ioctl+0x93/0xc0 [ 1199.351526][ T3146] ksys_ioctl+0xab/0xd0 [ 1199.355693][ T3146] __x64_sys_ioctl+0x73/0xb0 [ 1199.360289][ T3146] do_syscall_64+0x103/0x610 [ 1199.364880][ T3146] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1199.370764][ T3146] RIP: 0033:0x458a97 [ 1199.374653][ T3146] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1199.394348][ T3146] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 14:21:12 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x80, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r2, 0x8008ae9d, &(0x7f00000000c0)=""/32) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1199.402758][ T3146] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458a97 [ 1199.410722][ T3146] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1199.418690][ T3146] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1199.426657][ T3146] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1199.434631][ T3146] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:21:12 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfl\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1199.501580][ T3146] hfs: can't find a HFS filesystem on dev loop3 14:21:12 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="046304400000007a086310400000000080"], 0x0, 0x0, 0x0}) 14:21:12 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x10000000801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x9, 0x200000) ioctl$VT_ACTIVATE(r0, 0x5606, 0x5) 14:21:12 executing program 3 (fault-call:0 fault-nth:20): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1199.548787][ T3383] kvm [3361]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:12 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x3f00000000000000, 0x0) [ 1199.728620][ T3494] FAULT_INJECTION: forcing a failure. [ 1199.728620][ T3494] name failslab, interval 1, probability 0, space 0, times 0 [ 1199.742724][ T3493] binder: 3488:3493 IncRefs 0 refcount change on invalid ref 2046820352 ret -22 14:21:12 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) sendmsg$unix(r3, &(0x7f0000001780)={&(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000016c0)=[{&(0x7f0000000180)="8c05283045c70fc69a27c3d22e18b8e7ce7f92eaa4773cd2026d8a9c3679b02c82bfb3507ea2a5f1fec174523dd607bf97930ff02463bd37258f3d69b3bec3ad456a486492a5f27f9f08a6d3932e883f314e20a72031365946afa11e86a8f3a8617971239c6b997fff663b38b5f5a957f8369dfd9716bbc6d4fec428869e34b499419d845653e1a88aa8baa50d7793ac34bae4477229d887cbaa9ca42763000adec868372a0341c52554cb10f45ce40c28f724897d843bd892e9f0c71d4659ffa908e91a3547b4b00c0fd42cf5271b22874041e05d4f3645b755cee17b6cbf857cff3839292269e810", 0xe9}, {&(0x7f0000000280)="97dffa9ff498b9e600fa27653e53aad6d09317b08e6cec74ae400fc067c814e6e1582d19ce32fb3770d1652101d337e7eed2281f63752e2508f119822ecd142cea58f7919049fced65c422f3818c02d2108786d25202ec561ad83f6c905a34009345885f8122f1c913b1006c589af8cfd0d8b0435842cb2cf0c9964a4c3c4d7e6375ea032cd6071875dbc7924f4b7afc80fe90952589557bad9b98e9faf135725d58f36afe0bb853553726b82fca85edce7af67652383d1d577194969bf00230af6181ed", 0xc4}, {&(0x7f0000000380)="01ffa3ac3390ac42dbb94877cacaa9e8fa4563c194b45cf81a3325feefc31b248c6aad508b6a416ebe66bb7f49bc7780d24675700cf19a24d400265e8ca1ae6fb92806f92347daa2e02e1073c96cd4ab098b11020f6e780c2bb074dca016463d295c570615e097c87a3249986a4ebcb9398f576e6ca7219ae3383f461d79e834a98899a567746a8431e0c9252d347f7927d3bd5b5df3aa66b0b2fa", 0x9b}, {&(0x7f0000000440)="48eb66b3001147a0850a3e38552f1564aa533791", 0x14}, {&(0x7f0000000480)="941c6d26e788bf7ec2ea2d70a32c9c98b8d6d983f813a16cc3df2785ba1accc554c49db8d288be2829357979df6ad3be78375ae830210639d4476f4af947b7c5c1d69d191c57ba28c472e05e4e8ecbda463d0f88d9a30ae367d1c1376d9922ac9acce4f8d163a0700067a77f100129959278857eb868d9973161a07be04b56db3324e67c35f968b403a1bef3fb1efc3cb68e3f4c3700303c550ae59abd69cb1e7713eb963d131d9bc1905d288dc6ea95f85f402971097485a90060737011081325b5c4bea24d6c20aa909d1689c69c26c175021650f8c5c21cb1215eccf182b6cb232e1b11da6819c6ed657a21fa239ab19d813744caab0c3200bd9aa7c2c0790fb56ceb96666efe485fe1c308f644786fcb035bf910a723f4f1103562bcafcb65cc03c3dcefa532b5bfcd8d49dd0e4e525696ae40595a112b158b94511fd76318ad37ee2eb981885bc51183fbfab30f60b9a56ef2cc9a126b909ed027e4d8171793bc72fdc3a636b96ee93613342c72f714c865f762f8c6f956e3541aa9ea2387c8eae3d7acd2d8a2eab5f6b3060485a6b912b5f62c70baed41be156590b5982cb9bfeeaeb8ee91daf10be53e699d5ccbbaefa4dfb4dee744a98aa38b4e5a9ef2f179734e6ff838a1ce8dcb21c19c725493742a7a219629972b62e48cf9d28ec0e649023dae8567718c6a4a64c515ca906d045d2c84a4d4ed71f7f08b24099213bdc931ac206bc253702a19f1add8a110d82f9e352fd0bdba0199701b7763ec990aaf3c9b3f2d210b299a99ce08242335e9fee38c011ddab12fe7a04ba53b01f9b80749a8be1e6e59167c3e94636778e922eb70435dcee632aefda2a57395472ccedf8cf7b14b5dfd980042fcc47d91eef017b4869f2f6a15e1f4a450e0fa803695cd9bedb58a22fb72d0c3bfed67635be2b01b04dee5a7201234ae3d6accc55b44d22e0cb055342dcd9f0ca4306bfbd63c419892b89b55629c28787f61163828b0b2c0078024df4fec289ba4b4e4ed17776f32dc28072a9942496d16779ccf963b0fa924e2d69aca551f5e038935891c003381036debda71572727b430e48cdd7c044170491f65654b9a84b775b902f153e73a3a20a515c2b3e39a2af9c1fd56d596d1eca24f7b4d58182237b79d24629b21ff3461014ad22d88668a50beef4763050fbdf51ae3c716a9099b6f40ec9f7af04b1453ca516f17b0230055dd762d550e82d6b15b164613720699eaeb05132f2ad89d9fd53f4e0ecd63ffab8fe25df1b4f3a42cd1e529e36e3e815f2e4cd7cd430df448c7b537870722e297517f1093d0ded48666416d319530a9f17a2d7e00b2c4faa6c2c0c5cc9dc7f17c48828e92ae3f5b39ee55c44cd23bacabd30d4df115aa2200471d35324143448ed86cb6015a47deaf01aa144f38fc741bfd4289a9f006d6949dc4db886b84eeb8226242dbefe13af1ffc6cc7c3c6591528db047cc20e3f64f31640fefee25d31213abf46ac736aa335846e3507f045cc76b1691caff10f383cbe7a7af3da51b09465e0bab9e5eaeb9c872d73d77ec2c9f1a4f5c4bc0319462ca0754be07352da50154aa68ab9c6c7f151dc19930a1d0d9f6ee4f5cf444b1a76e1618df848d7dfcd68510c26cc618cbc0e068e9a79c6b23cfc4cc5cd440f4c20683141184bae3bc602805de16eccb13b620ccb3c69b86490f3aa2fb03133ca36d98ef6ad33ba43e39a6fb5e8daa764504c058c60f9a8c6f0e3673a64735de8ba30436b8f0231ba72b0aa21a8c035fad22439005f60131abf1334e671d5f25c45621bd48fe756740e059865cd7fdb62bc9ca917b950fb559b4f89e84748199d6476162f4f4bcc6a78ab660fa8d28641b2e8050388b92dab8002a23649ca45fb25df2882cbe957cf8970251a17424f3ca1e963dc60d402f5093625e3e2da2cc999439caff642c1d102cf8cb608c317ab3c72f53ef43beabe7a8f2a891a3e6bc1194d8d1a4345b9b92d64dc3e52ee1e60122bb6f3102bb451b21382131c1a0271915930df05031ed2a131628d16c92360ea5ce9abe1a1f2924a900a2f52a2a3f966426387cd7c6f163c03d90b17ddac598bab3ab62706c258f444cd626372a494b8553ce26290e451b516b272799ec62b070cde7a5f772824af303d8e627814b27635aca9727d898832b01c61f45f2e68b05c3525379a767e16e5f5a3920d2a479ec8e972f43878cfedb438b4dc3cfba882c0bad3430a1679ab4d7a776a4af28ab3963b3927bcf21b324b62c7dab7b53605c7241c12932b0793a20ab42a74bb8908efa1fa94bfbf951b3d53e4d1f6893cb5f60b50765f67eabc074c4ec448380ac18d71f411416d1be929c5d6fc74d1a1458772950a8902306a86818c3f62165b2e9c96bacd71dc58b7a2ce4c08f6f5aef8cedd085dd7dd1087a6f62e90300f40016fa8ca1f347c52a7853694e9296aa55b426bf691ea89fe7520f9a85f52f8134aed39330f0ee69fc15540e42ec4ff50a2cee3c75c2953215e01ec8fc688eae683385de6c60db2fe372f8e1eed2f39502482f0e9033ad22a8bdcefdca3382965324f52d268e1de6a0886abee8e39717a83a4454a6c9cff69a344fe9d382a25b5d8d63c49e584c4993a557f23479045d4aeec969a993ad7b13e6731d4addd13faa821abb4036907391d3c07c833f5e77825b2076b5b90154ad4a5159b2cfb93eda2cc155aac32c9d0861216e5114a89eae2c690faad4efced1e9b500f91426ff7807e1a4e7e62488ba09f90a8de7e9eb8348269079ec066e58eed96b12625b08ef2956ec35b1fb8dfe0045d0ee1b7eb4bc2f69e9d0609e2f6d1d20e40c354ea83e2e85caf3c4b93a763515f5c867dc30a4ef1e0595ec360a8a343685cfe314690b9e39de8da7b0bf452b08ef348f9e9c5436cd44f88b89ffd8e315ee0b191289f92880ace5572411e2e64e7f7aa5f81a5006d0579e93b4ad2bec5e90f5122de39dfb086b7eb50feb48065c7682bfe452cb2a7508bb10da963c967d3e19b6c42bc0a4b96190822c30a614ad93633cc35d456dd56d34e79e72e1f12dfa9d55e3d86310f250b93c45ff30f0d69e1d8289426ae6daf6854c2ac652e0089712013c54d712e0fb8b7af6a2f3881633ac7568875cea48a3cd19979ec3dbb53bb2d9a07a7a7d67cfdb74e558212d2d278b7af5266850de5d522c2fa64e72c53214719b2acc934fabfee6315dc1097a90ac594f6301b657d67383e8c0e2df4ed9ebeacc8e1a6e5bcadcb3b1c285b719f6153f3d03f6f96fbfbc0a79b839b58df1f235849fb34ec36f384050b4782c4c6380a2c4673d1fe7e9ca8df70c63f280d474aa272cc9239a00488dfcb0c27ffaa07d4408380f8b387d2e13e725cb66cf59df106d4d865109e1689740bd0934786c100c4bc673efb249953ea4d4ee741278c6e6d217813a9bfbfb52ce3efa4caf15dd356d8b12a865991a8933e0337fd9a921bfdde7cfcdaa794ed295bd6caad23d10175e8642a07b8a8e38f5098966a661117db4120976a588da5e8d29718458397b115022d59af31c88ddc993a37287e0f644b8d0532aa589217eca38076fe11646bd0f4a5735a2f980edb50347770a74a5d259c86ae35b3ebc980ca2c9dce9dbc1d5d64fd640fed4b7e22109b15e222b5870482d2c4de6a570b89877b87f857c0c71e941ce1d3893cfd76fbed198115899cf4a0395c2eadbae83c76e4279e7493b50dbcb1ce7282fec7e9787e5f905ca8391ad13d6496ac525ded22d51d35604e97dadc1835495016cf29619a11f238486229544eff39b97a1b95086ba3df38d1dbe00231d52923a8eb000f92a58dca4280b180a871b14e34f29757ce790f65c690512a91244d6668a2868d254e9e8ecf3d5421f2bfb020c0cbb699c1e36f90a9dd5dbf980dee4da7078d06f1a9f7ef58e5ee9b433c8ebad59cedcfa837911a563808723b72d202bd64b451c191007f4188211e65d37312d737690a88b5eabb6e90d5ab6b2b38629585437cf7e7f189bb5614f51cd3e10da499d3b4337de86ada54e96b07d0bab38d1a05ee7ea7db19aeea89bb6d51ec9367a003531c84c29bdb2e8324bb9ed995d5e9643a94d9052d33407dff53a78b205e29e401c3efff01a09c195a40d460826d09e960ce2dfc549396e1d611047c3cd42bda60f45ee83a3264a8ad364d6dc662498c6b3793b11683745ebc947b752dac78b61c37925f95ae930432795bf9942f6374f40e2b7e9d56cd75399fb1b263ffdcae67207cc56f8f83e9cb60ede45974bb08f581130afc0f070ec5c341bdae02d3fb6cabbcab45b2afceafc5d986205378caf107a5c223264416757f161a66efd6c09b1c7eb4d180b76095487d8c2c066697f190f31bfbd349e1f632d583c6087e57da853d6b893ac068425ecc05a98b71230deb6bfbf7df25e1fe9da2395ccb69bd96657cb94f858fef3f2ec771749232f037ca9d2c0ce900cb09d2e142b55f66b390d85376c13a90b57b535384c6ae804a7f17b612a498b51efc2f1f3eb79de68164f8c685cd2ba22afec7f48db92a4b27b78a856471c72704d20964eb18aeaec07082c61854db9121108b170e73f595f1347bc7eef7deb97441a71ff85be20c964a01439bbd3531a99d6ed911d923194e388922a50dc1b8e838ba9aa75e7519b374a9505bdcd7ff0940aafc65669902d38e123986edd6643067217717cb12fac0997a070b88b3877eb799cc8c83097663e5e9bafd741ed4e9635508ae5ce7bd0059d50093b5d920f979f411133add858549748d1cc46f296bab8edd76db467930db357c76422fd7a81d617fa4f6b18fcb8f2765ebfac7a6ae5512a1da58bbfb3d88edb5588a9dceac26350b53d84a92d3ab78c9ed22175f95c24f4451295072348dfd0020ed09721016ccd9c2bbd193d5000cd3e034a7a55d9840a487e5593d9e343c4d113f905a5bc070d2fac10212e9554997f34b95598084b806375cadd9a7c5146ac99f83f813b51607926565db7d5477fd982f441707ca91eb05f5f50d8a3287615cd7627a562e86286109a80184eb086a76df4126abadbc201a11df4f1f1b1071cf2580daa6b9c32b0b372e87eeceb4e8a4625628b10e695c207c6fa7ed9452af2a8d0808a04a4139622307e0b2816cdffc92bce7e6cccbb1cf160ec8f231061fc2df743dc9218514fdca54116a487107afac96365d17338bd694cd721ae7fdec476ca2384be6d29ecdd0cf53ecde7c09b12bd47fb4eefbb8d15c56926d68e8e45317f27fa1e48e54fdecaa83802ff9f907f012eb70bdc906368e259f3a3a7cb61365b496e48c5fc2291a28596568d1684a0a406b542eb1c3884a37c5a3b1b8b0593dec5ac4e3d83cdce5dce858cf8b371f6244a2e432c444cf305bf730762b0dbab3c17f05cfbf1f9430311cc504b7ebd3240e774c6f8371411fb8687217b110bf4260723736b4ba940fa7d0739ad30f69adeef52c4dc9cb76fd43c4d1e0024095e9940fc62fd77b255395ade066b6f7bcec45f0315ae4f897d73cbb555bd1b8bcc481c62891b921185818e247146a8d0da943a4a4eaa89cd010b514aae44f7c90632404fdf6d3b00ee01b3157f4a2fb5066318b9b90ff70fbb59dcfadb1df0fcf8a5ccdf9b9000ee3aed1dbebe1e605a8c2315e2b20b205303455eb5eb5ac703b27c7bb08d22d7dfce80de11e51a058a0eb0c62ebf73e2a2ad50565d2532e29f2e7c8ec81993a05abc2ed0b712c8b95e2709d721d142839662d58117645cfac2428d454c9b11c9700a0d430f73d4a0b3262692f0756743704fd6ddf510151d92b7", 0x1000}, {&(0x7f0000001480)="7cd327e42532291cdcbafa46c549bf0f6ef4cfc1731e94fa597f5ac9efd95f2aa42556c30ecc8c12949edaa7fe9f0abca580aed612a511fe077d813df2f56ac1ec78346023fd8c1a66dc64897fdfb3d63e4b1d332f79737fd678639b29e73ea5e6805b3d40e9893e36fccf3def69bd5135742f42c7e97f8c5baa3cd88686ed1c5ecca5193f39640411a91cba28c72439ab57acf14f267d40cf201b8e51cf00a8fb045b", 0xa3}, {&(0x7f0000001540)="5c023dfcd4c1cd16e24c23c6e0412ca6a28d91c3de7b543235849ce960c0aea28f2345e6cdf55c7678dcb7d420b51f2655a645a00debdd4f03f56ab69162610b0d831604", 0x44}, {&(0x7f00000015c0)="704551282b7431526300e6b63e36d60f6f95dab57189d513d46d34822699bd36bdec288f980cac87a18d643867c08e248af50d4df2c19d1f42a320f20cf150ed3907a357e97249c9cd409374447a86e3159067b8977af1da2371624a853bb37dda6a30b9238c465baa84ad9677e758b0870226428af55d2dad81ac2d066ffd7a183a03818338cb127c37a83e5b062dd72f651f4ead27847b21c786f8ca260a9de58a03caae56228d0befbac22d34e9024429ad543e693173dd4bee8777f1f5228b194f", 0xc3}], 0x8, &(0x7f0000001740)=[@rights={0x18, 0x1, 0x1, [r2, r0]}, @rights={0x28, 0x1, 0x1, [r0, r3, r2, r0, r2]}], 0x40, 0x1}, 0x4008004) [ 1199.770414][ T3493] binder: 3488:3493 BC_INCREFS_DONE u0000008000000000 no match [ 1199.789965][ T3494] CPU: 0 PID: 3494 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1199.797905][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1199.807975][ T3494] Call Trace: [ 1199.811284][ T3494] dump_stack+0x172/0x1f0 [ 1199.815641][ T3494] should_fail.cold+0xa/0x15 [ 1199.820279][ T3494] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1199.826105][ T3494] ? ___might_sleep+0x163/0x280 [ 1199.830984][ T3494] __should_failslab+0x121/0x190 [ 1199.835936][ T3494] should_failslab+0x9/0x14 [ 1199.840455][ T3494] kmem_cache_alloc_node+0x264/0x710 [ 1199.845774][ T3494] ? find_held_lock+0x35/0x130 [ 1199.850547][ T3494] __alloc_skb+0xd5/0x5e0 [ 1199.854880][ T3494] ? skb_trim+0x190/0x190 [ 1199.859214][ T3494] ? kasan_check_read+0x11/0x20 [ 1199.864080][ T3494] alloc_uevent_skb+0x83/0x1e2 [ 1199.868940][ T3494] kobject_uevent_env+0xa63/0x1030 [ 1199.874159][ T3494] kobject_uevent+0x20/0x26 [ 1199.878676][ T3494] lo_ioctl+0x112b/0x2150 [ 1199.883014][ T3494] ? lo_rw_aio+0x1120/0x1120 [ 1199.887611][ T3494] blkdev_ioctl+0x6f2/0x1d10 [ 1199.892239][ T3494] ? blkpg_ioctl+0xa90/0xa90 [ 1199.896851][ T3494] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1199.902846][ T3494] ? __fget+0x35a/0x550 [ 1199.907096][ T3494] block_ioctl+0xee/0x130 [ 1199.911423][ T3494] ? blkdev_fallocate+0x410/0x410 [ 1199.916450][ T3494] do_vfs_ioctl+0xd6e/0x1390 [ 1199.921050][ T3494] ? ioctl_preallocate+0x210/0x210 [ 1199.926334][ T3494] ? smack_file_ioctl+0x196/0x310 [ 1199.931461][ T3494] ? smack_inode_rename+0x2d0/0x2d0 [ 1199.936671][ T3494] ? do_sys_open+0x31d/0x5d0 [ 1199.941361][ T3494] ? tomoyo_file_ioctl+0x23/0x30 [ 1199.946301][ T3494] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1199.952542][ T3494] ? security_file_ioctl+0x93/0xc0 [ 1199.957662][ T3494] ksys_ioctl+0xab/0xd0 [ 1199.961827][ T3494] __x64_sys_ioctl+0x73/0xb0 [ 1199.966426][ T3494] do_syscall_64+0x103/0x610 [ 1199.971022][ T3494] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1199.976911][ T3494] RIP: 0033:0x458a97 [ 1199.980801][ T3494] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1200.000514][ T3494] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1200.014238][ T3494] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458a97 [ 1200.026556][ T3494] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1200.035573][ T3494] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1200.044814][ T3494] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1200.052786][ T3494] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:21:13 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) ioctl$SIOCRSACCEPT(r1, 0x89e3) write$cgroup_int(r0, &(0x7f0000000700), 0x12) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000000)={0x0, @reserved}) 14:21:13 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440fffffdfd086310400000000080"], 0x0, 0x0, 0x0}) [ 1200.130788][ T3494] hfs: can't find a HFS filesystem on dev loop3 [ 1200.178338][ T3606] kvm [3605]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:13 executing program 3 (fault-call:0 fault-nth:21): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:13 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfo\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1200.286280][ T3668] binder: 3659:3668 IncRefs 0 refcount change on invalid ref -33685505 ret -22 14:21:13 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14, 0x80800) personality(0x400000f) r2 = fcntl$dupfd(r1, 0x403, r1) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000100)={0x4, [0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000180)=0x14) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) write$cgroup_int(r3, &(0x7f00000000c0)=0x100000001, 0x66) ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:13 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4000000000000000, 0x0) [ 1200.345237][ T3668] binder: 3659:3668 BC_INCREFS_DONE u0000008000000000 no match [ 1200.394560][ T3733] FAULT_INJECTION: forcing a failure. [ 1200.394560][ T3733] name failslab, interval 1, probability 0, space 0, times 0 [ 1200.415730][ T3733] CPU: 0 PID: 3733 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1200.423969][ T3733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1200.434560][ T3733] Call Trace: [ 1200.438665][ T3733] dump_stack+0x172/0x1f0 [ 1200.443044][ T3733] should_fail.cold+0xa/0x15 [ 1200.447940][ T3733] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1200.454300][ T3733] ? ___might_sleep+0x163/0x280 [ 1200.461178][ T3733] __should_failslab+0x121/0x190 [ 1200.467258][ T3733] should_failslab+0x9/0x14 [ 1200.471971][ T3733] __kmalloc+0x2dc/0x740 [ 1200.477009][ T3733] ? kobject_uevent_env+0x2fb/0x1030 [ 1200.482471][ T3733] ? rcu_read_lock_sched_held+0x110/0x130 [ 1200.489321][ T3733] ? kobject_get_path+0xc4/0x1b0 [ 1200.494262][ T3733] kobject_get_path+0xc4/0x1b0 [ 1200.499045][ T3733] kobject_uevent_env+0x31f/0x1030 [ 1200.504172][ T3733] kobject_uevent+0x20/0x26 [ 1200.509341][ T3733] lo_ioctl+0x112b/0x2150 [ 1200.513690][ T3733] ? lo_rw_aio+0x1120/0x1120 [ 1200.519069][ T3733] blkdev_ioctl+0x6f2/0x1d10 [ 1200.523664][ T3733] ? blkpg_ioctl+0xa90/0xa90 [ 1200.528259][ T3733] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1200.534088][ T3733] ? __fget+0x35a/0x550 [ 1200.539550][ T3733] block_ioctl+0xee/0x130 [ 1200.543954][ T3733] ? blkdev_fallocate+0x410/0x410 [ 1200.548985][ T3733] do_vfs_ioctl+0xd6e/0x1390 [ 1200.553592][ T3733] ? ioctl_preallocate+0x210/0x210 [ 1200.558701][ T3733] ? smack_file_ioctl+0x196/0x310 [ 1200.563722][ T3733] ? smack_inode_rename+0x2d0/0x2d0 [ 1200.569018][ T3733] ? do_sys_open+0x31d/0x5d0 [ 1200.573621][ T3733] ? tomoyo_file_ioctl+0x23/0x30 [ 1200.578645][ T3733] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1200.585166][ T3733] ? security_file_ioctl+0x93/0xc0 [ 1200.590300][ T3733] ksys_ioctl+0xab/0xd0 [ 1200.594552][ T3733] __x64_sys_ioctl+0x73/0xb0 [ 1200.599155][ T3733] do_syscall_64+0x103/0x610 [ 1200.604015][ T3733] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1200.609910][ T3733] RIP: 0033:0x458a97 [ 1200.613823][ T3733] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1200.636752][ T3733] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 14:21:13 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440fdfdffff086310400000000080"], 0x0, 0x0, 0x0}) [ 1200.645772][ T3733] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458a97 [ 1200.654006][ T3733] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1200.662798][ T3733] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1200.670943][ T3733] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1200.678925][ T3733] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:21:13 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x200) write$cgroup_int(r0, &(0x7f0000000700), 0x12) [ 1200.723985][ T3733] hfs: can't find a HFS filesystem on dev loop3 14:21:13 executing program 3 (fault-call:0 fault-nth:22): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1200.778151][ T3837] binder: 3835:3837 IncRefs 0 refcount change on invalid ref -515 ret -22 [ 1200.798238][ T3837] binder: 3835:3837 BC_INCREFS_DONE u0000008000000000 no match 14:21:13 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4404000000000000, 0x0) 14:21:13 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x8000000000000000, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x101001, 0x0) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r1, 0xc0845658, &(0x7f0000000200)={0x0, @reserved}) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000040)={0x7b, 0x2, [0x40000090, 0xff0b017a, 0x17], [0xc1]}) syz_genetlink_get_family_id$nbd(&(0x7f00000002c0)='nbd\x00') 14:21:14 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000016310400000000080"], 0x0, 0x0, 0x0}) [ 1200.950640][ T4044] FAULT_INJECTION: forcing a failure. [ 1200.950640][ T4044] name failslab, interval 1, probability 0, space 0, times 0 [ 1200.975974][ T4044] CPU: 0 PID: 4044 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1200.984120][ T4044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1200.996711][ T4044] Call Trace: [ 1201.000152][ T4044] dump_stack+0x172/0x1f0 [ 1201.004780][ T4044] should_fail.cold+0xa/0x15 [ 1201.009480][ T4044] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1201.018035][ T4044] ? ___might_sleep+0x163/0x280 [ 1201.024025][ T4044] __should_failslab+0x121/0x190 [ 1201.028973][ T4044] should_failslab+0x9/0x14 [ 1201.034427][ T4044] kmem_cache_alloc_node+0x264/0x710 [ 1201.040099][ T4044] ? find_held_lock+0x35/0x130 [ 1201.045577][ T4044] __alloc_skb+0xd5/0x5e0 [ 1201.050099][ T4044] ? skb_trim+0x190/0x190 [ 1201.054438][ T4044] ? kasan_check_read+0x11/0x20 [ 1201.059298][ T4044] alloc_uevent_skb+0x83/0x1e2 [ 1201.064503][ T4044] kobject_uevent_env+0xa63/0x1030 [ 1201.069653][ T4044] kobject_uevent+0x20/0x26 [ 1201.074281][ T4044] lo_ioctl+0x112b/0x2150 [ 1201.078722][ T4044] ? lo_rw_aio+0x1120/0x1120 [ 1201.084027][ T4044] blkdev_ioctl+0x6f2/0x1d10 [ 1201.089611][ T4044] ? blkpg_ioctl+0xa90/0xa90 [ 1201.094294][ T4044] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1201.103429][ T4044] ? __fget+0x35a/0x550 [ 1201.109012][ T4044] block_ioctl+0xee/0x130 [ 1201.113514][ T4044] ? blkdev_fallocate+0x410/0x410 [ 1201.118571][ T4044] do_vfs_ioctl+0xd6e/0x1390 [ 1201.123777][ T4044] ? ioctl_preallocate+0x210/0x210 [ 1201.128892][ T4044] ? smack_file_ioctl+0x196/0x310 [ 1201.134182][ T4044] ? smack_inode_rename+0x2d0/0x2d0 [ 1201.139917][ T4044] ? do_sys_open+0x31d/0x5d0 [ 1201.145212][ T4044] ? tomoyo_file_ioctl+0x23/0x30 [ 1201.150507][ T4044] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1201.157654][ T4044] ? security_file_ioctl+0x93/0xc0 [ 1201.162889][ T4044] ksys_ioctl+0xab/0xd0 [ 1201.168288][ T4044] __x64_sys_ioctl+0x73/0xb0 [ 1201.173407][ T4044] do_syscall_64+0x103/0x610 [ 1201.178113][ T4044] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1201.185394][ T4044] RIP: 0033:0x458a97 [ 1201.190766][ T4044] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1201.216399][ T4044] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1201.226298][ T4044] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458a97 [ 1201.237321][ T4044] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 14:21:14 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$cgroup_int(r0, &(0x7f0000000700), 0x12) 14:21:14 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfp\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1201.246541][ T4044] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1201.254948][ T4044] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1201.263187][ T4044] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1201.299141][ T4044] hfs: can't find a HFS filesystem on dev loop3 [ 1201.318423][ T4050] binder: 4048:4050 unknown command 1074815745 [ 1201.338558][ T4050] binder: 4048:4050 ioctl c0306201 20000680 returned -22 14:21:14 executing program 3 (fault-call:0 fault-nth:23): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:14 executing program 4: r0 = syz_open_dev$sndpcmc(&(0x7f0000000180)='/dev/snd/pcmC#D#c\x00', 0x8de, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001480)='TIPCv2\x00') sendmsg$TIPC_NL_NAME_TABLE_GET(r0, &(0x7f00000017c0)={&(0x7f0000001440)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001780)={&(0x7f0000001500)={0x24c, r1, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x3c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x3c4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xe583}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000001}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x95}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x18000000000}]}, @TIPC_NLA_MEDIA={0xa4, 0x5, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffffffffff81}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfd3b}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8001}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x20000000}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NET={0x2c, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x200}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x10000}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xce}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}]}, @TIPC_NLA_BEARER={0x94, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x701}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xcc33}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x75db}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffffffffffd}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x35}]}]}, @TIPC_NLA_SOCK={0x14, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_BEARER={0x24, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}]}, @TIPC_NLA_NODE={0x34, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2800000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x101}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}]}, @TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xa65}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x411}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1f}]}]}, 0x24c}, 0x1, 0x0, 0x0, 0x40000}, 0x4004000) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0)={'syz', 0x1}, &(0x7f0000000300)="320210c19fe5195d49a4a21aef5f5c9bef6a543f2d85f36b38609908456a24a4c7bccd7e7f663bcbdc5df2eecf9f462c938928d6e88d331765b383087ad48f7d3ac61f0d444ae4abd0ae495d6d1daf814865e2f31e37e6f5d155f8115b3b43443852dc4847f34fb66cb63fd44a1df0cc0f052c26d557d8825fefb28cb98e4c670f0833bc8d92e31b9a46a460258416a67795c724c5178b63aaedce37c9714e7720cdad5cfaf54b94c70ff79e36884fd545c4453ad4ed976a51f3a18876dbaaf17b014d13095dd1c5f6f9afd86d04dd543df44ebbe371ddae979e538c8ef784d0c853006ed95f1537dd463c71d968e6aba516f28f10b6dfe45eccb5ee00230a05275f86b651b7f01f8031bb2118781cf08b9a1609624b5b1f6217a1abe4b718751d67d16d3318e871513c41a1babfeeec052f4d8c2c21d6d23df76f3d564b62ed08c011f835be6776f68e8bca4f12721d4981df2111112cd1b671abce9697abd0504ddfea0d1e3e8d6c4d54078b7b556999cf7993fd10a96a1e6528b16df5044dee76f03f41b2b809822f9e749fff20d42c171fa671d34342b6d02f46eede4682be45a8612430e415ae65267c6f1eefdf26342b9e6787b3ad963328a1b1b7a9ce8a7aa479873dfd32980c4f288a50e06cf071b3ebe9be365d0b904ef00f57599c5be7d486d85a2d36e9d54cab4f68ac114841885a901813b876b8222183c999e54ae551d0334851d1fbdcaee9d92fa42e7533c9ed49f6db75cd4f5b0dcdf8cf0f837d380110728eacdada6e72c683ec0510c678f7bde4ef747ed04dce2f0dc5d8ecce586d6f64b953b7a2d31fa8026a4486f0deeab5ce9ce411bd2aacda63eaa4205a427f072b6e7576598c9a2df3339a3aa48d0c70008a77ed06559a71b01f1d26674ef9f938db85c81053f751b32298d7164dd8cd74ca1ebc053818482e7d5a9b4c2563f0557e14f0002e9d639e5f8fe7a038c7990a26b66ba77781b8b2622731037d7391b63e2064d50872bfa183b9d3b6a07ad15fbf5c214a9908b6d7b8f074242d417eccdad1a3aff0737426fed131220b9a9d64bed724b80c161c9edfcddff69d824fdbacdac76d5758aad39fdea98f2026becab3a2c49c6425c48321202fc247d24b1abcd26e7d28c812aa4d0c04d2381c72ed21254a2d66fd6a4b54b55910345257d21ccdbabb42263716b96befde5d69234f4818206d90d342b20791a40da730a2a6ed1d16cddf4324f654763e3763a4ca634ad18c17047151466851020c12c0245871dbb32fa71059609c254d74f37a1bd00b197c374eaa42b3a12a58e80e829734ebc0ac48d0872abb4bc7db7b6d36751c2634859ccec4350f6eafdcc78b45e6d7979303c0ae02fc0e1cfcf7ab967a833a215d858c877568c4ee7130c4f6e22c8a69418bc0bf3808d6abe40794ca9e14c10f91a1d2f5de52bba9bc16da842fcb82796c3d4a357c340b7d06010b9404090389420def0e080f54a129584e09a763bbfd4baf14c4ef75a5ef1191e3ae30918178c762bd6d371f6b47a8f3d95811779f240bfa97d8b565175d9cf6e16bc56a6a8b9385dcdcc5f0d0fc045141af90b1752144f5ce566903e7e17dc46efaf0267d1bbb6c71daac3bf305d8f477387417580f25acfb89caf43e4b78177a03d0a514cdf0ac00fdd71d1f3888f3a5e163ded523c3bb4f57f6acacf8281a37d3c4513419fd7ed7f4aaeb15606c221efa7562e3929c8e1236fcb768aaa85469d3fb46704f8599595a20b21c2b426345a590b35fc0e96ed983d8298a5cc5877d9cc357f7a82647c3d80766853146302df8bbf493d60091cf70597cb14a915d4fa11d39f138e414b4cced2f9733ae097e7e26bb4823ed181562ceaa920e75dff9c8da0723171f95481d7bc62d956435bf252cfd6c531b765230e25e1d3d78cbfe73f675357649c307adf55345e43c939464baa117445200dc35879990aea69371676d5a6518e6e15af41aed2407113f0b40460be34f8938953aec5789000aab2d94aa62387e5a5212f8f41549f4a5894bcd5aa3c2e187abee2735edd78a2867510e05b327ed43304b2399a9b43e9c35c268756a3f522fca5d1a19a0408c9ea386c2c5d9adb51fb49283884220b9acb56629f854b74b02b44069b4804f4279b757bfc060be783d21bc83c68ccbb5b5ae960034f842b7556e174b03c3b14d0cc19e646dd81bc75c9c6094a568eb602658e89588f5d1843ba5c2b7c9fb4b932b5a9ff90160dda5a979a08bca9298033e39d6dbf5657065a3df5480255272119df9005e39ee0cfdf4ee6c30829d07da53534f2e3e78efa2b494f883e201d14be54827996dbd2a5a52420fe444dc3ab907f49d18cb2858b0c7fba64969c0dd3699f5ee3bd2c783aab146a6cc59589e31f3e3043e0b49874378f12bc85e0b73e6eb87f41137c42e55666488b41805eadbdb6917e1c07ad56ce31286b526818a31020b30b28ef285fabfa1a50a560da6188016dbfbd91ee8d2611a3e5d78c78e99d127b837cf0c21a8f803b21886d4b9d8351e98bb9e968382348d78b2307385f3cfed825b51681140362c63c13619231e6f2abb13c6516ab8566ed35c4c0e1294b48f2be4dbf844561d94ffe26ae6278ef770ff2fac6120c61382fd79b555ef5e8bbcd69932ed0d97ad66b75ce6ab83b842caf1bb52ccc40d8fc45ec5ad34e79838a2f56d6830b0d4b66860e6b27935805464c64d55b5e1177268a5dd8fd7eab09900bd781fee4077460f1821109756426b581a1a393e1a9e210377892b779617fcf256fab441c0d007809f201ca3efaf797febafb24f098056439a104da8b4906e4dd1843c2592bb4d3d06a1a34a899c710d4c76bd72420f3354db9261df0db0c3adaa865d129c432573133272c1bb34221df412da91eda953e62be7065d5fe140872d9d6ec583c6b27fb0125ce4b121289255f8c590ba400b94477c6276a5c2c1f6ed81ed7306896ce8f25c9f6dc8be491bb924389344470a5efdb463b928a1454f2fc08f6bd95ee7cf05c305800aa50d22bc0a9275a56205c4b1bb2098f88f7ae02e5f936e9420aaef59042e98940df021387d6239b5ec7979202ae2fe0d60daf45ec8ae325b8a9113f3707027db28e970dbb3dd9054e3569b8f3d7482a9f33b6cb65308453c0f8c8d34fa263252e96b4c219572a4e47464ff048121edeed5f7a119586ddca95bc36628deec8862bb850c659cad95d659b6f3876f61818023915f491e3e411cf355d92135ebff110093c7ecb6cfe4551434503c713de5a8a6bb172e2bd708e7540edc9a44ecf0393a4b5768ee17433166d83835d693e716b42d5944e4eb4b8b79e1b19e9e89088f25d99df1c79fd54667a4aa456a232e0699e501528830593b3c4bbc7684881d915dbfde0ace5713ed0deb608235368a73da92907d0e72a3b5db8f6986e8d443b668ba36f4f5b0fd26ea8f7d4ca612412d499d1c051375a790d380795c8a100a8d05d0da240a29cff86e0c8e8ca9c55f8666e4c00a0da0ea28014a0ef876e9f73bebbe2d270920cd53cbd4eb53e22e0eca8a8c60b989c523799addc5e6b6fb566d433abeef6e0e4ef41cc36844b7b5d638fcbb4284858bee0c1c69ce159707b7c3ec7bab79825d59df3df7cd634cad81170df3eac1a0f890b55c95d47159142d952126a6c6e07ae0883e98a8ece8eda180a8881cdca513aaff7fa4dedad9201d8388c279d002562d5abecebd43007e96b952d384234ed93b186bdbb7ddb82cdf6229b6d9142c1a1e038f2376a37de2e7ffd2e4ed7b7994dad9a08d9b72de1ae8ac9c6ce888429f2de4c170d7e5e95f7905785fa7b7e169b68793d381daeb13daff766556403da7baef9a317e2ec04338abd354009bb476032de03d1252912acf059488a1ca9c83454d2dc6fcc9180ee287b6cced8cba77b5edfdbb2eef817bc31cbbabc4de1cc37a0ff314fdf0c8b508b6483898879da069d9852fb7d8b4df91ff226c97f56116dfd163b7f90c891ab0abff5832ff82c89a696ccb2cc7897e006b825a14803445dc051a5c9956924603028dc240ff33bd233c4ca4c087d8714f5c06b4edb88a3aea04b6722b4e3c5aa14015e70b980f437221af98eff22f008f974d1abf3af3332f504dbc18281a9ed4861d41e505eb350173116bbdbb906d1b224a294ddb93bcc641b2d9c37106c6319cd9f6b1cc738d2aa7c6720e756ff1ee9fde15506f56b7af1e2b3e18ecfd1a1974e577b8df7197e3f63a57a802b7ddd5966bb15ecef2c764111940c048881c9eaa972406af3d3f3920dc974ce49e5bc54a42ecc1e23cb89ea07d7b07d402c2a80dbad7b1d854c3534d906c708700d2420d87235ca3b16d99d8e613bb619d1466f7e4e376a5954c3ee01c71af6ff581559c6a2c7f3b204f1c663e581e0ff698498af7e3139e4558be77e2e0425051e9b4463c4cb2ae0d82b140ffb4e8783dafaa4c18483973447847066d8587c255f41e8dbcc0618ef66823b0197dfb3ba0b0179d8b37dc603284e98ce5222d713d4734f6acc407c580ccbd400cb957a6a832eec3aa6706f3ef3dbc45e691b39c922349b95e53c6b423a0e8e97583b60ef406ab407362399f4892d01afae21bd018dd7c432bbf8be5f9909a7219b1fb25e59fdca77b582cd762cda1049fb4b29f6371c93a167fac484e6b24fa90b37c354418613daaeaa4a34bf33f3173fe55f3e7ddc21e721018ee7f0eb3ee7f0e9b30cb397e156287be1019b49b7a16f8654d8b6d19fa8086ae1228da996ca6183bc77ed7080b6857b93ab3d53d19216c48a08bb9b50436bcc13061c067b18bdfd00b055a9ffd7ed5d34f4f775b366fb78c9d57ceafcdb8af3e9a8a234aaabe669111dc069f1ee6eec0e45790d2907b464485baa01b99f89fb811a60e8904e87e78bfb8404ac1b9edc33b83a40809e4cc403017f78ff4789820902ed94172b711e0eff734645ea16aebd5f895c197826476e60f849df85b329d2dd378e21ed7120b356fed639a8410c5771afb04acddd76c8c9301c226d1c934c094280f53dd6326b865950da331c84c1fd67912ea6d9f29eb2732b74053fa59fb5afb126b6f8ceb530e0152a8962aef89866205ee462811520ea0cfe9c7c056b1d77dc6b4bad641ee6a2918b11e8735ec5261fb7603f3fdd92344224af8293af5f35275bb9529414a6333c66fdbe79516f4b50ef81efc67d1de48682720db7884bde94f424a2a192ab2bec694b02f54d3e7c803661c6dd6879232a20a4a662ae03473f710e89a553a1e032b137d0c3efd6964866be42bcfc9a96c87860e6b9cd1bd34e408becd457edfc144a73db10c640875e0aff83fd435e316c2201f02f8e13e1c46db157ea01696262229303793d0b2bc04c7400484497da3e4105e8bd64543d73b1066357d14be81c46d8dd7bd23fd516ef5e490ffb9dcaf4e6cf6f77c6fc0be62886d24ae1ef1d2732ba38d99a28d2b160c4d8b5d03308a447d68220fe91921d51e9f414ef6f2ea484b41f398b97f798166686d75a46033642f31cbd08457765b8c2a802941f18581cc359dcd86e93383e9b9eb1d282826523980f3d61425a7a38e06ba2d320a5c5dcaaedfeb91395863653ab077a598ccb8461a5e427dae8135aa7f5735545f9a3e0a6104a1deb5718c197d313ae0f4d30761cf3f3c9fbed116114bb536d4244869065be1bbeb49196b53c04b6a9d4c8f8efc577b4c9687531f9e168a50b13c8334a80fdfe64f7210acc22159045ab6b2c01ac9e84839df3bc0ec46b8c43c89c7659dfd22c659e94be11fdda765950c4d763d05ad", 0x1000, 0xfffffffffffffff8) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000001840)={{{@in6=@loopback, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @multicast1}}, 0x0, @in6=@empty}}, &(0x7f0000001400)=0xfffffff0) r8 = getegid() keyctl$chown(0x4, r6, r7, r8) ioctl$KVM_GET_MSR_INDEX_LIST(r0, 0xc004ae02, &(0x7f0000001300)={0x3, [0x0, 0x0, 0x0]}) r9 = syz_open_dev$dspn(&(0x7f00000001c0)='/dev/dsp#\x00', 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r9, 0x89e2, &(0x7f0000000200)={r2}) r11 = open(&(0x7f00000000c0)='./file0\x00', 0x20000, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r10, 0x84, 0x6e, &(0x7f00000014c0)=[@in6={0xa, 0x4e22, 0x7, @mcast1, 0x9}, @in6={0xa, 0x4e24, 0x318f61b1, @remote, 0x36c}], 0xfffffffffffffe6f) r12 = msgget$private(0x0, 0x768) msgrcv(r12, &(0x7f0000000240)={0x0, ""/6}, 0xe, 0x0, 0x3800) ioctl$sock_inet_tcp_SIOCOUTQNSD(r11, 0x894b, &(0x7f0000000100)) syz_open_dev$sndpcmc(&(0x7f0000001800)='/dev/snd/pcmC#D#c\x00', 0x7fff, 0x841) ioctl$KVM_ENABLE_CAP_CPU(r5, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:14 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000026310400000000080"], 0x0, 0x0, 0x0}) 14:21:14 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000000)=0x0) sched_getaffinity(r1, 0x8, &(0x7f0000000040)) 14:21:14 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4504000000000000, 0x0) [ 1201.585204][ T4266] binder: 4263:4266 unknown command 1074815746 [ 1201.619412][ T4266] binder: 4263:4266 ioctl c0306201 20000680 returned -22 14:21:14 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfu\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:14 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700)=0x7f, 0x12) [ 1201.647063][ T4269] FAULT_INJECTION: forcing a failure. [ 1201.647063][ T4269] name failslab, interval 1, probability 0, space 0, times 0 [ 1201.702224][ T4269] CPU: 0 PID: 4269 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1201.710960][ T4269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1201.721544][ T4269] Call Trace: [ 1201.721569][ T4269] dump_stack+0x172/0x1f0 [ 1201.721591][ T4269] should_fail.cold+0xa/0x15 [ 1201.735016][ T4269] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1201.741961][ T4269] ? ___might_sleep+0x163/0x280 [ 1201.741980][ T4269] __should_failslab+0x121/0x190 [ 1201.741994][ T4269] should_failslab+0x9/0x14 [ 1201.742008][ T4269] kmem_cache_alloc+0x2b2/0x6f0 [ 1201.742028][ T4269] ? smack_inode_rename+0x2d0/0x2d0 [ 1201.771154][ T4269] getname_flags+0xd6/0x5b0 [ 1201.775662][ T4269] do_mkdirat+0xa0/0x2a0 [ 1201.780076][ T4269] ? __ia32_sys_mknod+0xb0/0xb0 [ 1201.785206][ T4269] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1201.793281][ T4269] ? do_syscall_64+0x26/0x610 [ 1201.798290][ T4269] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1201.807391][ T4269] ? do_syscall_64+0x26/0x610 [ 1201.812056][ T4269] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1201.817788][ T4269] __x64_sys_mkdir+0x5c/0x80 [ 1201.822547][ T4269] do_syscall_64+0x103/0x610 [ 1201.827126][ T4269] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1201.834585][ T4269] RIP: 0033:0x458047 [ 1201.838486][ T4269] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1201.860802][ T4269] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1201.869208][ T4269] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458047 [ 1201.877162][ T4269] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1201.885113][ T4269] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1201.893068][ T4269] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1201.901023][ T4269] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:21:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000036310400000000080"], 0x0, 0x0, 0x0}) 14:21:15 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4604000000000000, 0x0) 14:21:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f00000000c0)={0x45e2ef8, 0x7ff, 0x4, 0x6, 0x256}, 0x14) r4 = creat(&(0x7f0000000100)='./file0\x00', 0x1) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000340)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000200)={{0x0, 0x7, 0x7, 0x8001, 'syz1\x00', 0x8000}, 0x6, 0x27c, 0x5, r5, 0x3, 0x7, 'syz0\x00', &(0x7f00000001c0)=['/dev/kvm\x00', 'keyringem1.vboxnet1vboxnet0\x00', '\x00'], 0x26, [], [0x560071ea, 0xbf0, 0x81, 0x6]}) 14:21:15 executing program 3 (fault-call:0 fault-nth:24): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1202.092768][ T4387] binder: 4382:4387 unknown command 1074815747 [ 1202.102169][ T4387] binder: 4382:4387 ioctl c0306201 20000680 returned -22 14:21:15 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000000)=[r0], 0x1) 14:21:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000046310400000000080"], 0x0, 0x0, 0x0}) [ 1202.170161][ T4405] kvm [4384]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1202.195785][ T4476] FAULT_INJECTION: forcing a failure. [ 1202.195785][ T4476] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1202.209020][ T4476] CPU: 1 PID: 4476 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1202.216918][ T4476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1202.226970][ T4476] Call Trace: [ 1202.226995][ T4476] dump_stack+0x172/0x1f0 [ 1202.227017][ T4476] should_fail.cold+0xa/0x15 [ 1202.234608][ T4476] ? lo_ioctl+0xcf/0x2150 [ 1202.234631][ T4476] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1202.234650][ T4476] ? __lock_acquire+0x548/0x3fb0 [ 1202.234666][ T4476] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1202.234686][ T4476] should_fail_alloc_page+0x50/0x60 14:21:15 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfx\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1202.234700][ T4476] __alloc_pages_nodemask+0x1a1/0x7e0 [ 1202.234721][ T4476] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 1202.234735][ T4476] ? find_held_lock+0x35/0x130 [ 1202.234754][ T4476] ? __fget+0x35a/0x550 [ 1202.234772][ T4476] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1202.292519][ T4476] cache_grow_begin+0x9c/0x860 [ 1202.297298][ T4476] ? getname_flags+0xd6/0x5b0 [ 1202.301991][ T4476] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1202.308250][ T4476] kmem_cache_alloc+0x62d/0x6f0 [ 1202.313209][ T4476] ? smack_inode_rename+0x2d0/0x2d0 [ 1202.318440][ T4476] getname_flags+0xd6/0x5b0 [ 1202.322972][ T4476] do_mkdirat+0xa0/0x2a0 [ 1202.327221][ T4476] ? __ia32_sys_mknod+0xb0/0xb0 [ 1202.332071][ T4476] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1202.337531][ T4476] ? do_syscall_64+0x26/0x610 [ 1202.342210][ T4476] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1202.348287][ T4476] ? do_syscall_64+0x26/0x610 [ 1202.353142][ T4476] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1202.358438][ T4476] __x64_sys_mkdir+0x5c/0x80 [ 1202.363036][ T4476] do_syscall_64+0x103/0x610 [ 1202.367631][ T4476] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1202.373521][ T4476] RIP: 0033:0x458047 [ 1202.377414][ T4476] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1202.397204][ T4476] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1202.405639][ T4476] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458047 [ 1202.413608][ T4476] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1202.421578][ T4476] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1202.429550][ T4476] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1202.437521][ T4476] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:21:15 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4704000000000000, 0x0) [ 1202.487003][ T4476] hfs: can't find a HFS filesystem on dev loop3 14:21:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) fsetxattr$security_evm(r2, &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000100)=@sha1={0x1, "23bb8df769cd2877cbe87d0e70a8608bebd7829e"}, 0x15, 0x3) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:15 executing program 3 (fault-call:0 fault-nth:25): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1202.535388][ T4597] binder: 4593:4597 unknown command 1074815748 [ 1202.545992][ T4597] binder: 4593:4597 ioctl c0306201 20000680 returned -22 14:21:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000056310400000000080"], 0x0, 0x0, 0x0}) [ 1202.617806][ T4703] kvm [4664]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:15 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000000)=0xffff, 0xfffffffffffffe35) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000080)=0x0) process_vm_readv(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)=""/57, 0x39}, {&(0x7f0000000100)=""/237, 0xed}], 0x2, &(0x7f0000000600)=[{&(0x7f0000000240)=""/231, 0xe7}, {&(0x7f0000000340)=""/60, 0x3c}, {&(0x7f0000000380)=""/102, 0x66}, {&(0x7f0000000400)=""/128, 0x80}, {&(0x7f0000000480)=""/219, 0xdb}, {&(0x7f0000000580)=""/82, 0x52}], 0x6, 0x0) ioctl$VIDIOC_G_STD(r0, 0x80085617, &(0x7f0000000040)) 14:21:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = syz_open_dev$vcsa(&(0x7f00000001c0)='/dev/vcsa#\x00', 0x3893badb, 0x101000) ioctl$IMCLEAR_L2(r2, 0x80044946, &(0x7f0000000200)=0xffff) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) r5 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x66c, 0x200) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000100)={0x9e4e, 0x0, 0x10001, 0x100}) ioctl$DRM_IOCTL_SG_ALLOC(r5, 0xc0106438, &(0x7f0000000180)={0x1, r6}) [ 1202.723469][ T4706] FAULT_INJECTION: forcing a failure. [ 1202.723469][ T4706] name failslab, interval 1, probability 0, space 0, times 0 [ 1202.752064][ C1] net_ratelimit: 19 callbacks suppressed [ 1202.752071][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1202.763923][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1202.769844][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1202.775716][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1202.781551][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1202.782273][ T4706] CPU: 0 PID: 4706 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1202.787412][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1202.795143][ T4706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1202.795149][ T4706] Call Trace: [ 1202.795173][ T4706] dump_stack+0x172/0x1f0 [ 1202.795193][ T4706] should_fail.cold+0xa/0x15 [ 1202.823334][ T4706] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1202.829164][ T4706] ? ___might_sleep+0x163/0x280 [ 1202.834036][ T4706] __should_failslab+0x121/0x190 [ 1202.838992][ T4706] should_failslab+0x9/0x14 [ 1202.843511][ T4706] kmem_cache_alloc+0x2b2/0x6f0 [ 1202.848380][ T4706] ? __d_lookup+0x433/0x760 [ 1202.852903][ T4706] ? lookup_dcache+0x23/0x140 [ 1202.857582][ T4706] ? d_lookup+0xf9/0x260 [ 1202.861920][ T4706] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1202.867208][ T4706] __d_alloc+0x2e/0x8c0 [ 1202.871367][ T4706] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1202.877107][ T4706] d_alloc+0x4d/0x2b0 [ 1202.881277][ T4706] __lookup_hash+0xcd/0x190 [ 1202.885793][ T4706] filename_create+0x1a7/0x4f0 [ 1202.890567][ T4706] ? kern_path_mountpoint+0x40/0x40 [ 1202.895774][ T4706] ? strncpy_from_user+0x2a8/0x380 [ 1202.900898][ T4706] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1202.907143][ T4706] ? getname_flags+0x277/0x5b0 [ 1202.911917][ T4706] do_mkdirat+0xb5/0x2a0 [ 1202.916170][ T4706] ? __ia32_sys_mknod+0xb0/0xb0 [ 1202.921025][ T4706] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1202.926492][ T4706] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1202.932565][ T4706] ? do_syscall_64+0x26/0x610 [ 1202.937249][ T4706] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1202.942550][ T4706] __x64_sys_mkdir+0x5c/0x80 [ 1202.947151][ T4706] do_syscall_64+0x103/0x610 [ 1202.951781][ T4706] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1202.957666][ T4706] RIP: 0033:0x458047 [ 1202.961560][ T4706] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1202.982318][ T4706] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1202.990752][ T4706] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458047 [ 1202.998729][ T4706] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1203.006698][ T4706] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1203.014667][ T4706] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 14:21:16 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000066310400000000080"], 0x0, 0x0, 0x0}) [ 1203.022668][ T4706] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:21:16 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x02', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:16 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700)=0x3, 0x12) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0xc04c5349, &(0x7f0000000300)={0x10000, 0x81, 0x3}) ioctl$sock_x25_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={@null=' \x00', 0xc, 'veth1_to_team\x00'}) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000080)=[@window={0x3, 0x3, 0xbc}, @window={0x3, 0x614, 0x800}, @mss={0x2, 0x8}, @timestamp, @mss={0x2, 0x7}, @timestamp], 0x6) getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000200), &(0x7f0000000240)=0x4) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f00000000c0)=0x2) 14:21:16 executing program 3 (fault-call:0 fault-nth:26): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1203.187179][ T4919] binder: 4916:4919 unknown command 1074815750 [ 1203.195906][ T4919] binder: 4916:4919 ioctl c0306201 20000680 returned -22 [ 1203.225181][ T4920] kvm [4918]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:16 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4800000000000000, 0x0) 14:21:16 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000076310400000000080"], 0x0, 0x0, 0x0}) 14:21:16 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x5) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1203.447557][ T5085] FAULT_INJECTION: forcing a failure. [ 1203.447557][ T5085] name failslab, interval 1, probability 0, space 0, times 0 [ 1203.467991][ T5085] CPU: 0 PID: 5085 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1203.475922][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1203.475929][ T5085] Call Trace: [ 1203.475956][ T5085] dump_stack+0x172/0x1f0 [ 1203.475978][ T5085] should_fail.cold+0xa/0x15 [ 1203.475998][ T5085] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1203.476018][ T5085] ? ___might_sleep+0x163/0x280 [ 1203.476038][ T5085] __should_failslab+0x121/0x190 [ 1203.476054][ T5085] should_failslab+0x9/0x14 [ 1203.476077][ T5085] kmem_cache_alloc+0x2b2/0x6f0 [ 1203.518403][ T5085] ? __d_lookup+0x433/0x760 [ 1203.518416][ T5085] ? lookup_dcache+0x23/0x140 [ 1203.518428][ T5085] ? d_lookup+0xf9/0x260 [ 1203.518447][ T5085] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1203.518463][ T5085] __d_alloc+0x2e/0x8c0 [ 1203.518477][ T5085] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1203.518492][ T5085] d_alloc+0x4d/0x2b0 [ 1203.518509][ T5085] __lookup_hash+0xcd/0x190 [ 1203.518527][ T5085] filename_create+0x1a7/0x4f0 [ 1203.518544][ T5085] ? kern_path_mountpoint+0x40/0x40 [ 1203.518558][ T5085] ? strncpy_from_user+0x2a8/0x380 [ 1203.518577][ T5085] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1203.581732][ T5085] ? getname_flags+0x277/0x5b0 [ 1203.586504][ T5085] do_mkdirat+0xb5/0x2a0 [ 1203.590751][ T5085] ? __ia32_sys_mknod+0xb0/0xb0 [ 1203.595601][ T5085] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1203.601063][ T5085] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1203.607130][ T5085] ? do_syscall_64+0x26/0x610 [ 1203.611809][ T5085] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1203.617099][ T5085] __x64_sys_mkdir+0x5c/0x80 [ 1203.621695][ T5085] do_syscall_64+0x103/0x610 [ 1203.626289][ T5085] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1203.632183][ T5085] RIP: 0033:0x458047 [ 1203.636084][ T5085] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1203.655688][ T5085] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1203.664099][ T5085] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458047 [ 1203.672067][ T5085] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1203.680038][ T5085] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1203.688008][ T5085] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 14:21:16 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x03', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:16 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x402603) write$cgroup_int(r0, &(0x7f0000000700), 0x12) [ 1203.696007][ T5085] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1203.704315][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1203.710142][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1203.712127][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1203.721795][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1203.770531][ T5137] binder: 5135:5137 unknown command 1074815751 [ 1203.778530][ T5137] binder: 5135:5137 ioctl c0306201 20000680 returned -22 14:21:16 executing program 3 (fault-call:0 fault-nth:27): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1203.823930][ T5141] kvm [5134]: vcpu5, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:16 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x3f, 0x0, 0x1, "b4d5422e8a72697917c25820032b90c48d06cc6d7b03c75c60dd9dda8bc4fabf", 0x39555659}) write$cgroup_int(r0, &(0x7f0000000700), 0x12) accept$packet(r0, 0x0, &(0x7f0000000000)=0x44) 14:21:16 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4804000000000000, 0x0) 14:21:16 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000020000086310400000000080"], 0x0, 0x0, 0x0}) [ 1203.947240][ T5253] FAULT_INJECTION: forcing a failure. [ 1203.947240][ T5253] name failslab, interval 1, probability 0, space 0, times 0 [ 1203.987227][ T5253] CPU: 1 PID: 5253 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1203.995180][ T5253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1204.005235][ T5253] Call Trace: [ 1204.008627][ T5253] dump_stack+0x172/0x1f0 [ 1204.014286][ T5253] should_fail.cold+0xa/0x15 [ 1204.018904][ T5253] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1204.024764][ T5253] ? ___might_sleep+0x163/0x280 [ 1204.029634][ T5253] __should_failslab+0x121/0x190 [ 1204.034580][ T5253] should_failslab+0x9/0x14 [ 1204.039087][ T5253] __kmalloc_track_caller+0x2d8/0x740 [ 1204.044467][ T5253] ? lock_downgrade+0x880/0x880 [ 1204.049404][ T5253] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1204.055651][ T5253] ? smack_inode_init_security+0x345/0x660 [ 1204.061474][ T5253] kstrdup+0x3a/0x70 [ 1204.065810][ T5253] smack_inode_init_security+0x345/0x660 [ 1204.071449][ T5253] ? kasan_check_read+0x11/0x20 [ 1204.076320][ T5253] security_inode_init_security+0x1b3/0x3c0 [ 1204.082237][ T5253] ? ext4_init_acl+0x290/0x290 [ 1204.087530][ T5253] ? security_skb_classify_flow+0xc0/0xc0 [ 1204.093251][ T5253] ? posix_acl_create+0x11a/0x430 [ 1204.098284][ T5253] ? lock_downgrade+0x880/0x880 [ 1204.103157][ T5253] ? ext4_set_acl+0x4f0/0x4f0 [ 1204.107834][ T5253] ? _raw_spin_unlock+0x2d/0x50 [ 1204.112695][ T5253] ext4_init_security+0x34/0x40 [ 1204.117554][ T5253] __ext4_new_inode+0x44b7/0x5450 [ 1204.122595][ T5253] ? ext4_free_inode+0x1450/0x1450 [ 1204.127714][ T5253] ? dqget+0x10d0/0x10d0 [ 1204.131962][ T5253] ? smack_inode_permission+0x1f8/0x370 [ 1204.139042][ T5253] ext4_mkdir+0x3d5/0xdf0 [ 1204.143390][ T5253] ? ext4_init_dot_dotdot+0x520/0x520 [ 1204.148767][ T5253] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1204.155010][ T5253] ? security_inode_permission+0xd5/0x110 [ 1204.160736][ T5253] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1204.166982][ T5253] ? security_inode_mkdir+0xee/0x120 [ 1204.172274][ T5253] vfs_mkdir+0x433/0x690 [ 1204.176536][ T5253] do_mkdirat+0x234/0x2a0 [ 1204.180867][ T5253] ? __ia32_sys_mknod+0xb0/0xb0 [ 1204.185717][ T5253] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1204.191179][ T5253] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1204.197247][ T5253] ? do_syscall_64+0x26/0x610 [ 1204.201948][ T5253] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1204.207235][ T5253] __x64_sys_mkdir+0x5c/0x80 [ 1204.211836][ T5253] do_syscall_64+0x103/0x610 [ 1204.216441][ T5253] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1204.222332][ T5253] RIP: 0033:0x458047 [ 1204.226224][ T5253] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 14:21:17 executing program 4: r0 = syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0xfffffffffffffffe, 0x400000) ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000700)={0x17, 0x74, &(0x7f0000000680)="4c6b2dab1583e3e44a07a7a933ab829cee5938bc935f22befb2482ca2e711267ad3051ba83f7b05cf86ab3360c67667ae1efead6ff6f2ad1d4b87344242b1ac20e9a66fccebe1fb69d2e0068ca9f463f2ee607fbfdafd40bcd3b855782a7d7f83757947b8e72d94b78431c0936997d454346abb0"}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) recvmmsg(r1, &(0x7f0000000580)=[{{&(0x7f00000000c0)=@ipx, 0x80, &(0x7f0000000340)=[{&(0x7f0000000180)=""/23, 0x17}, {&(0x7f00000001c0)=""/101, 0x65}, {&(0x7f0000000240)=""/193, 0xc1}], 0x3, &(0x7f0000000380)}, 0x32}, {{&(0x7f00000003c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000440)=""/125, 0x7d}], 0x1, &(0x7f0000000500)=""/114, 0x72}, 0x100000000}], 0x2, 0x40, &(0x7f0000000600)={0x0, 0x989680}) setsockopt$inet_tcp_int(r5, 0x6, 0x7, &(0x7f0000000640)=0x9376, 0x4) [ 1204.245830][ T5253] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1204.254250][ T5253] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458047 [ 1204.262237][ T5253] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1204.270212][ T5253] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1204.278179][ T5253] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1204.286155][ T5253] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:21:17 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x04', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1204.316023][ T5355] binder: 5353:5355 IncRefs 0 refcount change on invalid ref 512 ret -22 [ 1204.325424][ T5355] binder: 5353:5355 BC_INCREFS_DONE u0000008000000000 no match 14:21:17 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000000)=0xffffffff, 0x12) write$cgroup_int(r0, &(0x7f0000000700), 0x12) 14:21:17 executing program 3 (fault-call:0 fault-nth:28): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:17 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000030000086310400000000080"], 0x0, 0x0, 0x0}) [ 1204.444315][ T5426] kvm [5419]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:17 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4904000000000000, 0x0) 14:21:17 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x800, 0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000180)={{{@in=@initdev, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@remote}}, &(0x7f0000000100)=0x43a) ioctl$TUNSETIFINDEX(r4, 0x400454da, &(0x7f0000000280)=r5) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1204.539041][ T5468] FAULT_INJECTION: forcing a failure. [ 1204.539041][ T5468] name failslab, interval 1, probability 0, space 0, times 0 [ 1204.582407][ T5472] binder: 5470:5472 IncRefs 0 refcount change on invalid ref 768 ret -22 [ 1204.593068][ T5468] CPU: 1 PID: 5468 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1204.600996][ T5468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1204.611057][ T5468] Call Trace: [ 1204.614367][ T5468] dump_stack+0x172/0x1f0 [ 1204.618804][ T5468] should_fail.cold+0xa/0x15 [ 1204.623419][ T5468] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1204.629238][ T5468] ? ___might_sleep+0x163/0x280 [ 1204.634136][ T5468] __should_failslab+0x121/0x190 [ 1204.639095][ T5468] should_failslab+0x9/0x14 [ 1204.643599][ T5468] kmem_cache_alloc+0x2b2/0x6f0 [ 1204.648452][ T5468] ? __put_user_ns+0x70/0x70 [ 1204.653043][ T5468] ? rcu_read_lock_sched_held+0x110/0x130 [ 1204.658770][ T5468] security_inode_alloc+0x39/0x160 [ 1204.663889][ T5468] inode_init_always+0x56e/0xb50 [ 1204.668833][ T5468] alloc_inode+0x83/0x190 [ 1204.673163][ T5468] new_inode_pseudo+0x19/0xf0 [ 1204.677841][ T5468] new_inode+0x1f/0x40 [ 1204.681913][ T5468] __ext4_new_inode+0x37e/0x5450 [ 1204.686861][ T5468] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1204.693104][ T5468] ? smack_log+0x415/0x540 [ 1204.697533][ T5468] ? ext4_free_inode+0x1450/0x1450 [ 1204.702655][ T5468] ? dqget+0x10d0/0x10d0 [ 1204.706913][ T5468] ? smack_inode_permission+0x1f8/0x370 [ 1204.712466][ T5468] ext4_mkdir+0x3d5/0xdf0 [ 1204.716813][ T5468] ? ext4_init_dot_dotdot+0x520/0x520 [ 1204.722184][ T5468] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1204.728429][ T5468] ? security_inode_permission+0xd5/0x110 [ 1204.734148][ T5468] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1204.740413][ T5468] ? security_inode_mkdir+0xee/0x120 [ 1204.745707][ T5468] vfs_mkdir+0x433/0x690 [ 1204.749955][ T5468] do_mkdirat+0x234/0x2a0 [ 1204.754297][ T5468] ? __ia32_sys_mknod+0xb0/0xb0 [ 1204.759146][ T5468] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1204.764608][ T5468] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1204.770676][ T5468] ? do_syscall_64+0x26/0x610 [ 1204.775365][ T5468] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1204.780656][ T5468] __x64_sys_mkdir+0x5c/0x80 [ 1204.785270][ T5468] do_syscall_64+0x103/0x610 [ 1204.789867][ T5468] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1204.795767][ T5468] RIP: 0033:0x458047 [ 1204.799667][ T5468] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1204.819314][ T5468] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1204.827757][ T5468] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458047 [ 1204.835732][ T5468] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1204.843724][ T5468] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1204.851694][ T5468] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1204.859670][ T5468] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1204.872439][ T5472] binder: 5470:5472 BC_INCREFS_DONE u0000008000000000 no match 14:21:17 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700)=0x3, 0x12) openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x1, 0x0) 14:21:18 executing program 3 (fault-call:0 fault-nth:29): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:18 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0a0000123c123f3107a4d0") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = accept4(r0, 0x0, &(0x7f0000000000), 0x80800) pipe2(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ioctl$BLKROTATIONAL(r5, 0x127e, &(0x7f0000000480)) r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/self/net/pfkey\x00', 0x4000, 0x0) ioctl$TIOCGETD(r6, 0x5424, &(0x7f0000000400)) sendmsg$alg(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000100)="01877097e031513552d72c6187a146f65d2806c81c5a", 0x16}, {&(0x7f0000000180)="2eafa735844de8a252124313a126886a9b75", 0x12}, {&(0x7f00000001c0)="1ab14bf28e244f9d8452db15148ef874003b8ef9423ad983e40b3f677f42880682072782c528e14b8d44c183ab34dad2052673c991d830a4489372b993a3c55d56b46b99b93781302debc5562d39ce0132c69124caca9e6086f5d51d587d5cbe5a26a4e280e6f4fad3d51b71c9da704b092460043dccfcd520593acfd9aac92737fd6e03a1f0c4e4fce001fef91b3ba1206e0597dd240f7cc2338a60b70f121f7f6d21adec4212773fac07284540125fb58caf80c40a7eea405439d3972e2f3ab4b68876c4ab410a6843f5ba9914c17edfbcb56e9c25ba4b2b1b46c8b862", 0xde}, {&(0x7f00000002c0)="8f93cecc5b", 0x5}], 0x4, &(0x7f0000000340)=[@assoc={0x18, 0x117, 0x4, 0x2}], 0x18, 0x10}, 0x4801) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0x7, 0x1b], [0xc1]}) 14:21:18 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000040000086310400000000080"], 0x0, 0x0, 0x0}) 14:21:18 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4a04000000000000, 0x0) 14:21:18 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x05', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1205.109811][ T5586] FAULT_INJECTION: forcing a failure. [ 1205.109811][ T5586] name failslab, interval 1, probability 0, space 0, times 0 [ 1205.143683][ T5586] CPU: 0 PID: 5586 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1205.151631][ T5586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1205.161955][ T5586] Call Trace: [ 1205.165252][ T5586] dump_stack+0x172/0x1f0 [ 1205.169569][ T5586] should_fail.cold+0xa/0x15 [ 1205.174254][ T5586] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1205.180049][ T5586] ? ___might_sleep+0x163/0x280 [ 1205.184905][ T5586] __should_failslab+0x121/0x190 [ 1205.189829][ T5586] should_failslab+0x9/0x14 [ 1205.194316][ T5586] __kmalloc+0x2dc/0x740 [ 1205.198566][ T5586] ? ext4_find_extent+0x76e/0x9d0 [ 1205.203577][ T5586] ext4_find_extent+0x76e/0x9d0 [ 1205.208414][ T5586] ext4_ext_map_blocks+0x1c3/0x5260 [ 1205.213599][ T5586] ? ext4_ext_release+0x10/0x10 [ 1205.218430][ T5586] ? retint_kernel+0x2d/0x2d [ 1205.223023][ T5586] ? lock_acquire+0x1ea/0x3f0 [ 1205.227706][ T5586] ext4_map_blocks+0xec7/0x18e0 [ 1205.232547][ T5586] ? ext4_issue_zeroout+0x190/0x190 [ 1205.237731][ T5586] ? kasan_check_write+0x14/0x20 [ 1205.242647][ T5586] ? __brelse+0x95/0xb0 [ 1205.247048][ T5586] ext4_getblk+0xc4/0x510 [ 1205.251362][ T5586] ? ext4_iomap_begin+0xfe0/0xfe0 [ 1205.256372][ T5586] ? ext4_free_inode+0x1450/0x1450 [ 1205.261491][ T5586] ext4_bread+0x8f/0x230 [ 1205.265719][ T5586] ? ext4_getblk+0x510/0x510 [ 1205.270299][ T5586] ext4_append+0x155/0x370 [ 1205.274705][ T5586] ext4_mkdir+0x61b/0xdf0 [ 1205.279027][ T5586] ? ext4_init_dot_dotdot+0x520/0x520 [ 1205.284384][ T5586] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1205.290618][ T5586] ? security_inode_permission+0xd5/0x110 [ 1205.296346][ T5586] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1205.302569][ T5586] ? security_inode_mkdir+0xee/0x120 [ 1205.308012][ T5586] vfs_mkdir+0x433/0x690 [ 1205.312242][ T5586] do_mkdirat+0x234/0x2a0 [ 1205.317260][ T5586] ? __ia32_sys_mknod+0xb0/0xb0 [ 1205.322180][ T5586] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1205.327648][ T5586] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1205.333697][ T5586] ? do_syscall_64+0x26/0x610 [ 1205.338360][ T5586] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1205.343630][ T5586] __x64_sys_mkdir+0x5c/0x80 [ 1205.348211][ T5586] do_syscall_64+0x103/0x610 [ 1205.352787][ T5586] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1205.358681][ T5586] RIP: 0033:0x458047 [ 1205.362559][ T5586] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1205.382231][ T5586] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1205.390638][ T5586] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458047 [ 1205.398593][ T5586] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1205.406547][ T5586] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1205.414518][ T5586] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1205.422495][ T5586] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1205.439653][ T5593] binder: 5589:5593 IncRefs 0 refcount change on invalid ref 1024 ret -22 14:21:18 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10) write$cgroup_int(r0, &(0x7f0000000700), 0x12) [ 1205.458962][ T5593] binder: 5589:5593 BC_INCREFS_DONE u0000008000000000 no match [ 1205.488615][ T5586] hfs: can't find a HFS filesystem on dev loop3 14:21:18 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4b04000000000000, 0x0) 14:21:18 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_PPC_GET_SMMU_INFO(r2, 0x8250aea6, &(0x7f0000000180)=""/236) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:18 executing program 3 (fault-call:0 fault-nth:30): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:18 executing program 5: r0 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) 14:21:18 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000050000086310400000000080"], 0x0, 0x0, 0x0}) 14:21:18 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x06', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1205.798548][ T5812] binder: 5810:5812 IncRefs 0 refcount change on invalid ref 1280 ret -22 [ 1205.822326][ T5812] binder: 5810:5812 BC_INCREFS_DONE u0000008000000000 no match 14:21:18 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4c00000000000000, 0x0) 14:21:19 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) r1 = socket$caif_seqpacket(0x25, 0x5, 0x0) write$binfmt_elf64(r1, 0x0, 0x0) write$cgroup_int(r0, &(0x7f0000000700), 0x12) 14:21:19 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x20000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f0000000180)={0x7, 0x0, [{0x40000003, 0x5, 0x100000000, 0x2, 0x4}, {0xc0000000, 0xc1, 0x80, 0x8000, 0x5}, {0x0, 0x7, 0x2, 0x3f, 0x9}, {0xc0000004, 0x0, 0x80000000}, {0x80000019, 0xfffffffffffffffc, 0x66, 0x6, 0x3ff}, {0x80000019, 0x900, 0x7ff, 0x800, 0x64b}, {0xc0000000, 0x4, 0x8, 0x8cfe, 0x7}]}) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:19 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000060000086310400000000080"], 0x0, 0x0, 0x0}) 14:21:19 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\a', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1206.141917][ T6025] FAULT_INJECTION: forcing a failure. [ 1206.141917][ T6025] name failslab, interval 1, probability 0, space 0, times 0 [ 1206.155292][ T6025] CPU: 0 PID: 6025 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1206.163214][ T6025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1206.173297][ T6025] Call Trace: [ 1206.176591][ T6025] dump_stack+0x172/0x1f0 [ 1206.180931][ T6025] should_fail.cold+0xa/0x15 [ 1206.185518][ T6025] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1206.191316][ T6025] ? __es_tree_search.isra.0+0x1bf/0x230 [ 1206.196933][ T6025] __should_failslab+0x121/0x190 [ 1206.201864][ T6025] should_failslab+0x9/0x14 [ 1206.206349][ T6025] kmem_cache_alloc+0x47/0x6f0 [ 1206.211093][ T6025] ? ext4_es_scan+0x730/0x730 [ 1206.215762][ T6025] ? do_raw_write_lock+0x124/0x290 [ 1206.220856][ T6025] __es_insert_extent+0x2cc/0xf20 [ 1206.225868][ T6025] ext4_es_insert_extent+0x2b7/0xa40 [ 1206.231146][ T6025] ? ext4_es_scan_clu+0x50/0x50 [ 1206.236161][ T6025] ? rcu_read_lock_sched_held+0x110/0x130 [ 1206.241879][ T6025] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1206.248098][ T6025] ? ext4_es_find_extent_range+0xff/0x600 [ 1206.253897][ T6025] ext4_ext_put_gap_in_cache+0xfe/0x150 [ 1206.259784][ T6025] ? ext4_rereserve_cluster+0x240/0x240 [ 1206.265331][ T6025] ? ext4_find_extent+0x76e/0x9d0 [ 1206.270623][ T6025] ? ext4_find_extent+0x6a6/0x9d0 [ 1206.275637][ T6025] ext4_ext_map_blocks+0x20a8/0x5260 [ 1206.280918][ T6025] ? ext4_ext_release+0x10/0x10 [ 1206.285752][ T6025] ? perf_trace_lock+0x510/0x510 [ 1206.290678][ T6025] ? lock_acquire+0x16f/0x3f0 [ 1206.295335][ T6025] ? ext4_map_blocks+0x3fd/0x18e0 [ 1206.300349][ T6025] ext4_map_blocks+0xec7/0x18e0 [ 1206.305188][ T6025] ? ext4_issue_zeroout+0x190/0x190 [ 1206.310476][ T6025] ? kasan_check_write+0x14/0x20 [ 1206.315396][ T6025] ? __brelse+0x95/0xb0 [ 1206.319538][ T6025] ext4_getblk+0xc4/0x510 [ 1206.323864][ T6025] ? ext4_iomap_begin+0xfe0/0xfe0 [ 1206.328875][ T6025] ? ext4_free_inode+0x1450/0x1450 [ 1206.333970][ T6025] ext4_bread+0x8f/0x230 [ 1206.338301][ T6025] ? ext4_getblk+0x510/0x510 [ 1206.342878][ T6025] ext4_append+0x155/0x370 [ 1206.347278][ T6025] ext4_mkdir+0x61b/0xdf0 [ 1206.351594][ T6025] ? ext4_init_dot_dotdot+0x520/0x520 [ 1206.356953][ T6025] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1206.363177][ T6025] ? security_inode_permission+0xd5/0x110 [ 1206.368896][ T6025] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1206.375126][ T6025] ? security_inode_mkdir+0xee/0x120 [ 1206.380488][ T6025] vfs_mkdir+0x433/0x690 [ 1206.384715][ T6025] do_mkdirat+0x234/0x2a0 [ 1206.389038][ T6025] ? __ia32_sys_mknod+0xb0/0xb0 [ 1206.393884][ T6025] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1206.399423][ T6025] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1206.405475][ T6025] ? do_syscall_64+0x26/0x610 [ 1206.410146][ T6025] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1206.415417][ T6025] __x64_sys_mkdir+0x5c/0x80 [ 1206.420525][ T6025] do_syscall_64+0x103/0x610 [ 1206.425111][ T6025] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1206.430985][ T6025] RIP: 0033:0x458047 [ 1206.434866][ T6025] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1206.454472][ T6025] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1206.462873][ T6025] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458047 [ 1206.471695][ T6025] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1206.479659][ T6025] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1206.487626][ T6025] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1206.495581][ T6025] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1206.523666][ T6046] binder: 6030:6046 IncRefs 0 refcount change on invalid ref 1536 ret -22 14:21:19 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4c04000000000000, 0x0) [ 1206.564769][ T6046] binder: 6030:6046 BC_INCREFS_DONE u0000008000000000 no match 14:21:19 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000040)=ANY=[@ANYBLOB="04000000ffff05000508080047153bd45f3144cb6de421201247141efd75848b9f6c89"], 0xc) 14:21:19 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000070000086310400000000080"], 0x0, 0x0, 0x0}) [ 1206.670594][ T6025] hfs: can't find a HFS filesystem on dev loop3 [ 1206.773590][ T6243] binder: 6242:6243 IncRefs 0 refcount change on invalid ref 1792 ret -22 [ 1206.793194][ T6243] binder: 6242:6243 BC_INCREFS_DONE u0000008000000000 no match 14:21:19 executing program 3 (fault-call:0 fault-nth:31): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:19 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) 14:21:19 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\b', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:19 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) setsockopt$inet6_tcp_int(r0, 0x6, 0x32, &(0x7f0000000000)=0x7, 0x4) 14:21:19 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4d04000000000000, 0x0) 14:21:20 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000480000086310400000000080"], 0x0, 0x0, 0x0}) [ 1206.960841][ T6353] FAULT_INJECTION: forcing a failure. [ 1206.960841][ T6353] name failslab, interval 1, probability 0, space 0, times 0 [ 1207.004551][ T6353] CPU: 1 PID: 6353 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1207.012699][ T6353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1207.022762][ T6353] Call Trace: [ 1207.022790][ T6353] dump_stack+0x172/0x1f0 [ 1207.022814][ T6353] should_fail.cold+0xa/0x15 [ 1207.022832][ T6353] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1207.022853][ T6353] ? ___might_sleep+0x163/0x280 [ 1207.022871][ T6353] __should_failslab+0x121/0x190 [ 1207.022885][ T6353] should_failslab+0x9/0x14 [ 1207.022902][ T6353] kmem_cache_alloc+0x2b2/0x6f0 [ 1207.022924][ T6353] ? rcu_read_lock_sched_held+0x110/0x130 [ 1207.059980][ T6353] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1207.059999][ T6353] ? __mark_inode_dirty+0x241/0x1290 [ 1207.060018][ T6353] ext4_mb_new_blocks+0x5a0/0x3c20 [ 1207.060038][ T6353] ? mark_held_locks+0xa4/0xf0 [ 1207.072003][ T6353] ? ext4_find_extent+0x76e/0x9d0 [ 1207.072033][ T6353] ext4_ext_map_blocks+0x2b8a/0x5260 [ 1207.072070][ T6353] ? ext4_ext_release+0x10/0x10 [ 1207.072084][ T6353] ? perf_trace_lock+0x510/0x510 [ 1207.072125][ T6353] ext4_map_blocks+0x8c5/0x18e0 [ 1207.082481][ T6353] ? ext4_issue_zeroout+0x190/0x190 [ 1207.082508][ T6353] ? kasan_check_write+0x14/0x20 [ 1207.082520][ T6353] ? __brelse+0x95/0xb0 [ 1207.082541][ T6353] ext4_getblk+0xc4/0x510 [ 1207.082558][ T6353] ? ext4_iomap_begin+0xfe0/0xfe0 [ 1207.082578][ T6353] ? ext4_free_inode+0x1450/0x1450 [ 1207.082598][ T6353] ext4_bread+0x8f/0x230 [ 1207.092354][ T6353] ? ext4_getblk+0x510/0x510 [ 1207.092381][ T6353] ext4_append+0x155/0x370 14:21:20 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\t', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1207.092401][ T6353] ext4_mkdir+0x61b/0xdf0 [ 1207.092424][ T6353] ? ext4_init_dot_dotdot+0x520/0x520 [ 1207.092441][ T6353] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1207.092457][ T6353] ? security_inode_permission+0xd5/0x110 [ 1207.092475][ T6353] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1207.182582][ T6353] ? security_inode_mkdir+0xee/0x120 [ 1207.187875][ T6353] vfs_mkdir+0x433/0x690 [ 1207.192143][ T6353] do_mkdirat+0x234/0x2a0 [ 1207.196482][ T6353] ? __ia32_sys_mknod+0xb0/0xb0 [ 1207.201344][ T6353] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1207.206894][ T6353] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1207.212972][ T6353] ? do_syscall_64+0x26/0x610 [ 1207.217661][ T6353] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1207.223211][ T6353] __x64_sys_mkdir+0x5c/0x80 [ 1207.227810][ T6353] do_syscall_64+0x103/0x610 [ 1207.232406][ T6353] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1207.238304][ T6353] RIP: 0033:0x458047 [ 1207.242200][ T6353] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1207.261803][ T6353] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1207.270222][ T6353] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458047 [ 1207.278197][ T6353] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1207.286170][ T6353] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1207.294138][ T6353] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1207.302106][ T6353] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:21:20 executing program 3 (fault-call:0 fault-nth:32): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:20 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x80000000) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x0, 0x200) ioctl$KDMKTONE(r4, 0x4b30, 0x1) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1207.401396][ T6464] binder: 6461:6464 IncRefs 0 refcount change on invalid ref 18432 ret -22 [ 1207.428607][ T6464] binder: 6461:6464 BC_INCREFS_DONE u0000008000000000 no match 14:21:20 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0x7, 0x4d, 0x1}, 0x7) write$cgroup_int(r0, &(0x7f0000000700), 0x12) fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000000)='trusted.overlay.origin\x00', &(0x7f0000000080)='y\x00', 0x2, 0x100000000003) 14:21:20 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440004c0000086310400000000080"], 0x0, 0x0, 0x0}) 14:21:20 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4e04000000000000, 0x0) [ 1207.595322][ T6571] kvm [6569]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1207.606396][ T6577] binder: 6576:6577 IncRefs 0 refcount change on invalid ref 19456 ret -22 [ 1207.621951][ T6577] binder: 6576:6577 BC_INCREFS_DONE u0000008000000000 no match [ 1207.650738][ T6582] FAULT_INJECTION: forcing a failure. [ 1207.650738][ T6582] name failslab, interval 1, probability 0, space 0, times 0 [ 1207.689992][ T6582] CPU: 0 PID: 6582 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1207.697950][ T6582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1207.708032][ T6582] Call Trace: [ 1207.711331][ T6582] dump_stack+0x172/0x1f0 [ 1207.715656][ T6582] should_fail.cold+0xa/0x15 [ 1207.720238][ T6582] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1207.726035][ T6582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1207.732279][ T6582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1207.738503][ T6582] ? debug_smp_processor_id+0x3c/0x280 [ 1207.743950][ T6582] __should_failslab+0x121/0x190 [ 1207.748871][ T6582] should_failslab+0x9/0x14 [ 1207.753361][ T6582] kmem_cache_alloc+0x47/0x6f0 [ 1207.758192][ T6582] ? ___might_sleep+0x163/0x280 [ 1207.763047][ T6582] ? mempool_alloc+0x380/0x380 [ 1207.767790][ T6582] mempool_alloc_slab+0x47/0x60 [ 1207.772622][ T6582] mempool_alloc+0x16b/0x380 [ 1207.777198][ T6582] ? mempool_destroy+0x40/0x40 [ 1207.781947][ T6582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1207.788185][ T6582] ? debug_smp_processor_id+0x3c/0x280 [ 1207.793635][ T6582] bio_alloc_bioset+0x3bf/0x680 [ 1207.798478][ T6582] ? mark_buffer_dirty_inode+0x305/0x410 [ 1207.804112][ T6582] ? bvec_alloc+0x2f0/0x2f0 [ 1207.808603][ T6582] submit_bh_wbc+0x133/0x7f0 [ 1207.813184][ T6582] __sync_dirty_buffer+0x111/0x2e0 [ 1207.818279][ T6582] sync_dirty_buffer+0x1b/0x20 [ 1207.823035][ T6582] __ext4_handle_dirty_metadata+0x237/0x570 [ 1207.828932][ T6582] ext4_getblk+0x32b/0x510 [ 1207.833345][ T6582] ? ext4_iomap_begin+0xfe0/0xfe0 [ 1207.838358][ T6582] ? ext4_free_inode+0x1450/0x1450 [ 1207.843456][ T6582] ext4_bread+0x8f/0x230 [ 1207.847681][ T6582] ? ext4_getblk+0x510/0x510 [ 1207.852273][ T6582] ext4_append+0x155/0x370 [ 1207.856695][ T6582] ext4_mkdir+0x61b/0xdf0 [ 1207.861019][ T6582] ? ext4_init_dot_dotdot+0x520/0x520 [ 1207.866377][ T6582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1207.872611][ T6582] ? security_inode_permission+0xd5/0x110 [ 1207.878322][ T6582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1207.884557][ T6582] ? security_inode_mkdir+0xee/0x120 [ 1207.889836][ T6582] vfs_mkdir+0x433/0x690 [ 1207.894063][ T6582] do_mkdirat+0x234/0x2a0 [ 1207.898374][ T6582] ? __ia32_sys_mknod+0xb0/0xb0 [ 1207.903220][ T6582] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1207.908662][ T6582] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1207.914708][ T6582] ? do_syscall_64+0x26/0x610 [ 1207.919551][ T6582] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1207.924818][ T6582] __x64_sys_mkdir+0x5c/0x80 [ 1207.929404][ T6582] do_syscall_64+0x103/0x610 [ 1207.933978][ T6582] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1207.939945][ T6582] RIP: 0033:0x458047 [ 1207.943829][ T6582] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1207.963413][ T6582] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1207.971947][ T6582] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458047 [ 1207.980012][ T6582] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1207.987992][ T6582] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a 14:21:21 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\n', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1207.995945][ T6582] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1208.003896][ T6582] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1208.012389][ C0] net_ratelimit: 18 callbacks suppressed [ 1208.012397][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1208.022092][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1208.023960][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1208.029661][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1208.041184][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1208.047049][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:21:21 executing program 5: r0 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x1, 0x2) bind$bt_sco(r0, &(0x7f0000000040)={0x1f, {0x9, 0x5, 0x0, 0x100000001, 0x0, 0x5}}, 0x8) ioctl$PPPIOCSMRU(r0, 0x40047452, &(0x7f00000000c0)=0x1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000080)={0x1, r0}) r1 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r1, &(0x7f0000000700), 0x12) 14:21:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000600000086310400000000080"], 0x0, 0x0, 0x0}) 14:21:21 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x4f04000000000000, 0x0) [ 1208.186565][ T6582] hfs: can't find a HFS filesystem on dev loop3 [ 1208.221361][ T6745] binder: 6733:6745 IncRefs 0 refcount change on invalid ref 24576 ret -22 [ 1208.240329][ T6745] binder: 6733:6745 BC_INCREFS_DONE u0000008000000000 no match 14:21:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) creat(&(0x7f00000000c0)='./file0\x00', 0x4) 14:21:21 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\v', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:21 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000001c0)='/dev/input/mice\x00', 0x0, 0x7ff) write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f00000000c0)={0x16, 0x98, 0xfa00, {&(0x7f0000000080)={0xffffffffffffffff}, 0x2, 0xffffffffffffffff, 0x30, 0x0, @ib={0x1b, 0xe7, 0x1, {"9e809254e25212b9ef5c11ddc395f3b0"}, 0x2, 0x80, 0x8}}}, 0xa0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000040), r1}}, 0x18) write$cgroup_int(r0, &(0x7f0000000700), 0x12) ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x1e) ioctl$SIOCX25GDTEFACILITIES(r0, 0x89ea, &(0x7f0000000000)) prctl$PR_GET_FPEMU(0x9, &(0x7f0000000200)) semget$private(0x0, 0x3, 0x120) 14:21:21 executing program 3 (fault-call:0 fault-nth:33): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000680000086310400000000080"], 0x0, 0x0, 0x0}) 14:21:21 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x6000000000000000, 0x0) 14:21:21 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) getsockopt$netrom_NETROM_T2(r0, 0x103, 0x2, &(0x7f0000000000)=0x101, &(0x7f0000000040)=0x4) write$P9_RFLUSH(r0, &(0x7f0000000100)={0x7, 0x6d, 0x1}, 0x7) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/net/pfkey\x00', 0x400400, 0x0) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r0, 0x12, 0x2, &(0x7f00000001c0)=""/159, &(0x7f0000000280)=0x9f) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000300)={0x8001, {{0xa, 0x4e20, 0x7fffffff, @mcast1, 0x6}}, {{0xa, 0x4e20, 0x100000000, @dev={0xfe, 0x80, [], 0xb}, 0x4}}}, 0x108) ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f00000000c0)={r0, 0x0, 0x1000100000000}) setsockopt$bt_hci_HCI_FILTER(r1, 0x0, 0x2, &(0x7f0000000140)={0xfffffffffffffe00, 0x5, 0x7fffffff, 0x1000}, 0x10) ioctl$VIDIOC_ENCODER_CMD(r0, 0xc028564d, &(0x7f0000000180)={0x2, 0x1, [0x5, 0x20, 0x6, 0x3, 0x2, 0x5, 0x1, 0x2]}) [ 1208.584788][ T6902] kvm [6901]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1208.671778][ T6915] FAULT_INJECTION: forcing a failure. [ 1208.671778][ T6915] name failslab, interval 1, probability 0, space 0, times 0 [ 1208.702384][ T6918] binder: 6909:6918 IncRefs 0 refcount change on invalid ref 26624 ret -22 [ 1208.702412][ T6915] CPU: 1 PID: 6915 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1208.718945][ T6915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1208.729009][ T6915] Call Trace: [ 1208.730739][ T6918] binder: 6909:6918 BC_INCREFS_DONE u0000008000000000 no match [ 1208.732304][ T6915] dump_stack+0x172/0x1f0 [ 1208.732327][ T6915] should_fail.cold+0xa/0x15 [ 1208.732345][ T6915] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1208.732363][ T6915] ? ___might_sleep+0x163/0x280 [ 1208.732382][ T6915] __should_failslab+0x121/0x190 [ 1208.732397][ T6915] should_failslab+0x9/0x14 [ 1208.732412][ T6915] __kmalloc+0x2dc/0x740 [ 1208.732429][ T6915] ? mark_held_locks+0xa4/0xf0 [ 1208.732443][ T6915] ? kfree+0x173/0x230 [ 1208.732466][ T6915] ? ext4_find_extent+0x76e/0x9d0 [ 1208.787131][ T6915] ext4_find_extent+0x76e/0x9d0 [ 1208.792006][ T6915] ext4_ext_map_blocks+0x1c3/0x5260 [ 1208.797234][ T6915] ? ext4_ext_release+0x10/0x10 [ 1208.802092][ T6915] ? perf_trace_lock+0x510/0x510 [ 1208.807046][ T6915] ? lock_acquire+0x16f/0x3f0 [ 1208.811744][ T6915] ? ext4_map_blocks+0x85d/0x18e0 [ 1208.816806][ T6915] ext4_map_blocks+0x8c5/0x18e0 [ 1208.821678][ T6915] ? ext4_issue_zeroout+0x190/0x190 [ 1208.826980][ T6915] ? kasan_check_write+0x14/0x20 [ 1208.831934][ T6915] ? __brelse+0x95/0xb0 [ 1208.836099][ T6915] ext4_getblk+0xc4/0x510 [ 1208.840526][ T6915] ? ext4_iomap_begin+0xfe0/0xfe0 [ 1208.845562][ T6915] ? ext4_free_inode+0x1450/0x1450 [ 1208.850699][ T6915] ext4_bread+0x8f/0x230 [ 1208.854972][ T6915] ? ext4_getblk+0x510/0x510 [ 1208.859592][ T6915] ext4_append+0x155/0x370 [ 1208.864035][ T6915] ext4_mkdir+0x61b/0xdf0 14:21:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440006c0000086310400000000080"], 0x0, 0x0, 0x0}) [ 1208.868381][ T6915] ? ext4_init_dot_dotdot+0x520/0x520 [ 1208.873969][ T6915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1208.880227][ T6915] ? security_inode_permission+0xd5/0x110 [ 1208.885971][ T6915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1208.892217][ T6915] ? security_inode_mkdir+0xee/0x120 [ 1208.892235][ T6915] vfs_mkdir+0x433/0x690 [ 1208.892254][ T6915] do_mkdirat+0x234/0x2a0 [ 1208.892271][ T6915] ? __ia32_sys_mknod+0xb0/0xb0 [ 1208.892286][ T6915] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1208.892301][ T6915] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1208.892321][ T6915] ? do_syscall_64+0x26/0x610 [ 1208.901822][ T6915] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1208.901844][ T6915] __x64_sys_mkdir+0x5c/0x80 [ 1208.901863][ T6915] do_syscall_64+0x103/0x610 [ 1208.901884][ T6915] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1208.901901][ T6915] RIP: 0033:0x458047 [ 1208.951577][ T6915] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1208.971974][ T6915] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1208.980413][ T6915] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458047 [ 1208.988391][ T6915] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1208.996367][ T6915] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1209.004343][ T6915] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1209.012314][ T6915] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1209.020666][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1209.026545][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1209.032587][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1209.038406][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:21:22 executing program 3 (fault-call:0 fault-nth:34): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x20001, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000100)={'ifb0\x00', 0x5}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:22 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000740000086310400000000080"], 0x0, 0x0, 0x0}) 14:21:22 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) ioctl$SIOCNRDECOBS(r0, 0x89e2) write$cgroup_int(r0, &(0x7f0000000700), 0x12) ioctl$RTC_AIE_ON(r0, 0x7001) ioctl$RTC_AIE_OFF(r0, 0x7002) [ 1209.291025][ T7229] kvm [7228]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1209.330197][ T7227] FAULT_INJECTION: forcing a failure. [ 1209.330197][ T7227] name failslab, interval 1, probability 0, space 0, times 0 14:21:22 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440007a0000086310400000000080"], 0x0, 0x0, 0x0}) 14:21:22 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\f', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:22 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x6800000000000000, 0x0) [ 1209.419722][ T7227] CPU: 1 PID: 7227 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1209.427948][ T7227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1209.438031][ T7227] Call Trace: [ 1209.441339][ T7227] dump_stack+0x172/0x1f0 [ 1209.445690][ T7227] should_fail.cold+0xa/0x15 [ 1209.450290][ T7227] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1209.456116][ T7227] __should_failslab+0x121/0x190 [ 1209.461064][ T7227] should_failslab+0x9/0x14 [ 1209.465570][ T7227] kmem_cache_alloc_node+0x56/0x710 [ 1209.470771][ T7227] ? lock_downgrade+0x880/0x880 [ 1209.475644][ T7227] create_task_io_context+0x33/0x450 [ 1209.481018][ T7227] generic_make_request_checks+0x1a62/0x2090 [ 1209.487020][ T7227] ? trace_event_raw_event_block_rq_requeue+0x640/0x640 [ 1209.493960][ T7227] ? __lock_acquire+0x548/0x3fb0 [ 1209.498914][ T7227] ? bio_associate_blkg_from_css+0x4e5/0x990 [ 1209.504920][ T7227] generic_make_request+0x24c/0x12d0 [ 1209.510216][ T7227] ? blk_queue_enter+0xe90/0xe90 [ 1209.515189][ T7227] ? find_held_lock+0x35/0x130 [ 1209.519952][ T7227] ? guard_bio_eod+0x1ce/0x6e0 [ 1209.524730][ T7227] submit_bio+0xba/0x480 [ 1209.528972][ T7227] ? submit_bio+0xba/0x480 [ 1209.533395][ T7227] ? generic_make_request+0x12d0/0x12d0 [ 1209.538946][ T7227] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1209.544663][ T7227] ? guard_bio_eod+0x295/0x6e0 [ 1209.549438][ T7227] submit_bh_wbc+0x5f7/0x7f0 [ 1209.554123][ T7227] __sync_dirty_buffer+0x111/0x2e0 [ 1209.559237][ T7227] sync_dirty_buffer+0x1b/0x20 [ 1209.564010][ T7227] __ext4_handle_dirty_metadata+0x237/0x570 [ 1209.569928][ T7227] ext4_getblk+0x32b/0x510 [ 1209.574375][ T7227] ? ext4_iomap_begin+0xfe0/0xfe0 [ 1209.579491][ T7227] ? ext4_free_inode+0x1450/0x1450 [ 1209.584611][ T7227] ext4_bread+0x8f/0x230 [ 1209.588862][ T7227] ? ext4_getblk+0x510/0x510 [ 1209.593459][ T7227] ext4_append+0x155/0x370 [ 1209.597894][ T7227] ext4_mkdir+0x61b/0xdf0 [ 1209.602234][ T7227] ? ext4_init_dot_dotdot+0x520/0x520 [ 1209.607607][ T7227] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1209.613858][ T7227] ? security_inode_permission+0xd5/0x110 [ 1209.619670][ T7227] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1209.625914][ T7227] ? security_inode_mkdir+0xee/0x120 [ 1209.631203][ T7227] vfs_mkdir+0x433/0x690 [ 1209.635458][ T7227] do_mkdirat+0x234/0x2a0 [ 1209.639789][ T7227] ? __ia32_sys_mknod+0xb0/0xb0 [ 1209.644639][ T7227] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1209.650100][ T7227] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1209.656192][ T7227] ? do_syscall_64+0x26/0x610 [ 1209.660879][ T7227] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1209.666180][ T7227] __x64_sys_mkdir+0x5c/0x80 [ 1209.670773][ T7227] do_syscall_64+0x103/0x610 [ 1209.675373][ T7227] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1209.681348][ T7227] RIP: 0033:0x458047 [ 1209.685243][ T7227] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1209.704855][ T7227] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1209.713266][ T7227] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458047 [ 1209.721411][ T7227] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1209.729388][ T7227] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1209.737383][ T7227] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1209.745392][ T7227] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1209.769828][ T7356] binder_thread_write: 2 callbacks suppressed [ 1209.769855][ T7356] binder: 7348:7356 IncRefs 0 refcount change on invalid ref 31232 ret -22 14:21:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0xfffffffffffffffe) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1209.813160][ T7356] binder_thread_write: 2 callbacks suppressed [ 1209.813178][ T7356] binder: 7348:7356 BC_INCREFS_DONE u0000008000000000 no match [ 1209.834505][ T7227] hfs: can't find a HFS filesystem on dev loop3 14:21:22 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0xa000) write$cgroup_int(r0, &(0x7f0000000700), 0x12) 14:21:23 executing program 3 (fault-call:0 fault-nth:35): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000300086310400000000080"], 0x0, 0x0, 0x0}) 14:21:23 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x6826000000000000, 0x0) [ 1210.094062][ T7700] FAULT_INJECTION: forcing a failure. [ 1210.094062][ T7700] name failslab, interval 1, probability 0, space 0, times 0 [ 1210.119619][ T7703] binder: 7701:7703 IncRefs 0 refcount change on invalid ref 196608 ret -22 [ 1210.152206][ T7703] binder: 7701:7703 BC_INCREFS_DONE u0000008000000000 no match [ 1210.155024][ T7700] CPU: 0 PID: 7700 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1210.167688][ T7700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1210.167695][ T7700] Call Trace: [ 1210.167722][ T7700] dump_stack+0x172/0x1f0 [ 1210.167744][ T7700] should_fail.cold+0xa/0x15 [ 1210.167762][ T7700] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1210.167779][ T7700] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1210.167792][ T7700] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1210.167817][ T7700] ? debug_smp_processor_id+0x3c/0x280 [ 1210.167840][ T7700] __should_failslab+0x121/0x190 [ 1210.167856][ T7700] should_failslab+0x9/0x14 [ 1210.167870][ T7700] kmem_cache_alloc+0x47/0x6f0 [ 1210.167886][ T7700] ? ___might_sleep+0x163/0x280 [ 1210.167905][ T7700] ? mempool_alloc+0x380/0x380 [ 1210.167917][ T7700] mempool_alloc_slab+0x47/0x60 [ 1210.167936][ T7700] mempool_alloc+0x16b/0x380 [ 1210.181290][ T7700] ? mempool_destroy+0x40/0x40 [ 1210.181310][ T7700] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1210.181326][ T7700] ? debug_smp_processor_id+0x3c/0x280 [ 1210.181356][ T7700] bio_alloc_bioset+0x3bf/0x680 [ 1210.181374][ T7700] ? mark_buffer_dirty_inode+0x305/0x410 [ 1210.181391][ T7700] ? bvec_alloc+0x2f0/0x2f0 [ 1210.181415][ T7700] submit_bh_wbc+0x133/0x7f0 [ 1210.181436][ T7700] __sync_dirty_buffer+0x111/0x2e0 [ 1210.266488][ T7700] sync_dirty_buffer+0x1b/0x20 [ 1210.266507][ T7700] __ext4_handle_dirty_metadata+0x237/0x570 14:21:23 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x0e', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f00000000c0)={0x2, 0x8, [0x5, 0x6]}) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x600040, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0xfffffffffffffffe) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:23 executing program 5: r0 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x40000000000007fc) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r0, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20020}, 0xc, &(0x7f00000003c0)={&(0x7f0000000180)={0x238, r1, 0x0, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x34, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1ff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffffffffffffd}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1000}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffffffffffffa}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}]}, @TIPC_NLA_LINK={0x10, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_LINK={0x174, 0x4, [@TIPC_NLA_LINK_PROP={0x4c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xac3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x800}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x400}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xff}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x20}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffffffffffa}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100000000}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x200}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x400}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000001}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x54, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x800}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffffffffffb}]}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}]}, @TIPC_NLA_SOCK={0x20, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0xff}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_SOCK={0xc, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x80000001}]}, @TIPC_NLA_SOCK={0x10, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x20}]}, @TIPC_NLA_MON={0x24, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x10001}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}]}]}, 0x238}}, 0x40) write$cgroup_int(r0, &(0x7f0000000440)=0x1, 0x0) r2 = add_key(&(0x7f0000000040)='trusted\x00', &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$clear(0x7, r2) openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x8000, 0x0) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r0, 0x111, 0x4, 0x1, 0x4) [ 1210.266530][ T7700] ext4_getblk+0x32b/0x510 [ 1210.266546][ T7700] ? ext4_iomap_begin+0xfe0/0xfe0 [ 1210.266565][ T7700] ? ext4_free_inode+0x1450/0x1450 [ 1210.266584][ T7700] ext4_bread+0x8f/0x230 [ 1210.266599][ T7700] ? ext4_getblk+0x510/0x510 [ 1210.266622][ T7700] ext4_append+0x155/0x370 [ 1210.266642][ T7700] ext4_mkdir+0x61b/0xdf0 [ 1210.266668][ T7700] ? ext4_init_dot_dotdot+0x520/0x520 [ 1210.266692][ T7700] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1210.286402][ T7700] ? security_inode_permission+0xd5/0x110 [ 1210.286423][ T7700] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1210.286438][ T7700] ? security_inode_mkdir+0xee/0x120 [ 1210.286455][ T7700] vfs_mkdir+0x433/0x690 [ 1210.286473][ T7700] do_mkdirat+0x234/0x2a0 [ 1210.286491][ T7700] ? __ia32_sys_mknod+0xb0/0xb0 [ 1210.286506][ T7700] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1210.286522][ T7700] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1210.286534][ T7700] ? do_syscall_64+0x26/0x610 [ 1210.286554][ T7700] ? lockdep_hardirqs_on+0x418/0x5d0 14:21:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000500086310400000000080"], 0x0, 0x0, 0x0}) [ 1210.307254][ T7700] __x64_sys_mkdir+0x5c/0x80 [ 1210.321937][ T7700] do_syscall_64+0x103/0x610 [ 1210.321960][ T7700] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1210.321972][ T7700] RIP: 0033:0x458047 [ 1210.321987][ T7700] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1210.321995][ T7700] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1210.322010][ T7700] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458047 [ 1210.322017][ T7700] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1210.322024][ T7700] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1210.322033][ T7700] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1210.322041][ T7700] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 [ 1210.499364][ T7700] hfs: can't find a HFS filesystem on dev loop3 14:21:23 executing program 5: set_tid_address(&(0x7f0000000000)) r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) [ 1210.569497][ T7882] binder: 7871:7882 IncRefs 0 refcount change on invalid ref 327680 ret -22 [ 1210.586700][ T7882] binder: 7871:7882 BC_INCREFS_DONE u0000008000000000 no match 14:21:23 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x6c00000000000000, 0x0) 14:21:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f00000000c0)={'nr0\x00', {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:23 executing program 3 (fault-call:0 fault-nth:36): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000600086310400000000080"], 0x0, 0x0, 0x0}) 14:21:23 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x10', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:23 executing program 5: r0 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="d07731a1a0eb06c2705bde1f5964dc7ce9e93a0cefed40b46105d6eff8139834019efe91b9d465847b16b8a1406d222f18fa30f1f308fc43d4eb6cb06e8b07564027e1ff1c1f4f8137bdd78aed3f285f84e8ef9669cdbf1c91f2e00ebf1d72542e0cab72af5f106948a3a323f25421feb353", 0x72, 0xfffffffffffffffb) r1 = request_key(&(0x7f0000000200)='syzkaller\x00', &(0x7f0000000240)={'syz', 0x2}, &(0x7f0000000280)='/dev/input/mice\x00', 0xfffffffffffffff9) keyctl$instantiate_iov(0x14, r0, &(0x7f00000001c0)=[{&(0x7f0000000140)="fc3c6c99d16cf11f530f3ca13180626bc1552dd82fe4f79eb66f828d81b52965404c7543eb05862f8e89e6ce051e139f4330e35a2092037b4a43bae5996cd9dbb0220e2f4d0df8a1ae8350034ad9", 0x4e}], 0x1, r1) r2 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r2, &(0x7f0000000080), 0x65a4e85d7057f986) 14:21:23 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x7400000000000000, 0x0) [ 1210.845415][ T8075] FAULT_INJECTION: forcing a failure. [ 1210.845415][ T8075] name failslab, interval 1, probability 0, space 0, times 0 [ 1210.871376][ T8181] binder: 8120:8181 IncRefs 0 refcount change on invalid ref 393216 ret -22 [ 1210.920018][ T8075] CPU: 1 PID: 8075 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1210.925365][ T8181] binder: 8120:8181 BC_INCREFS_DONE u0000008000000000 no match [ 1210.928133][ T8075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1210.928140][ T8075] Call Trace: [ 1210.928169][ T8075] dump_stack+0x172/0x1f0 [ 1210.928196][ T8075] should_fail.cold+0xa/0x15 [ 1210.945909][ T8075] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1210.945929][ T8075] ? ___might_sleep+0x163/0x280 [ 1210.945948][ T8075] __should_failslab+0x121/0x190 [ 1210.945962][ T8075] should_failslab+0x9/0x14 [ 1210.945977][ T8075] kmem_cache_alloc+0x2b2/0x6f0 [ 1210.945992][ T8075] ? rcu_read_lock_sched_held+0x110/0x130 [ 1210.946005][ T8075] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1210.946023][ T8075] ? __mark_inode_dirty+0x241/0x1290 [ 1210.958309][ T8075] ext4_mb_new_blocks+0x5a0/0x3c20 [ 1210.958325][ T8075] ? mark_held_locks+0xa4/0xf0 [ 1210.958345][ T8075] ? ext4_find_extent+0x76e/0x9d0 [ 1211.016613][ T8075] ext4_ext_map_blocks+0x2b8a/0x5260 [ 1211.021897][ T8075] ? ext4_ext_release+0x10/0x10 [ 1211.026753][ T8075] ? perf_trace_lock+0x510/0x510 [ 1211.031699][ T8075] ext4_map_blocks+0x8c5/0x18e0 [ 1211.036543][ T8075] ? ext4_issue_zeroout+0x190/0x190 [ 1211.041751][ T8075] ? kasan_check_write+0x14/0x20 [ 1211.046678][ T8075] ? __brelse+0x95/0xb0 [ 1211.052216][ T8075] ext4_getblk+0xc4/0x510 [ 1211.056538][ T8075] ? ext4_iomap_begin+0xfe0/0xfe0 [ 1211.061556][ T8075] ? ext4_free_inode+0x1450/0x1450 [ 1211.066660][ T8075] ext4_bread+0x8f/0x230 [ 1211.070889][ T8075] ? ext4_getblk+0x510/0x510 [ 1211.075497][ T8075] ext4_append+0x155/0x370 [ 1211.079928][ T8075] ext4_mkdir+0x61b/0xdf0 [ 1211.084277][ T8075] ? ext4_init_dot_dotdot+0x520/0x520 [ 1211.089756][ T8075] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1211.095990][ T8075] ? security_inode_permission+0xd5/0x110 [ 1211.101696][ T8075] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1211.107949][ T8075] ? security_inode_mkdir+0xee/0x120 [ 1211.113223][ T8075] vfs_mkdir+0x433/0x690 [ 1211.117492][ T8075] do_mkdirat+0x234/0x2a0 [ 1211.121835][ T8075] ? __ia32_sys_mknod+0xb0/0xb0 [ 1211.126676][ T8075] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1211.132123][ T8075] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1211.138439][ T8075] ? do_syscall_64+0x26/0x610 [ 1211.143108][ T8075] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1211.148504][ T8075] __x64_sys_mkdir+0x5c/0x80 [ 1211.153095][ T8075] do_syscall_64+0x103/0x610 [ 1211.157819][ T8075] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1211.163698][ T8075] RIP: 0033:0x458047 [ 1211.167620][ T8075] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1211.187209][ T8075] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1211.195611][ T8075] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458047 [ 1211.203591][ T8075] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1211.212187][ T8075] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1211.220351][ T8075] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1211.228407][ T8075] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:21:24 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000700086310400000000080"], 0x0, 0x0, 0x0}) 14:21:24 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x36, &(0x7f0000000000)="0afc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20ncci\x00', 0x200901, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000640)={"0bbe697be66cb89bd3f591817d95925e1bb775c72d5774ed526c9190679b3a842611bfd7db281cf14f5c5861ea4ea6ffc47f08e5dba2afe5dd0d21496676ea3214cd3849482ddab613a61199bbcc33a0a1a8122fd5d10e6731cf70e36fc9ffd00662ccc9fa8973f24ac8049fd87763870fc774e2e2948823107fdca56c87ff79d8b5982253733831de6f29248ce73ba476c87c0988e52a1e3d577eeb85c515f8208c6d6a8a25af34e562fdc6f5b1a46c8ad673022f9b7db2e24cf23283053f963d51347386fdae9acf1bfc4a42c3c1e5986db6de6295ea1142108668b90f9784660848e7c46e97d4494c1cac07faedf6c8234fce6bccf63f139af7f9b04e758ff6e7eee43b6e0c9da7ea11b3319395fddf8364c49da5fa53c1b2ae4c6cbdb1169743e89e5e84e8007acc9a4d8182b161387a164c79a4743b7cb3adcbf4c5083f2ba1f1b59b8b4cb9af23b3cc55199f0f556f7b88fe9e5269c3fbbbb708676001e42ea8dfdf51041a5ae44ba59e751f5aeaddc7bb0b7516a45f83720f77253d8c948ae5fcab4cc974ed29493cf873b51f9ffba0e4a8d621ada749e5e1cb720166f21da3e033deb00a9e28449dc316c718fc1bd6fb8441db16c020a841a435a3a40d0de88dd70cc46119f908794ba6bc3ca96a46c301dfd22d0221df22d8f65109241c82520ef4e22744717713541e80e38917e0f5fc69edd4e66cd2b5fa9c29ea4d647a625a7b7b838a2ef93e577000f2a3e1acf3387e6927a7edd9fe3ce9c76f86af0099b48e31e4f8443092d8fdd3963e19e39c049f94eed91212fd6c51e83153044cf760aea618300d5fe3d8305009e5720801cbe93772f92066cbebf80aabcdbeea61f4b63a255e557c394c9ac57bb959f6d636543e5686eb74b241d8fa456ba9b4a2e328676600b7e55c5e1e24020c9d6fc09f5b31a6810e72b0b2e2a5caedd844e912838d3453b8e2a0adfe13a20f044d78b14145e1da0f0cb467c3e6cd7bc8e5d184f73325dfc5c081b807bcb36c82efca225f2fd5e1f59f74014a2095f1418c99373910b19c2b456b0a149ac7d1a0250a3838131f7fc25cfdd86916a170f7826a1bab9dd236e332c8669e09b3c1c167aafed82e5dd07d617c4397073d44d75432f0e6193943a4371cc2fece60dc3d8d632f9e9f74f57eade9a170823a9e8600a80b9c73dd3bf6be19f75a48b054a2d3b7c456eeb9b3270710314dbf46f0d4564370d886de5c0bd4985f81f6e92e32838807ef09fbd80ca1e9f7feb15cbfa1f8555a1f55b9222139f535f33a33c082f52e475864e419ae83d922665d4fa4fd520b4beb14e1c934dbc8c952f1fb396860428865ec50300f70ea080e00f7d1b7e42cc9b55ca0c525b4aa2a871dd0ab4384f1469b9c93a951d537a7f693513e527f9b17ebd41dfe2a3297e7b66abf909226357058e7b8fa820d11de0b7b8c"}) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000005c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000580)={0xffffffffffffffff}, 0x13f, 0x7}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000600)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000100), r5, 0x0, 0x2, 0x4}}, 0x20) 14:21:24 executing program 5: r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x20000) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000040), &(0x7f0000000080)=0x4) write$cgroup_int(r0, &(0x7f0000000700), 0x12) 14:21:24 executing program 3 (fault-call:0 fault-nth:37): syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:24 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs#', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:24 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x7a00000000000000, 0x0) [ 1211.463230][ T8329] binder: 8326:8329 IncRefs 0 refcount change on invalid ref 458752 ret -22 [ 1211.485987][ T8327] kvm [8325]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1211.502194][ T8329] binder: 8326:8329 BC_INCREFS_DONE u0000008000000000 no match 14:21:24 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x2, 0x800) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x8040ae9f, &(0x7f0000000100)) ioctl$CAPI_MANUFACTURER_CMD(r3, 0xc0104320, &(0x7f0000000200)={0x5, &(0x7f00000001c0)="089e7ae7cb94ef75a23efcf4ee0d2ecb351ea5471e248e380c7956dded7194f278915b0a727042c1acff1ef4825e0e022fffc7c1d4febfb924ca55f8c28a4ba5"}) write$P9_RFSYNC(r3, &(0x7f0000000180)={0x7, 0x33, 0x1}, 0x7) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:24 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000002000086310400000000080"], 0x0, 0x0, 0x0}) [ 1211.624949][ T8448] FAULT_INJECTION: forcing a failure. [ 1211.624949][ T8448] name failslab, interval 1, probability 0, space 0, times 0 [ 1211.672848][ T8448] CPU: 0 PID: 8448 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #77 [ 1211.680883][ T8448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1211.690960][ T8448] Call Trace: [ 1211.694292][ T8448] dump_stack+0x172/0x1f0 [ 1211.698653][ T8448] should_fail.cold+0xa/0x15 [ 1211.703276][ T8448] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1211.709279][ T8448] ? __lock_acquire+0x548/0x3fb0 [ 1211.714207][ T8448] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1211.720524][ T8448] ? debug_smp_processor_id+0x3c/0x280 [ 1211.725974][ T8448] __should_failslab+0x121/0x190 [ 1211.731173][ T8448] should_failslab+0x9/0x14 [ 1211.735846][ T8448] kmem_cache_alloc+0x47/0x6f0 [ 1211.740600][ T8448] ? ___might_sleep+0x163/0x280 [ 1211.745616][ T8448] ? mempool_alloc+0x380/0x380 [ 1211.750364][ T8448] mempool_alloc_slab+0x47/0x60 [ 1211.755326][ T8448] mempool_alloc+0x16b/0x380 [ 1211.761044][ T8448] ? mempool_destroy+0x40/0x40 [ 1211.765853][ T8448] ? mark_held_locks+0xf0/0xf0 [ 1211.770726][ T8448] ? __unlock_page_memcg+0x53/0x100 [ 1211.776085][ T8448] ? find_held_lock+0x35/0x130 [ 1211.781042][ T8448] bio_alloc_bioset+0x3bf/0x680 [ 1211.785899][ T8448] ? bvec_alloc+0x2f0/0x2f0 [ 1211.790397][ T8448] ? kasan_check_read+0x11/0x20 [ 1211.795245][ T8448] submit_bh_wbc+0x133/0x7f0 [ 1211.799828][ T8448] __sync_dirty_buffer+0x111/0x2e0 [ 1211.804930][ T8448] sync_dirty_buffer+0x1b/0x20 [ 1211.809694][ T8448] __ext4_handle_dirty_metadata+0x237/0x570 [ 1211.815598][ T8448] ? add_dirent_to_buf+0x402/0x680 [ 1211.820707][ T8448] ext4_handle_dirty_dirent_node+0x3cf/0x4f0 [ 1211.826693][ T8448] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1211.832401][ T8448] ? ext4_rename_dir_prepare+0x460/0x460 [ 1211.838024][ T8448] ? current_time+0xd8/0x140 [ 1211.842605][ T8448] ? timespec64_trunc+0x180/0x180 [ 1211.847616][ T8448] ? ext4_insert_dentry+0x3c3/0x490 [ 1211.852822][ T8448] add_dirent_to_buf+0x410/0x680 [ 1211.857750][ T8448] ? ext4_insert_dentry+0x490/0x490 [ 1211.862939][ T8448] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1211.869337][ T8448] ? __ext4_read_dirblock+0x3b1/0x980 [ 1211.875564][ T8448] ? __ext4_journal_get_write_access+0x70/0xa0 [ 1211.881717][ T8448] ext4_add_entry+0x52d/0xbd0 [ 1211.886398][ T8448] ? make_indexed_dir+0x1310/0x1310 [ 1211.891595][ T8448] ? memcpy+0x46/0x50 [ 1211.895574][ T8448] ext4_mkdir+0x73f/0xdf0 [ 1211.899997][ T8448] ? ext4_init_dot_dotdot+0x520/0x520 [ 1211.905480][ T8448] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1211.911712][ T8448] ? security_inode_permission+0xd5/0x110 [ 1211.917701][ T8448] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1211.923931][ T8448] ? security_inode_mkdir+0xee/0x120 [ 1211.929208][ T8448] vfs_mkdir+0x433/0x690 [ 1211.934250][ T8448] do_mkdirat+0x234/0x2a0 [ 1211.938572][ T8448] ? __ia32_sys_mknod+0xb0/0xb0 [ 1211.943412][ T8448] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1211.948862][ T8448] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1211.955010][ T8448] ? do_syscall_64+0x26/0x610 [ 1211.959764][ T8448] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1211.965154][ T8448] __x64_sys_mkdir+0x5c/0x80 [ 1211.969734][ T8448] do_syscall_64+0x103/0x610 [ 1211.974319][ T8448] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1211.980456][ T8448] RIP: 0033:0x458047 [ 1211.984344][ T8448] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1212.004931][ T8448] RSP: 002b:00007f66a1e02a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1212.014199][ T8448] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458047 14:21:25 executing program 5: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-net\x00', 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000140)={&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000e00000/0x200000)=nil, &(0x7f0000ebe000/0x2000)=nil, &(0x7f0000ff3000/0x3000)=nil, &(0x7f0000f15000/0x3000)=nil, &(0x7f0000f7d000/0x1000)=nil, &(0x7f0000eb9000/0x4000)=nil, &(0x7f0000e47000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000e1e000/0x4000)=nil, &(0x7f0000e51000/0x1000)=nil, &(0x7f0000000000)="d7c97a3a7b1a27cc2f1107e423e898d1edf9f588d6dc5304518014f09ce0f058c30bb6d9f0be4a4e8538d41b956dab1a68927e5d5638cc5badc207e31d781deb80be651e7fc5888913525484863383105c998dd51cc7c1253b9d34fa8082117448cbdaaae4ab9eb0e57b84714b3f4fe4c79f986f839cad0a05c2d4fb2864cc08fd5451b4d34f94f874b5abe0d43b03fc7c906ade38223adf3d3c79907e40778772fb5502db66db98b6a3789c1c2d0b2df2f37d1734658d2aeb16fadef80f3e574406ecd8fea07fda6a74969e33000efffebe17eb3cb35dd495e5a050b4aba7cfc7a178", 0xe3, r0}, 0x68) r1 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) creat(&(0x7f00000001c0)='./file0\x00', 0x84) write$cgroup_int(r1, &(0x7f0000000700), 0x12) ioctl$EVIOCGBITSND(r1, 0x80404532, &(0x7f0000000740)=""/4096) [ 1212.022180][ T8448] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1212.030248][ T8448] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 1212.038525][ T8448] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1212.046512][ T8448] R13: 00000000004c7755 R14: 00000000004dd790 R15: 0000000000000003 14:21:25 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0) [ 1212.140368][ T8507] binder: 8495:8507 IncRefs 0 refcount change on invalid ref 2097152 ret -22 [ 1212.160760][ T8507] binder: 8495:8507 BC_INCREFS_DONE u0000008000000000 no match 14:21:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000004800086310400000000080"], 0x0, 0x0, 0x0}) 14:21:25 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfsH', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:25 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0x0, 0xa080) r2 = syz_open_dev$audion(&(0x7f0000000180)='/dev/audio#\x00', 0x8001, 0x80000) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f00000001c0)="b9700500000f3246d9e40f201d66ba4200b000eeb9e00100000f3266430f3805480af08167000f0000006766460f38806100c401e9ddc52e44ff31", 0x3b}], 0x1, 0x1, &(0x7f0000000240)=[@dstype3={0x7, 0x8}, @vmwrite={0x8, 0x0, 0xffffffffffff277d, 0x0, 0x2, 0x0, 0x6, 0x0, 0x95}], 0x2) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r5, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) r6 = fcntl$dupfd(r3, 0x0, r3) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r6, 0xc0305302, &(0x7f00000000c0)={0x9, 0x3, 0x20a, 0xa00, 0x3, 0x8}) [ 1212.308718][ T8695] binder: 8692:8695 IncRefs 0 refcount change on invalid ref 4718592 ret -22 [ 1212.330574][ T8695] binder: 8692:8695 BC_INCREFS_DONE u0000008000000000 no match 14:21:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000004c00086310400000000080"], 0x0, 0x0, 0x0}) [ 1212.400031][ T8761] kvm [8697]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:25 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x8000000000000000, 0x0) [ 1212.514152][ T8841] binder: 8830:8841 IncRefs 0 refcount change on invalid ref 4980736 ret -22 [ 1212.537901][ T8841] binder: 8830:8841 BC_INCREFS_DONE u0000008000000000 no match 14:21:25 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:25 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) ioctl$CAPI_NCCI_OPENCOUNT(r0, 0x80044326, &(0x7f0000000000)=0x101) 14:21:25 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfsL', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:25 executing program 4: r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x40000, 0x0) ioctl$VIDIOC_SUBDEV_S_SELECTION(r0, 0xc040563e, &(0x7f0000000100)={0x1, 0x0, 0x318b6fe95449fde6, 0x4, {0x7, 0x9c2, 0x5, 0x100000001}}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/autofs\x00', 0x101000, 0x0) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0xfffffffffffffffd) ioctl$KVM_ENABLE_CAP_CPU(r5, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) pipe2$9p(&(0x7f0000000200), 0x800) sendmsg$TIPC_CMD_SET_LINK_TOL(r3, &(0x7f0000000300)={&(0x7f00000001c0), 0xc, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c741b9ad7ee32", @ANYRES16=0x0, @ANYBLOB="100025bd7000fcdbdf25010000000000000007410000004c00180000000865746800"/98], 0x68}, 0x1, 0x0, 0x0, 0x800}, 0x10) 14:21:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000006000086310400000000080"], 0x0, 0x0, 0x0}) 14:21:25 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x8cffffff00000000, 0x0) [ 1212.795440][ T9034] binder: 9031:9034 IncRefs 0 refcount change on invalid ref 6291456 ret -22 [ 1212.841037][ T9034] binder: 9031:9034 BC_INCREFS_DONE u0000008000000000 no match 14:21:25 executing program 5: r0 = socket$inet(0x2, 0x3, 0x2) r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x0, 0x400) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000080)={{{@in6=@empty, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@loopback}}, &(0x7f0000000180)=0xe8) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=0xc) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000240)={{{@in=@remote, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in6=@mcast1}}, &(0x7f0000000340)=0xe8) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000380)={{{@in=@loopback, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in=@initdev}}, &(0x7f0000000480)=0xe8) sendmsg$nl_route(r1, &(0x7f00000005c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000580)={&(0x7f00000004c0)=@can_delroute={0x90, 0x19, 0x300, 0x70bd2c, 0x25dfdbff, {0x1d, 0x1, 0x1}, [@CGW_MOD_SET={0x18, 0x4, {{{0x3, 0xa735, 0x25, 0x21}, 0x6, 0x1, 0x0, 0x0, "f6c5794cfa5677fe"}}}, @CGW_CS_XOR={0x8, 0x5, {0x5, 0xffffffffffffffff, 0x2, 0x1}}, @CGW_MOD_OR={0x18, 0x2, {{{0x2, 0x3, 0x80000001, 0x1f}, 0x6, 0x1, 0x0, 0x0, "782d6d1bf955fe8a"}, 0x2}}, @CGW_MOD_UID={0x8, 0xe, r2}, @CGW_MOD_UID={0x8, 0xe, r3}, @CGW_MOD_XOR={0x18, 0x3, {{{0x4, 0xc00000000, 0x5, 0xfff}, 0x8, 0x3, 0x0, 0x0, "15825416bf196c08"}, 0x2}}, @CGW_MOD_UID={0x8, 0xe, r4}, @CGW_FILTER={0xc, 0xb, {0x8, 0x200}}, @CGW_SRC_IF={0x8, 0x9, r5}]}, 0x90}, 0x1, 0x0, 0x0, 0x4000050}, 0x8000) setsockopt$inet_int(r0, 0x0, 0xd4, 0x0, 0x0) r6 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x20000) write$cgroup_int(r6, &(0x7f0000000700), 0x12) 14:21:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000006800086310400000000080"], 0x0, 0x0, 0x0}) 14:21:26 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs`', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x24, &(0x7f00000000c0)={@broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x8) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:26 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xebffffff00000000, 0x0) [ 1213.036329][ T9141] hfs: can't find a HFS filesystem on dev loop3 [ 1213.071407][ T9258] binder: 9257:9258 IncRefs 0 refcount change on invalid ref 6815744 ret -22 14:21:26 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='\nfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:26 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000080)=0x3, 0x12) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000000)=0x3, 0x4) [ 1213.119670][ T9258] binder: 9257:9258 BC_INCREFS_DONE u0000008000000000 no match [ 1213.203233][ T9280] kvm [9259]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000006c00086310400000000080"], 0x0, 0x0, 0x0}) 14:21:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x200, 0x0) ioctl$RNDADDENTROPY(r1, 0x40085203, &(0x7f0000000180)={0x5, 0x6b, "1a31128494dc2a72430af6dd4a9c60ade0681a2d8b8acefb78362b42df8b4d0fc628f1f26b939e4df952cb3947d090e0bff4da5bcb1b6c81c71d8a457927c8ae0d1337be55a22d42d4cd10faa9143843d5efc82e071f5608c230b99cfbd3522291b9b24d4d550fc25d8a2a"}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) r5 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x40000, 0x0) ioctl$TCSBRKP(r5, 0x5425, 0xfffffffffffffff7) 14:21:26 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xf4ffffff00000000, 0x0) [ 1213.312132][ C1] net_ratelimit: 19 callbacks suppressed [ 1213.312141][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1213.317968][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1213.329539][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1213.335399][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1213.341237][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1213.347119][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:21:26 executing program 5: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000440)='/dev/cachefiles\x00', 0x20040, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000240)='htcp\x00', 0x5) r1 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0xffffffffffffffff, r1, 0x0, 0x5, &(0x7f0000000200)='htcp\x00', 0xffffffffffffffff}, 0x30) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x6, &(0x7f00000003c0)=[0xee01, 0xee01, 0x0, 0xffffffffffffffff, 0xee01, 0xee00]) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000400)={r2, r3, r4}, 0xc) finit_module(r1, &(0x7f0000000280)='\x00', 0x2) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000480)='/dev/snapshot\x00', 0x4000, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r1, 0xc1105511, &(0x7f00000000c0)={{0x3, 0x7, 0x3, 0x4, '\x00', 0x401}, 0x4, 0x10000401, 0x3f, r5, 0x6, 0x426, 'syz0\x00', &(0x7f0000000040)=['/dev/input/mice\x00', '/dev/input/mice\x00', '/dev/input/mice\x00', 'eth1,selfsystemlo\x00', '/dev/input/mice\x00', '/dev/input/mice\x00'], 0x62, [], [0x3, 0x20, 0x800, 0x42]}) [ 1213.498854][ T9484] kvm [9482]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:26 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='%fs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:26 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfsh', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000007400086310400000000080"], 0x0, 0x0, 0x0}) 14:21:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0x1ff, 0x80000) ioctl$IOC_PR_RELEASE(r4, 0x401070ca, &(0x7f0000000100)={0x1, 0x3}) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000180)={0x7f, 0x2, [0x40000090, 0x6, 0xffffffffc940aaad, 0x6], [0xc1]}) 14:21:26 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) write$P9_RLOPEN(r0, &(0x7f0000000000)={0x18, 0xd, 0x2, {{0x1, 0x4, 0x5}, 0x2}}, 0x18) 14:21:26 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xf5ffffff00000000, 0x0) 14:21:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000007a00086310400000000080"], 0x0, 0x0, 0x0}) 14:21:27 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='h\ns\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:27 executing program 5: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x4000, 0x0) ioctl$KVM_DIRTY_TLB(r0, 0x4010aeaa, &(0x7f0000000040)={0x9, 0xfff}) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000000c0)=[@window={0x3, 0x3, 0x4}, @sack_perm, @mss={0x2, 0x1}, @sack_perm], 0x4) r1 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) ioctl$KDSKBMETA(r1, 0x4b63, &(0x7f0000000080)) write$cgroup_int(r1, &(0x7f0000000700), 0x12) 14:21:27 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfsl', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:27 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x3, 0x200001) setsockopt$netlink_NETLINK_CAP_ACK(r4, 0x10e, 0xa, &(0x7f0000000100)=0x2, 0x4) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:27 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xf6ffffff00000000, 0x0) 14:21:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000096310400000000080"], 0x0, 0x0, 0x0}) [ 1214.272038][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1214.272108][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1214.278226][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1214.289795][ C1] protocol 88fb is buggy, dev hsr_slave_0 14:21:27 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfst', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:27 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='h%s\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:27 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) prctl$PR_GET_CHILD_SUBREAPER(0x25) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000000)) write$cgroup_int(r0, &(0x7f00000000c0), 0xfffffffffffffd9b) 14:21:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000000a6310400000000080"], 0x0, 0x0, 0x0}) 14:21:27 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000280)='/dev/hwrng\x00', 0x10000, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r1, 0x810c5701, &(0x7f00000002c0)) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000240)={r2, &(0x7f0000000100)="b335631d7e8c5d9211858c4a3902d45983259b268363b8", &(0x7f0000000180)=""/129}, 0x18) syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x3, 0x2) 14:21:27 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xf9fdffff00000000, 0x0) [ 1214.510793][T10255] binder: 10252:10255 unknown command 1074815754 [ 1214.539910][T10255] binder: 10252:10255 ioctl c0306201 20000680 returned -22 [ 1214.597504][T10265] kvm [10262]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:27 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x80) getsockopt$TIPC_SOCK_RECVQ_DEPTH(r0, 0x10f, 0x84, &(0x7f0000000000), &(0x7f0000000040)=0x4) write$cgroup_int(r0, &(0x7f0000000080)=0x3, 0x1dd) 14:21:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000000b6310400000000080"], 0x0, 0x0, 0x0}) 14:21:27 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='h.s\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:27 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x3, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/llc\x00') ioctl$KVM_GET_SREGS(r2, 0x8138ae83, &(0x7f0000000180)) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ftruncate(r0, 0x1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1214.791388][T10475] binder: 10473:10475 unknown command 1074815755 [ 1214.818692][T10475] binder: 10473:10475 ioctl c0306201 20000680 returned -22 14:21:27 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfsz', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:27 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xfbffffff00000000, 0x0) [ 1214.931138][T10557] kvm [10540]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000000c6310400000000080"], 0x0, 0x0, 0x0}) 14:21:28 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f0000000180)=0xffffffffffffffff, 0x4) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_INFO(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x6c, r1, 0x218, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x7f}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblcr\x00'}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8000}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}]}, 0x6c}, 0x1, 0x0, 0x0, 0xc0}, 0x800) 14:21:28 executing program 4: r0 = accept4(0xffffffffffffff9c, &(0x7f0000000180)=@in={0x2, 0x0, @loopback}, &(0x7f0000000200)=0x80, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x1) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x1000, 0x8000}) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r5, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1215.135440][T10696] binder: 10695:10696 unknown command 1074815756 [ 1215.149329][T10696] binder: 10695:10696 ioctl c0306201 20000680 returned -22 14:21:28 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='h/s\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:28 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xfcfdffff00000000, 0x0) 14:21:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000000d6310400000000080"], 0x0, 0x0, 0x0}) 14:21:28 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) ioctl$SIOCAX25DELFWD(r0, 0x89eb, &(0x7f0000000000)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}}) write$cgroup_int(r0, &(0x7f0000000700), 0x7) [ 1215.277188][T10802] kvm [10791]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:28 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1215.450500][T10877] binder: 10861:10877 unknown command 1074815757 [ 1215.470888][T10877] binder: 10861:10877 ioctl c0306201 20000680 returned -22 14:21:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) timer_create(0x1, &(0x7f0000000180)={0x0, 0x28, 0x2, @thr={&(0x7f00000000c0)="df1133383cd9c7e5134b1697dd599aeb", &(0x7f0000000100)="8d8a9424e93db9e7f95cb86faf2dded1b2d75641f97b5229f2d72793bc69de68eb9dec554dd16e1459ed9d6f51e78bbfdbf35068"}}, &(0x7f00000001c0)=0x0) timer_getoverrun(r4) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000000e6310400000000080"], 0x0, 0x0, 0x0}) 14:21:28 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000040), 0x4) 14:21:28 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hf\n\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:28 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0) [ 1215.680908][T11023] binder: 11021:11023 unknown command 1074815758 [ 1215.701238][T11025] hfs: can't find a HFS filesystem on dev loop0 [ 1215.701489][T11023] binder: 11021:11023 ioctl c0306201 20000680 returned -22 14:21:28 executing program 4: socket$inet_udplite(0x2, 0x2, 0x88) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000094, 0xff0b017a, 0x1b], [0xc1]}) 14:21:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000106310400000000080"], 0x0, 0x0, 0x0}) 14:21:28 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:28 executing program 5: r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x3, 0x2) fstat(r0, &(0x7f0000000140)) ioctl$CAPI_NCCI_OPENCOUNT(r0, 0x80044326, &(0x7f0000000040)=0xeaad) r1 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) openat$cgroup_int(r0, &(0x7f0000000080)='pids.max\x00', 0x2, 0x0) ioctl$VIDIOC_ENCODER_CMD(r0, 0xc028564d, &(0x7f00000000c0)={0x2, 0x1, [0x9e86, 0x0, 0x1, 0xff, 0xffffffff80000001, 0x7ff, 0xf8, 0x9]}) openat$cgroup_ro(r1, &(0x7f00000001c0)='cpuacct.usage_user\x00', 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000700), 0x12) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000100)={0xfffffffffffffc01, 0x1, 0x9, 0x10000, 0x5, 0x5f39}) 14:21:28 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hf#\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1215.937517][T11142] binder: 11135:11142 unknown command 1074815760 [ 1215.949386][T11142] binder: 11135:11142 ioctl c0306201 20000680 returned -22 [ 1215.975430][T11137] kvm [11134]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000116310400000000080"], 0x0, 0x0, 0x0}) 14:21:29 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xff0f000000000000, 0x0) [ 1216.054324][T11145] hfs: can't find a HFS filesystem on dev loop0 14:21:29 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) connect$pptp(r0, &(0x7f0000000040)={0x18, 0x2, {0x3, @multicast2}}, 0x1e) creat(&(0x7f0000000000)='./file0\x00', 0x0) [ 1216.113586][T11291] binder: 11257:11291 unknown command 1074815761 [ 1216.125304][T11291] binder: 11257:11291 ioctl c0306201 20000680 returned -22 14:21:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x20000, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000180)={[0x0, 0x200000, 0x6, 0x3, 0x401, 0x3, 0x0, 0x4, 0x1, 0x7f, 0x7, 0x101, 0x101, 0x24, 0x100, 0x800], 0x0, 0x40}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1216.158987][T11145] hfs: can't find a HFS filesystem on dev loop0 14:21:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000126310400000000080"], 0x0, 0x0, 0x0}) 14:21:29 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1216.297234][T11466] kvm [11465]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:29 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) preadv(r0, &(0x7f00000003c0)=[{&(0x7f0000000080)=""/74, 0x4a}, {&(0x7f0000000100)=""/116, 0x74}, {&(0x7f0000000180)=""/77, 0x4d}, {&(0x7f0000000200)=""/252, 0xfc}, {&(0x7f0000000300)=""/186, 0xffffffffffffff42}], 0x5, 0x0) ioctl$VIDIOC_G_OUTPUT(r0, 0x8004562e, &(0x7f0000000000)) setsockopt$netrom_NETROM_N2(r0, 0x103, 0x3, &(0x7f0000000040)=0x5, 0x4) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f00000004c0)={0x8001, 0x41516270, 0x7, @stepwise={0xccf, 0x9, 0x401, 0x100000001, 0x0, 0x3f}}) 14:21:29 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hf%\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1216.418816][T11551] binder: 11529:11551 unknown command 1074815762 [ 1216.431039][T11551] binder: 11529:11551 ioctl c0306201 20000680 returned -22 [ 1216.458506][T11548] hfs: can't find a HFS filesystem on dev loop0 14:21:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer\x00', 0x80841, 0x0) ioctl$DRM_IOCTL_GET_STATS(r1, 0x80f86406, &(0x7f0000000200)=""/120) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x40, 0x101000) accept4$bt_l2cap(r4, &(0x7f0000000100), &(0x7f0000000180)=0xe, 0x80000) r5 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dlm_plock\x00', 0x800, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) setsockopt$IP_VS_SO_SET_DELDEST(r5, 0x0, 0x488, &(0x7f00000002c0)={{0x3b, @broadcast, 0x4e22, 0x3, 'lblc\x00', 0x2, 0x2, 0x2b}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e20, 0x2000, 0xffffffff, 0x7fff, 0x3}}, 0x44) ioctl$KVM_ENABLE_CAP_CPU(r6, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:29 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xffffff7f00000000, 0x0) 14:21:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000002f6310400000000080"], 0x0, 0x0, 0x0}) [ 1216.541087][T11548] hfs: can't find a HFS filesystem on dev loop0 14:21:29 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1216.587755][T11676] kvm [11675]: vcpu1, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1216.673395][T11761] binder: 11700:11761 unknown command 1074815791 14:21:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = dup3(r2, r0, 0x80000) write$FUSE_STATFS(r3, &(0x7f0000000300)={0x60, 0xfffffffffffffffe, 0x8, {{0x7ff, 0x3, 0x800, 0x5, 0x200000000000000, 0x4c, 0xe84c, 0x7d2fc892}}}, 0x60) ioctl$KVM_SET_DEBUGREGS(r3, 0x4080aea2, &(0x7f0000000200)={[0x3000, 0x1000, 0x5000, 0x2000], 0x4a0, 0x1, 0x101}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) fsetxattr$security_selinux(r0, &(0x7f00000000c0)='security.selinux\x00', &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x21, 0x2) r5 = getpgrp(0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r5, r3, 0x0, 0x12, &(0x7f0000000280)='posix_acl_access-\x00', 0xffffffffffffffff}, 0x30) r7 = openat$full(0xffffffffffffff9c, &(0x7f0000000180)='/dev/full\x00', 0x80000, 0x0) setsockopt$netlink_NETLINK_RX_RING(r7, 0x10e, 0x6, &(0x7f00000001c0)={0x800, 0x1e5, 0x6, 0x101}, 0x10) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r6, 0x2402, 0xd94) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1216.721439][T11761] binder: 11700:11761 ioctl c0306201 20000680 returned -22 14:21:29 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xffffffff00000000, 0x0) 14:21:29 executing program 5: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) ioctl$sock_bt_hci(r0, 0x0, &(0x7f00000000c0)="12675948747438ad48e76cdd77d33534a86d395c8d2a2278b01c5803f12805761586f3bfc80b18bd7e297eb19e7418f1996dfd085c20b4e739d2941940131019537c723b0e465cb46100beb44ef316f8b4a7993c497e44829e27d33dd144d9ca726f2c95e51b15ca7d8ebfcff192015a81e6809707b91997abc83419671853f4158c2168106ee1ca19802062") ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x40000000000002c4}) r1 = syz_open_dev$mice(&(0x7f00000001c0)='/dev/input/mice\x00', 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000700), 0x12) 14:21:29 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hf*\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1216.833181][T11812] hfs: can't find a HFS filesystem on dev loop0 14:21:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000546310400000000080"], 0x0, 0x0, 0x0}) 14:21:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x8) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:30 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1216.984170][T11908] binder: 11904:11908 unknown command 1074815828 [ 1217.004394][T11908] binder: 11904:11908 ioctl c0306201 20000680 returned -22 14:21:30 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xffffffffffff0700, 0x0) [ 1217.027607][T11905] kvm [11903]: vcpu8, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:30 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000080)=0x4, 0xcfc0) 14:21:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000200086310400000000080"], 0x0, 0x0, 0x0}) [ 1217.124748][T11937] hfs: can't find a HFS filesystem on dev loop0 14:21:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) lstat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setfsgid(r4) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:30 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:30 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hf+\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:30 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xffffffffffffff7f, 0x0) [ 1217.324091][T12130] binder_thread_write: 3 callbacks suppressed [ 1217.324105][T12130] binder: 12128:12130 IncRefs 0 refcount change on invalid ref 131072 ret -22 [ 1217.345806][T12130] binder_thread_write: 4 callbacks suppressed [ 1217.345819][T12130] binder: 12128:12130 BC_INCREFS_DONE u0000008000000000 no match 14:21:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x81, &(0x7f0000000100)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.stat\x00', 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f00000000c0)={0x9, 0x0, 0x10001, 0x8}) ioctl$DRM_IOCTL_SG_FREE(r3, 0x40106439, &(0x7f0000000180)={0x7, r4}) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r5, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000300086310400000000080"], 0x0, 0x0, 0x0}) [ 1217.463197][T12133] hfs: can't find a HFS filesystem on dev loop0 14:21:30 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 1217.613592][T12133] hfs: can't find a HFS filesystem on dev loop0 14:21:30 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1217.660843][T12254] binder: 12252:12254 IncRefs 0 refcount change on invalid ref 196608 ret -22 [ 1217.691214][T12254] binder: 12252:12254 BC_INCREFS_DONE u0000008000000000 no match 14:21:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$dmmidi(&(0x7f00000017c0)='/dev/dmmidi#\x00', 0x3, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000001800)=0x1, 0x4) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) getsockname$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, &(0x7f0000000100)=0x10) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:30 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hf-\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:30 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) ioctl$PPPIOCATTACH(r0, 0x4004743d, &(0x7f00000000c0)=0x2) ioctl$IMGETDEVINFO(r0, 0x80044944, &(0x7f0000000040)={0xfe}) write$cgroup_int(r0, &(0x7f0000000100)=0xdac, 0x12) ioctl$VIDIOC_G_CTRL(r0, 0xc008561b, &(0x7f0000000000)={0x9, 0x9}) 14:21:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000400086310400000000080"], 0x0, 0x0, 0x0}) [ 1217.854798][T12315] kvm [12290]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:30 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ceph(&(0x7f0000000000)='ceph\x00', &(0x7f0000000040)='./file0\x00', 0x2, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="9c98c133208c0db843ca301f95e5296777b08cf70e8244f5b3423e1615ef704dd9261480194bbf76e45789a6d77ec427f5217b652135a62e5fab63f49fd4edb5996897d61280738e75cc1c8d5fbc17636bbcd1d03fd3da22315ce7b5a29296f7ee6ad328d715da9f57f30bfab38d42e9260fc1dcf60cc98c19e9cf68eea0b3e72d923b1573bea13acf3e4a1a2e5cf6d4ca05a43641a13e89875665c9587e8d79a0ebc42e9e3893095282d79ab373b74e4e55da439f1556e567fd2d8398d0eef9d39ed809434e6a4da1ce66499d2e06f343a28ae37ebfa0212a6b89fc9f9d5e761566b1031548f15262fe11707996f1c8fad4a632b7b613847a2b59", 0xfb, 0xfff}, {&(0x7f00000000c0)="df38742af15ac58a1b78f6c97034ccf82496f2a059a2ba1a61e92c1866d156be3cc5c76a4d755a4c6d5842327c", 0x2d, 0x1f}], 0x40000, &(0x7f0000000280)='msdos\x00') r0 = syz_open_dev$midi(&(0x7f0000000300)='/dev/midi#\x00', 0x81, 0x141400) getsockopt$rose(r0, 0x104, 0x6, &(0x7f0000000340), &(0x7f0000000380)=0x4) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000400)={0x0, {0x2, 0x4e24, @remote}, {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x2, 0x4e22, @remote}, 0x4, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000480)='nlmon0\x00', 0x7fffffff, 0x7, 0x200007fff}) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000003c0)) ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x1) [ 1217.951608][T12407] binder: 12399:12407 IncRefs 0 refcount change on invalid ref 262144 ret -22 [ 1217.951798][T12403] hfs: can't find a HFS filesystem on dev loop0 [ 1217.985443][T12407] binder: 12399:12407 BC_INCREFS_DONE u0000008000000000 no match 14:21:31 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000180)=0xc) r5 = getpgid(0xffffffffffffffff) r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/pfkey\x00', 0x62000, 0x0) kcmp$KCMP_EPOLL_TFD(r4, r5, 0x7, r3, &(0x7f0000000200)={r6, r2, 0x8}) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f00000000c0)={0x1, 0x8, 0xff, 0x0, 0x2, 0x4, 0xffff, 0xbda, 0x9, 0x1000, 0xb3eb, 0x1000, 0x0, 0x100000001, 0x7f, 0x0, 0xffffffff, 0x6, 0x4}) 14:21:31 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000000)) [ 1218.035300][T12403] hfs: can't find a HFS filesystem on dev loop0 [ 1218.075247][T12481] FAT-fs (loop1): bogus number of reserved sectors 14:21:31 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000500086310400000000080"], 0x0, 0x0, 0x0}) [ 1218.097487][T12481] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:31 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hf.\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:31 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1218.180763][T12630] kvm [12616]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1218.229118][T12688] binder: 12686:12688 IncRefs 0 refcount change on invalid ref 327680 ret -22 14:21:31 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$trusted_overlay_origin(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.origin\x00', &(0x7f00000000c0)='y\x00', 0x2, 0x2) [ 1218.272718][T12688] binder: 12686:12688 BC_INCREFS_DONE u0000008000000000 no match [ 1218.290228][T12720] hfs: can't find a HFS filesystem on dev loop0 14:21:31 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hf0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:31 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) ioctl$sock_SIOCDELDLCI(r0, 0x8981, &(0x7f0000000080)={'bcsf0\x00', 0xffffffff}) sendto$isdn(r0, &(0x7f0000000000)={0x7, 0x81, "30661577a80d1a7d917d736d4e63a3d4d5af0f07dd2674af420b7f41e40ed2db0230261a2f113a32d20679aec9ceed5dc3a3ef2d89af04798c37b5edeaaecb70bcb8c16b2a1eba4adc1e178f765d36854a6942326085506d1c7c8f0707077bbab6ad26148cfcf06ba0e7"}, 0x72, 0x0, 0x0, 0x0) write$cgroup_int(r0, &(0x7f0000000700), 0x12) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f00000000c0), &(0x7f0000000100)=0x4) [ 1218.420722][T12720] hfs: can't find a HFS filesystem on dev loop0 [ 1218.432081][ C0] net_ratelimit: 19 callbacks suppressed [ 1218.432088][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1218.432093][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1218.432205][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1218.437866][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1218.443611][ C1] protocol 88fb is buggy, dev hsr_slave_0 14:21:31 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000600086310400000000080"], 0x0, 0x0, 0x0}) [ 1218.466572][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:21:31 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:31 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1218.536106][T12901] FAT-fs (loop1): bogus number of reserved sectors [ 1218.560676][T12901] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1218.573390][T12940] binder: 12907:12940 IncRefs 0 refcount change on invalid ref 393216 ret -22 [ 1218.609174][T12944] kvm [12908]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1218.626966][T12940] binder: 12907:12940 BC_INCREFS_DONE u0000008000000000 no match 14:21:31 executing program 5: r0 = userfaultfd(0x80000) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffff9c) ioctl$TIOCLINUX2(r1, 0x541c, &(0x7f0000000000)={0x2, 0x4, 0x101, 0x7, 0x3, 0xc095}) r2 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r2, &(0x7f0000000700), 0x12) [ 1218.718472][T13018] hfs: can't find a HFS filesystem on dev loop0 14:21:31 executing program 1: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x80000) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000040)={0x1, 0x3, 0xf4, 0x3, 0x7}) 14:21:31 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000700086310400000000080"], 0x0, 0x0, 0x0}) 14:21:31 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfX\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:31 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x800, 0x0) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0) setsockopt$inet6_dccp_buf(r2, 0x21, 0xf, &(0x7f0000000180)="d361eaf3bcaccff8e345fb1bbb3cbffc7952deeebb833b5dfb173f51bf47208a5e4f594a1669a7d33e919358a8ad5ff10c46a1e26cf0fa2af26d8c22da28d07e8e57cfc5e0716b21b9ff12d861a4d3a8a130c063220676be0e442c16eba97ab83c17fce7a11e34c31da0c7b944540f247d869a97bd8741b6f2513b898256367e3c44c52ebe4e3e1be35d12ef70f3fb291001", 0x92) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = syz_genetlink_get_family_id$fou(&(0x7f0000000240)='fou\x00') sendmsg$FOU_CMD_ADD(r2, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x24, r5, 0x652e9aa259266533, 0x70bd29, 0x25dfdbfb, {}, [@FOU_ATTR_PORT={0x8, 0x1, 0x4e23}, @FOU_ATTR_AF={0x8, 0x2, 0x2}]}, 0x24}}, 0x2400c011) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1218.810018][T13018] hfs: can't find a HFS filesystem on dev loop0 14:21:31 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs#', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1218.899774][T13226] binder: 13225:13226 IncRefs 0 refcount change on invalid ref 458752 ret -22 [ 1218.950092][T13226] binder: 13225:13226 BC_INCREFS_DONE u0000008000000000 no match 14:21:32 executing program 5: r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x101000) write$cgroup_int(r0, &(0x7f0000000700), 0x12) 14:21:32 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x20000, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xffffffffffffff13, 0x0) write$FUSE_POLL(r0, &(0x7f0000000180)={0x18, 0x0, 0x4, {0x41}}, 0x18) ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f0000000140)={0x7002, &(0x7f0000000040), 0x80, r1, 0x4}) 14:21:32 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000004800086310400000000080"], 0x0, 0x0, 0x0}) 14:21:32 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs ', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000080)={0x2000004f, &(0x7f0000000100)=[{0x0}, {}, {}, {}, {}, {}]}) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current\x00', 0x2, 0x0) ioctl$DRM_IOCTL_DMA(r1, 0xc0406429, &(0x7f00000002c0)={r2, 0x9, &(0x7f00000001c0)=[0x4, 0x97a, 0x53578184, 0x9, 0x8068, 0xffffffff, 0x2, 0x2, 0x10001], &(0x7f0000000200)=[0x6, 0x2, 0x101, 0x200, 0x8, 0x1ff, 0x20, 0x722], 0x10, 0x9, 0xb3, &(0x7f0000000240)=[0x5e, 0x4, 0x8, 0xe113, 0x9, 0x11e8, 0x1, 0x401, 0x1], &(0x7f0000000280)=[0xffffffffffff8001, 0x7f, 0x9, 0x8]}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000340)={0x0}, &(0x7f0000000380)=0xc) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000003c0)={0x0}, &(0x7f0000000400)=0xc) r5 = accept(r1, &(0x7f0000000440)=@ipx, &(0x7f00000004c0)=0x80) kcmp$KCMP_EPOLL_TFD(r3, r4, 0x7, r5, &(0x7f0000000500)={r1, r0, 0x7}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) pwrite64(r5, &(0x7f0000000640)="443bff30127e85340994906f1eb9255fda6f7cb580f69b6ac772a27a4c692e5f8bbe988d032efe6f7a65afed3bfcb916f553a7f44f8275ca16b6d47dc853e4d26e7b6235405740e1b3b63f317b109f33f591461eb6eefd0065d4dd3dba92babfe547593bbe16eff6255581789ff48bd9893eb4ee2c6378554e5c9fb2b9e62eb8f92de7949a54f50f741b3f78350f82883c01241b4cdb6077bf946c94c8c9a2b0d4a668", 0xa3, 0xfffffffffffffffd) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_S390_UCAS_UNMAP(r1, 0x4018ae51, &(0x7f0000000300)={0x5, 0x6, 0x10001}) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) ioctl$KVM_ENABLE_CAP_CPU(r1, 0x4008ae89, &(0x7f00000005c0)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x3, 0x6], [0xc1]}) [ 1219.214015][T13548] FAT-fs (loop1): bogus number of reserved sectors 14:21:32 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfc\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1219.256275][T13654] binder: 13632:13654 IncRefs 0 refcount change on invalid ref 4718592 ret -22 [ 1219.257543][T13548] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1219.281193][T13654] binder: 13632:13654 BC_INCREFS_DONE u0000008000000000 no match 14:21:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)=0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000002c0)={{{@in=@broadcast, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in6}}, &(0x7f00000003c0)=0xe8) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000400)={{{@in=@dev, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in6=@empty}}, &(0x7f0000000500)=0xe8) stat(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0}) r7 = geteuid() fstat(r0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000740)={0x0, 0x0, 0x0}, &(0x7f0000000780)=0xc) lstat(&(0x7f00000007c0)='./file0\x00', &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000880)='./file0\x00', &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000940)='./file0\x00', &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r13 = getegid() getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000a00)={0x0, 0x0, 0x0}, &(0x7f0000000a40)=0xc) r15 = getegid() r16 = getgid() stat(&(0x7f0000000a80)='./file0\x00', &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fsetxattr$system_posix_acl(r0, &(0x7f00000000c0)='system.posix_acl_default\x00', &(0x7f0000000b40)={{}, {}, [{0x2, 0x2, r1}, {0x2, 0x3, r2}, {0x2, 0x0, r3}, {0x2, 0x4, r4}, {0x2, 0x2, r5}, {0x2, 0x3, r6}, {0x2, 0x1, r7}], {0x4, 0x4}, [{0x8, 0x1, r8}, {0x8, 0x4, r9}, {0x8, 0x7, r10}, {0x8, 0x1, r11}, {0x8, 0x3, r12}, {0x8, 0x2, r13}, {0x8, 0x6, r14}, {0x8, 0x2, r15}, {0x8, 0x0, r16}, {0x8, 0x2, r17}], {}, {0x20, 0x2}}, 0xac, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r18 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r19 = ioctl$KVM_CREATE_VM(r18, 0xae01, 0x0) r20 = ioctl$KVM_CREATE_VCPU(r19, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r20, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:32 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000100)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000040)=[0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x2, 0x7, 0xa}) write$cgroup_int(r0, &(0x7f0000000700), 0x12) 14:21:32 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000004c00086310400000000080"], 0x0, 0x0, 0x0}) 14:21:32 executing program 1: 14:21:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") openat$pidfd(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self\x00', 0x200500, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x8000, 0x0) connect$netrom(r1, &(0x7f0000000080)={{0x3, @bcast, 0x2}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @null, @null, @null]}, 0x48) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r3 = shmget(0x1, 0x4000, 0x54000000, &(0x7f0000ffc000/0x4000)=nil) shmctl$SHM_STAT(r3, 0xd, &(0x7f0000000180)=""/158) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) 14:21:32 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x7fff, 0x3, &(0x7f0000001300)=[{&(0x7f0000000100)="4713bb58183aff4524d3337c398e28bff5565e0e3e0a2a090c70ca6a2e4d373b0bfd034434a6fb72ff815393e6ee569bbace31c7031717c51f688a66b996e31b7ca6dc079fcdd3e9372ad5be366b0b2dd440bdf56d6f9d71c7275edd035b3d45368e2dfcda1616bfb8252df317adc36fc41894943324aad188c9c898193fe4c4037d995c09d8be79193439b69fee886565df182d88f23d938853edcd163e43871970aa205b6227211472a4f389ec61674e3b9fead45fa37b754f91d3e3e70e34f513b7f87b11fae7bde03c2e4351defd61b60e704922e5f75e28e3b3c071d93f385d860519e59bedbce4572e7b535e11ae93f101c28869dc2c13724002", 0xfd, 0x8b}, {&(0x7f0000000200)="9e7fb1cc2252e0abfacc6550d484ddf433d9748696d4ff3784b193976ec8fbb4af4da00a002608f3e9018ea62ab21d45ee71ee26a4f0496e4bda4d079265fa3931bad395bbd6b117c79ff16dc1e8824c22b823e1c58bddb213f73e41af61d6d84c0849eeb42131c0a69a274f574afbae783a9c36a569469c1f9f4e2a1e993b7eae2193f4aeb7487d06771c90f00d5c6c63f937da257b94ed8954f868f2c240de406e28f5237c1136dfdf14bba8061db9302036a1b7fbf8bcebb29195f96948388e2b11919079010d0f4bc554b66c9f55d4b37c4095a62687eb3baaf7ebc14f643906efa751a3e7c7a156598c7aae184ed340eb3732", 0xf5, 0x8000}, {&(0x7f0000000300)="0d193050ace74d4b5e664ff6bf3ecf6d30d357be736331f90ad8a5dad45a737f1bcbbecc668b15ecb299a93adca109c57c0259b1650dd39626ddfa27096ac8adc8c0aeb675e4edb2512c95e1f00aa5d970c723bf15305a63fc3f150eb2adc5da238291478c565dfe190671084d9d50ee6b01e159791359e26f69fbb2972b938cf0f62077bbf0ca8b579d38da6e80f122b15243cd8a1e5b684d2b98831df89790db2f569b230c995be7a01a5e94b65e5f31de50079687d326d74f7c156d42b8821d3479e9456494cea9bb2bb0ca25292c8df30a16f4d929aab9e5d212c85eb1bf445eceede8b5f73494afed501ac32474b38cf8c15adc7567e22b4fbbc704add6113f6fe7b38f2abb3f24669fcbc764ef96b094a69f3dbb31336c9b440976374b7f2bbb159fb091744ae8d60691e2cabca201c31cf44a3ed55d8cd9e19762a722aa17ef1595bd3c4ee984eea8bbfb6b8b36319cdbcae724f0f5f290f967387b61ce0e46d58c38833a0ef60b7b5f8731a2ce565b06cd232b5d359eb705a0bc654ba21a4e8264793a61d5586b8a58c2deb1d1df680f9e5fe013faa37785e100e5ec5be20d176346f40c8015cb89f0dfe11adcfde7797ce897770dfa97599f441734387ee699f64aa905e67ee9a465c58cb330956e161febcedb6bc95b79dae9be65ab3b149d0aa3917128bf5cefa3b96b0d2ca75706c80d318c221e03e6b90c856553f3fb20b77d59869ec10a63766f0bca904260a6896a8b22782bd7f735c530ad2724dca63730b7bd3f42b86099bfe3d6a053de37553556b8fc362480fe7ca41a21db07b2c445ed269dffe3326e1211bf717e58da4cc810fe4d3a141722d63278a4668148c31832825644e8503837a6ab3526cdba38bd318e12b3d1dfd5d2074d6e8c23c291e20fddf6dfd893a6aa81e14dfcccb490370f603ed08075f4206fa6718096ddf38b1232409084689087d955b37fa22348bea9f04b95237e37b5b9059d6e4474cfdae7b17d7f02e4f6f03282361ad85fad4f2c186fe23181cff8517daa510d2a06e9772579a3a3c9f9cc0b6fb7ef099fbb650bdf9dc1427ae73a49463d82427a126169182c3c7c979c176cb744a4fb91a78ba431d51ad678a62ef228ff092ba60a1d3835dea3dba21d5ff2bea0323bd08060da70a2115580bf4a7f27356f41c6ed4c69ea68e9873e4323f157a7199d628f39adcf52ecbaaa371ce922ffe1650b6a77845023b4d9dfdf86c5c829390c21867f4965eef188f2c66f8325d6f13b6c6bca327c77e8ba62c29f8faa4e32a9170ccfb76d6ad0c070f64dcd2cf93d116171cc86f9e42d783b705faca5d80e5b60c4177b0724d189eca10be9a864fa542f5bccf8b8e7571082066858885bf8741197fa381d4f3484a3a15c3cd59d859d3cd9e7b10271da6c8943aea9225d1360ab89e6fc71c9f02984cadfb86652c5066de5b0728bf4694b3259c955254425fcbf63aad97612c3961cdcb34ca4362b3df2db50908bb0bfbe3b3d33e223be6d204a91d8f8a4fe3a1cb68bdcc49dfab4cf467412d20330ff01f8392b58abcf8c7609d41ed88b096bd0414bc988444ba23955dfe9c04c905d4f311943e779646088ef76f59afc7bfbac0fa41033eded05e043513e3c89a8a65222b2aa462479b52991a1c1832fb39b69b8df66bab08656e56d5dfaf6546c4d022f83070d3eaa52175e2a81cbd433f9449b11a2d7500c5a561f78f799d14b0d21c22448b71fcf31b48dec8d5a0b6cb936e5550db6c7157fbb05f3a6d82ffc28c82b4d233d8ad169392d73e948efd2f14f61aab3541ba2f3f053379c193d024d59b90ba4346ce6f5e84f2b8fa1bd2118e782e812cef2948899cb994a5b56f615a88d0c0e3683bf0e8beb410769ff6de1418e348eb08d74cc97263409fe7147a1031683964c7b8c03538bab80f170c47279e8338372952e1207886b3d3605c885036c59b780cde84633e1e0841a966667d5f5600b6be6838f06920caf2b789f579dc96e97ced31f28d560a42caedf9bfd27116c31d17b94ba7c17de0baceb183ad9acdbd0be61ca23b874a70bca484027f73a4b6c2a0d20105d82d5aed2ee880dd92422d76b008a187bdd9ec15d88c3d400e832a76e8e100a9d1f571f0ad1f4261bf885e4b704f9be96c8d4ab1442ffbd98be791a4f37c7e3cbaaf9fae32d1d4b2dbfc056582d29fe53b56bb2a33e0e8c3afac5f44c98663a25441b24478815319aedeb419b2aeb089930c6d168aa8b7ab84ae948e3d4085c4b65d3f20adad9da6a843cdeb10da0d578210d307ac7627125cef53cfd9e419371393c1e0be6d90fa5d3b288a8b6ba2ad16b3244b449c85ea1df20a55cb7f826380f32710fca5525a31328422e2a53a3da986b055329b3bc0d29a53234c988ef6e4a73762fdedf9cf5613cc5dda1080ac35035b797b557e97c2475641509040479985d67575ba59058107d32e68e6ea8ffd47870aa4dea351c7d3456c558056a5ccc1bdb4b052f15f6b29278cbe7433a9c3ee1db4ebd6c5ddffb5f40953d5ade2cf4c2cb00808f02ec1bc58759fa89df42f52cc4ce172662e63f6297a76487801ecbad0484ef4b2f4e5e437c131bc91bc712d17530b4424b17f0fba108b0a9a60d8dd79e0064d353a6066d27d2b53d4189be4e1be2dccb293c153791f954019029afbd266e7d15bc2a30722aa8e39429e29dc8dddc2dfec0928de5817a3d3e53f66bb58e9baa5e71ebadee57291bc684127a179b717dac97b4d7a1d9cfa3f6eaca0ea169779acab6d391bff1aec1cddc7b1aca65e7f451588528e4ae5b0cb30f922f8e6cbc5f3b5a55d5dcf632fe5038e55a1c78fdbec27a86b81ce9186a1e743b0c83a3e94aa587fe8b140329e580dbca01f9cabbe602562763e463f45fa1c0517b4a8ec667f8460abbcb1da15f611353d3ff8c1341a7863c3788ef94790be76118a4feb35725ff860816cd98317d035dbd8d0a8d48c44b178006b10a2426673a1f31db4724db5e449cd4b2a5016e406ee239ebe000216b111f21bd5e999809ec83b83148ff27f9e8fc6c90bf22535446946261647c0950b7ef25bec20f1db96efdc21066f15e99ae7dce80ab6545d884bc3d1e39262516bbd5f6d12b317711e9e56c21754b58171bf1b553e76f786f0cd73f1c31da0bef85c8cdbd90ef543e15b738d64bc004f62b37b18d641536857ac57442b585bedc3a767b38ae2b25884718cc2c4353e4668daffb4b146b0ef80ca611d6cc9c07b3b0a4bd49ccb2d4ee253e7828a99a82f8b86329c105fc6a65118732e1441d50746b8020e127a663dbabb03a56e7b8d10097ba696e7e02220abbd9884f4c9d8c417dbb5edc259d9bd9d07998d80fbc5dbafeaaf8d1994e5ec3a61bfa7f99b382bb59a4dd6af000e09b3531ad396c70020d87d6a67ab7e778daff194787496e620e384b9414f446a37120f399e750b0ac57affa6c38da8c2ae5cb3f73f2c5a83c758aa91ed631550b53665c5b3e820c79cb1c28fcc886697301cf38014ffd4174942c5383afa7e800a11ec9fdad9947963620f7f375a1251936dcde9514034a81968311b82bcaa3692df130530fed13f6aa8a28cda45474af37035eb33da9efea983e2f89cbee0b56d807ae1089719652da4470966c0a998f5008efa35f1dfbf308219c1284ceb80bfc959ff3ef417f78a649477752df77de4935c8293815aa3358b9b4a482d89d775d173e7c7199f2258bcd92be88c1a67966dac94454be1213851ee20eed313a0eaf3ef0aac0e791fa8c7625c17eca5113336e34bec17a14f63e450fc63bf4c3cfd9f2a318fbde6e6ee8164f192c457249012eadfd262f14fcc4d7b5ab765c00f36404fd1bba17a00681125e5cc4d8a0957a369f473c3ea4778aeb3de65b621f725f848869494f253a5d9099e442d2fa3d4735812a6129a2984d2645b5b584bfdf87339eeffb0562e42f1352926490107ceeea2e4e8c35122ab27f80f9f9d5cc85981c708028890106068af483703b677a62af46ca42637d86d7a3112e265b5ed8a50841c5ee1f21f11f3fd229779a053e85c209e1a974ff5bb21cc480257e0400256102f46c8cf910c108b5ffb8eee69584042915480da0a5d62f8bdb8b3b95959ea452f2eeee410bcbe847a413e99ba01f3670d1eede3706650d9706e8242d2dbee4a88ba67a4c158ef9af7e453e17ce8ab37af264996ab0eba3752b3fcae14c197ac7860de28dcffa6ed08745c4bac39980fe7db46e995b5f25f0c94cc4b83bcaace3d9b4ac40b2ff6192b89d42dbf97278cc10b3b8b13373a824add988756c5d3ace687b12d6f94747927e8f42aea4abc7a790b4a342d76ed93228c4b99c63e24a456dd198afde46da7c48806249cd55d01ebf7e6afd95325a0da32a593c08992cadf36489f9b4a7cf9686cf4c7594b4839d55c939a0b77531f8fef41b03322fb61519cebc6baae5daea68d4992d3b038414409d5b77924ef19180eec344be9c3214b286df607be947c5f7e624cae69d8e48b20fe9e1492d67fbcc72cbf49836be2a5f126d57de4fad84e9e660037763860de1a050aea4ce429d3156e2b674e5c92feb8c56bff57d7d62feece5434826e3bf1b4420f512eedc7cbdb97fd26a018a2abf64466826d285e76e939ed7eca9ff6aa553c8a37ff70f28ceac6112b5ec1590c7ee21269a4ac2c251f24bd2769a0b38f5988f0e9ad1fcf309da903613a9a8e362a855aac3eacd35f601644f1799819282ac75103aca84c0d7ab9fd5a852de3a670fa3a55a26cb3e4f752597833e1a560f1d062147daec844c0b8e2bfdc85273995a2b1dcfcbc7c35c8f0497f21c5e04a24fe1e61d2a65d4e43ea01ec65873043dc99f617d1c427401bc553ea76ee3fd56150366381efb75ec5344fc6feedf5437d130db018900917266770a7a5a3fa0d3d412c909fb142da967ea6028d9657b796d9a616fac8342561f3d783a790ede78f92dfc95250859ed39827ae2ed79d5ae0a862cc1fb36818fa65520f2a1725b199e9c4cce34698bd093c1cb95d0528b101f9fde3278a68d6d0dc32f9c686608f56159d1123ebfed011bd497ecf1629146d7265f0808a28338ce9554d094a72598d042b00ae9db9681baba9f19c37d5a472fec27109b5c3d5e1a869948211eeeee20c0d718034b7817d8ea91f4be0d83d121f300688f6d6b148fba32d6c570e3273c9d038ba9fdf087162c67793d62cbd53bfebf2df8a7ae5547876e7497763382a8c63594d82ae69f5bf85dd7d31cd661e00fb70d07b5824539c8d9b0f38b341d7071e8503281fe868d6aaa393170596f903fbdafe4e57d0142952663adeea518d5e42cb0613e04301a64fc156d8dc1645759a8e6ddebff401203681870352be498eccf5929f602f35b9bed56b0cbd26e87f57a9c7bb853723196382e1cde332b61cd44ac7416d8e44fc33814669752944c204f4f90a0bedae65e1cbed0b07dd667cd384de5845f3db8a100565abf678ade3969838fd149292091a648192e22ae10d36c1f1fc32beabf2c3b855db2e6dc0f475a21dbc59c6b63ab602c00f6021b612f8dd265827745a5c5cedb7fa8d28b7ce761ee59def4f2ec654301fbcfe5774b4c3889b2b97e5af51d30c052d2de42264d215b6017795bc4f27b9cf22a2bf368025792fa8c018dd364c6a20366248f498e41b318f6de8e8a255cc7983613a850775de715b9cabca2615b7fd7b22b6eb8376248f3d63fc085580c6bf86be4d768be91c7e153d853840e7356f7c56cfd1573ed595abb69696b65164896519ea78150ff75b0a961bb5d91bf", 0x1000, 0xa}], 0x482, &(0x7f0000001380)={[{@numtail='nonumtail=0'}, {@shortname_win95='shortname=win95'}], [{@defcontext={'defcontext', 0x3d, 'user_u'}}, {@appraise_type='appraise_type=imasig'}]}) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000001480)='/dev/zero\x00', 0x404000, 0x0) accept4$nfc_llcp(r0, &(0x7f00000014c0), &(0x7f0000001540)=0x60, 0x80000) r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000001400)='/dev/vfio/vfio\x00', 0x10000, 0x0) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000001440)=0x7, 0x4) [ 1219.503258][T13773] binder: 13772:13773 IncRefs 0 refcount change on invalid ref 4980736 ret -22 [ 1219.518570][T13773] binder: 13772:13773 BC_INCREFS_DONE u0000008000000000 no match [ 1219.552043][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1219.558070][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1219.564100][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1219.569879][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:21:32 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfd\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:32 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:32 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000002c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000030}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)={0x160, r1, 0x10, 0x70bd2b, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0x10, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xaa}]}, @TIPC_NLA_SOCK={0x10, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}]}, @TIPC_NLA_BEARER={0xa8, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x7fff, @ipv4={[], [], @empty}, 0xe316}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x7ff, @dev={0xfe, 0x80, [], 0x1f}, 0x1000}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7982}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}]}, @TIPC_NLA_MON={0x44, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xa3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x85}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}]}, @TIPC_NLA_BEARER={0x34, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'lapb0\x00'}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}]}]}, 0x160}, 0x1, 0x0, 0x0, 0x24004004}, 0x4000040) 14:21:32 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000006000086310400000000080"], 0x0, 0x0, 0x0}) [ 1219.731620][T13880] FAT-fs (loop1): bogus number of reserved sectors 14:21:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x8080, 0x0) ioctl$TIOCNOTTY(r1, 0x5422) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='trusted.overlay.upper\x00', &(0x7f00000001c0)={0x0, 0xfb, 0x9c, 0x4, 0x7, "233d01670ebbb1620282a0d134029d00", "0d807b0d78e1999ec1c71ece0aa9777d1e7be0af79d495b4b7f6b1883ad2c958ec9d1c654708b0ef7bc9f7e67f400e8cfaa7516d82488b2e4ac10a6bfb617201f4b65dbdd090f2f01af3e88e17adf15ec8d9b2da3cfa60f07b94287f58fb244c92f562247653005fba1ec2d3a00237c89ee3c3069691b619f3321e21c79819f63eb99927b7b6f6"}, 0x9c, 0x3) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1219.772580][T13880] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1219.805708][T13998] hfs: can't find a HFS filesystem on dev loop0 [ 1219.819837][T14074] binder: 14054:14074 IncRefs 0 refcount change on invalid ref 6291456 ret -22 [ 1219.843991][T14074] binder: 14054:14074 BC_INCREFS_DONE u0000008000000000 no match 14:21:32 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfi\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:32 executing program 1: syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1219.921633][T13998] hfs: can't find a HFS filesystem on dev loop0 [ 1219.947148][T14125] kvm_set_msr_common: 1 callbacks suppressed [ 1219.947162][T14125] kvm [14117]: vcpu1, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:33 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) fsetxattr$security_evm(r1, &(0x7f0000000000)='security.evm\x00', &(0x7f0000000040), 0x1, 0x1) 14:21:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000006800086310400000000080"], 0x0, 0x0, 0x0}) 14:21:33 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1220.062606][T14203] FAT-fs (loop1): bogus number of reserved sectors [ 1220.098840][T14203] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1220.126476][T14257] binder: 14219:14257 IncRefs 0 refcount change on invalid ref 6815744 ret -22 [ 1220.139694][T14257] binder: 14219:14257 BC_INCREFS_DONE u0000008000000000 no match 14:21:33 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfl\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:33 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x200, 0x0) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f0000000100)={0x1, 0x8, 0x6}) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:33 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) ioctl(r0, 0x1, &(0x7f0000000000)="bcd147a3d33e219f890531c12f712ee6f02f83c8b4583e8003a52601cb9a019021165514af221734bb506c28463f77630426fb7e4b4dada43b7e3331316b5b3f2bb659036de0d4573da469c3472c2430466fdd0e85409cb575b7ede1394d54230687d63f9c81b2e13951f085160ffd13599494c4f392ecd2e940d6823a5242d60184ce01ccbf5f15fe5ca25703cd24e665e76064870624a57d317ca5c4871f861eefa85c3c73f78f05e00d8a69ee017962d4de34e3723b1af2253f121f21bed277be14b03ffe27552fc4") write$cgroup_int(r0, &(0x7f0000000700), 0xffffffffffffffca) [ 1220.216524][T14252] hfs: can't find a HFS filesystem on dev loop0 14:21:33 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x800000000005, 0x0, 0x0, 0x3, 0x0) socket$bt_bnep(0x1f, 0x3, 0x4) 14:21:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000006c00086310400000000080"], 0x0, 0x0, 0x0}) 14:21:33 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x10', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1220.386220][T14423] FAT-fs (loop1): bogus number of reserved sectors [ 1220.411340][T14423] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:33 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) ioctl$PPPIOCGFLAGS(r0, 0x8004745a, &(0x7f00000001c0)) ioctl$PPPIOCDISCONN(r0, 0x7439) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r0, 0x118, 0x1, &(0x7f0000000080)=0x80000000, 0x4) ioctl$SIOCAX25DELFWD(r0, 0x89eb, &(0x7f0000000040)={@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}) syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x2, 0x228080) write$cgroup_int(r0, &(0x7f0000000700), 0x12) 14:21:33 executing program 4: socket$inet_udplite(0x2, 0x2, 0x88) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x402001, 0x0) ioctl$PPPIOCGDEBUG(r2, 0x80047441, &(0x7f0000000100)) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:33 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfo\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:33 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000000)='./file0\x00', 0x81, 0xfffffffffffffde4, 0x0, 0x10, 0x0) r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video37\x00', 0x2, 0x0) r1 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0xfffffffffffffff9, 0x18100) lsetxattr$security_evm(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='security.evm\x00', &(0x7f0000000340)=@md5={0x1, "4ff022eb2f1edc37b0801c1319804052"}, 0x11, 0x3) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000100)=0x0) ioctl$sock_inet_SIOCGIFADDR(r1, 0x8915, &(0x7f0000000380)={'veth1_to_bridge\x00', {0x2, 0x4e22, @broadcast}}) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000180)={{0xa, 0x2, 0x85b, 0x3, 'syz0\x00', 0x1}, 0x2, 0x3, 0x100000000, r2, 0x8, 0xc44, 'syz1\x00', &(0x7f0000000140)=['\x00', '\x00', 'msdos\x00', 'ppp1vmnet1[ppp0{\x00', '\\\x00', '\'^[vboxnet0selfem1%\x00', 'msdos\x00', '//\x9f\x00'], 0x39, [], [0x4, 0xebcc, 0x7, 0x2]}) 14:21:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000007400086310400000000080"], 0x0, 0x0, 0x0}) 14:21:33 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:33 executing program 1: uname(&(0x7f0000000000)=""/224) 14:21:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000007a00086310400000000080"], 0x0, 0x0, 0x0}) [ 1220.768307][T14789] kvm [14763]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:33 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000700), 0x12) [ 1220.895519][T14858] hfs: can't find a HFS filesystem on dev loop0 14:21:34 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x74080, 0x0) setsockopt$rose(r2, 0x104, 0x5, &(0x7f0000000100)=0x7fffffff, 0x4) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = getpid() process_vm_readv(r4, &(0x7f00000014c0)=[{&(0x7f0000000180)=""/31, 0x1f}, {&(0x7f00000001c0)=""/42, 0x2a}, {&(0x7f0000000200)=""/85, 0x55}, {&(0x7f0000000280)=""/238, 0xee}, {&(0x7f0000000380)=""/102, 0x66}, {&(0x7f0000000400)=""/165, 0xa5}, {&(0x7f00000004c0)=""/4096, 0x1000}], 0x7, &(0x7f0000001580)=[{&(0x7f0000001540)=""/63, 0x3f}], 0x1, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r6 = geteuid() r7 = getuid() getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000001a40)={{{@in=@dev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@remote}}, &(0x7f0000001b40)=0xe8) syz_mount_image$f2fs(&(0x7f00000015c0)='f2fs\x00', &(0x7f0000001600)='./file0\x00', 0x7e8c8ea1, 0x7, &(0x7f0000001980)=[{&(0x7f0000001640)="dd7a63483c4189caa0682d38267bde407948dd01a87608a3bf2b2bdf02933b7680d872a54750dbcf5fe8be6135340a32b5aa4c403976d09161ef2938bcc4e508211b22f33a5a5e4422c218a62064a45f3083013fba90b436bea3322f37f0e45da9a8460e8856bc13212614208c7d00390accb4c5b86b4e7b177fbb75d50eefb7dae86cf55fa4dc5ce60fbe", 0x8b, 0x3}, {&(0x7f0000001700)="5d64c4b05d3f5800930cb67c9551bf9759e23e80dd39815c4251f8600de5d5c4257da7525c6854de965f10f02786c5fce5a139183402a1aa0fc5e80bf805c84a63a9929c1720e4d27242c5f7b8ec7118855216766c1705ef35b521", 0x5b, 0x4}, {&(0x7f0000001780)="86a828e69c0112c3ce4fdf0f5a5c40fb3af89b4a1c59a201", 0x18, 0x40}, {&(0x7f00000017c0)="771452238d064a9e6d838e2ff511d4e828b6162fbad37c4c85dcc7a4cb997d1043b14ed0549e1c1e06c5fd23cf9d34ce5123c2ef2ac8dc12f9be46f99caf4b7392568391b4b77bcb97b7a5bfeaa1c3135b92ecfe5c86f536ce829a779cdb643050efd6095fe0ae484333f715f1feff2d2705880dc2dae672ac49e34517936de02cdb117a4741fd9b2f06119417ff6cb5f668420dd96b0dbd37554e14bf6bf58ccc8db95d65466504fa154b2169af3f59d1a4007e5fa8f3b40d581037b79367d13692cb956e05ef7cb5b3571eadf3b7cff3", 0xd1, 0x4}, {&(0x7f00000018c0)="d87db18268e2581b86056858a1cba55690c8eee4de1d2f796a7ffa0578860b527ee90487c24a5312f2e10dcf621c6a9f", 0x30, 0x6}, {&(0x7f0000001900), 0x0, 0x800}, {&(0x7f0000001940)="0f8de1d159a0b32adcf0a4e5d620aabbf2730e4f884fa4a45058a5e01816751993c16077003c8b26a1f05ee910eb2d6683849cc1", 0x34, 0x3ff}], 0x4000, &(0x7f0000001d00)=ANY=[@ANYBLOB="6163746976655f6c6f67733d342c67727071756f74613d73797374656d766d6e6574315d44707070312c2c646174615f666c7573682c6e6f666c7573685f6d657267652c7265737569643d4cbb803ad47d02a4c433f9a4adf20bae9279db538c3f699fe6d8b37b12b7682c324a8d0a3a5b27c6293d48db4a21d9f8bf86c49af2c40664769eb3095bc481d6d2d4d89cd896fc7a04af006c64846b47f482b8df280575971be47f155b2622781725db176ca9b1edfbfff957acb72a96f4f5941a8b41335c9ae4e1a9a1", @ANYRESHEX=r6, @ANYBLOB=',noinline_dentry,noinline_xattr,func=PATH_CHECK,audit,fowner>', @ANYRESDEC=r7, @ANYBLOB=',subj_type=/dev/snapshot\x00,fowner=', @ANYRESDEC=r8, @ANYBLOB=',\x00']) ioctl$KVM_ENABLE_CAP_CPU(r5, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:34 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x8040, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000000040)=0x2) 14:21:34 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfp\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1220.985787][T14858] hfs: can't find a HFS filesystem on dev loop0 14:21:34 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x0f', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:34 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x80) write$cgroup_int(r0, &(0x7f0000000700), 0x12) 14:21:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000003086310400000000080"], 0x0, 0x0, 0x0}) [ 1221.123290][T15074] FAT-fs (loop1): bogus number of reserved sectors 14:21:34 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) fcntl$getown(r3, 0x9) [ 1221.179137][T15074] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:34 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x7, &(0x7f00000000c0)=[0xee01, 0xffffffffffffffff, 0xffffffffffffffff, 0xee01, 0xee00, 0xffffffffffffffff, 0xee01]) fchown(r0, r1, r2) write$cgroup_int(r0, &(0x7f0000000700), 0x12) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) 14:21:34 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfu\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:34 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={r0, 0x28, &(0x7f0000000040)}, 0x10) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f0000000140)=0x2, 0x4) [ 1221.324555][T15188] kvm [15161]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000005086310400000000080"], 0x0, 0x0, 0x0}) 14:21:34 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:34 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:34 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000180)={0x1, 0x100000001, 0x9e9, 0x7, 0x2}) write$cgroup_int(r0, &(0x7f0000000700), 0x12) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000000)=0xfffffffffffffffa) setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000000040), 0x2) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f00000000c0)=0xc) r2 = getpgrp(0x0) ioctl$TUNGETSNDBUF(r0, 0x800454d3, &(0x7f0000000140)) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f00000001c0)=0x58000000000, 0x4) kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f0000000100)={r0, r0, 0xf6e}) [ 1221.484854][T15400] FAT-fs (loop1): bogus number of reserved sectors [ 1221.518329][T15400] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000006086310400000000080"], 0x0, 0x0, 0x0}) [ 1221.629274][T15605] kvm [15601]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:34 executing program 1: syz_mount_image$msdos(&(0x7f0000000140)='msdos\x00', &(0x7f0000000180)='./file0\x00', 0x1ffffd, 0x0, 0x0, 0x2210040, 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x800, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000000c0)=0x4d75) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000040)={0x6}, 0x4) ioctl$CAPI_GET_MANUFACTURER(r0, 0xc0044306, &(0x7f0000000080)=0x9665) [ 1221.691792][T15611] hfs: can't find a HFS filesystem on dev loop0 14:21:34 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfx\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000007086310400000000080"], 0x0, 0x0, 0x0}) 14:21:34 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) r4 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x2, 0x2) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000100)={0x0, 0xffffffffffffff81}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000001c0)={r5, @in6={{0xa, 0x4e20, 0x2, @rand_addr="5a20472a4b870a4a8c128e1fe7bf0cc0", 0xfffffffffffffffc}}, 0x7, 0x100000001, 0x8, 0x2, 0x48}, &(0x7f0000000280)=0x98) 14:21:34 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) getsockname$ax25(r0, &(0x7f0000000000)={{}, [@null, @null, @remote, @default, @default, @netrom, @default, @default]}, &(0x7f0000000080)=0x48) write$cgroup_int(r0, &(0x7f0000000700), 0x12) [ 1221.837606][T15611] hfs: can't find a HFS filesystem on dev loop0 14:21:34 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1221.900380][T15801] FAT-fs (loop1): bogus number of reserved sectors [ 1221.923220][T15801] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1221.971879][T15929] kvm [15928]: vcpu1, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:35 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp\x00', 0x0, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/backup_only\x00', 0x2, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) setsockopt$inet_dccp_buf(r0, 0x21, 0x8f, &(0x7f00000000c0)="802440c9f7b4804826a6ff9393c6af6a85d45058877cef05813f7b90746e299806ffaa9d3224b22bc60f3972b26e14aa5968e779859b62e595afa1bebbca079a891c3f214b99b5d8ab362d5ddc9ffad754ffde563023ad3fea0aae500f4910a4a4e8a231f1cfaf737f4ac60d6fd4fc9d5b88d09c2f8160a0b48cc2dc730082b6563b29e4afde71a5d85c4c6e5aa135e98ddaf587d5ebb4ff19eff3d02665d80b1db430276db25adfff6892c38909a455975908f125efda17de9e7c397ebeeab3cb5aedf611682add2a93642887ac1e3d0d14f3e5af68b1f5ba4a456fcabffd4123a275d9e08b30a0ad6010e145fffb", 0xef) 14:21:35 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x480000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_open_dev$audion(&(0x7f0000000200)='/dev/audio#\x00', 0x8, 0x40) recvfrom$x25(r3, &(0x7f0000000240)=""/162, 0xa2, 0x40000040, &(0x7f0000000300)={0x9, @null=' \x00'}, 0x12) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcs\x00', 0x80000, 0x0) getsockname$packet(r5, &(0x7f0000000180), &(0x7f00000001c0)=0x14) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x0, 0xff0b017a, 0x1b], [0xc1]}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)) 14:21:35 executing program 5: write$cgroup_int(0xffffffffffffffff, &(0x7f0000000700), 0x12) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000000)={0x1, 0x7, [@random="0ad0afa2615a", @dev={[], 0x13}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @empty, @empty, @local, @dev={[], 0x16}]}) 14:21:35 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000020086310400000000080"], 0x0, 0x0, 0x0}) 14:21:35 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x02', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1222.180666][T16019] hfs: can't find a HFS filesystem on dev loop0 14:21:35 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x803) write$cgroup_int(r0, &(0x7f0000000700), 0x12) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000100)=ANY=[@ANYBLOB="f3ffffff17556ee5a9732a1ede981e2f0c6e010000000000e400", @ANYRES32=0x0], &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000080)={r1, 0x36, 0x0, 0x80000001, 0x7}, &(0x7f00000000c0)=0x18) 14:21:35 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000048086310400000000080"], 0x0, 0x0, 0x0}) 14:21:35 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x101000, 0x0) write$cgroup_type(r2, &(0x7f0000000100)='threaded\x00', 0x9) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) ioctl$IOC_PR_CLEAR(r2, 0x401070cd, &(0x7f0000000180)={0x6}) 14:21:35 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfsD', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1222.324641][T16043] FAT-fs (loop1): bogus number of reserved sectors [ 1222.331853][T16019] hfs: can't find a HFS filesystem on dev loop0 [ 1222.358913][T16043] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1222.440516][T16354] binder_thread_write: 8 callbacks suppressed [ 1222.440532][T16354] binder: 16353:16354 IncRefs 0 refcount change on invalid ref 1207959552 ret -22 [ 1222.459874][T16354] binder_thread_write: 8 callbacks suppressed [ 1222.459889][T16354] binder: 16353:16354 BC_INCREFS_DONE u0000008000000000 no match 14:21:35 executing program 1: stat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0}) prctl$PR_GET_SECCOMP(0x15) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440)={0x0, 0x0}, &(0x7f0000000480)=0xc) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$INOTIFY_IOC_SETNEXTWD(r2, 0x40044900, 0x100000001) r3 = geteuid() syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0x75e, 0x5, &(0x7f0000000300)=[{&(0x7f00000000c0)="64b174b3f86507e0000a9fb254341776e0b71fbba3a7c3f7b064a22e", 0x1c, 0x8000}, {&(0x7f0000000140)="759a752498e3d03154c366d9afe0e3b7f52d64ebc1a90f32a0035987f4814d0c981a8880a9f3baaa7e4f4e67e16d0bc47c96902563f97227c06191f73fddc23b6023f586ce5c5afb3cfbc72eda67597e99948aae1800defb8050b636c5", 0x5d, 0x10000}, {&(0x7f00000001c0)="014453f6f6710be80c8995e1d914f8985d3689cbada2763f6a7a9a1a8c6c943f07f13349ccdfe194d46860f837ad6f6746370d5db1", 0x35, 0x20}, {&(0x7f0000000200)="e71ce0a7849643e6dd494c8657b4078016fcc338afaff845bbfac7b29d16dbaac5fbdcaa7e7882dc05bca579d2192dcfa0d41b23d50c5cfd822f2987bdb2e55d4c52c8bbce15825d9ceb4db75b8e5b88f6e4a42543b43cb7aaafd33cebce69f643f768de6feaa47608a8b18f63f6daf0b40c51fac95ac21076e20495e2bb3d9d5d731724dcfa6b4000791daff22ec9293f64bdc245086b8d892d", 0x9a, 0x5800000000000000}, {&(0x7f00000002c0)="616f4d6f01707b4a2ea3d6dea56a9fe1e46a5fcc", 0x14, 0x101}], 0x4001a, &(0x7f0000000840)=ANY=[@ANYBLOB='dots,nodots,nodots,nfs,nodots,nodo\t\x00\x00\x00\x00\x00\x00\x00age=850,fowner<:', @ANYRESDEC=r0, @ANYBLOB=',obj_user=msdos\x00,rootcontext=user_u,fowner}', @ANYRESDEC=r1, @ANYBLOB=',audit,smackfsfloor=vmnet1%%,uid>', @ANYRESDEC=r3, @ANYBLOB="2c18e592beb9c8a3ecb2e1b91ef95f1cb5b47282b7d32ed3c8f2b9f2261d94d8315fb246fe3c24c482a5edcd760bf06ec686a70ff92e06ba944a365503a0faccba76def263cd091f0184f39698a6bc3c90b5d34811138d617f4314bf93a11ff57afaf4b10de580ed878b426f39d7db97b5e1dbc47fd86560cddfc3d20e79cb4ff4f13c43db7d2310dcb748dcd8640fd5aa2ec252c1fb19ea7747573e96410406d432ad235f392a95e5fd9334c3f5cef86476c89c1f908c8a4fa8ce522de8a6f71de175f25e68ef496c56a2673934a5a183b3fa51468631210bfef7d5574eec45f8068e327d164390b8c037aab891d1ee09ccacd6d4447ccafa4331ef7daaed2fea3efc2bf1416e59d6a245a41714f5b56eafcfa156fb08026ccd11125b24b86d17"]) socketpair(0x3, 0x2, 0x101, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000600)=0x1, 0x4) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x4f1, 0x0, 0x0, 0x0, 0x0) 14:21:35 executing program 5: write$cgroup_int(0xffffffffffffffff, &(0x7f0000000700), 0x12) [ 1222.499132][T16363] kvm [16355]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:35 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="046304400000004c086310400000000080"], 0x0, 0x0, 0x0}) 14:21:35 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x03', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:35 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x10301, 0x0) getsockopt$netrom_NETROM_T1(r2, 0x103, 0x1, &(0x7f0000000140), &(0x7f0000000180)=0x4) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) [ 1222.634803][T16564] binder: 16560:16564 IncRefs 0 refcount change on invalid ref 1275068416 ret -22 [ 1222.650284][T16564] binder: 16560:16564 BC_INCREFS_DONE u0000008000000000 no match 14:21:35 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) openat$cgroup_ro(r0, &(0x7f0000000000)='cpuset.effective_cpus\x00', 0x0, 0x0) write$cgroup_int(r0, &(0x7f0000000700), 0x12) 14:21:35 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = io_uring_setup(0x46b, &(0x7f0000000140)={0x0, 0x0, 0x6, 0x1, 0x2fd}) r1 = dup(r0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000200)={0x0, 0x17, "e3a9862dacf7d74422418a94410c9a806ddf03ea822374"}, &(0x7f0000000240)=0x1f) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000280)=@sack_info={r2, 0xfffffffffffffffd, 0x401}, &(0x7f00000000c0)=0xc) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000001c0)={0x0, 0x4}, 0x8) r3 = semget(0x3, 0x0, 0x203) semctl$SETVAL(r3, 0x0, 0x10, &(0x7f0000000000)=0x3) 14:21:35 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfsB', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:35 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000060086310400000000080"], 0x0, 0x0, 0x0}) [ 1222.790816][T16656] kvm [16640]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:36 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x04', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:36 executing program 4: r0 = syz_open_dev$cec(&(0x7f00000000c0)='/dev/cec#\x00', 0x3, 0x2) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000280)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000001880)={0x80000000, 0x6, 0x2}) r3 = fcntl$getown(r2, 0x9) ptrace$peekuser(0x3, r3, 0x6) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x802, 0x0) sendmmsg$alg(r0, &(0x7f0000001740)=[{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000380)="3f3012d6bc0c31f3ee89f27240c40a942a530a2f", 0x14}], 0x1, &(0x7f0000000400)=[@assoc={0x18, 0x117, 0x4, 0x8}, @op={0x18}, @op={0x18}, @iv={0x68, 0x117, 0x2, 0x4e, "4af4832a7c4ca337544ffc4a51519f8abfe9034f07c78bd8a53c3784f9945417d24419ef5cc3869674106c6b6bd11de99d5ee80d9423d0b339c0aea8fee74fddc3aa25581c16963ca099abcb654f"}, @op={0x18}, @iv={0x1018, 0x117, 0x2, 0x1000, "161e39d7fcfb3b9455f7583ab5711ec417832df4d7cdd34fe41c69f72ab16381f998e6922b8feea3bc37ccd8a379f007953de5286ccd7136ad38f9e788e30c6c503c2d3bc2819fb2fe1b0bae29c61d96e28582354248a9b90805a914accb7ed41fbe50d92cc5303a611ff0dd1dfa05d0d8b985d9164c5f93ed56c75642a27f3697dc7c45155453514be6eaaae0b7163efbaf6ef22e9c96b9c2f5da78adb9b98a5e091c48166521466c40eb69a525bf6ba5f2d81c5903fc3499d5e58b5d96c6dab0afa521e7259d156910cbff14ae325d632d074ab5612c3bac4004d487b71bd9eeeaa624606945aad19dca4488a58c3ac978b9571af67d76d48cf775ffd35930707433174ec7461abaaae21f643930672486f097baef7df5d442515383b9940a63673d8d2335aa37a41256ffa71c5cd5a8b27627d70174089464206f5d25af309553700afc28c702ca4556a74f01af58ba1ab895ee43f528b779dcbf1b375bf2ccf966dbfe2ea1e8702f595856a1c4780f6e9b946d876abe76c1d19d2d45d8bd43abca777dbb1404ed2560f7fbaf4b75538a321ab2ed5b1addcd739b2f4e1d8e28654a987b198d09d364c3c2fa8f9caf6bff6aed1c6ee5e9ab4160533c0d75f40f6a834496a078641d721a4ec6f22bffa2509ac31dec13f067861599b2a83dfb72a25e1920726e5e2e9bc9f747c77b256d183eb1539334e6bef47df5598bec817ba24644fcf0a9cbc0c81022f14c769185c0707e689f67d1d9a3ad32272cc4090d60be75914f4394c7195b40af46402a7e73d4a9f9f55293d502fb6394cbec0f0e69601f25bf5151cc3e89798b74bcecd02ffe3c704ba3d6431f7edd591b4cc677f3f1b5912ad74a2010b4923139fc7375faee3ea9d27e8505da27830ab922be11f601c7235b2b26f5429975161e4d6dfb28d33645eef1c13de70ce9db081b9cb180c5f59c52a05a36e87b9d614ce50013ab9a8de125d2960e7d79708d7863bb6dbcd997b34da847099b1f7d4d41de4dae94449990f63465bbe5c85cf14629c3dc1f96b017713e5ed75230f550c9e639aae0948cb5b62b3153091376b00052d92f8961541674daa126a95d231b19f6917354bf9f47f82542a1a5536db9b72627402ae157a306b5d1e1a5a3c2e0598a273614ab74d7bd8af0d5cceee2f8cb1f2e15249734123e9f24309f4684092006b688c7c07a15a33525ddc4b3894ce5a42c6004464d04b7665d80253fe3168a83704c688aaca40e1fac8c7263374cc5435fdab2871173530923985bd9cfa0678ecb70881ed8c99764bf8b16b1f79ac64ee2c16b33d05f0cf1bc06948f5cea8a61d5b66a16b438927a57d413a896d5bc3fb2fa798799bc820e43c568d5cf1152f1732a0950461f1e0c1e08db394dc326ff21f9790cc155a5fa218a1bddc40c3cbc7c4d0f39499d728c1b2c4bed60446e570f9ff57910a643bfff9517cc0d064cb0bed999777ec3fb5e85e286fd9a30900e06fcf798563fc05d43b5bbf41a5fe4b6c978dbedff44b6f71d57f73e566a1e54fcca942dcbe6461cb98b9fc335aa74f18d4753d5eac847245e19ae94a00ff5a28159ce0cbd6bbe6ef6edede6a5d5c27629edd082aeed6b8940012e57660fdb9390d10ade1cfce8a3e7c5e8b2137e8defc2d2ae5c8007c6e7de2694bf6e9a8c769d34d0a744981ae831fe158f3c6b57b21f12bfa8a41c03e335dc8571e8783750d8c9a81fa8de10dc9b6888a6d9d0d130b4ace8b7306b3b08131dedecdf893410036a2bd174a24a440260a2504f6b1094fa4acdb052b0476638099704b8cc27d96efd1304d59b3ecdc204a7e94ead296e6bbb39835a3679d9ce7c0f8859866a081d7ab3312acb6b42682102044adc0edebd9b4090294c742619287d18e56088a793e80e8b04708215ce7088ed8e1f5157ffdd5f21e382117770c29e157435fc4e2016a9a8ec5fa2e84a0776d1afba068716d5186e53b690010f9c415b9f5cfce9b653ce2825b5a23d6be5a4f038bf9903c9a57c7eb5d986d878b3b4caabde9ebb05e66ae36ebfa7eb187e6c18c88fa143ff65f44bbde7ce3fc6f5b19edc210f841323580dac5b8260635a1b688772fba79d415455c4b6febc690dcbc0f29f14310a6734fa2b83745fa16ff7bc8c4618ff818c88049a0b0709cf18129aeb15baf355667e9d0f5ea2036dcc98f3ef432dfd90d814c73d671696a1d6ad3ebf0becdb68e542d340dc44bc9f3752df9aac78de3227cbf95048d78a4b435b4fc771db30d736a701e5ce4796b134054124221d05f5a222582977fc9e411a5de831fc7660f7f4566fc72642110c888eac1cc1e6ba28b98d276be7be28cbd004100240c80c830d6e6eae1414d3b6cb905bba8413c5619241ce6ddbacc0946223fa5a571496cd5dd24865fbf540631777e9741fcf2b0359bc55abb6e30504c7130d28be31229cce71b2b67c55c42db4dc57739e983971e4a607fa17e5c26191b2817862058c79a81f7051ac5ae58251c0de3f7f8fd603b9c3b501f26b5385352e655719bdb5335234cc9cb4f43808e5a84e0542c8d905150e23b91241d7dff23d816b269406c738f8bca64e44b2fe2a7c860f913ca088509d723e7be558d98c233268cebd7c485df83f9b9b8dd9ebee93aabad705d67ba4e6fab22d357f9f4839be0d4cfb8b0308a7f8f46744bfa3e903ac955b6be11b3078b0a540ff118e1c10e83386c90434dbebb8f2d72a264acdd54fed101e85a7c39e98bb223a2dfc34e376bc432ca6ae701e453ef0f17b301d50b119abaf13732c7fb5ca77726602012dec1f716def42ac01a8b44e9f2e0d7b99c3c72e4547f8b53cc569467d64616e107bb370884f8d400ccbbc9d5550a80582eb411165cf31f627d54ad884d399361c6cbddd3b94bd6e9d3274a9dd83d1f24ef7f5f85cbd1a289df1b36af4bb2db983847015c6dbfd5e22bb7f3c73a532fb5bc5f466ce31471b8ebc73a40baec0c9ea6f2524c24608bd4ac8f6b3da86c7d149af7980ce3e08d161934ba3a55df2fd887ec074ca5a3dfa41f6585430a24b383b29013b4a8c6317d0e45f0bfde6955027c3b88237d3c75e04b88deafc9e48e0fbaa95ab65fc2bffd43c00ca627669a51d9cc0c841f5bb4fc5846702b8eb6201760899d9482149d0c847bd3a8e32958e0681ae900ca608c99c46db0d887fee91ae4aad052b96a9cfd36d9073776aff118c9b03903bc9556724eada7d1a342ff1caca00c735eae1ce0e7aa7695deab3cb00dc4256a8332d033e8cd14018e7eb1020918b8c093fed7ac348e858aee24be5ff76b5261bf88b8cdb546e082f22700910f723084e38bfa3661cd364ffd537e57dd327faf348da678cdf68cd8a8d0080a82aeeb5fbc600cb734cbb620660bbf637a0c8373602913c9dfe4840dbad429b4c8ec1884ed06f4c1dfb099a2b109589baa650954111c55bd47732a4bdfb1012d73754f423c02464d042347242d62b6b1364795327ad59243f70d78ea44e64fd50d773c59ebc9aa24a77b19c8257349cc0845495644c2af0c8bdaf02fa321b993b9cdd197228d7807a4186db1e169cfe7ae1d1760960719487c645ba99c138d46179ac2215e38cf3ffdf0c14ab16691368860e2c6de35bff144c6a98e48e07037d1a88f1691c60acb9090344a61ae918fc3f02f97c4bebef2378978786bb5de4a8c7a5fb6e14aec752449beb6d90908085c467ac57dc78cc6f23ba28b5a7dbb9d0bee58dc9243e023dd6b7eca023c41cec65072a49b8349dfee8f599e6d8520aed2c9924f4512b2e2e51683cfb0966c620bca388644c2e92079c387c405e0bf04eae0d1fc7892c5318481c3d537dc5fb81fd5b163b2b7e6e2cc7f50ff909a8741b8ce548922f7fbbb78a137ceb964bed7c104c3e20dcb7db98a2cbe13fce906fc6c1bf9f21c863fbd428c8ade88f82425cf41e15ed3986db39072c837a66f797a90f8c3672356046d08891a830036755702241ed18d133527766e2c4000d18e01b0160574eb7b42447d287f9cb7a1c0e852caa949872e6fcf295178cc394ac9763aa442d8f251bbf5db3eb0ef286cde97fab57e1c5c37bd2b22cc2b5209d825a4b868b9d9738aa8747178c17126872db9613158dc1f7287d8e0e16cfd48c34e4ad78f211693733f8e6e640a37b31bd5280a353b41d80de06829c5a985e6c1377be43c5f2c024f094afda013752774388c476a90067a2f0b8328015a6cb53fe6e2670b256dc3bf7f1bbe829fc6fb500df15e3c31b4b236c1cb9ffcaef292d31977b3e999b0f9028d5d7a23df7f2d4574a16165701b0e624387207cd85a9f9a15a7ab0e841d6119d571d6d7a6e5aa5d20afc2362b4e4cc599fb6a81635f69501b72de4e7e0aab2747dc92803651c34aad8647096c5a379a77ce1f6d4812be61358aa63451dbc6ff3603e797035a26093267834204d8e01baa286a36d85d02b5a2f622bce6dc452b67ab2bf416dcb8ab1eae159b2f981f238bfd4b1b070a6196bf0f51e057ea921a3e1879252bceabda53123b0726e5c552656707d6ec75fd9156519269fc2c8cc48304b1d88c828efec993c26ef1cce39f15fb86902b6de2d311447a9047324a6a42d8eea6db6c98f70ebd42d9afb0f11d9f5d9b0810fd5c1bfed0cae08b86d76519a6d223cc6f990f451541ec6fee73d222f710f1f7d55fdc5a6f823361f8adc3a3c808e4520036ef52357d5c7246c547fca1e137c7478021aed96e16cf5e46387112aca2401cb41827ec87a2308bc618e0d20940a4233aca4709a240fb88d07747ca5a9a3bd11ae29704cc9783256424a2c686afcea9c9af73d36056a9382ee478b2b174b9e893781cb51a419e63ef8a42de19584417ae46acdec41b001b035167f915caa7beac327f01ca0b29df18f1e96779e1e1651975408db68de0294771584095c8c604d2dc2951170076485449ffa5c0dd3a965aa4a381fc8c3875579c138774480141e5109c7275c36c56a4c24323ca5ba4142fe741e63c63e03334209bfdb1954fd40921340915f6326384b7dd436c8ba9b330c08b29519118622d7d2d109734671f59986891ca2249ec17b956dbc9634117301dc1b930a2ca36064453ab2480feb2978e12fd05afdb718517f4111f5ba4d2ffdd9fdbc62153298e43765af5e8cfc178bf7ba86f226c09fb23fe683722f4cb6b308a321350a4e43f49a6899e3d957906ea4f46199ba4e5fdc8efe33424c41348befaeaf3885c498b3756d56e4faa07625bdcf3e8306537a58b2f77566ded562fe1bd25362bd6f0ce4f05c0fe7d4c176e4bdcd3cfcb66c034e1a9b2777e25d8ba85c25c0dfddccb63cbf51b99d7a9f3317952b91d2c145798d3995e928b5272e8a41ffe52cdbe0e70e2eacc58e61a4fee73097ced6359b595999793d49e1b4d656f82c6631212cf2807bc8f2be90e28a20a544d88535e0c013378a3a0b29259e27adce322115494565a92457294dfea1e4ecb1492d063bb539591eeb3458e4ade866edded9126a2d69ebed644dbcb3de244f2e1c8260fc70bb14a875cedce2fadd31efdebd11b09dd9eec075c99232bbacd66079e85977a3c3bfb97c16575259aa5c3bd5cd8e9fb1e7eeb8c857431883b609b729d341412626c0960260272d4d1a9557f34d3b945befd457a11923ef848b6e679bcc9414b2571158c70cd2705c6e21f4d3a68f395b4ada45b272166b950c73adcadac61cc45a6aa0e63ddff5839ee4816d42d3727a900dcbf194a49fea567b5d9f98c9cd6f05a4a54ae4a5b23b53f00bffacd8ca126edda2d6c9aa2ee199eb0a9d6e95a770917b"}, @iv={0xe0, 0x117, 0x2, 0xc5, "67f68dd458c40d9c0c8b5a814bafcfbb204876a8eed42b69e680966998e5c9116b90fd150250778831397ebef8353840319977c129f84d41004bb5aa3e22b51ee8efc0e6d6e5472d0982d4438c1d1cbc3fd27b81674e92035bd22c3246ab56a9da063398c86a6aa58cb9dbe8fe72018c0280cb3bd92d95d384a7f03129ffae83a573165db4c5193e05d9265d8c6ff48e5d3eb944d41c49190eda469ad558c9d065daa38c2f909ca61bd8084cc0aa3ba16362df0062838e8df5ee15ea490d87ffb44af684bb"}], 0x11c0, 0x20000080}, {0x0, 0x0, &(0x7f0000001680)=[{&(0x7f00000015c0)="e1de551a406d220474964eca2d888331d069069e0528cfbf5d07d6b15f62b48d1fa51b97f9202c07b519dc192d09051ab82636d73dbeace97b3b4ce32fe335764f649b0d2200e997cee18519931735d784e24ed2b7a7d4010649ce8ec4155d742bb669772dadd126ad238b931737367e19f408ef6fee90296f6ef2cb317330e14501730f", 0x84}], 0x1, &(0x7f00000016c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x5}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18}], 0x60, 0x10}], 0x2, 0x4084) ioctl$SIOCX25GDTEFACILITIES(r4, 0x89ea, &(0x7f0000000340)) ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f00000017c0)=""/168) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000000)={0x0, 0x8, 0x5, 0x0, 0x3, 0xffffffffffff7fff}, &(0x7f0000000100)=0x14) mq_notify(r0, &(0x7f0000001a40)={0x0, 0x8, 0x9f541e75205afee7, @thr={&(0x7f0000001940), &(0x7f0000001980)="424aea8986af97ffa74ed0ca735545e839f2a36d2c6b415c16265e08c97c24cca44d15466ccbd3b9d3326a60411adef2bc6838ac7efe7735f971ba0eff2948d5a1db7a8bfebe17de84470948f6493c8f47672a384b7708674be2ba9c82498d5786e7fd7a035627e209d0bc21af4034a591ed70c199c9aa5fffec6a3f2ad8f3e870922a76f906f3f35d4ffed4ac3559f66a6e4bd3fe50fd0fb9215822bd7da3ecd98239c6b6342df7ddf9e1b2f5fc6336b94ee4584d05b0f9a69a39"}}) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000002c0)={r6, 0x8}, 0x8) ioctl$KVM_ENABLE_CAP_CPU(r5, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000018c0)={r6, 0x2, 0x20, 0x800, 0x7fffffff, 0x1}, &(0x7f0000001900)=0x14) ioctl$LOOP_SET_STATUS64(r5, 0x4c04, &(0x7f0000000180)={0x0, 0x0, 0x0, 0xfff, 0x880, 0x0, 0x3, 0x7, 0x10, "e2e1578b08fd9231688884e01485e0e54d77edde7dfd3844a202a3b5a52a36574c5d93988ddbe962ab6ce659b2fd8ac0fdb6c3e78924c6464999fe881ec25af1", "d746c4faaa685efd97438c77565ee7879a96d96b498e0d7850d1ebda4cc4c9850b16115f2a96d754610e7edd32a65729328f6dc8bf1567543213f3fed9d8b4b3", "98f716f9c57f966c4d7e8e85af34cad97a3d19d937927da3fce1cb3f9aa2ca2c", [0xdfe7, 0x5]}) 14:21:36 executing program 5: r0 = dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x80000) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000100)={0x0, 0x8}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000180)={r1, 0xf6d5}, 0x8) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000700), 0x12) getegid() r2 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x105200, 0x0) ioctl$DRM_IOCTL_AGP_RELEASE(r2, 0x6431) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000040)=0x0) fcntl$lock(r2, 0x0, &(0x7f00000002c0)={0x0, 0x7, 0x82, 0x41, r3}) r4 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x0, 0x2) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x12) ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f00000001c0)="e0543cf22e1fbe5a85fb6fc588f5c7a084684d3bd22e6c30d99dc9028a0ee64f66aee8b603f22347b0706fabb33a99fdb87176ae6834f8b6cf5012df66f003993b3743c4705b8228151aac6043f18fef58d575efa9480aab6b743e0100ba1e53de2bf74a73c1afc9dceabadceb28f42383e910d6e691198e89c45ff00a6383ae4358cab1b4e2be6a22472de3c66dd5ba1fff129635143aab5b7b8b322ca5577ffa17d214dc65edb15e4629875df09bc55aee2977d7343ada178f895fe7169399d5382823495d1a9620aad653b6fc17fd032095927f09cbd3b68d29ef0df2b181208504bc076150ba769316992bf87c2e61c69d48cab505c00568ebf009fce6c3") [ 1222.965914][T16769] FAT-fs (loop1): bogus number of reserved sectors [ 1222.982260][T16769] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1222.989196][T16777] binder: 16759:16777 IncRefs 0 refcount change on invalid ref 1610612736 ret -22 [ 1223.000732][T16777] binder: 16759:16777 BC_INCREFS_DONE u0000008000000000 no match 14:21:36 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000000), &(0x7f0000000040)=0x4) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:36 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000068086310400000000080"], 0x0, 0x0, 0x0}) 14:21:36 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:36 executing program 5: r0 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x90600) write$cgroup_int(r0, &(0x7f0000000700), 0x12) [ 1223.262372][T17006] binder: 17005:17006 IncRefs 0 refcount change on invalid ref 1744830464 ret -22 [ 1223.292201][T17006] binder: 17005:17006 BC_INCREFS_DONE u0000008000000000 no match 14:21:36 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008910, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:36 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700)=0x3, 0x12) ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000000)={0x55, 0x4, 0x0, {0xdb6, 0x1a}, {0x1}, @cond=[{0x1, 0x8, 0x2, 0x8, 0x100000001, 0x401}, {0x400000000, 0x5, 0x7, 0x10001, 0x3}]}) ioctl$EVIOCREVOKE(r0, 0x40044591, &(0x7f0000000040)=0x2) r1 = shmget(0x1, 0x1000, 0x5400000c, &(0x7f0000ffe000/0x1000)=nil) shmctl$IPC_RMID(r1, 0x0) write$P9_RWRITE(r0, &(0x7f0000000080)={0xb, 0x77, 0x1}, 0xb) 14:21:36 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x05', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1223.386189][T17007] FAT-fs (loop1): bogus number of reserved sectors [ 1223.404726][T17023] hfs: can't find a HFS filesystem on dev loop0 [ 1223.438304][T17007] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:36 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="046304400000006c086310400000000080"], 0x0, 0x0, 0x0}) 14:21:36 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000240)='/dev/cachefiles\x00', 0x400, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r2, 0x40045402, &(0x7f0000000280)) fsetxattr$trusted_overlay_redirect(r0, &(0x7f00000000c0)='trusted.overlay.redirect\x00', &(0x7f0000000100)='./file0\x00', 0x8, 0x1) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4068aea3, &(0x7f0000000180)={0x7b, 0x0, [0x38, 0x4, 0x6, 0x101]}) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x10000, 0x0) ioctl$KVM_GET_XCRS(r4, 0x8188aea6, &(0x7f0000000300)={0x7, 0x9, [{0xb98a, 0x0, 0x8000}, {0x4, 0x0, 0x800}, {0x7f, 0x0, 0x100000001}, {0x6}, {0xffffffffffffffe1, 0x0, 0x41a}, {0x6c1, 0x0, 0xfff}, {0x20000000000000, 0x0, 0xf4}]}) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000200)={0x1, 0xd000}) 14:21:36 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:36 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0xfffffffffffffda3) setsockopt$sock_int(r0, 0x1, 0x37, &(0x7f0000000040)=0x3, 0x4) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci\x00', 0x200, 0x0) ioctl$TUNGETFEATURES(r0, 0x800454cf, &(0x7f0000000000)) [ 1223.657148][T17261] binder: 17240:17261 IncRefs 0 refcount change on invalid ref 1811939328 ret -22 [ 1223.698659][T17286] kvm [17242]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1223.702489][T17261] binder: 17240:17261 BC_INCREFS_DONE u0000008000000000 no match [ 1223.715512][ C1] net_ratelimit: 20 callbacks suppressed [ 1223.715520][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1223.715681][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1223.715845][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1223.715917][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:21:36 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = dup3(0xffffffffffffff9c, 0xffffffffffffffff, 0x80000) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm_plock\x00', 0x0, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r0, &(0x7f0000000180)={&(0x7f0000000200), 0xc, &(0x7f0000000140)={&(0x7f0000000240)={0x1c, r1, 0x2, 0x70bd2d, 0x25dfdbfb, {}, [@SEG6_ATTR_ALGID={0x8, 0x6, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) [ 1223.716055][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1223.716127][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:21:36 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000074086310400000000080"], 0x0, 0x0, 0x0}) 14:21:36 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x06', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1223.860881][T17495] hfs: can't find a HFS filesystem on dev loop0 [ 1223.873771][T17500] FAT-fs (loop1): bogus number of reserved sectors 14:21:37 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) connect$netrom(r0, &(0x7f0000000000)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x7}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @default, @null]}, 0x48) write$cgroup_int(r0, &(0x7f0000000700), 0x12) 14:21:37 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x1) ioctl$EVIOCSREP(r1, 0x40084503, &(0x7f0000000100)=[0x509, 0x1]) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) ioctl$RTC_WIE_ON(r1, 0x700f) [ 1223.916787][T17500] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1223.951000][T17604] binder: 17602:17604 IncRefs 0 refcount change on invalid ref 1946157056 ret -22 14:21:37 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) getresuid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer2\x00', 0x8000, 0x0) accept$unix(r1, &(0x7f0000000380), &(0x7f0000000400)=0x6e) getresuid(&(0x7f0000000200)=0x0, &(0x7f0000000240), &(0x7f0000000280)) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x8000a, &(0x7f00000002c0)={'trans=unix,', {[{@noextend='noextend'}, {@cache_loose='cache=loose'}, {@cache_mmap='cache=mmap'}, {@access_uid={'access', 0x3d, r0}}, {@access_user='access=user'}], [{@seclabel='seclabel'}, {@euid_eq={'euid', 0x3d, r2}}]}}) getsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000440), &(0x7f0000000480)=0x8) [ 1223.998508][T17495] hfs: can't find a HFS filesystem on dev loop0 [ 1224.023064][T17604] binder: 17602:17604 BC_INCREFS_DONE u0000008000000000 no match 14:21:37 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfsP', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:37 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="046304400000007a086310400000000080"], 0x0, 0x0, 0x0}) [ 1224.164455][T17753] kvm [17751]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 1224.209126][T17753] kvm [17751]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:37 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) openat$cgroup_procs(r0, &(0x7f00000000c0)='cgroup.procs\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000000)={0x7fff, 0x8008, 0x80000001, 0x6, 0x0}, &(0x7f0000000040)=0x10) write$cgroup_int(r0, &(0x7f0000000100)=0x3, 0x12) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000080)=r1, 0x4) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/qat_adf_ctl\x00', 0x40000, 0x0) [ 1224.254140][T17850] binder: 17830:17850 IncRefs 0 refcount change on invalid ref 2046820352 ret -22 14:21:37 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r2, 0x40286608, &(0x7f00000000c0)={0x4, 0x6, 0x6, 0x1f, 0x2, 0x7}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x0, 0xff0b0179, 0x10000], [0xc1]}) r4 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0x2, 0x2) ioctl$TIOCGPGRP(r3, 0x540f, &(0x7f00000001c0)=0x0) sendmsg$nl_generic(r4, &(0x7f00000007c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000780)={&(0x7f0000000200)={0x54c, 0x12, 0x820, 0x70bd2b, 0x25dfdbfc, {0x13}, [@nested={0x158, 0x7c, [@generic="2112a1f481bdd2ea2112fd467e062f197628563df1d087ce6a2e59746575d6236bcbf5f6e28411a2200096e5de35895647f78a430a3cc6c4f946738d468f98ecafb85422e3", @typed={0x14, 0x82, @ipv6=@remote}, @typed={0x10, 0x87, @str='/dev/kvm\x00'}, @generic="4a49d1bb3ab6af89eb6cadd96b3d07c8669a53150e33dd03c2c0b61cb1811c637c12f4f29b7dd9b6151130625fca475a0b53176f0601f830dfd2065ef8210aa5f8d294aeeb82ee5edba48304043a410aa35dc14813fc9cd56e49fb6f579133bfb5c62acb1a80ecac6b5853305c566b7184d07b19800522a1d6cdc132220674225733de417f3d6dc550fe9740e65613b1f2ea44139108030acaf9189c6bda212fcf09005780a04544a84c4ed46f77555024070b4872c0", @typed={0x8, 0x27, @ipv4=@multicast2}, @typed={0x8, 0xb, @pid=r5}, @generic="6e254c8cfe63baa2aea1371648fa5c33b69bb0047eb28145ce99377a42326f7e00712d"]}, @nested={0x37c, 0x7f, [@generic="90776089b19fccb16f17d6cbd7a595dab0add10a3c601df0f18e5d89df633e89e46354afc9e85d732e65186efa55858c7aea35c33ee65b0ee3fddd9619b6eba364cf8d13", @generic="695e84f134945580e2c92ed2c02869bc08be6cc8da053f844983e420d43eebe44ee8adea2c2bd1f8f301a0b85e6ef3e9964e7cfc1f9f", @generic="2b1cb6ff805d873498bf9a4d2fcdd5e782f5dd02227938cfdd35a6d8439c82232ec93b21f38e7761104041cf20161023a0e170fb2a10120df62a142a05cb524a8f94d041321a72848f152bdb44efa0761f213fc4c9346d778a02a003298468d978751e359e7ed205cd07094b223437f119a8e95e37c3d494e6c31af54d2d53817b46f03392cf1bff3d23204fa65dcec49d04ddd65fd40a97a665fa5adc7ac69571958c079492a8157b35999950a35d85fc71a9e448b69716c85049278a92eefcfab7d05aba", @generic="24a6f624760c3a4870d2f9435d7c8af1a414347b200003594e07359b26c3bdd217f149cc9cc5f5a1fb0500845150dfd6e96586a0423d025a52cce71269c10a599c50752dff728a98bd4c265bf752f1361f1baef828d351daebbc36e8a57f3a81e2d9d17c468c97f17abffcfbd7b9b8437b912ded3a78694180f64de280fb8b2c8efb4db601d38d856c9608f29965f9b303cd82f02b4386e05c7635f1b6b47880099206aacd229c044452964d05a87f29866e4c4ef46e820c6091fd3a833fcf1c06a7cbfc3a831eae9e749bd7b64181ec0cdd135971f03466f01974a563c819da", @generic="0a9aed9e34bbbd218b6a4e3556b7b24be194add61320ac762896cafb65afffca8c5af910ee6e281b86ff90f0050fa2c585890d51cac0d15babe3292df9097adf0c21b6dbb3071f1272fc44b3ae61747b292fdb4ed9044fb4ca6caec40d3c01d480f6c8ca7c45878f26f9", @generic="577ae78ee3ea15ee674a6059142dbb4fbb114f424ea8b51b08be7c5f516288f9edabb3d6bbcbd61bd69a943ae6bb08a0f066bd59bf326c6ae13855bbd56a91daa98b1bed3a3b98b8a122958850219991729e1ab2be012b09d53a78586aee8356b6af6b49475046cbcd80748adc7c09906ac73e6d64059222edd18d284a964cc6471bd2d0c78dcdae436fb5cdf128c5110238b858481166548730dd3ddad040a4dd9bff948e03c616aad9f2c0093d53035dc0fe6e16cc9ff0bc090baeeb6a5ee228caf518b9ad7a8c355e5cad561a8f2d2930f16ce357d2efcf9da7bb7fedc1d45f03d5bc86e74b4c489326a605"]}, @typed={0x64, 0x8c, @binary="4b4bae34fd8003c48c5d86295f13e4c5c53416e24a3018a5f4944d9f5d9b1e3385c0618ebdd59e1f5f64ef8c7043510103223e5aa3220f349feb3777509cb06cd120d71ee58bc691f1067606ff96c18dbf37c94bbf7ce0c32e2b1eb81a60c4d3"}]}, 0x54c}}, 0x20044040) [ 1224.301306][T17850] binder: 17830:17850 BC_INCREFS_DONE u0000008000000000 no match 14:21:37 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\a', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1224.354268][T17861] FAT-fs (loop1): bogus number of reserved sectors [ 1224.360893][T17861] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:37 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) 14:21:37 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000036310400000000080"], 0x0, 0x0, 0x0}) 14:21:37 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x60000) 14:21:37 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x200, 0x0) ioctl$KVM_SMI(r2, 0xaeb7) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r4, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) 14:21:37 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfsM', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1224.625154][T18078] binder: 18073:18078 unknown command 1074815747 [ 1224.633637][T18078] binder: 18073:18078 ioctl c0306201 20000680 returned -22 14:21:37 executing program 5: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x28000, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffff9c, 0x8933, &(0x7f0000000140)={'bond_slave_1\x00', 0x0}) sendto$packet(r0, &(0x7f0000000080)="97a01b335c23ad8c5334b2a32c1377e4a678aa273061b88dffc7ebacaa5e90a985e648c06096ed765ea3f4d73e64e520f2191cda42d74db74b925e886163a6488d836cc82ec7382a9fbc80dfbb1dd95a4be44684909ec7f5d59a7eab6dee3bb452c277c2322e36e6ad77c5cd39c5f7c1d69ee76316f862f9350b48a806d97e0861d2638af94375", 0x87, 0x4000000, &(0x7f0000000180)={0x11, 0x19, r1, 0x1, 0xffff}, 0x14) r2 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r2, &(0x7f0000000000), 0x12) [ 1224.672053][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1224.672059][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1224.672190][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1224.677869][ C0] protocol 88fb is buggy, dev hsr_slave_1 14:21:37 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\b', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1224.738809][T18082] FAT-fs (loop1): bogus number of reserved sectors 14:21:37 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000056310400000000080"], 0x0, 0x0, 0x0}) [ 1224.786552][T18082] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:37 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x374, 0x0, 0x840400, 0x0) r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cachefiles\x00', 0x2000, 0x0) ioctl$VIDIOC_G_INPUT(r0, 0x80045626, &(0x7f0000000040)) ioctl$KVM_GET_XSAVE(r0, 0x9000aea4, &(0x7f0000000180)) ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f00000000c0)={0x2d, 0x22, 0xf, 0xa, 0x2, 0x1ff, 0x5, 0x6, 0x1}) 14:21:37 executing program 5: syz_open_dev$admmidi(&(0x7f00000000c0)='/dev/admmidi#\x00', 0x2, 0x4080) r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0x40a85323, &(0x7f0000000000)={{0x1c40000000, 0x6}, 'port1\x00', 0x80, 0x0, 0xec, 0x9, 0xffffffffffffefaf, 0xa, 0xffffffffffff0000, 0x0, 0x6, 0x43}) 14:21:37 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getitimer(0x1, &(0x7f00000000c0)) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000090, 0xff0b017a, 0x1b], [0xc1]}) ioctl$FS_IOC_SETFSLABEL(r3, 0x41009432, &(0x7f0000000480)="95d1d4a354133a444c614f33eadcc9df8528e49bcff2c3cabd2194f252514a36e346cdb62a070b694127f7688967da71aa0ef2dd98d8ff82b9438fedbb876489f3c7309bd75c1900d03512eed8079c0b3c89635d18bec20843430b8499c8bbd0ca0d70aa241c060a6a1e91f53afa11e12fdca279a4a080f8c2d6cac77c69748c2812835823d333ed4f9ce1da211eb59659d3286aece9f3571c0c71e7039828da44fbad261f04082334b056e8d6bd95136660a72beb8a7121d5a18b9350d3cef3dbf7fcc8613ed347c7ef45834dcd1aa912ad9c0575b23ba0652293ba979113cbfd63e4eb3b2be4d5426b74805f9e5d11e35ee77dabfa185b1f0562064c36b0eb") [ 1224.912618][T18398] binder: 18397:18398 unknown command 1074815749 [ 1224.924736][T18398] binder: 18397:18398 ioctl c0306201 20000680 returned -22 14:21:38 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfsT', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:38 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\t', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:38 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={0xffffffffffffff9c}) connect$ax25(r0, &(0x7f0000000140)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x4}, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default]}, 0x48) 14:21:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000066310400000000080"], 0x0, 0x0, 0x0}) [ 1225.039567][T18488] kvm_set_msr_common: 1 callbacks suppressed [ 1225.039581][T18488] kvm [18464]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 14:21:38 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) dup2(r0, r0) write$cgroup_int(r0, &(0x7f0000000700), 0x12) [ 1225.157267][T18537] FAT-fs (loop1): bogus number of reserved sectors [ 1225.178857][T18571] binder: 18558:18571 unknown command 1074815750 [ 1225.182999][T18537] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1225.206452][T18571] binder: 18558:18571 ioctl c0306201 20000680 returned -22 14:21:38 executing program 4: ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, &(0x7f0000000240)=0x6) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$getregset(0x4205, r0, 0x202, &(0x7f00000000c0)={&(0x7f0000000040)=""/61, 0xfffffffffffffdf8}) ptrace$getregs(0xf, r0, 0x0, 0x0) 14:21:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000076310400000000080"], 0x0, 0x0, 0x0}) 14:21:38 executing program 1: clock_gettime(0x0, &(0x7f0000000000)) syz_mount_image$msdos(&(0x7f00000001c0)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xa05b8233, 0x0, 0x0, 0x0) r0 = syz_open_dev$cec(&(0x7f00000000c0)='/dev/cec#\x00', 0x0, 0x2) r1 = syz_open_dev$audion(&(0x7f0000000140)='/dev/audio#\x00', 0x8, 0x0) openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video37\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) 14:21:38 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfsS', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:38 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) ioctl$TCGETA(r0, 0x5405, &(0x7f0000000000)) ioctl$TIOCMIWAIT(r0, 0x545c, 0x0) lsetxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="f472750100000001000000762f696e7075742f6d69636500"], &(0x7f00000000c0)='-selfvmnet1}}\\\x00', 0xf, 0x3) write$cgroup_int(r0, &(0x7f0000000700), 0x12) 14:21:38 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\n', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:38 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0xfffffffffffffe8a, 0x0, 0x1020048, 0x0) [ 1225.498086][T18864] binder: 18860:18864 unknown command 1074815751 [ 1225.532665][T18864] binder: 18860:18864 ioctl c0306201 20000680 returned -22 14:21:38 executing program 4: truncate(&(0x7f0000000100)='./file0/file0\x00', 0x401) getpgid(0x0) getrlimit(0xc, &(0x7f00000008c0)) r0 = dup(0xffffffffffffffff) ioctl$TIOCSIG(r0, 0x40045436, 0x2c) r1 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r0, 0x0) sched_setaffinity(0x0, 0xfffffffffffffff1, &(0x7f00000001c0)=0xd) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x64024500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VT_GETMODE(0xffffffffffffffff, 0x5601, &(0x7f0000001dc0)) perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa00000400, 0x0, 0x8000010004}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x3923, 0x2000) setxattr$security_capability(&(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000380)='security.capability\x00', &(0x7f00000003c0)=@v1={0x1000000, [{0xff, 0x8001}]}, 0xc, 0x3) fsetxattr$security_selinux(r1, &(0x7f0000000400)='security.selinux\x00', &(0x7f0000000600)='system_u:object_r:inetd_var_run_t:s0\x00', 0x25, 0x2) sendmmsg(r3, &(0x7f0000001d00)=[{{&(0x7f0000000440)=@nfc_llcp={0x27, 0x1, 0x0, 0x6, 0x1, 0x7ff, "559f29cc131c3f5d352e49ac7346067ce683bce9fac05e7a4a7fbc59789bcdbca3a3e8b7ba072bc53109a631d329e285dce055bae0ffda4b4e4e32267c2c94", 0x29}, 0x80, 0x0}, 0x3ff}], 0x1, 0x4044880) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r3, 0xc0105303, &(0x7f00000000c0)={0x81, 0x2, 0xffffffff}) syz_genetlink_get_family_id$team(&(0x7f0000000180)='team\x00') getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000200)={{{@in6=@remote, @in=@remote}}}, &(0x7f0000000300)=0xe8) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'team0\x00'}) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000004c0)={{{@in6=@mcast2, @in6=@loopback}}, {{@in6=@mcast2}, 0x0, @in=@initdev}}, &(0x7f00000005c0)=0xe8) accept$packet(r2, &(0x7f0000000900)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000940)=0x14) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000980)={'vlan0\x00'}) getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000009c0)={{{@in=@multicast2, @in=@dev}}, {{@in6=@local}, 0x0, @in=@loopback}}, &(0x7f0000000ac0)=0xe8) getsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000b80)={@remote, @dev}, &(0x7f0000000bc0)=0xc) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000c00)={0x0, @loopback, @local}, &(0x7f0000000c40)=0xc) ioctl$sock_inet_SIOCDARP(r3, 0x8953, &(0x7f0000000000)={{0x2, 0x4e24, @empty}, {0x306, @local}, 0x22, {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x23}}, 'caif0\x00'}) setsockopt$IP_VS_SO_SET_DEL(r0, 0x0, 0x484, &(0x7f0000000640)={0x0, @rand_addr=0xffffffffffffffe0, 0x4e24, 0x2, 'wlc\x00', 0x20, 0x6, 0x4c}, 0x2c) accept$packet(r0, &(0x7f0000000d40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000d80)=0x14) 14:21:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000002086310400000000080"], 0x0, 0x0, 0x0}) 14:21:38 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) r1 = getpid() getresuid(&(0x7f0000000040)=0x0, &(0x7f0000000080), &(0x7f00000000c0)) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) sendmsg$netlink(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000180)=[@rights={0x18, 0x1, 0x1, [r0]}, @cred={0x20, 0x1, 0x2, r1, r2, r3}, @rights={0x28, 0x1, 0x1, [r0, r0, r0, r0, r0]}, @rights={0x18, 0x1, 0x1, [r0, r0]}], 0x78, 0x4008010}, 0x7e9a1c59c63b833) 14:21:38 executing program 1: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x81000, 0x0) [ 1225.761786][T19051] IPVS: ftp: loaded support on port[0] = 21 [ 1225.774452][T19066] binder: 19052:19066 IncRefs 0 refcount change on invalid ref 33554432 ret -22 [ 1225.792310][T19066] binder: 19052:19066 BC_INCREFS_DONE u0000008000000000 no match 14:21:38 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:38 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\v', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:38 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000000)={0xffff, 0xc38e, 0x0, 0x1f, [], [], [], 0x4, 0x2, 0x1f, 0x3, "1b295c5d7260d72bc16c6e9c53aa6d8c"}) write$cgroup_int(r0, &(0x7f0000000700), 0x12) 14:21:39 executing program 1: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x4900, 0x0) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f00000000c0)=@req={0x0, 0x8, 0x1, 0xffffffffffffb9a7}, 0x10) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000040)=0xfffffffffffffff8) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0xe8}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000280)={r1, 0xe8, "ea6505f54af90d313a85387e2b358dfc37ec25c1ff672b38ee588624d2cde929367df5ef9647c9222986336961ba512b73bfec7d5d5c4b9e0648c52c9ad54133a966831c938d5fbcc1aac202268fd560a9ec0c905aec86d5bbb1b8593705f306b6dcffba2575949c428778f7b9675e759302ead250d49af5763af227314edd89d4d3b2ad04142419ef67fc2b3550783adae8105dbf6ed111a9c4b6fd8c68096cf5f397acca5dfa9ab17a46abb3c57e721b74a38d873a297d8266fcf3a958bd78131ca3fd5e4a35aac8898cca44ad8f883f1f3dbf5250481d4213ef21c13c4824511cb9b47811e911"}, &(0x7f0000000380)=0xf0) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xffffffb5, 0x0, 0x0, 0x0) ioctl$sock_netdev_private(r0, 0x89fe, &(0x7f0000000140)="212e262ac90abb4a6d4562d045645cd94105d36ec0293ff30f261bbd8efbb0c14001f99e7ab3f08bcb1426f0e8bec983f2eba860ac78679e22e207188bdc9073ce1e349c25551f9567d7702ca456d4a1f1f928bc964024bc2f5c67619e251d7fe8963fafd775a316d16175090b6327e14a7b8a496b7e4af428438b949a550de714bbb4d7dc68a4011685a0e5ea8660c9d3aa46fd9703474d21ddfcb7eb9902ee7346ab00f0") 14:21:39 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000003086310400000000080"], 0x0, 0x0, 0x0}) [ 1226.014369][T19265] hfs: can't find a HFS filesystem on dev loop0 [ 1226.070823][T19265] hfs: can't find a HFS filesystem on dev loop0 [ 1226.162871][T19278] binder: 19275:19278 IncRefs 0 refcount change on invalid ref 50331648 ret -22 14:21:39 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:39 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\f', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:39 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x5010c0, 0x0) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x6, 0x7, 0x2, "72e50bba24a7b9841ac71bb19622769217ade3572531e0ba277efca0bf648b36", 0x3977775d}) ioctl$DRM_IOCTL_MARK_BUFS(r0, 0x40206417, &(0x7f0000000180)={0x100, 0x5, 0x20000007fb, 0xfb, 0x10, 0x9}) ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f00000000c0)={0x5, 0x200, 0x2853, 0x5, 0x6}) [ 1226.207875][T19278] binder: 19275:19278 BC_INCREFS_DONE u0000008000000000 no match [ 1226.364761][T19348] FAT-fs (loop1): bogus number of reserved sectors [ 1226.380960][T19348] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1226.436595][T19372] hfs: can't find a HFS filesystem on dev loop0 [ 1226.561125][T19372] hfs: can't find a HFS filesystem on dev loop0 14:21:39 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000040)={0x7f, 0x2, [0x40000071, 0x0, 0x803], [0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70050000]}) 14:21:39 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) r1 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0x0) request_key(&(0x7f0000000000)='blacklist\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)='system\x00', r1) write$cgroup_int(r0, &(0x7f0000000700), 0x12) 14:21:39 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000004086310400000000080"], 0x0, 0x0, 0x0}) 14:21:39 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x0e', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:39 executing program 1: setxattr$security_ima(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)='security.ima\x00', &(0x7f0000000140)=@v2={0x7, 0x2, 0x2, 0x1000, 0x38, "d9d35ac6acd4d0e5097560835c67fde3360e20c759538169f5399c4c85b3a29b11e2f703a58466cccb41fcd947e8aa838f870285a60408e5"}, 0x42, 0x1) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:39 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1226.740988][T19498] binder: 19496:19498 IncRefs 0 refcount change on invalid ref 67108864 ret -22 [ 1226.793903][T19498] binder: 19496:19498 BC_INCREFS_DONE u0000008000000000 no match [ 1226.821776][T19502] FAT-fs (loop1): bogus number of reserved sectors [ 1226.842249][T19502] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:40 executing program 1: syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x3, 0x80000) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) socket$bt_bnep(0x1f, 0x3, 0x4) syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x1000, 0xa0000) [ 1226.947041][T19508] hfs: can't find a HFS filesystem on dev loop0 14:21:40 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x10', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000005086310400000000080"], 0x0, 0x0, 0x0}) 14:21:40 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) epoll_ctl$EPOLL_CTL_DEL(r0, 0x2, r0) 14:21:40 executing program 4: setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001000)={{{@in=@initdev, @in=@empty}}, {{@in=@multicast1}, 0x0, @in=@local}}, 0xe8) r0 = socket$nl_generic(0xa, 0x3, 0x10) setsockopt$netlink_NETLINK_RX_RING(r0, 0x29, 0x6, &(0x7f0000000ff0)={0x1c2, 0x0, 0x29, 0x2}, 0x3c2) [ 1227.048156][T19508] hfs: can't find a HFS filesystem on dev loop0 14:21:40 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1227.146129][T19719] FAT-fs (loop1): bogus number of reserved sectors [ 1227.175162][T19719] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000006086310400000000080"], 0x0, 0x0, 0x0}) 14:21:40 executing program 4: clock_adjtime(0x0, &(0x7f0000000000)={0xff1c}) 14:21:40 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) io_uring_register$IORING_UNREGISTER_FILES(r0, 0x3, 0x0, 0x0) write$cgroup_int(r0, &(0x7f0000000700), 0x12) 14:21:40 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000000)={0xffffffffffffffff}) accept4$unix(r0, &(0x7f0000000140)=@abs, &(0x7f0000000040)=0x6e, 0x800) 14:21:40 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs#', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1227.413026][T20032] hfs: can't find a HFS filesystem on dev loop0 14:21:40 executing program 4: r0 = open(&(0x7f0000000040)='./file0\x00', 0x300, 0x0) r1 = getpgid(0x0) fcntl$lock(r0, 0xe, &(0x7f0000000100)={0x0, 0x3, 0x0, 0x100000001, r1}) [ 1227.480476][T20032] hfs: can't find a HFS filesystem on dev loop0 [ 1227.483970][T20089] FAT-fs (loop1): bogus number of reserved sectors [ 1227.495067][T20089] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000007086310400000000080"], 0x0, 0x0, 0x0}) 14:21:40 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:40 executing program 5: openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x1, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/btrfs-control\x00', 0x100, 0x0) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vsock\x00', 0x10000, 0x0) r1 = accept$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @local}, &(0x7f0000000200)=0x9) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x5, @ipv4={[], [], @local}}, 0x1c) r2 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r2, &(0x7f0000000700), 0x12) 14:21:40 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xdeb49499, 0x0, 0x0, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000180)='/dev/dsp#\x00', 0x6, 0x2) r1 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x2, 0x0) fanotify_mark(r0, 0x0, 0x40000000, r1, &(0x7f00000000c0)='./file0\x00') syz_genetlink_get_family_id$nbd(&(0x7f0000000000)='nbd\x00') 14:21:40 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfsH', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1227.666624][T20275] binder_thread_write: 2 callbacks suppressed [ 1227.666639][T20275] binder: 20250:20275 IncRefs 0 refcount change on invalid ref 117440512 ret -22 [ 1227.683967][T20275] binder_thread_write: 2 callbacks suppressed [ 1227.683980][T20275] binder: 20250:20275 BC_INCREFS_DONE u0000008000000000 no match 14:21:40 executing program 4: r0 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x40000000000007fc) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r0, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20020}, 0xc, &(0x7f00000003c0)={&(0x7f0000000180)={0x238, r1, 0x0, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x34, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1ff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffffffffffffd}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1000}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffffffffffffa}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}]}, @TIPC_NLA_LINK={0x10, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_LINK={0x174, 0x4, [@TIPC_NLA_LINK_PROP={0x4c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xac3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x800}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x400}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xff}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x20}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffffffffffa}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100000000}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x200}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x400}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000001}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x54, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x800}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffffffffffb}]}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}]}, @TIPC_NLA_SOCK={0x20, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0xff}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_SOCK={0xc, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x80000001}]}, @TIPC_NLA_SOCK={0x10, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x20}]}, @TIPC_NLA_MON={0x24, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x10001}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}]}]}, 0x238}}, 0x40) write$cgroup_int(r0, &(0x7f0000000440)=0x1, 0x0) r2 = add_key(&(0x7f0000000040)='trusted\x00', &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$clear(0x7, r2) openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x8000, 0x0) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r0, 0x111, 0x4, 0x1, 0x4) 14:21:40 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1227.827544][T20404] hfs: can't find a HFS filesystem on dev loop0 14:21:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000048086310400000000080"], 0x0, 0x0, 0x0}) 14:21:40 executing program 4: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) sched_setattr(0x0, &(0x7f00000003c0)={0x0, 0x2, 0x0, 0x0, 0x2}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) gettid() capset(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x0) setxattr$security_smack_entry(0x0, &(0x7f0000000180)='security.SMACK64\x00', &(0x7f00000001c0)='/dev/ptmx\x00', 0xa, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0) msgget(0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000003c0)=0x5) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00') msgctl$MSG_STAT(0x0, 0xb, &(0x7f0000000640)=""/176) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) keyctl$negate(0xd, 0x0, 0x0, 0x0) close(r2) connect$caif(0xffffffffffffffff, 0x0, 0x0) getsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f0000000140), &(0x7f0000000200)=0x4) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)) r3 = socket(0x15, 0x0, 0x0) shutdown(r3, 0x0) r4 = creat(&(0x7f0000000140)='./file0\x00', 0x0) fallocate(r4, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf32(r1, &(0x7f00000017c0)=ANY=[@ANYBLOB="7f454c465e08002eff0f00000000000003003e00010000000a01000038000000ed02000007000000030020000200ff7f1c38ff7f00000000070000003f000000810000000600000000100000fc3c000009000000313900005e5434465feeca7ceedc6cf042cd34f45a9bb13764238a0f087d314e5cb78d70fd950cccb1d08f856702ecd72df2d13d96426944a5bbefd71f1aa174d3bebe914a9d962327d5de9c8a0b71270ecf91565f09dedda855175640f388e70e401846aaac05405e9d313fa2024c65e450c8902c7e31db135e33a4e6732d60bb9aa95b7602edaca140a0e014943f0390041e54de63f99ae884026ce409b5b05ba8cf7846ebfd3cb358fabc3d539da4cfd985e6656e7c45a6d96dcfde707eb31a90627171858fbc97e5aa8de38a060cd1fc781a8b9a1fb579cb4652c8f4349e4625990cd160db2ab09f59bbdf323d575695be8bc9459a22796124b3184be4827b4a921fcc5e1520d4fd36b236171966244876d1122fca921db94b5cbc59a1c3e177b86103ba31d52804792f48760a693634a70ae6a3c9c3488bec26c09f0d7a4dab459d35772414a2be8c35a522bba2c02726ac4f7a6e7177fdd48340a59554eb9224ffb173ae2760bce3360d45d2a09eec2716552148a0b77a54220191e7794afd20ab4051306548de332ebfced56f484a5ae1861af67e7d2c08ecc1de27e994bb1391e5cfeb0595561368fed9ac8c8c194930b721ef9966b71f41fc439d09b8221589535c2a89865a1b5207f1f37d9e77270259836548d8f640cf4af0ab5cc0b6ab9bb05bc044bb399f1dd599cb9faf4db8685f739a5b0f6909d6afc14510fa4dce9cfc135740c15bc116b7406051805212a59dbe9791d6a6c3e149c519545af222059f672ed1ae8d28cb991ae41cb97beba614b08587092940b20e3ab3ae35be82fc9a22b2a6dcec899c8cf1f76133fad2e24df75b2425520fc88463f5857a6377840184c0cd5f4279c35fac95d7221f867f9b62ab124aebcbecb33e932f572b5d25ac62eef97046ffbb24ee69146b1b3bb6edaa96d62137b552486142a92e06dba47e1d3e1e545cc893f8330636b82512739ac4ac945aadad535c87c0bacda460f4dcbc624d3698f6c14348a8815a80b2410784383de7b9fe02c63452ae1747d39e044630078979d655638af33b60df0a8afeaaf6a9c8bda583278b4926487ec5ff535daf4db40925472a4d6615e98033330a7958fd1a2e2b9f8735f47be2e2c4832b2c7b2f778033a66c4fd1eb51d30daea0bf1da89df4dff0bfcdb92a425388bd07f0da352763e420e44b910a44f4494b4235452c0800a0a2e8707473acc5199e40621730215c0445e09ec91acef13489b4cc16de87ab9f351c0170774fda808a3acd38d317c41a1462bea7ca63ff3544c9752637845d6dc05b3268b7bfb1b8702e11bf3894ad6d5a75040402d054b32b1fed8eb61b29e009388e87f1c8dd25c3e748eb0d513ee3ba982f275ea6f5bab615245c19c88abaf8532bc2f37f7a2cf39338ea801b1ae7bed09ca49af972295ab8fbc5ad33916698348b7387f77470f059eaaf8bffdb26a45cd318d54092af7c2043f61504d34b218ac7571e37fe0987903402df58368132917ab292f309e51d0690755325b7507d9617ac92a1fd6ebd0a6003d8e13c12b5898b6d6878fbbbe730a14ce99f313994e22a5b8c581290465f99750787ca1757e349c2f4c6bf6bb65dd8f4edd6e53d4e0af9f3240cf0f7d4f0e39dc56caf773850011e2af23b81943abf5541fd5776284e166ddd88e5fcd0667c1b02230ef9f9b153949bb1929306678a36e58ba476f1be6b8a7f6648d9b4afe0baeef895ed40b5ce65aa104f5cc126925b35f81d2b97f82b5f7f8a041b6618041ecd60c746dee6bd3f2e0fba31199e290e0bb7d16d301f1345d3a1d416a877f6191a0afc255ecb3ac12cad0ae70b832b1d8de679a0868c3983912daefb958f6a3349b19fea3f110bc872ea9856384867e329c9dac6a7e9643797fecdfc0db4078a530d71ac876d680009cc9587bf3941d3b1b6e73dfa0e45dfef00f3c47863e2483f440c8b469bbfb8979036b3699e8cd7c4a4d78a4297e3d8076b6d098ba99ddce444f7199f97930e8b3ab94ca03706092b617d7bf8888515f57da4e1785b73e020b1d1d2313f05aca82403c4b0e26926c64061cb31d4687fba584190e9568f878558709bd18d81c6bf429a98cb0a412645b58490d9968e5e6672fa12318d56a0f6c27ebf48e4db3f3ba32acd88a2104e75ffdfc72b602b5d62a3b9252be335241516275400369506ac3544ea055dec532b8909d2cdce539f13cf491d67c7b3527c34db34569cb1969c59b868f3e9ba2c26c92ccbddd249f6488e05801409e40c7e223b032060e52ae5ca8f3394413f7b114a81e29ce057188c09a8bc2b1c0d59a9f14896ba1b513bf5f3d43ee6022b396776431613d6d0c197efc6b7e6fb193f6ab8aebca84927582c2c23be8721c14a6e864166d7a9f897e66d76cb012ac27472a35d3862292ad1ff94aede765a85cf6c78c4621891d87bb330ee1a1c942b2c1b8dffcd818eac5d6c903d7edef45082ac9249686fc2701e8b2bf211d01b0b605038f106251455e4a063ca703b80a3c37e7ea87b90af60f7425fb124c63af5a5ea269173ce93ea6142ed473016e94ec0a37c5e0009af1750f5a5ca312abb2c52fd3bd86593f461aed50cec74b45ff312d10639f79a6fa0cf63fd21ff47d9a6fa5b35835de47cfc5802005f72b1341c2adf1ff752ab9857ff44efc6b492607b00a7be5469ed51e7d622c5b5d73f56399a3f2292cf22f49ee269a3ef69ce513674ea066083271f9e42ab2f46ffff4ddf4309447e56a60c80be56f92930728eac1457e032c9d440aa01637cf4360543fd732a59e15746a80919d2f359274258a3c41379040bfdd749700ce9e358b8a86cf0d1f21842646467b3c9da9ac8287cd035c7a4ace9ff03d0fc5944779248d72537c2ceb3ea8eaa2a4b61454542cbaf60c4754f50daba965c081c452462063060bce54cf2c3483712a5ba847d3187a571d4181417308e8a75d6928f3d953c6ce1710882ccb2fc2253c721cf1f1e020a00ead450c682db76afdc728ecaa9a158281cf93afdafbe10da5ffcbc258a55e65832400773f789419e043488dacc127fb4a68ab091223841f1fba66ce21c9ff2a9b5cf1b56e86bd48a3b3b210ce253887e5c3d16d13e567015e7d0b0b05a08e45a5d6545489fb68b376589e62dbd71b109bd5fd8c3cfaa2b58360b0c382052129ca66573ef9c7398e4fe0da632402a6d920b3b578f17e2ce99e060d2a1c953d1e8d6a87fafc08b8cbd93e0ed9821eaeac63fbc080a8492f79ab769d01079bd0a4b97da1f061613b97c2adf1023bc9d507ecd3d3ab1696b93120f380a5f40f6325d7c49e51a7351f5947e35f7025c25d8281d67627c86f3fea9010285a00eb147cd32aaf989f2c75206f32beb405a9ea6cd7e687dcb57313b6ef13c24b391e396fd13438baecb42a8721d4c43ec3b74a4a6fcae9f077da7a09193a9feba04873fd2b2e26316251799f0c70793e1977c93047bbb0812f1580ca3ee385d2053bcfa82d992c174b6bb52c818e73023628f240e397c5d98f3370d8a7b55509bbf1eedb2b17cb341b12091027afbc0e378778baddcc9f7421290127a4da2fc10009160e17c119cdab63680114510a6d1a1173214f11b26d655cd0c4b138c091d0ab097fe1d20eed2dec43cf9fe335e0716bdba7e76f1bc774dbe1cd24e1d39386614411592474145af40b4031ef91c6318e963222e6e62287fd8b8a95d59d0c02bd8f60defc1134b7b89c4fb02467a17e8e6d77e8f015de3179df19d6839712d0b09ff6b43cdb95886ed8e448a376087bac24453e35f354ef702544e2ca1ca7474e1e679bf10c5d095071d772423e794f67169b0da35af1513476a61119626b1e3a17d7dd9cb828aee6707e9167c0306c1abe5167c148f7032c795b1c5d40dba7948e7574e40f0552135d612bf042f1cae3ed2933c610ed67af2128ca8e7dedd836b21417cf820e0ade61a4db66eaedf63880fbc1f93e3db30274c68e2f6c001da8571907a3663c68ce10471d4f9b9c78fbcba545df6e4be7c0a1c73040a6c7e59285960e3e9e158eae5a21bdff44f7962d3a64c50e9d659277dda9464f19ae5b7ead139caae1e22b30b954b894af1f1ab159e36c9f8cc98de73247b64d356f4d4f3316f59ae0773f7d0191c7d795d2dcb5c88cda87d7f22c319009d7d9497a17dec1fc09dc979a8a0ec97d38424a4269a4c0a04e0228d4bc394b01e79a9c4f6463e3f9c5bd4bea1dd654e5e8cfcd780508a6ffbe65797d9bc2ad6f8253a3094ea58a8f85908c25bb3db39b2fe08c1492f1eefe405ee486dfcc2c66abcbdbf34a4ed1085769f7833ed13e2d9933bc8755a16709cfd850b1138ba8a0886138f019b5d0be84fe1079a9683ef645012192290ff93ab0cd8ce57fd9a6c80c6259579e57c6e6bd1113895df0d0d976ec5eee5f6e5d6362adb2cf3e8fd5fefbddc054f0ac2b5235eedc38d90a88e1fa40ac23bfceafec255f18474f0bf56a8d89368fca24214bc56b8caab5d1b6c22aec3da6db18f71a8601525553213a36839b7b1c3420c721a14eac22e63781d1e9699f8af8ae10f4e2ffff1f8815995f42c54e5cffe905afac6f46d08d5888fb364f4c1acdc1ebdce9db8b7d63ecf03b697fe2ae38a50f5b2c9a0af1dc74a6e603086c1ea572eab8b578e56ba5e07296654c97d352b1697aff4cabfde741a39eb8da452b5a50d9eebba25b58b7b5775f370baedac17d7944a687f10fa793fa3a085891a50ad807487fcde523a612c35b4395dcd936b7856e2ecfc2df08cd4ad2b84f54143b8b810abcde0e7b287f19ab57f4da271501727522f4abbdada034b165e6cbb69d8197fd4b642c8f4b4dd107015650c9dc06e7a79f8b9b71156f4312ba2925bf8b85c9772b23a7747b6798e712d1b4234950bf05492416e103bd42f835d89301396e959c303ea44eaac3d0c810f317eaf995b1ad9fc4d21a50416a51f3f1e4690e59dc624f3938c4c7cfa03f486bbe896a00e8d177da52caea758eb812ff42bf53f121d9d2f49c37337c7e8ecf5c7273fd776ee4854d137f7a6f5daad8bf8ef1882351a77d2811683722539b395519a98f4e5aaf9bf78c692f1c9b502f0473b3e3686d37aa1ff59cc244f38c9dbb51e04a95679cd8fbf3a05159bdf33bdfba6fcb15b5c5bd034692ab2533e69e94329e530c93d864b4514d4c669cb2ef147c2fd88c1b324d83b5cf394650bd129ed6e57c6e302ceb6bedc5e77a44260822f889c9c53198652c711b5acc274f850380b407527c76983ead05654c311fd361b0038196c411a2fbe35570d9ac4ed5f62d83bd64b0db8b0c778d4923b5cb18cd26c7b99981d70cb81c111645abf7db3a81ae8d2f9591ddcbd3ee967e91db2b76128992611b7ed2ca3fb5fc24ac02438e0b76e02b131edde25f52d3288f27826eb54e57e85ed76b120e6c41d4746cab8503ce9070170c8eea8dc2fe16b408aec0b02d89da756fe77b7b1b347b1774e0561f5804d001a2ac68e2b399d1a511d201793b0684f9da0763354e2d05ce679980c3f0133fd3b30d113480b51268f12de45ec3fcc0d3cf9cff3cfb4f7ac00d18f2c3b5d3be8dff3d9d41c0c1ca4e835d5323706915b433e1cd83b6bfead08f83d8bac597bbe4fc2f415f33605837fb79e8a59eef9ee927bc3f985d294496b9d5748ee78904ad98d514f40be7165eb98105a58b123591acbb1555520c4fa78bb2cb2a3ac721698702de91312162a83921706968562100ea0d3446a6c0b585404f463f55a4acdf995bea41666492f9bb33634f2cd1dad69f44e575c75301dccdc2464f8d600000000000000"], 0x105d) 14:21:41 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) r1 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x9, 0x0) ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f00000000c0)=0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f0000000040)) write$cgroup_int(r0, &(0x7f0000000700), 0x2c5) [ 1228.011067][T20472] FAT-fs (loop1): bogus number of reserved sectors [ 1228.039452][T20472] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1228.051950][T20479] binder: 20470:20479 IncRefs 0 refcount change on invalid ref 1207959552 ret -22 14:21:41 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xc0', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1228.084850][T20476] mkiss: ax0: crc mode is auto. [ 1228.092950][T20479] binder: 20470:20479 BC_INCREFS_DONE u0000008000000000 no match 14:21:41 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfsL', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:41 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000000)={0x1, 0x570, 0x1, 0x3, 0x2, 0x10000}) write$cgroup_int(r0, &(0x7f0000000700), 0x12) 14:21:41 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="046304400000004c086310400000000080"], 0x0, 0x0, 0x0}) [ 1228.265711][T20472] FAT-fs (loop1): bogus number of reserved sectors [ 1228.298288][T20472] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:41 executing program 4: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) sched_setattr(0x0, &(0x7f00000003c0)={0x0, 0x2, 0x0, 0x0, 0x2}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) gettid() capset(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x0) setxattr$security_smack_entry(0x0, &(0x7f0000000180)='security.SMACK64\x00', &(0x7f00000001c0)='/dev/ptmx\x00', 0xa, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0) msgget(0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000003c0)=0x5) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00') msgctl$MSG_STAT(0x0, 0xb, &(0x7f0000000640)=""/176) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) keyctl$negate(0xd, 0x0, 0x0, 0x0) close(r2) connect$caif(0xffffffffffffffff, 0x0, 0x0) getsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f0000000140), &(0x7f0000000200)=0x4) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)) r3 = socket(0x15, 0x0, 0x0) shutdown(r3, 0x0) r4 = creat(&(0x7f0000000140)='./file0\x00', 0x0) fallocate(r4, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf32(r1, &(0x7f00000017c0)=ANY=[@ANYBLOB="7f454c465e08002eff0f00000000000003003e00010000000a01000038000000ed02000007000000030020000200ff7f1c38ff7f00000000070000003f000000810000000600000000100000fc3c000009000000313900005e5434465feeca7ceedc6cf042cd34f45a9bb13764238a0f087d314e5cb78d70fd950cccb1d08f856702ecd72df2d13d96426944a5bbefd71f1aa174d3bebe914a9d962327d5de9c8a0b71270ecf91565f09dedda855175640f388e70e401846aaac05405e9d313fa2024c65e450c8902c7e31db135e33a4e6732d60bb9aa95b7602edaca140a0e014943f0390041e54de63f99ae884026ce409b5b05ba8cf7846ebfd3cb358fabc3d539da4cfd985e6656e7c45a6d96dcfde707eb31a90627171858fbc97e5aa8de38a060cd1fc781a8b9a1fb579cb4652c8f4349e4625990cd160db2ab09f59bbdf323d575695be8bc9459a22796124b3184be4827b4a921fcc5e1520d4fd36b236171966244876d1122fca921db94b5cbc59a1c3e177b86103ba31d52804792f48760a693634a70ae6a3c9c3488bec26c09f0d7a4dab459d35772414a2be8c35a522bba2c02726ac4f7a6e7177fdd48340a59554eb9224ffb173ae2760bce3360d45d2a09eec2716552148a0b77a54220191e7794afd20ab4051306548de332ebfced56f484a5ae1861af67e7d2c08ecc1de27e994bb1391e5cfeb0595561368fed9ac8c8c194930b721ef9966b71f41fc439d09b8221589535c2a89865a1b5207f1f37d9e77270259836548d8f640cf4af0ab5cc0b6ab9bb05bc044bb399f1dd599cb9faf4db8685f739a5b0f6909d6afc14510fa4dce9cfc135740c15bc116b7406051805212a59dbe9791d6a6c3e149c519545af222059f672ed1ae8d28cb991ae41cb97beba614b08587092940b20e3ab3ae35be82fc9a22b2a6dcec899c8cf1f76133fad2e24df75b2425520fc88463f5857a6377840184c0cd5f4279c35fac95d7221f867f9b62ab124aebcbecb33e932f572b5d25ac62eef97046ffbb24ee69146b1b3bb6edaa96d62137b552486142a92e06dba47e1d3e1e545cc893f8330636b82512739ac4ac945aadad535c87c0bacda460f4dcbc624d3698f6c14348a8815a80b2410784383de7b9fe02c63452ae1747d39e044630078979d655638af33b60df0a8afeaaf6a9c8bda583278b4926487ec5ff535daf4db40925472a4d6615e98033330a7958fd1a2e2b9f8735f47be2e2c4832b2c7b2f778033a66c4fd1eb51d30daea0bf1da89df4dff0bfcdb92a425388bd07f0da352763e420e44b910a44f4494b4235452c0800a0a2e8707473acc5199e40621730215c0445e09ec91acef13489b4cc16de87ab9f351c0170774fda808a3acd38d317c41a1462bea7ca63ff3544c9752637845d6dc05b3268b7bfb1b8702e11bf3894ad6d5a75040402d054b32b1fed8eb61b29e009388e87f1c8dd25c3e748eb0d513ee3ba982f275ea6f5bab615245c19c88abaf8532bc2f37f7a2cf39338ea801b1ae7bed09ca49af972295ab8fbc5ad33916698348b7387f77470f059eaaf8bffdb26a45cd318d54092af7c2043f61504d34b218ac7571e37fe0987903402df58368132917ab292f309e51d0690755325b7507d9617ac92a1fd6ebd0a6003d8e13c12b5898b6d6878fbbbe730a14ce99f313994e22a5b8c581290465f99750787ca1757e349c2f4c6bf6bb65dd8f4edd6e53d4e0af9f3240cf0f7d4f0e39dc56caf773850011e2af23b81943abf5541fd5776284e166ddd88e5fcd0667c1b02230ef9f9b153949bb1929306678a36e58ba476f1be6b8a7f6648d9b4afe0baeef895ed40b5ce65aa104f5cc126925b35f81d2b97f82b5f7f8a041b6618041ecd60c746dee6bd3f2e0fba31199e290e0bb7d16d301f1345d3a1d416a877f6191a0afc255ecb3ac12cad0ae70b832b1d8de679a0868c3983912daefb958f6a3349b19fea3f110bc872ea9856384867e329c9dac6a7e9643797fecdfc0db4078a530d71ac876d680009cc9587bf3941d3b1b6e73dfa0e45dfef00f3c47863e2483f440c8b469bbfb8979036b3699e8cd7c4a4d78a4297e3d8076b6d098ba99ddce444f7199f97930e8b3ab94ca03706092b617d7bf8888515f57da4e1785b73e020b1d1d2313f05aca82403c4b0e26926c64061cb31d4687fba584190e9568f878558709bd18d81c6bf429a98cb0a412645b58490d9968e5e6672fa12318d56a0f6c27ebf48e4db3f3ba32acd88a2104e75ffdfc72b602b5d62a3b9252be335241516275400369506ac3544ea055dec532b8909d2cdce539f13cf491d67c7b3527c34db34569cb1969c59b868f3e9ba2c26c92ccbddd249f6488e05801409e40c7e223b032060e52ae5ca8f3394413f7b114a81e29ce057188c09a8bc2b1c0d59a9f14896ba1b513bf5f3d43ee6022b396776431613d6d0c197efc6b7e6fb193f6ab8aebca84927582c2c23be8721c14a6e864166d7a9f897e66d76cb012ac27472a35d3862292ad1ff94aede765a85cf6c78c4621891d87bb330ee1a1c942b2c1b8dffcd818eac5d6c903d7edef45082ac9249686fc2701e8b2bf211d01b0b605038f106251455e4a063ca703b80a3c37e7ea87b90af60f7425fb124c63af5a5ea269173ce93ea6142ed473016e94ec0a37c5e0009af1750f5a5ca312abb2c52fd3bd86593f461aed50cec74b45ff312d10639f79a6fa0cf63fd21ff47d9a6fa5b35835de47cfc5802005f72b1341c2adf1ff752ab9857ff44efc6b492607b00a7be5469ed51e7d622c5b5d73f56399a3f2292cf22f49ee269a3ef69ce513674ea066083271f9e42ab2f46ffff4ddf4309447e56a60c80be56f92930728eac1457e032c9d440aa01637cf4360543fd732a59e15746a80919d2f359274258a3c41379040bfdd749700ce9e358b8a86cf0d1f21842646467b3c9da9ac8287cd035c7a4ace9ff03d0fc5944779248d72537c2ceb3ea8eaa2a4b61454542cbaf60c4754f50daba965c081c452462063060bce54cf2c3483712a5ba847d3187a571d4181417308e8a75d6928f3d953c6ce1710882ccb2fc2253c721cf1f1e020a00ead450c682db76afdc728ecaa9a158281cf93afdafbe10da5ffcbc258a55e65832400773f789419e043488dacc127fb4a68ab091223841f1fba66ce21c9ff2a9b5cf1b56e86bd48a3b3b210ce253887e5c3d16d13e567015e7d0b0b05a08e45a5d6545489fb68b376589e62dbd71b109bd5fd8c3cfaa2b58360b0c382052129ca66573ef9c7398e4fe0da632402a6d920b3b578f17e2ce99e060d2a1c953d1e8d6a87fafc08b8cbd93e0ed9821eaeac63fbc080a8492f79ab769d01079bd0a4b97da1f061613b97c2adf1023bc9d507ecd3d3ab1696b93120f380a5f40f6325d7c49e51a7351f5947e35f7025c25d8281d67627c86f3fea9010285a00eb147cd32aaf989f2c75206f32beb405a9ea6cd7e687dcb57313b6ef13c24b391e396fd13438baecb42a8721d4c43ec3b74a4a6fcae9f077da7a09193a9feba04873fd2b2e26316251799f0c70793e1977c93047bbb0812f1580ca3ee385d2053bcfa82d992c174b6bb52c818e73023628f240e397c5d98f3370d8a7b55509bbf1eedb2b17cb341b12091027afbc0e378778baddcc9f7421290127a4da2fc10009160e17c119cdab63680114510a6d1a1173214f11b26d655cd0c4b138c091d0ab097fe1d20eed2dec43cf9fe335e0716bdba7e76f1bc774dbe1cd24e1d39386614411592474145af40b4031ef91c6318e963222e6e62287fd8b8a95d59d0c02bd8f60defc1134b7b89c4fb02467a17e8e6d77e8f015de3179df19d6839712d0b09ff6b43cdb95886ed8e448a376087bac24453e35f354ef702544e2ca1ca7474e1e679bf10c5d095071d772423e794f67169b0da35af1513476a61119626b1e3a17d7dd9cb828aee6707e9167c0306c1abe5167c148f7032c795b1c5d40dba7948e7574e40f0552135d612bf042f1cae3ed2933c610ed67af2128ca8e7dedd836b21417cf820e0ade61a4db66eaedf63880fbc1f93e3db30274c68e2f6c001da8571907a3663c68ce10471d4f9b9c78fbcba545df6e4be7c0a1c73040a6c7e59285960e3e9e158eae5a21bdff44f7962d3a64c50e9d659277dda9464f19ae5b7ead139caae1e22b30b954b894af1f1ab159e36c9f8cc98de73247b64d356f4d4f3316f59ae0773f7d0191c7d795d2dcb5c88cda87d7f22c319009d7d9497a17dec1fc09dc979a8a0ec97d38424a4269a4c0a04e0228d4bc394b01e79a9c4f6463e3f9c5bd4bea1dd654e5e8cfcd780508a6ffbe65797d9bc2ad6f8253a3094ea58a8f85908c25bb3db39b2fe08c1492f1eefe405ee486dfcc2c66abcbdbf34a4ed1085769f7833ed13e2d9933bc8755a16709cfd850b1138ba8a0886138f019b5d0be84fe1079a9683ef645012192290ff93ab0cd8ce57fd9a6c80c6259579e57c6e6bd1113895df0d0d976ec5eee5f6e5d6362adb2cf3e8fd5fefbddc054f0ac2b5235eedc38d90a88e1fa40ac23bfceafec255f18474f0bf56a8d89368fca24214bc56b8caab5d1b6c22aec3da6db18f71a8601525553213a36839b7b1c3420c721a14eac22e63781d1e9699f8af8ae10f4e2ffff1f8815995f42c54e5cffe905afac6f46d08d5888fb364f4c1acdc1ebdce9db8b7d63ecf03b697fe2ae38a50f5b2c9a0af1dc74a6e603086c1ea572eab8b578e56ba5e07296654c97d352b1697aff4cabfde741a39eb8da452b5a50d9eebba25b58b7b5775f370baedac17d7944a687f10fa793fa3a085891a50ad807487fcde523a612c35b4395dcd936b7856e2ecfc2df08cd4ad2b84f54143b8b810abcde0e7b287f19ab57f4da271501727522f4abbdada034b165e6cbb69d8197fd4b642c8f4b4dd107015650c9dc06e7a79f8b9b71156f4312ba2925bf8b85c9772b23a7747b6798e712d1b4234950bf05492416e103bd42f835d89301396e959c303ea44eaac3d0c810f317eaf995b1ad9fc4d21a50416a51f3f1e4690e59dc624f3938c4c7cfa03f486bbe896a00e8d177da52caea758eb812ff42bf53f121d9d2f49c37337c7e8ecf5c7273fd776ee4854d137f7a6f5daad8bf8ef1882351a77d2811683722539b395519a98f4e5aaf9bf78c692f1c9b502f0473b3e3686d37aa1ff59cc244f38c9dbb51e04a95679cd8fbf3a05159bdf33bdfba6fcb15b5c5bd034692ab2533e69e94329e530c93d864b4514d4c669cb2ef147c2fd88c1b324d83b5cf394650bd129ed6e57c6e302ceb6bedc5e77a44260822f889c9c53198652c711b5acc274f850380b407527c76983ead05654c311fd361b0038196c411a2fbe35570d9ac4ed5f62d83bd64b0db8b0c778d4923b5cb18cd26c7b99981d70cb81c111645abf7db3a81ae8d2f9591ddcbd3ee967e91db2b76128992611b7ed2ca3fb5fc24ac02438e0b76e02b131edde25f52d3288f27826eb54e57e85ed76b120e6c41d4746cab8503ce9070170c8eea8dc2fe16b408aec0b02d89da756fe77b7b1b347b1774e0561f5804d001a2ac68e2b399d1a511d201793b0684f9da0763354e2d05ce679980c3f0133fd3b30d113480b51268f12de45ec3fcc0d3cf9cff3cfb4f7ac00d18f2c3b5d3be8dff3d9d41c0c1ca4e835d5323706915b433e1cd83b6bfead08f83d8bac597bbe4fc2f415f33605837fb79e8a59eef9ee927bc3f985d294496b9d5748ee78904ad98d514f40be7165eb98105a58b123591acbb1555520c4fa78bb2cb2a3ac721698702de91312162a83921706968562100ea0d3446a6c0b585404f463f55a4acdf995bea41666492f9bb33634f2cd1dad69f44e575c75301dccdc2464f8d600000000000000"], 0x105d) 14:21:41 executing program 1: r0 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x3, 0x2) getsockopt$llc_int(r0, 0x10c, 0xa25b4b68c34035bd, &(0x7f00000000c0), &(0x7f0000000100)=0x4) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r0, 0xc0bc5310, &(0x7f0000000140)) syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0x4, 0xffffff0a, 0x0, 0xfffffffffffffffc, 0x0) [ 1228.466552][T20696] binder: 20694:20696 IncRefs 0 refcount change on invalid ref 1275068416 ret -22 [ 1228.476533][T20696] binder: 20694:20696 BC_INCREFS_DONE u0000008000000000 no match 14:21:41 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x0f', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1228.574035][T20706] mkiss: ax0: crc mode is auto. 14:21:41 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) accept4$tipc(r0, &(0x7f0000000040)=@name, &(0x7f0000000080)=0x10, 0x80800) write$cgroup_int(r0, &(0x7f0000000700)=0xfffffffffffffffd, 0xc5) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x1, 0x2) 14:21:41 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000060086310400000000080"], 0x0, 0x0, 0x0}) 14:21:41 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs`', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1228.754135][T20892] binder: 20869:20892 IncRefs 0 refcount change on invalid ref 1610612736 ret -22 [ 1228.788734][T20892] binder: 20869:20892 BC_INCREFS_DONE u0000008000000000 no match 14:21:41 executing program 4: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) sched_setattr(0x0, &(0x7f00000003c0)={0x0, 0x2, 0x0, 0x0, 0x2}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) gettid() capset(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x0) setxattr$security_smack_entry(0x0, &(0x7f0000000180)='security.SMACK64\x00', &(0x7f00000001c0)='/dev/ptmx\x00', 0xa, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0) msgget(0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000003c0)=0x5) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00') msgctl$MSG_STAT(0x0, 0xb, &(0x7f0000000640)=""/176) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) keyctl$negate(0xd, 0x0, 0x0, 0x0) close(r2) connect$caif(0xffffffffffffffff, 0x0, 0x0) getsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f0000000140), &(0x7f0000000200)=0x4) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)) r3 = socket(0x15, 0x0, 0x0) shutdown(r3, 0x0) r4 = creat(&(0x7f0000000140)='./file0\x00', 0x0) fallocate(r4, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf32(r1, &(0x7f00000017c0)=ANY=[@ANYBLOB="7f454c465e08002eff0f00000000000003003e00010000000a01000038000000ed02000007000000030020000200ff7f1c38ff7f00000000070000003f000000810000000600000000100000fc3c000009000000313900005e5434465feeca7ceedc6cf042cd34f45a9bb13764238a0f087d314e5cb78d70fd950cccb1d08f856702ecd72df2d13d96426944a5bbefd71f1aa174d3bebe914a9d962327d5de9c8a0b71270ecf91565f09dedda855175640f388e70e401846aaac05405e9d313fa2024c65e450c8902c7e31db135e33a4e6732d60bb9aa95b7602edaca140a0e014943f0390041e54de63f99ae884026ce409b5b05ba8cf7846ebfd3cb358fabc3d539da4cfd985e6656e7c45a6d96dcfde707eb31a90627171858fbc97e5aa8de38a060cd1fc781a8b9a1fb579cb4652c8f4349e4625990cd160db2ab09f59bbdf323d575695be8bc9459a22796124b3184be4827b4a921fcc5e1520d4fd36b236171966244876d1122fca921db94b5cbc59a1c3e177b86103ba31d52804792f48760a693634a70ae6a3c9c3488bec26c09f0d7a4dab459d35772414a2be8c35a522bba2c02726ac4f7a6e7177fdd48340a59554eb9224ffb173ae2760bce3360d45d2a09eec2716552148a0b77a54220191e7794afd20ab4051306548de332ebfced56f484a5ae1861af67e7d2c08ecc1de27e994bb1391e5cfeb0595561368fed9ac8c8c194930b721ef9966b71f41fc439d09b8221589535c2a89865a1b5207f1f37d9e77270259836548d8f640cf4af0ab5cc0b6ab9bb05bc044bb399f1dd599cb9faf4db8685f739a5b0f6909d6afc14510fa4dce9cfc135740c15bc116b7406051805212a59dbe9791d6a6c3e149c519545af222059f672ed1ae8d28cb991ae41cb97beba614b08587092940b20e3ab3ae35be82fc9a22b2a6dcec899c8cf1f76133fad2e24df75b2425520fc88463f5857a6377840184c0cd5f4279c35fac95d7221f867f9b62ab124aebcbecb33e932f572b5d25ac62eef97046ffbb24ee69146b1b3bb6edaa96d62137b552486142a92e06dba47e1d3e1e545cc893f8330636b82512739ac4ac945aadad535c87c0bacda460f4dcbc624d3698f6c14348a8815a80b2410784383de7b9fe02c63452ae1747d39e044630078979d655638af33b60df0a8afeaaf6a9c8bda583278b4926487ec5ff535daf4db40925472a4d6615e98033330a7958fd1a2e2b9f8735f47be2e2c4832b2c7b2f778033a66c4fd1eb51d30daea0bf1da89df4dff0bfcdb92a425388bd07f0da352763e420e44b910a44f4494b4235452c0800a0a2e8707473acc5199e40621730215c0445e09ec91acef13489b4cc16de87ab9f351c0170774fda808a3acd38d317c41a1462bea7ca63ff3544c9752637845d6dc05b3268b7bfb1b8702e11bf3894ad6d5a75040402d054b32b1fed8eb61b29e009388e87f1c8dd25c3e748eb0d513ee3ba982f275ea6f5bab615245c19c88abaf8532bc2f37f7a2cf39338ea801b1ae7bed09ca49af972295ab8fbc5ad33916698348b7387f77470f059eaaf8bffdb26a45cd318d54092af7c2043f61504d34b218ac7571e37fe0987903402df58368132917ab292f309e51d0690755325b7507d9617ac92a1fd6ebd0a6003d8e13c12b5898b6d6878fbbbe730a14ce99f313994e22a5b8c581290465f99750787ca1757e349c2f4c6bf6bb65dd8f4edd6e53d4e0af9f3240cf0f7d4f0e39dc56caf773850011e2af23b81943abf5541fd5776284e166ddd88e5fcd0667c1b02230ef9f9b153949bb1929306678a36e58ba476f1be6b8a7f6648d9b4afe0baeef895ed40b5ce65aa104f5cc126925b35f81d2b97f82b5f7f8a041b6618041ecd60c746dee6bd3f2e0fba31199e290e0bb7d16d301f1345d3a1d416a877f6191a0afc255ecb3ac12cad0ae70b832b1d8de679a0868c3983912daefb958f6a3349b19fea3f110bc872ea9856384867e329c9dac6a7e9643797fecdfc0db4078a530d71ac876d680009cc9587bf3941d3b1b6e73dfa0e45dfef00f3c47863e2483f440c8b469bbfb8979036b3699e8cd7c4a4d78a4297e3d8076b6d098ba99ddce444f7199f97930e8b3ab94ca03706092b617d7bf8888515f57da4e1785b73e020b1d1d2313f05aca82403c4b0e26926c64061cb31d4687fba584190e9568f878558709bd18d81c6bf429a98cb0a412645b58490d9968e5e6672fa12318d56a0f6c27ebf48e4db3f3ba32acd88a2104e75ffdfc72b602b5d62a3b9252be335241516275400369506ac3544ea055dec532b8909d2cdce539f13cf491d67c7b3527c34db34569cb1969c59b868f3e9ba2c26c92ccbddd249f6488e05801409e40c7e223b032060e52ae5ca8f3394413f7b114a81e29ce057188c09a8bc2b1c0d59a9f14896ba1b513bf5f3d43ee6022b396776431613d6d0c197efc6b7e6fb193f6ab8aebca84927582c2c23be8721c14a6e864166d7a9f897e66d76cb012ac27472a35d3862292ad1ff94aede765a85cf6c78c4621891d87bb330ee1a1c942b2c1b8dffcd818eac5d6c903d7edef45082ac9249686fc2701e8b2bf211d01b0b605038f106251455e4a063ca703b80a3c37e7ea87b90af60f7425fb124c63af5a5ea269173ce93ea6142ed473016e94ec0a37c5e0009af1750f5a5ca312abb2c52fd3bd86593f461aed50cec74b45ff312d10639f79a6fa0cf63fd21ff47d9a6fa5b35835de47cfc5802005f72b1341c2adf1ff752ab9857ff44efc6b492607b00a7be5469ed51e7d622c5b5d73f56399a3f2292cf22f49ee269a3ef69ce513674ea066083271f9e42ab2f46ffff4ddf4309447e56a60c80be56f92930728eac1457e032c9d440aa01637cf4360543fd732a59e15746a80919d2f359274258a3c41379040bfdd749700ce9e358b8a86cf0d1f21842646467b3c9da9ac8287cd035c7a4ace9ff03d0fc5944779248d72537c2ceb3ea8eaa2a4b61454542cbaf60c4754f50daba965c081c452462063060bce54cf2c3483712a5ba847d3187a571d4181417308e8a75d6928f3d953c6ce1710882ccb2fc2253c721cf1f1e020a00ead450c682db76afdc728ecaa9a158281cf93afdafbe10da5ffcbc258a55e65832400773f789419e043488dacc127fb4a68ab091223841f1fba66ce21c9ff2a9b5cf1b56e86bd48a3b3b210ce253887e5c3d16d13e567015e7d0b0b05a08e45a5d6545489fb68b376589e62dbd71b109bd5fd8c3cfaa2b58360b0c382052129ca66573ef9c7398e4fe0da632402a6d920b3b578f17e2ce99e060d2a1c953d1e8d6a87fafc08b8cbd93e0ed9821eaeac63fbc080a8492f79ab769d01079bd0a4b97da1f061613b97c2adf1023bc9d507ecd3d3ab1696b93120f380a5f40f6325d7c49e51a7351f5947e35f7025c25d8281d67627c86f3fea9010285a00eb147cd32aaf989f2c75206f32beb405a9ea6cd7e687dcb57313b6ef13c24b391e396fd13438baecb42a8721d4c43ec3b74a4a6fcae9f077da7a09193a9feba04873fd2b2e26316251799f0c70793e1977c93047bbb0812f1580ca3ee385d2053bcfa82d992c174b6bb52c818e73023628f240e397c5d98f3370d8a7b55509bbf1eedb2b17cb341b12091027afbc0e378778baddcc9f7421290127a4da2fc10009160e17c119cdab63680114510a6d1a1173214f11b26d655cd0c4b138c091d0ab097fe1d20eed2dec43cf9fe335e0716bdba7e76f1bc774dbe1cd24e1d39386614411592474145af40b4031ef91c6318e963222e6e62287fd8b8a95d59d0c02bd8f60defc1134b7b89c4fb02467a17e8e6d77e8f015de3179df19d6839712d0b09ff6b43cdb95886ed8e448a376087bac24453e35f354ef702544e2ca1ca7474e1e679bf10c5d095071d772423e794f67169b0da35af1513476a61119626b1e3a17d7dd9cb828aee6707e9167c0306c1abe5167c148f7032c795b1c5d40dba7948e7574e40f0552135d612bf042f1cae3ed2933c610ed67af2128ca8e7dedd836b21417cf820e0ade61a4db66eaedf63880fbc1f93e3db30274c68e2f6c001da8571907a3663c68ce10471d4f9b9c78fbcba545df6e4be7c0a1c73040a6c7e59285960e3e9e158eae5a21bdff44f7962d3a64c50e9d659277dda9464f19ae5b7ead139caae1e22b30b954b894af1f1ab159e36c9f8cc98de73247b64d356f4d4f3316f59ae0773f7d0191c7d795d2dcb5c88cda87d7f22c319009d7d9497a17dec1fc09dc979a8a0ec97d38424a4269a4c0a04e0228d4bc394b01e79a9c4f6463e3f9c5bd4bea1dd654e5e8cfcd780508a6ffbe65797d9bc2ad6f8253a3094ea58a8f85908c25bb3db39b2fe08c1492f1eefe405ee486dfcc2c66abcbdbf34a4ed1085769f7833ed13e2d9933bc8755a16709cfd850b1138ba8a0886138f019b5d0be84fe1079a9683ef645012192290ff93ab0cd8ce57fd9a6c80c6259579e57c6e6bd1113895df0d0d976ec5eee5f6e5d6362adb2cf3e8fd5fefbddc054f0ac2b5235eedc38d90a88e1fa40ac23bfceafec255f18474f0bf56a8d89368fca24214bc56b8caab5d1b6c22aec3da6db18f71a8601525553213a36839b7b1c3420c721a14eac22e63781d1e9699f8af8ae10f4e2ffff1f8815995f42c54e5cffe905afac6f46d08d5888fb364f4c1acdc1ebdce9db8b7d63ecf03b697fe2ae38a50f5b2c9a0af1dc74a6e603086c1ea572eab8b578e56ba5e07296654c97d352b1697aff4cabfde741a39eb8da452b5a50d9eebba25b58b7b5775f370baedac17d7944a687f10fa793fa3a085891a50ad807487fcde523a612c35b4395dcd936b7856e2ecfc2df08cd4ad2b84f54143b8b810abcde0e7b287f19ab57f4da271501727522f4abbdada034b165e6cbb69d8197fd4b642c8f4b4dd107015650c9dc06e7a79f8b9b71156f4312ba2925bf8b85c9772b23a7747b6798e712d1b4234950bf05492416e103bd42f835d89301396e959c303ea44eaac3d0c810f317eaf995b1ad9fc4d21a50416a51f3f1e4690e59dc624f3938c4c7cfa03f486bbe896a00e8d177da52caea758eb812ff42bf53f121d9d2f49c37337c7e8ecf5c7273fd776ee4854d137f7a6f5daad8bf8ef1882351a77d2811683722539b395519a98f4e5aaf9bf78c692f1c9b502f0473b3e3686d37aa1ff59cc244f38c9dbb51e04a95679cd8fbf3a05159bdf33bdfba6fcb15b5c5bd034692ab2533e69e94329e530c93d864b4514d4c669cb2ef147c2fd88c1b324d83b5cf394650bd129ed6e57c6e302ceb6bedc5e77a44260822f889c9c53198652c711b5acc274f850380b407527c76983ead05654c311fd361b0038196c411a2fbe35570d9ac4ed5f62d83bd64b0db8b0c778d4923b5cb18cd26c7b99981d70cb81c111645abf7db3a81ae8d2f9591ddcbd3ee967e91db2b76128992611b7ed2ca3fb5fc24ac02438e0b76e02b131edde25f52d3288f27826eb54e57e85ed76b120e6c41d4746cab8503ce9070170c8eea8dc2fe16b408aec0b02d89da756fe77b7b1b347b1774e0561f5804d001a2ac68e2b399d1a511d201793b0684f9da0763354e2d05ce679980c3f0133fd3b30d113480b51268f12de45ec3fcc0d3cf9cff3cfb4f7ac00d18f2c3b5d3be8dff3d9d41c0c1ca4e835d5323706915b433e1cd83b6bfead08f83d8bac597bbe4fc2f415f33605837fb79e8a59eef9ee927bc3f985d294496b9d5748ee78904ad98d514f40be7165eb98105a58b123591acbb1555520c4fa78bb2cb2a3ac721698702de91312162a83921706968562100ea0d3446a6c0b585404f463f55a4acdf995bea41666492f9bb33634f2cd1dad69f44e575c75301dccdc2464f8d600000000000000"], 0x105d) 14:21:41 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) truncate(&(0x7f0000000000)='./file0\x00', 0xfff) [ 1228.832068][ C0] net_ratelimit: 19 callbacks suppressed [ 1228.832077][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1228.832196][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1228.837855][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1228.843687][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1228.860916][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:21:41 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000068086310400000000080"], 0x0, 0x0, 0x0}) 14:21:42 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700)=0x6, 0xa) mmap$xdp(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x10, r0, 0x180000000) 14:21:42 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfsh', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1229.027307][T21021] mkiss: ax0: crc mode is auto. 14:21:42 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1229.133162][T21072] binder: 21026:21072 IncRefs 0 refcount change on invalid ref 1744830464 ret -22 [ 1229.163250][T21072] binder: 21026:21072 BC_INCREFS_DONE u0000008000000000 no match [ 1229.191309][T21024] FAT-fs (loop1): bogus number of reserved sectors 14:21:42 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) setsockopt$TIPC_MCAST_REPLICAST(r0, 0x10f, 0x86) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000000), &(0x7f0000000040)=0x4) getsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000080), &(0x7f00000000c0)=0x4) write$cgroup_int(r0, &(0x7f0000000700), 0x12) [ 1229.234060][T21244] hfs: can't find a HFS filesystem on dev loop0 [ 1229.256398][T21024] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:42 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="046304400000006c086310400000000080"], 0x0, 0x0, 0x0}) 14:21:42 executing program 4: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) r1 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x9, 0x0) ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f00000000c0)=0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f0000000040)) write$cgroup_int(r0, &(0x7f0000000700), 0x2c5) 14:21:42 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:42 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000000)='./file0\x00', 0xa1d, 0x0, 0x0, 0x0, 0x0) r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x10000, 0x0) ioctl$TUNDETACHFILTER(r0, 0x401054d6, 0x0) [ 1229.437399][T21342] binder: 21341:21342 IncRefs 0 refcount change on invalid ref 1811939328 ret -22 [ 1229.464607][T21342] binder: 21341:21342 BC_INCREFS_DONE u0000008000000000 no match 14:21:42 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700)=0x3, 0x12) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)={0x8}) 14:21:42 executing program 4: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) r1 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x9, 0x0) ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f00000000c0)=0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f0000000040)) write$cgroup_int(r0, &(0x7f0000000700), 0x2c5) 14:21:42 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfsl', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1229.576651][T21347] hfs: can't find a HFS filesystem on dev loop0 [ 1229.609379][T21406] FAT-fs (loop1): bogus number of reserved sectors 14:21:42 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000074086310400000000080"], 0x0, 0x0, 0x0}) [ 1229.632493][T21406] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:42 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:42 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x800) write$cgroup_int(r0, &(0x7f0000000700), 0x12) 14:21:42 executing program 4: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) r1 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x9, 0x0) ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f00000000c0)=0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f0000000040)) write$cgroup_int(r0, &(0x7f0000000700), 0x2c5) [ 1229.857666][T21566] binder: 21563:21566 IncRefs 0 refcount change on invalid ref 1946157056 ret -22 14:21:42 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) [ 1229.902111][T21566] binder: 21563:21566 BC_INCREFS_DONE u0000008000000000 no match [ 1229.942260][T21564] hfs: can't find a HFS filesystem on dev loop0 [ 1229.952046][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1229.957971][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1229.963908][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1229.969895][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1229.975815][ C1] protocol 88fb is buggy, dev hsr_slave_0 14:21:43 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfst', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:43 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) fstat(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0}) setuid(r1) 14:21:43 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:43 executing program 4: clock_getres(0xffff7ffffffffff5, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x5, &(0x7f0000000100)=[0xee01, 0xee01, 0x0, 0xee00, 0xee01]) lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000002c0)={&(0x7f0000000280)='./file0\x00', r0}, 0x10) write$P9_RSTATu(r0, &(0x7f0000000200)={0x65, 0x7d, 0x1, {{0x0, 0x50, 0x0, 0x1, {0x1a, 0x1, 0x2}, 0x21000000, 0x4cc7, 0x4, 0xffff, 0x13, '*proc-)/^#eth1ppp0\'', 0x7, 'vmnet1]', 0x3, '\'+('}, 0x0, '', r1, r2, r3}}, 0x65) 14:21:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="046304400000007a086310400000000080"], 0x0, 0x0, 0x0}) 14:21:43 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x101000, 0x0) ioctl$VIDIOC_DBG_G_REGISTER(r0, 0xc0385650, &(0x7f0000000040)={{0x5, @addr=0x46}, 0x8, 0x5, 0x10001}) 14:21:43 executing program 5: write$cgroup_int(0xffffffffffffffff, &(0x7f0000000700), 0x12) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0) ioctl$KVM_NMI(r0, 0xae9a) [ 1230.249916][T21681] hfs: can't find a HFS filesystem on dev loop0 [ 1230.268577][T21686] binder: 21683:21686 IncRefs 0 refcount change on invalid ref 2046820352 ret -22 14:21:43 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff8, 0x2000000, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x1cc36, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0x4}}}]}, 0x34}}, 0x0) write$binfmt_misc(r0, &(0x7f0000000040)={'syz0', "97ea7d1aef7a049028983d3d27f2df8736391170f0972d72693ce4db8a1ef6e3cfe392127ddb67b0f3c8862a6ffd3dbcf7c2dd9ed32060ed30f2dbd98f2554026b5fbd819f07290f9934f73a6a5628fe413e83d500851e0663e8154364513068e4d0a3caebea05d112187dc88efca830a066863603137a73702e0f74889d9e16c67b7ca40808f492b23623af02e0d27b8b46191716cc935d7ebc8ae88606b1dca38dedb0d9c65debcb02065a856feb24cf3effe4fcd40a5d252764a8c33921aba7b17976b7bbdbd0eff553e6d26cc4add2d40b2e98f6209a9ef8cd695a66a0932eb4c014c2860aeb427cdfd8bb3b71da35a32c5290a9a10bfaca"}, 0xfe) [ 1230.313533][T21686] binder: 21683:21686 BC_INCREFS_DONE u0000008000000000 no match [ 1230.349375][T21681] hfs: can't find a HFS filesystem on dev loop0 14:21:43 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4003}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/fuse\x00', 0x2, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, &(0x7f0000000600)=r0) r2 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r2, &(0x7f0000000700), 0x12) 14:21:43 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1230.473432][T21694] FAT-fs (loop1): bogus number of reserved sectors 14:21:43 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfsz', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000096310400000000080"], 0x0, 0x0, 0x0}) [ 1230.536120][T21694] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:43 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$vivid(&(0x7f0000000000)='/dev/video#\x00', 0x1, 0x2) ioctl$VIDIOC_DBG_S_REGISTER(r0, 0x4038564f, &(0x7f0000000040)={{0x2, @addr=0x2}, 0xfffffff1, 0x40, 0x1}) 14:21:43 executing program 5: r0 = syz_open_dev$mice(&(0x7f0000000100)='/dev/input/mice\x00', 0x0, 0x48000) write$cgroup_int(r0, &(0x7f0000000040)=0x200000000001, 0x12c) [ 1230.666186][T21959] hfs: can't find a HFS filesystem on dev loop0 [ 1230.829096][T21959] hfs: can't find a HFS filesystem on dev loop0 [ 1230.829351][T22044] FAT-fs (loop1): bogus number of reserved sectors 14:21:43 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1230.914405][T22044] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:44 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x800) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x4, &(0x7f0000000040)=[{0x2, 0x9, 0x9, 0x19ac}, {0xb1, 0x10001, 0x6, 0xf}, {0x1, 0x2, 0xe0e7, 0x1}, {0x4, 0x400, 0x6, 0xfffffffffffff9b0}]}, 0x10) write$cgroup_int(r0, &(0x7f0000000700), 0x12) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x7, 0x4000) 14:21:44 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000000a6310400000000080"], 0x0, 0x0, 0x0}) [ 1231.086279][T22210] hfs: can't find a HFS filesystem on dev loop0 14:21:44 executing program 1: [ 1231.218192][T22230] binder: 22228:22230 unknown command 1074815754 [ 1231.251259][T22210] hfs: can't find a HFS filesystem on dev loop0 [ 1231.305938][T22232] hfs: can't find a HFS filesystem on dev loop3 [ 1231.314904][T22230] binder: 22228:22230 ioctl c0306201 20000680 returned -22 14:21:44 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) clock_nanosleep(0xb, 0x0, &(0x7f0000000040)={0x77359400}, &(0x7f00000001c0)) syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x4, 0x800) tkill(r0, 0x1000000000014) 14:21:44 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0xa8000, 0x0) write$UHID_INPUT(r0, &(0x7f0000001180)={0x8, "ea98726694760f577d41f164b8ae36b26dd062185dcfe8370b6b8e7c89da55de372567929758f19b08945474e0c36d7dbf3505d58c2d45f312f9c7364343f9aa0d286adfd6b92b52a1b9296140d94cadfb16fa698c89c4bf72ac3e732340d3d47d51b98e33e1fa8d3ffe090b685bbefd8a5af87eb8aae24b0a75125eb58e3ee16d6bd5f59c9752bb2b163b2b10828132cf4b01f7eaccdf430f2470da561cd3b70a386dc9ddd79112394b0e9ec0875d300966afc9051a76616d442d477bedd74e8dcddeb5d541fe4eaaa65d90b3ab98f7183243e08d2cf2e9ef80efef22fc1d6c8604d1913e6bc65dc6c5abc13875fd06019efeac2f91336ab5e0178b86416522378ac01966ceb19865f454ad845799a9322100f4073b2f8bfeb88acda3aa4d8db11b48e11fd81b4b94597ca63eb4dc7e4a3bfd6c00d215ea70d4fc134f07b1374eeaca74da391574740b3ebf8209ac2827392094697a94d0332379d4f26fe05044d277f00bdaeaadbf67339323fe6f13dffa6ace9a15c2238123ed89769f7d28d709c9c6d44b015665443a0a6af55e90e301e7d7cd2c7000b20d121e330ad2775b07966ab138ba8211948703f2b45fdf5a76a991bf87a1b3e224da4ebb207721101efc751d3aa44b23793d05fa767b5e43216db4087de23fd8b078b69bb9e358f2e0061afb6ae3a7685bfaa4238051d74ac18d30184cbca5a1bad0d0cebd5545b61c9aaaea2afa4167a30dd08740715b5e9d93fe881a995e9a28df078960044220930150ab7298cc6336ab627b582363259ddd8a4988f82ee9fcb2f2b567aeb4febe2ec44582618b1b1e73bf98d5026fe6288ac0683b4efb872b12a47e292397c19a9fb50b79d112122487318328224e20a7ebd5bff411f6194ee4bc6d79dda638468c02278bb1cbb7d698ce4de41c3c5ddcdf55f41a3f1350357b7e4d63a06cb84edebd91f97f11b9db6e52f87fb8ce8d557022f375f72c2f4f08ab44c589dd311405dd73ba14e0b1ec2f43a97a1e027b099cb41f0086aec035d7f2943957e9ca19170a4c5b390d5513db89381decb2a3f3d7f0e6daaef3cbd83550c0f6385b0fb78b6a08a95ff6f0af5890582bee5eac66e69fc5618b678594ea88be5e8eff293c52694087694404f7b892b322571c7563748e7d9d5b884d5226cd5f98c5aa68f62f1cf610e6bef394bdea68b36eb052fd6a5e5578ec176b32a9f901fef83af9a742f08f19d3b4efdbd897fb17d256b8c18ea7f13a04d0ca9cf22bdcd0b6d36969880badda3fa64f95f423714af827e235b38cd43c75219fb4eae7d5fe1c6a272851b98e0a8fb31f8ef4fd87fae0ffffffe3473725cab23432af60c2d8cffca004457cfdde23b79362e22ca9b4d868d89ce29ff335dd96039f75a6e226a2f60b44cf71002057f4f3fa4042e8f2c93be7b0f1e536bc5beb1b67320f930b9447b9395e8929a15dbf8853dc270520d693d2b9494af2a95c421acbfd14b1d04cfe7ca9db03da6aacafe1c29ae5fe3abdd22196f15be723c641f47cae544c967a4afd7b7d70f86145c4e347f64a4eb06f106cf5274769b2b58778c4658ba8bdf925cceca855884fb954ba7903303a735a56d78da5ca0b28786ddccee362f8005af2e9ba123a198a06670775fe6e83ff33db7046f3d294a60928a30188aa8b1ffef7e510f9f80e36c79140127483bdd86e0292b2e9b9f4dd0516df31327227ab914d62458feec00937dcd7bb643289e426efa48cda05700fd43c05771e50a5865a10af649e0a2ba400956c9c6dc38bfe6300d2ea9ac48c3f34a7296e798ea5885e828ac56d82deb5ce14c789ba2a8e4bd9229c2a5c52ff21cd8c0e90ff21ed8efe08a7d796bc0407890e2f4a0ea78fcfd2c808195efb0461186ce5b9b52e1e562387eb38a03eb620301b54d006e77239491e3ed56c644ba654109c1998b740870c7fc7f76030f0c9a8a537d154bdb7971ba68bb38c6db714b73fe8a501c28fc87383932af7e652756d7c6594619684501cd0555e488fd8751253ba2d435d0749aa9bd29f63eae27a64fdbd60ecf05ef9cf51f5506e4f70fb4d33c4e90c7581b51368aad5a378d3c791f4f2b8c82e8afa014a0ff0ec8129c5d90178c9e640033fb790582d9788e0afb624d2f99a909a9eae3c4662f17347a1c69f4a578343c1a7688a2924a328ce1bf353361d6c01893150045b6d0da5a7a967024776ea7c035d487a26e2a65a3022d860eff1bca9d5c5f7d6a58a7789f1e29d8dada4f0f0ce32c6de0dd78a5e1c5b550c6725fb9e21e8910b38dc1ed7fa110b4b8387df99f2078002579c5e9505a866dd6479419dd8171ade38104153d94d0cc37035e6058e0496984f67b767d864c39802838b00fc4c9b941a8585de0918b661f913e9ae2dff9a1a4cd3cf40f01d39f69bb077920e77591691fae7cc9c9701ddc122ec95ae571e9c3e9da5f79e2a5007acc81a46e8db0cebf550a0aea04b356dc3d51ac12ee4eceb04212b060b302de07777386a40371b28d74cff2b2ee9d859255aa425b09995944d405a00a90f3306b2beda411c30aafb3d12dd9706d332d285689093ac1b7fb249eb5cceaedf853ebeaca973602a4ded0601e81769055eddd80d41622f30d6a63b4495a32ef2770a2a1a677bee323299c8a79c169d51037f66e1b3a026806a1bd1a65efd8cc926d2d53db26de5cc291d2db4ef5eb6d235756d639a2e2cd61fc2b6cfcd455a635c3b0d7fdc75d560cc9eb2ad62bbc8f0d1a852b7b1aa561fd486cdbac33cfe3a330b31fffa5be7761dd9efb8381ae7452ed6103368b8191af6210df22ad795453d38af16e0a32ccafda94fca0b5c0b566939adae8aa90f5b5fa015ed36f2230dc89a02256c9f114bb5424a4db1037c1e84e70ebbd53fb4ead3eec83a36e2a592e795ba124b021f7fea8ae4bc8fcbfcf743f7f0be345bf72f9854d0e08ab15f97c8258a4e971a8dae658ea3366c859388e1fe08a5ecacb218baa61a9d89c8c7202931d7729edc01de6c1c092cb7dc44f492c261ae5e292257bd5bbd6cd0033290e4399de7e23dd27784c689de4b06a6f3cb6e49bfb9b6cb2e465000d40e20808f3324662a0c70f424adc54d2e58be28f8f109dffd6faba79b3eda763d0b7e171efd38ce4d55d292e72b0d63eb91be4d0a86b7921099ed62677975754e4e3ec34e22924f51d040d034f92f324f450425a208ae6e951c6ea7c3634c110632e3c1ceef6bbc38ae86f6aaf079259bcb3f0ada6fc1aeebd3999eab660134198ea120b5151f97864de3b60e0165e8af07d379a770a9b8a6a7f9593d1c29288ab32ef54cffefbf0a051d37031a8ea4708f2bfc94058cfaa50fc5ff7a996ab0ce3d77b5c0695875410f2ce4ce4192f319c9b7b29f794f8c7b984e769672ba5c632d61eb77fb44813bef7a5acc52fa6e9a04d63e64632aa12e7b8e58512aceb1e5acfae52b328a1af2331ae0181b4c51e8eb7825df6c0b32a88d3ca0cacbe809e3d186b09f021b2447795ededa3407821254a9d01a9e781982ee7c52fc03fcb3c1e81e8774dd5bf4457e7fb98b85a62965ac0511f8c390f6ea80fd16f0f7affeff95a06881dd152d4a0bf1cf746115fa73c2fbd4927741236de304a6cb31bd34e8d7c97a3ee5a0c1a946ba0fbb8456ba4f3375e74f8c2552003e67fead300f5713879c19b7e01fbf984ad4c357e76cf334e7bf845e85ac9e4ab4147897a3307bda63b339c42f07b167442011b4bde3b861d1b99639a777144a81c417b7bc09cc2afc6f499a353361d77db7ce61215676eb2e29582e6feb03b597e6a9f22023daf84c636e0789ee793848083cbee0cd051e6b4082c62a3b2f069fe6329bbf36eadab1b2984f10447ed0858e1a0de6d415c1bf157b426264c982719cb59b36f273527d863a75533b5ffcbfc1f4d7c38ddbffc78f1253e2261baefb49aeffdc857a38852d94441d29bb025b7421c4b545dd57bebd98598bbc139df6b38d0e4fd85206f2d91ad1ca458e794075ecd1d894a9c6a725d400f577b15a96a9228830faa4098df6c30ae1db7723400e9cf7dc625f9d17ad3e21664eb4db07f29726a3f8732617a88e73ca41e54cd0abbe6910c8cb461a6d8da886def38400e3cc77b6d4fc4603f26fab593ffd622e37d2191ca4b9d3fd7616b943edda09d0d7f4ea8a49e02a1a2475581e2ff608d2cfeac481c594692348f87493849488fe4883d629909c43962000eb1e9f7d3f3383b4732eb24fb4916352129f9cc0171efb258dc743374222ab8d7687e3a0b9fccb690896a48d7829bceb9d9ff569db8a17121ea6747387f9adbb45ddfc194ec8dc62c94c2d6d66b0ab0d01504fd2483ffb3eecacbe28aede6e5d9b75af048dfbd48dc215d1eba7afc2f4b84ae4c77df69372efce8b5692e42f9ab15be9bc30d95034a82f5a5f510e9eef879bd7c6f72057fe94a6db62f43d7f2f1c379399c0cdd667f93c9e6c3521ec3a05b4edafc8507776f02644b1a31094ac724947873a3f109e51cd702330bbea41fbd0ab3f3cc92ce4032874b84070162df7d8028525de942edc577e7dc7e99e82fa04bc79aa1c4b668df4fc9ff71c5d0d287c44ecd9a910fd41bae1f16efc2c5aa86333eafe034b3b707dfadc4c23dbfe874601743ddafc618b99389fa6bd8a2b709cd9db98c3758b182eb2e3c7d5f3ebab93dec87c73e5810c03b935fa78210036071f1948fa1e45cf2057d75a0825c0c27fe8c45ab1bfff3e327529b170c4b58924682de93747f3a9e1873eea6b357da98a1e21f6827cd87797b87a884f102daa92e47fa3e30db056da216b421bb4d9833320b1d6d9bad84b3190735be4b6d18ea45e0f3bbe054a4366f03e3d494f84d00a59c9e495a1eafba11ee36299cf4c7279b0277ff523d747cf804b6624c1658712cfeeaf3893468dde8d1776bbd2d4caa4956f77124d3cea094a56dbb47756c043ba65aa0593066fc8ecbc7687b315b727f5606cd7b3e860951835d665581536cedac23a944175200b4514c3d7e790c468498ae1d4f92b57936b08896a3e4fbfdac021d40c56fa20a12dfb679efe8388ee29ffc9679285fe4b373de96ea6d44fea99826b5b9abb06e63f53fce7d068f804a29351d039a39ff72e4093b9066842014e241987d73d5d846b9e500811aaf03184cbdd3b5f79f1c66094dd529c3e9b1042908ca4335d839f191daa2ec8720232128f0f714e6addd82c65011ef988bd35542103f308ea12c05c83b12c17dada63ee886395f08ba72c7b6e180ac929abc4874f160790fb9e3ff0d74afaca9dc77c504f1dcb7027df4dab637e6ff7704000c581a97dc63aecb359c1cdcbdbbb0863534e111c4fda8ea908fd5ac7552339e7e3dfa267a85f289c5f451ad98dcccd773ef1f0316d43fa45e9d9439f2e650e8c52e70ddcd8b5a502b0b76e175f3befb7f71e2ffd899ae6f94b3df8a858df75f6eb555a71cac56ffc4f82785aeba0b09c0e7480f3a19b2f43b42cb043cb0e975e701e6e4e32c43cd897d5fe1de577051bdde6e88e13f06b1068337444f4bd3dcef9003ec2bc6c7dabfb5a0cff52d346bb298b8baaea027ddb767326cfef8af2eaf76d40cf708c9c5202ddd5c5d383ad25633e584be7b1cb9afe47efe6aac065f885e50ae06d68235fa603be293873bb90432a3224b8e6d5bfab32f3fed34ed1e72e2628d8a4bb586fc10747354185149f10013faec809a1dcf1960a1c50acc5612d38e3b3064b7cad8d6b972a13c89de90e62d5c63ef02fa8e8c56adc3f15df9d65ee298377fb22885d5f941574f909000000000300", 0x625e4603}, 0xffffffffffffffed) 14:21:44 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) lsetxattr$security_smack_entry(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.SMACK64MMAP\x00', &(0x7f0000000080)='/dev/input/mice\x00', 0x10, 0x3) 14:21:44 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1231.430266][T22232] hfs: can't find a HFS filesystem on dev loop3 14:21:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000000b6310400000000080"], 0x0, 0x0, 0x0}) [ 1231.527829][T22317] FAT-fs (loop1): bogus number of reserved sectors [ 1231.552292][T22317] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:44 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1231.594011][T22463] binder: 22432:22463 unknown command 1074815755 [ 1231.600875][T22463] binder: 22432:22463 ioctl c0306201 20000680 returned -22 [ 1231.629747][T22427] hfs: can't find a HFS filesystem on dev loop0 14:21:44 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") setsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000040)=0x1, 0x4) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x19, &(0x7f0000c86000), &(0x7f0000000000)=0xfffffd62) 14:21:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000000c6310400000000080"], 0x0, 0x0, 0x0}) 14:21:44 executing program 1: stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$DRM_IOCTL_RM_MAP(r1, 0x4028641b, &(0x7f0000000240)={0x0, 0x4, 0x0, 0x10, &(0x7f0000ffb000/0x3000)=nil, 0x7ff}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) clock_gettime(0xfffffffffffffffe, &(0x7f00000001c0)={0x0, 0x0}) futimesat(r1, &(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000200)={{0x77359400}, {r2, r3/1000+10000}}) 14:21:44 executing program 5: r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) ioctl$IMCLEAR_L2(r0, 0x80044946, &(0x7f0000000000)=0x1) [ 1231.775108][T22427] hfs: can't find a HFS filesystem on dev loop0 [ 1231.783467][T22653] hfs: can't find a HFS filesystem on dev loop3 14:21:44 executing program 4: socket$inet6(0xa, 0x2, 0x93b) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x6, 0x400000) ioctl$TIOCSLCKTRMIOS(r1, 0x5457, &(0x7f0000000080)) uname(0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) setsockopt$X25_QBITINCL(r1, 0x106, 0x1, &(0x7f0000000200), 0x4) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000400)) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e22, @multicast2}}}, &(0x7f0000000180)=0x84) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f00000001c0)={r2, 0x400, 0x4, 0x22}, 0x10) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x2b7) bind$vsock_stream(r1, &(0x7f00000002c0)={0x28, 0x0, 0x0, @host}, 0x10) ioctl$VIDIOC_G_STD(r1, 0x80085617, &(0x7f0000000240)) ioctl$VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f0000000300)={0x8, 0x4, 0x4, 0x70000, {0x77359400}, {0x4, 0x1, 0x4, 0xf062, 0xffff, 0x3, "93ad5e88"}, 0x546, 0x5, @offset=0x160b9982, 0x4}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 1231.839297][T22693] binder: 22658:22693 unknown command 1074815756 [ 1231.871534][T22693] binder: 22658:22693 ioctl c0306201 20000680 returned -22 14:21:44 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:44 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1231.930841][T22688] FAT-fs (loop1): bogus number of reserved sectors [ 1231.961914][T22688] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:45 executing program 5: r0 = syz_open_dev$mice(&(0x7f0000000180)='/dev/input/mice\x00', 0x0, 0x40004) write$cgroup_int(r0, &(0x7f0000000700), 0x12) [ 1232.045004][T22934] hfs: can't find a HFS filesystem on dev loop3 14:21:45 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x400000, 0x1) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000040)=0x9, 0x4) ioctl$TIOCMBIC(r0, 0x5417, &(0x7f0000000340)=0x7) rt_sigaction(0xe, &(0x7f00000001c0)={&(0x7f00000000c0)="c4e1fd70f8e2ff33c4e1617dddf0f79d99899999660fec0e67430f6612f041834f00d5450f01f9c4a1f1f5b60700000045ded9", {0x2}, 0x58000000, &(0x7f0000000140)="f30fbc2464c46119d952060f3808fe8fe81897877ae6536edf3e3e2e0ff88412001000023e64c0a5000000000bf00fc08e03000000c4a17d7f76630fa9c463f95f2b87"}, &(0x7f00000002c0)={&(0x7f0000000200)="67f30f2b68b9f33645e70bc4824da867000f0bc46121fecd3d0000010066420fdecf40de372666440f382087d700000064440f1bb899899999", {}, 0x0, &(0x7f0000000240)="c461a971f20267662dbe5966430ffab42e00000000c4e27945ff2e660f6f6ef0470f0f56199af2420f5c2d8b370000c4a3b90c8d00000000003e440f3800d98f08c0a39aa69d0000ec"}, 0x8, &(0x7f0000000300)) 14:21:45 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000000d6310400000000080"], 0x0, 0x0, 0x0}) [ 1232.181612][T22973] hfs: can't find a HFS filesystem on dev loop0 [ 1232.198783][T22934] hfs: can't find a HFS filesystem on dev loop3 14:21:45 executing program 5: socket$inet6_udp(0xa, 0x2, 0x0) r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x801) write$cgroup_int(r0, &(0x7f0000000700), 0x12) 14:21:45 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:45 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1232.312986][T23081] FAT-fs (loop1): bogus number of reserved sectors [ 1232.351798][T23081] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:45 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RREADDIR(0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, r0, &(0x7f0000000100)=0x2000000000000000, 0x0, 0x4) r1 = getpid() fcntl$setownex(r0, 0xf, &(0x7f0000000180)={0x2, r1}) r2 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x10001, 0x1) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000080)={0x5, 0x0, 0x1002, 0x20, 0x9fd, 0x81, 0xff80000000000000, 0x1}) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='overlay\x00', 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) [ 1232.451229][T23287] hfs: can't find a HFS filesystem on dev loop0 [ 1232.486015][T23290] hfs: can't find a HFS filesystem on dev loop3 14:21:45 executing program 1: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000140)='./file0\x00', 0x5, 0x45f, 0x0, 0x0, 0x0) exit_group(0x1f) 14:21:45 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1232.681595][T23290] hfs: can't find a HFS filesystem on dev loop3 [ 1232.848986][T23299] hfs: can't find a HFS filesystem on dev loop0 [ 1232.947467][T23299] hfs: can't find a HFS filesystem on dev loop0 14:21:46 executing program 4: ioctl$DRM_IOCTL_ADD_MAP(0xffffffffffffffff, 0xc0286415, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40bf, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r0, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0x10000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) getpid() 14:21:46 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_MCE_KILL(0x21, 0x1, 0x1) r0 = open(&(0x7f0000000000)='./file0\x00', 0x341440, 0x100) getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f0000000240)={'nat\x00', 0x0, 0x3, 0xf2, [], 0x4, &(0x7f0000000040)=[{}, {}, {}, {}], &(0x7f0000000140)=""/242}, &(0x7f00000000c0)=0x78) 14:21:46 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:46 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:46 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RREADDIR(0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, r0, &(0x7f0000000100)=0x2000000000000000, 0x0, 0x4) r1 = getpid() fcntl$setownex(r0, 0xf, &(0x7f0000000180)={0x2, r1}) r2 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x10001, 0x1) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000080)={0x5, 0x0, 0x1002, 0x20, 0x9fd, 0x81, 0xff80000000000000, 0x1}) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='overlay\x00', 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 14:21:46 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000000e6310400000000080"], 0x0, 0x0, 0x0}) [ 1233.814347][T23315] binder: 23309:23315 unknown command 1074815758 [ 1233.822395][T23315] binder: 23309:23315 ioctl c0306201 20000680 returned -22 [ 1233.830359][T23312] hfs: can't find a HFS filesystem on dev loop3 14:21:46 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000116310400000000080"], 0x0, 0x0, 0x0}) [ 1233.903561][T23310] hfs: can't find a HFS filesystem on dev loop0 [ 1235.072086][ C0] net_ratelimit: 19 callbacks suppressed [ 1235.072095][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1235.083729][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1235.158866][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1235.164888][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1235.170793][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1235.176677][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1235.182568][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1235.188433][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1235.194562][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1235.200375][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:21:48 executing program 4: socket$vsock_stream(0x28, 0x1, 0x0) r0 = socket$vsock_stream(0x28, 0x1, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x1, 0x0) accept4$packet(0xffffffffffffff9c, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000580)=0x14, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000640)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)=@deltclass={0x34, 0x29, 0x500, 0x70bd27, 0x25dfdbfb, {0x0, r2, {0x7, 0x3}, {0x5, 0xffe0}, {0xf, 0x9}}, [@TCA_RATE={0x8, 0x5, {0x111b, 0x3}}, @TCA_RATE={0x8, 0x5, {0x8, 0xcd3}}]}, 0x34}, 0x1, 0x0, 0x0, 0xc080}, 0x80) getsockopt$bt_hci(r0, 0x0, 0x0, 0x0, 0x0) 14:21:48 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RREADDIR(0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, r0, &(0x7f0000000100)=0x2000000000000000, 0x0, 0x4) r1 = getpid() fcntl$setownex(r0, 0xf, &(0x7f0000000180)={0x2, r1}) r2 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x10001, 0x1) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000080)={0x5, 0x0, 0x1002, 0x20, 0x9fd, 0x81, 0xff80000000000000, 0x1}) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='overlay\x00', 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 14:21:48 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:48 executing program 1: r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x200040) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffff9c, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x60, &(0x7f0000000140)=[@in={0x2, 0x4e20, @empty}, @in={0x2, 0x4e24, @empty}, @in={0x2, 0x4e20, @multicast1}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e21, @local}, @in={0x2, 0x4e20, @broadcast}]}, &(0x7f00000000c0)=0x10) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000001c0)={r1, 0xa5, "2426e5ff2b7ed5ab2b59ff712d02a44bfadd77d9e941ab48a2a8466adb77d0055babda0eea70c032ea1b9736a2a595c40125f964e31306971d1cd83bc973cfeb7d550475042a7d801d0bf58f7fb57eed4653f53a3b34edab2e7da3a751605d7a8f94e0c097f798b5b6b213ee827f530b36a3fc9c9cad40e18675d8d21a77d00e1d13d2f1ef33de02dddfb5948211c4cc0a53d081d19531a81312ed4e1f2c6ba37a5095083e"}, &(0x7f0000000280)=0xad) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1235.562958][T23630] binder: 23625:23630 unknown command 1074815761 [ 1235.576255][T23630] binder: 23625:23630 ioctl c0306201 20000680 returned -22 14:21:48 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x10000) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x800000000, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000018000/0x18000)=nil, 0x0, 0xf2, 0x0, 0x0, 0xffffff54) setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r3, 0x111, 0x3, 0x1, 0x4) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) connect$rds(r3, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) ioctl$DRM_IOCTL_RES_CTX(r3, 0xc0106426, &(0x7f00000000c0)={0x3, &(0x7f0000000040)=[{}, {0x0}, {}]}) ioctl$DRM_IOCTL_NEW_CTX(r3, 0x40086425, &(0x7f0000000140)={r4, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:21:48 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1235.623600][T23629] hfs: can't find a HFS filesystem on dev loop0 14:21:48 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0xa2240, 0x0) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000040)=0x4, 0xffffffffffffff75) ioctl$TIOCGLCKTRMIOS(r0, 0x5456, &(0x7f00000000c0)={0x5, 0x3, 0x1, 0x2, 0x9, 0x96d, 0x7f, 0x1, 0x8000, 0xee, 0x100, 0x7}) 14:21:48 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000126310400000000080"], 0x0, 0x0, 0x0}) 14:21:48 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:48 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1, &(0x7f0000000100), 0xe4) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) setsockopt$bt_BT_SECURITY(r1, 0x112, 0x4, &(0x7f0000000040)={0xfffffffffffffff3, 0x3f}, 0x2) [ 1235.794335][T23741] hfs: can't find a HFS filesystem on dev loop3 [ 1235.804566][T23743] FAT-fs (loop1): bogus number of reserved sectors [ 1235.818305][T23753] binder: 23745:23753 unknown command 1074815762 [ 1235.824612][T23743] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1235.834174][T23753] binder: 23745:23753 ioctl c0306201 20000680 returned -22 14:21:48 executing program 4: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000040)={0x0, 0x7f, 0x7, 0x10001, 0x3, 0x2}, &(0x7f0000000080)=0x14) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r1, 0x2}, 0x8) r2 = open(&(0x7f00007e2ff8)='./file0\x00', 0x80040, 0x0) getsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000100)={@dev}, &(0x7f0000000140)=0xc) r3 = open(&(0x7f0000000300)='./file0\x00', 0x2, 0x0) fcntl$setlease(r3, 0x400, 0x0) fcntl$setlease(r3, 0x400, 0x0) [ 1235.913259][T23741] hfs: can't find a HFS filesystem on dev loop3 14:21:49 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000002f6310400000000080"], 0x0, 0x0, 0x0}) 14:21:49 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:49 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = dup2(0xffffffffffffff9c, 0xffffffffffffffff) setsockopt$RXRPC_SECURITY_KEYRING(r0, 0x110, 0x2, &(0x7f0000000000)=']+\x00', 0x3) getrlimit(0x7, &(0x7f0000000040)) [ 1235.956847][T23816] hfs: can't find a HFS filesystem on dev loop0 14:21:49 executing program 5: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3a) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0xc}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f0000000040)={0x7, 0x3, 0x9, 0xcd67, 'syz1\x00', 0x200}) ptrace$cont(0x9, r0, 0x0, 0x0) 14:21:49 executing program 4: r0 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x50, 0x0, &(0x7f00000007c0)=0xffffffffffffffdc) [ 1236.047954][T23959] binder: 23958:23959 unknown command 1074815791 [ 1236.056584][T23959] binder: 23958:23959 ioctl c0306201 20000680 returned -22 14:21:49 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1236.133453][T23970] hfs: can't find a HFS filesystem on dev loop3 [ 1236.143995][T23982] FAT-fs (loop1): bogus number of reserved sectors 14:21:49 executing program 4: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) ioctl$TIOCCONS(r0, 0x541d) r1 = socket$inet6(0xa, 0x2, 0x0) ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f0000000080)="bc7fff369e552b5da80cbdff8dcaf40f06544afa14360c6375ac8efeb408c0d68442e9bef4d4f3a93a39040bc5da1b1f333248a6c5891626a42b975e698c7d99") ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x9f}) r2 = add_key$user(&(0x7f0000000100)='user\x00', &(0x7f0000000140)={'syz', 0x2}, &(0x7f0000000180)="7b803ad7ee3a4fc7751efaef9a055a642e2a92f15e4a3070daa1485124eaa6983db9936eff0a3be8bf95bd33ab2d2ed4bde819785495d4db5e113d6b387dfe2949e8063c97cb4679a4ffce1739ea29f68ff8207521dd40b36ec268be0d514f9ff82628a19ae0f9927cfb7e82cb0ea2d9848db61ab0e86ccbfcc6a4d06bf7ae5dc1d5c678a1e4db8f6fc9c5a64b8d1f0d49ede63fe397a81572f796c4a774339f6d0f6958c218f01d9454b3b438166e75685b1dc683ef6d464d933aec3f7920ad788eb0a110214da6f3a62b5f5807056777ae0ed3ad", 0xd5, 0xfffffffffffffffd) keyctl$get_security(0x11, r2, &(0x7f0000000280)=""/230, 0xe6) r3 = dup2(r1, r1) setsockopt$IPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x60, &(0x7f0000000040)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000009546f00000000000000000000d001000000f2eba1a542da7b4a3aee0a82000000"], 0x22d) 14:21:49 executing program 5: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3a) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0xc}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f0000000040)={0x7, 0x3, 0x9, 0xcd67, 'syz1\x00', 0x200}) ptrace$cont(0x9, r0, 0x0, 0x0) 14:21:49 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000546310400000000080"], 0x0, 0x0, 0x0}) [ 1236.195077][T23982] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1236.224920][T24069] hfs: can't find a HFS filesystem on dev loop0 [ 1236.233280][T23970] hfs: can't find a HFS filesystem on dev loop3 14:21:49 executing program 1: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x202801, 0x0) ioctl$DRM_IOCTL_MAP_BUFS(r0, 0xc0186419, &(0x7f0000001980)={0xa, &(0x7f0000000180)=""/245, &(0x7f0000001880)=[{0x7fffffff, 0xc1, 0x83, &(0x7f0000000280)=""/193}, {0x3, 0xd, 0x80000000, &(0x7f0000000380)=""/13}, {0xa4, 0xd9, 0xfffffffffffffffc, &(0x7f00000003c0)=""/217}, {0x1, 0xb6, 0x2, &(0x7f00000004c0)=""/182}, {0x3, 0x1000, 0xc29, &(0x7f0000000580)=""/4096}, {0x4, 0xae, 0xb359, &(0x7f0000001580)=""/174}, {0x5, 0xa7, 0x7fffffff, &(0x7f0000001640)=""/167}, {0x6, 0x13, 0x8, &(0x7f0000001700)=""/19}, {0x1, 0x81, 0x10000, &(0x7f0000001740)=""/129}, {0x3, 0x50, 0x2, &(0x7f0000001800)=""/80}]}) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000001a00)) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8600, 0x10) openat$random(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/urandom\x00', 0x20000, 0x0) accept$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast2}, &(0x7f00000000c0)=0x10) 14:21:49 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1236.366572][T24183] binder: 24182:24183 unknown command 1074815828 [ 1236.387186][T24069] hfs: can't find a HFS filesystem on dev loop0 [ 1236.389726][T24183] binder: 24182:24183 ioctl c0306201 20000680 returned -22 14:21:49 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:49 executing program 4: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x40000, 0x0) accept4$x25(r0, &(0x7f0000000040), &(0x7f0000000080)=0x12, 0x80000) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000100)=0x10, 0x4) ioctl$SIOCX25SFACILITIES(r1, 0x89e7, &(0x7f00000000c0)) 14:21:49 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000000b6300000000000080"], 0x0, 0x0, 0x0}) [ 1236.539362][T24366] FAT-fs (loop1): bogus number of reserved sectors [ 1236.549224][T24366] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1236.587251][T24431] hfs: can't find a HFS filesystem on dev loop3 [ 1236.635386][T24489] binder: 24476:24489 ERROR: BC_REGISTER_LOOPER called without request [ 1236.675363][T24489] binder: 24476:24489 unknown command 0 14:21:49 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:49 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x110) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)=""/144, 0x90}], 0x1) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1236.688552][T24489] binder: 24476:24489 ioctl c0306201 20000680 returned -22 [ 1236.690416][T24470] hfs: can't find a HFS filesystem on dev loop0 [ 1236.710535][T24431] hfs: can't find a HFS filesystem on dev loop3 14:21:49 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000000c6300000000000080"], 0x0, 0x0, 0x0}) 14:21:49 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1236.843741][T24670] FAT-fs (loop1): bogus number of reserved sectors [ 1236.865760][T24470] hfs: can't find a HFS filesystem on dev loop0 [ 1236.874496][T24670] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1236.886417][T24711] binder: 24709:24711 got reply transaction with bad transaction stack, transaction 423 has target 24709:0 [ 1236.902181][T24711] binder: 24709:24711 transaction failed 29201/-71, size -4768638923315878836--7003144407383321141 line 2915 [ 1236.926318][T24713] binder: BINDER_SET_CONTEXT_MGR already set [ 1236.934782][T24713] binder: 24712:24713 ioctl 40046207 0 returned -16 14:21:50 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1236.944008][T24713] binder: 24712:24713 unknown command 0 [ 1236.951897][T24713] binder: 24712:24713 ioctl c0306201 20000680 returned -22 [ 1236.956268][ T5] binder: release 24709:24711 transaction 423 out, still active [ 1237.048034][T24715] hfs: can't find a HFS filesystem on dev loop3 [ 1237.052186][T24670] FAT-fs (loop1): bogus number of reserved sectors [ 1237.061725][T24670] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1237.078971][ T5] binder: send failed reply for transaction 423, target dead [ 1237.154377][T24882] hfs: can't find a HFS filesystem on dev loop0 [ 1237.238344][T24882] hfs: can't find a HFS filesystem on dev loop0 14:21:52 executing program 5: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3a) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0xc}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f0000000040)={0x7, 0x3, 0x9, 0xcd67, 'syz1\x00', 0x200}) ptrace$cont(0x9, r0, 0x0, 0x0) 14:21:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x110) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)=""/144, 0x90}], 0x1) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:21:52 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000000d6300000000000080"], 0x0, 0x0, 0x0}) 14:21:52 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:52 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs#', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:52 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1239.404487][T24928] binder: 24923:24928 unknown command 0 [ 1239.410103][T24928] binder: 24923:24928 ioctl c0306201 20000680 returned -22 [ 1239.447142][T24929] hfs: can't find a HFS filesystem on dev loop0 [ 1239.460259][T24931] FAT-fs (loop1): bogus number of reserved sectors [ 1239.470053][T24931] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1239.473745][T24935] binder: 24924:24935 got reply transaction with bad transaction stack, transaction 429 has target 24924:0 [ 1239.521500][T24935] binder: 24924:24935 transaction failed 29201/-71, size -4768638923315878836--7003144407383321141 line 2915 14:21:52 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:52 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000026304400000000080"], 0x0, 0x0, 0x0}) [ 1239.578837][ T5] binder: release 24924:24935 transaction 429 out, still active [ 1239.616554][T24931] FAT-fs (loop1): bogus number of reserved sectors 14:21:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x110) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)=""/144, 0x90}], 0x1) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1239.634751][T24931] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1239.654902][ T5] binder: send failed reply for transaction 429, target dead [ 1239.667277][T25047] binder: BC_ACQUIRE_RESULT not supported [ 1239.679027][T25047] binder: 25044:25047 ioctl c0306201 20000680 returned -22 14:21:52 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs ', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:52 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000046304400000000080"], 0x0, 0x0, 0x0}) 14:21:52 executing program 1: syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1da, 0x0, 0xfffffffffffffffe, 0x0) [ 1239.771172][T25045] hfs: can't find a HFS filesystem on dev loop0 [ 1239.818492][T25149] binder: 25148:25149 got reply transaction with bad transaction stack, transaction 434 has target 25148:0 [ 1239.839271][T25149] binder: 25148:25149 transaction failed 29201/-71, size -4768638923315878836--7003144407383321141 line 2915 [ 1239.864983][ T5] binder: release 25148:25149 transaction 434 out, still active [ 1239.924341][T25151] binder: BINDER_SET_CONTEXT_MGR already set [ 1239.941923][T25151] binder: 25150:25151 ioctl 40046207 0 returned -16 [ 1239.965469][T25151] binder: 25150:25151 unknown command 128 [ 1239.966825][ T5] binder: send failed reply for transaction 434, target dead [ 1239.991699][T25151] binder: 25150:25151 ioctl c0306201 20000680 returned -22 [ 1241.312107][ C0] net_ratelimit: 26 callbacks suppressed [ 1241.312115][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1241.323645][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1241.392058][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1241.397918][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1241.403831][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1241.409793][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1241.415662][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1241.421493][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1241.427451][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1241.433286][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:21:55 executing program 5: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3a) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0xc}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f0000000040)={0x7, 0x3, 0x9, 0xcd67, 'syz1\x00', 0x200}) ptrace$cont(0x9, r0, 0x0, 0x0) 14:21:55 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:55 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x110) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)=""/144, 0x90}], 0x1) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:21:55 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x81, 0x181000) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f00000000c0)={0x0}, &(0x7f00000003c0)=0xc) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$VT_OPENQRY(r0, 0x5600, &(0x7f0000000780)) getresgid(&(0x7f00000004c0)=0x0, &(0x7f0000000500), &(0x7f0000000540)) r4 = getpid() getresuid(&(0x7f0000000580)=0x0, &(0x7f00000005c0), &(0x7f0000000600)) ioctl$KVM_DEASSIGN_DEV_IRQ(r0, 0x4040ae75, &(0x7f0000000840)={0x0, 0x8, 0x5, 0x200}) fstat(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmmsg$unix(r0, &(0x7f00000007c0)=[{&(0x7f0000000140)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000000040)=[{&(0x7f00000001c0)="4630ea46325fe2403da9f26a20eaed9a595611caa9074c2053ef2c821a56d1bd94fa413bfed89409a9738d6f56c6c2ba6674a0b6e8e5f9ff4bfafbf3e4beba5e153c81d8cd1169523a40cffd0af718215fa40f6de7c078295fc30017c0cbe158d04a5eb2da1e6b21ff490802ce3aa5f5e21cfd6fd11803bfddc574204a772ce390a4fcb6b9a70b7f406ee47bccb79f622c77de5725ef9dbc4225b3d43c1e4d7e610e9e49474f1f76bbe42db7d25795a5b60c46a2cee157455149db156eedff8d16569e8b4e6fbf3ddef1ddbd3173ef52f90d44a998f934e786a9dcc7514b4cb9e2cf6eef9bc2f3810eb91dd073f2f5863ef0d9", 0xf3}, {&(0x7f00000002c0)="417df6cb84bd79182bf3b76948f8150309c93ddc9ea3e183f923d7f6f007596fb3ffa815e934e5268666ba01c597883137114eeb9496389699222d7544482bfc5b228f62b338e808020cb7cfb3b00673f4122969a3e3c0eec23effb9c69a5032d6413f49b5e0ddbadfad003e327f83656ed291e0b95e84994bd502ee2c5e0b1b5410c4f14aca4f83759c157bfaecd951ae7fcc8a563ca06d587bb93af36a78b980eed4aee4fad3571fabbce3ab8be2cccf0cb123418219f74157fb8d74e4e24fd799719f9f956bd706d3a047fda9100aad58ec", 0xd3}], 0x2, &(0x7f00000006c0)=[@cred={0x20, 0x1, 0x2, r1, r2, r3}, @cred={0x20, 0x1, 0x2, r4, r5, r6}], 0x40, 0x20000000}, {&(0x7f0000000700)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000000780)}], 0x2, 0x20000000) 14:21:55 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000076304400000000080"], 0x0, 0x0, 0x0}) 14:21:55 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1242.481067][T25265] binder: 25262:25265 unknown command 128 [ 1242.497811][T25265] binder: 25262:25265 ioctl c0306201 20000680 returned -22 [ 1242.515356][T25267] binder: 25264:25267 got reply transaction with bad transaction stack, transaction 440 has target 25264:0 14:21:55 executing program 5: mkdir(&(0x7f0000000680)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000240)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = memfd_create(&(0x7f0000000300)='}}-\x00', 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r1, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)={'syz1', "d96d5de2361ec735eaefbbc44b0a03a9e45afc4ef1be01fa8dff6aa640797e93fc6bbbc58165ebea25878b8a8da2d63190b8f323d79e28943ebc6e05f442ec8ab4712531e6e3d021fdf638ff2137a52dc71c80e25e20f731587ce34cbe77220c3f5db36901af8b7629eef90f06d348fae6234b600f5f381561299e4a"}, 0x80) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") creat(&(0x7f0000000000)='./file0\x00', 0x0) [ 1242.534331][T25268] hfs: can't find a HFS filesystem on dev loop3 [ 1242.543127][T25267] binder: 25264:25267 transaction failed 29201/-71, size -4768638923315878836--7003144407383321141 line 2915 [ 1242.555111][T25271] hfs: can't find a HFS filesystem on dev loop0 [ 1242.562340][T25266] FAT-fs (loop1): bogus number of reserved sectors [ 1242.580691][T25266] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1242.593261][ T3483] binder: release 25264:25267 transaction 440 out, still active 14:21:55 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x110) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)=""/144, 0x90}], 0x1) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:21:55 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000036308400000000080"], 0x0, 0x0, 0x0}) [ 1242.639305][ T3483] binder: send failed reply for transaction 440, target dead [ 1242.677909][T25271] hfs: can't find a HFS filesystem on dev loop0 [ 1242.687305][T25268] hfs: can't find a HFS filesystem on dev loop3 14:21:55 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:55 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000ac0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0) open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(r1, &(0x7f0000004ec0)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=""/84, 0x54}, {&(0x7f0000000200)=""/98, 0x62}, {&(0x7f0000000340)=""/249, 0xf9}], 0x3}}], 0x1, 0x0, 0x0) [ 1242.747531][T25482] binder: 25480:25482 got reply transaction with no transaction stack [ 1242.782084][T25482] binder: 25480:25482 transaction failed 29201/-71, size -4768638923315878836--7003144407383321141 line 2900 14:21:55 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:55 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xd1, &(0x7f0000000000)={{0xa, 0x0, 0x0, @dev}, {0xa, 0x0, 0x0, @mcast2}}, 0x4) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @mcast1}, {0xa, 0x0, 0x0, @mcast1}}, 0x5c) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1242.837700][T25485] binder: BINDER_SET_CONTEXT_MGR already set [ 1242.850884][T25485] binder: 25484:25485 ioctl 40046207 0 returned -16 14:21:55 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x110) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)=""/144, 0x90}], 0x1) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1242.945734][T25488] hfs: can't find a HFS filesystem on dev loop3 [ 1242.957752][T25526] FAT-fs (loop1): bogus number of reserved sectors [ 1242.984481][T25526] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:56 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000000a6308400000000080"], 0x0, 0x0, 0x0}) [ 1243.000521][T25599] binder: 25596:25599 got reply transaction with no transaction stack [ 1243.012080][T25597] hfs: can't find a HFS filesystem on dev loop0 [ 1243.023779][T25599] binder: 25596:25599 transaction failed 29201/-71, size -4768638923315878836--7003144407383321141 line 2900 [ 1243.036184][T25488] hfs: can't find a HFS filesystem on dev loop3 14:21:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x110) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)=""/144, 0x90}], 0x1) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1243.126396][T25687] binder: BC_ATTEMPT_ACQUIRE not supported [ 1243.142156][T25687] binder: 25672:25687 ioctl c0306201 20000680 returned -22 14:21:56 executing program 1: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000000)='./file0\x00', 0x9, 0xffffffffffffff66, 0x0, 0x8, 0x0) 14:21:56 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x10', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:56 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1243.167952][T25597] hfs: can't find a HFS filesystem on dev loop0 [ 1243.178339][T25723] binder: 25703:25723 got reply transaction with no transaction stack [ 1243.206028][T25723] binder: 25703:25723 transaction failed 29201/-71, size -4768638923315878836--7003144407383321141 line 2900 14:21:56 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000106308400000000080"], 0x0, 0x0, 0x0}) 14:21:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x110) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)=""/144, 0x90}], 0x1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:21:56 executing program 1: r0 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x5, 0x400000) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000080)={{0x2, 0x3, 0x6, 0x0, 0x8001}, 0x4ee6, 0xfc, 0x4}) syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1243.354399][T25814] hfs: can't find a HFS filesystem on dev loop0 [ 1243.366230][T25816] binder: 25812:25816 BC_DEAD_BINDER_DONE 0000008000000000 not found [ 1243.420857][T25848] binder: 25817:25848 transaction failed 29189/-22, size 0-0 line 2995 [ 1243.529843][T25814] hfs: can't find a HFS filesystem on dev loop0 [ 1243.551574][T25922] FAT-fs (loop1): bogus number of reserved sectors [ 1243.569237][T25922] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:56 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet(r0, 0x0, 0x0) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, &(0x7f0000000200)) setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x65, &(0x7f0000000080)=0x7, 0x4) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) unshare(0x60000000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f00000000c0)={0x3, 'rose0\x00'}, 0x18) 14:21:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x110) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)=""/144, 0x90}], 0x1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:21:56 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000000e630c400000000080"], 0x0, 0x0, 0x0}) 14:21:56 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:56 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x110) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)=""/144, 0x90}], 0x1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1243.762781][T25972] binder: 25955:25972 transaction failed 29189/-22, size 0-0 line 2995 [ 1243.791288][T25974] hfs: can't find a HFS filesystem on dev loop3 [ 1243.803658][T25982] hfs: can't find a HFS filesystem on dev loop0 14:21:56 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) rmdir(&(0x7f0000000000)='./file0\x00') [ 1243.877354][T26133] IPVS: Unknown mcast interface: rose0 [ 1243.910602][T26140] binder: 26128:26140 transaction failed 29189/-22, size 0-0 line 2995 [ 1243.921549][T25982] hfs: can't find a HFS filesystem on dev loop0 14:21:57 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000000f630c400000000080"], 0x0, 0x0, 0x0}) 14:21:57 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x110) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1243.929970][T25974] hfs: can't find a HFS filesystem on dev loop3 14:21:57 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x0f', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1243.989533][T26088] IPVS: ftp: loaded support on port[0] = 21 14:21:57 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1244.053195][T26144] FAT-fs (loop1): bogus number of reserved sectors [ 1244.084452][T26144] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1244.092693][T26209] binder: 26207:26209 BC_CLEAR_DEATH_NOTIFICATION death notification not active [ 1244.105825][T26208] binder: BINDER_SET_CONTEXT_MGR already set [ 1244.126178][T26208] binder: 26206:26208 ioctl 40046207 0 returned -16 14:21:57 executing program 1: syz_mount_image$msdos(&(0x7f0000000140)='msdos\x00', &(0x7f0000000000)='./file0\x00', 0x1, 0x0, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cgroup.stat\x00', 0x0, 0x0) finit_module(r0, &(0x7f0000000080)=']bdev}\x00', 0x0) [ 1244.257578][T26391] hfs: can't find a HFS filesystem on dev loop0 [ 1244.357772][T26458] FAT-fs (loop1): bogus number of reserved sectors [ 1244.365711][T26391] hfs: can't find a HFS filesystem on dev loop0 [ 1244.389947][T26458] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:57 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet(r0, 0x0, 0x0) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, &(0x7f0000000200)) setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x65, &(0x7f0000000080)=0x7, 0x4) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) unshare(0x60000000) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f00000000c0)={0x3, 'rose0\x00'}, 0x18) 14:21:57 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x110) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:21:57 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000026310400000000080"], 0x0, 0x0, 0x0}) 14:21:57 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:57 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:57 executing program 1: r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x1, 0x2000) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffff9c, 0x84, 0x22, &(0x7f0000000040)={0x4764, 0x2, 0xfffffffffffffffc, 0x8, 0x0}, &(0x7f00000000c0)=0x10) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000140)={r1, 0x3, 0x2, [0x4, 0x1]}, &(0x7f0000000180)=0xc) ioctl$KDGKBSENT(r0, 0x4b48, &(0x7f00000001c0)={0x7, 0x5, 0x1fe0000000000}) setxattr$security_capability(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='security.capability\x00', &(0x7f0000000280)=@v2={0x2000000, [{0x8, 0x100}, {0x6, 0x7}]}, 0x14, 0x0) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1244.635944][T26133] IPVS: Unknown mcast interface: rose0 [ 1244.697169][T26567] binder: 26562:26567 unknown command 1074815746 [ 1244.721469][T26571] binder: BINDER_SET_CONTEXT_MGR already set [ 1244.733443][T26569] hfs: can't find a HFS filesystem on dev loop3 14:21:57 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0x3fe, 0x0, 0x0, 0x80000, 0x0) [ 1244.743139][T26567] binder: 26562:26567 ioctl c0306201 20000680 returned -22 [ 1244.744797][T26571] binder: 26566:26571 ioctl 40046207 0 returned -16 [ 1244.795844][T26572] hfs: can't find a HFS filesystem on dev loop0 [ 1244.823564][T26569] hfs: can't find a HFS filesystem on dev loop3 [ 1244.843041][T26625] IPVS: Unknown mcast interface: rose0 14:21:57 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000036310400000000080"], 0x0, 0x0, 0x0}) 14:21:57 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x110) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:21:58 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:58 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1245.002688][T26575] IPVS: ftp: loaded support on port[0] = 21 [ 1245.024654][T26784] binder: 26783:26784 got reply transaction with bad transaction stack, transaction 462 has target 26783:0 [ 1245.063232][T26784] binder: 26783:26784 transaction failed 29201/-71, size -4768638923315878836--7003144407383321141 line 2915 [ 1245.099265][ T5] binder: release 26783:26784 transaction 462 out, still active 14:21:58 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0x3f, 0x0, 0x0, 0x40000000, 0x0) [ 1245.125085][T26787] binder: BINDER_SET_CONTEXT_MGR already set [ 1245.131124][T26787] binder: 26785:26787 ioctl 40046207 0 returned -16 [ 1245.184186][T26789] hfs: can't find a HFS filesystem on dev loop0 [ 1245.187499][ T5] binder: send failed reply for transaction 462, target dead [ 1245.195082][T26787] binder: 26785:26787 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 1245.207342][T26787] binder: 26785:26787 unknown command 1074815747 [ 1245.238014][T26791] hfs: can't find a HFS filesystem on dev loop3 [ 1245.246523][T26789] hfs: can't find a HFS filesystem on dev loop0 [ 1245.253432][T26787] binder: 26785:26787 ioctl c0306201 20000680 returned -22 [ 1245.365399][T26795] FAT-fs (loop1): bogus number of reserved sectors [ 1245.386083][T26791] hfs: can't find a HFS filesystem on dev loop3 [ 1245.402191][T26795] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1245.499244][T26795] FAT-fs (loop1): bogus number of reserved sectors [ 1245.509782][T26795] FAT-fs (loop1): Can't find a valid FAT filesystem 14:21:58 executing program 5: r0 = socket(0x2, 0x1, 0x0) sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00022e496e696c65302f66696c653000"], 0x1) 14:21:58 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:21:58 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:58 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000046310400000000080"], 0x0, 0x0, 0x0}) 14:21:58 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfsD', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:58 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x22400, 0x0) [ 1245.749842][T26902] binder: 26899:26902 got reply transaction with bad transaction stack, transaction 465 has target 26899:0 [ 1245.779337][T26909] binder: BINDER_SET_CONTEXT_MGR already set [ 1245.801639][T26902] binder: 26899:26902 transaction failed 29201/-71, size -4768638923315878836--7003144407383321141 line 2915 [ 1245.819555][T26909] binder: 26903:26909 ioctl 40046207 0 returned -16 [ 1245.832573][ T3483] binder: release 26899:26902 transaction 465 out, still active [ 1245.853934][T26904] hfs: can't find a HFS filesystem on dev loop0 14:21:58 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000056310400000000080"], 0x0, 0x0, 0x0}) 14:21:58 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:21:59 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="dfbc58ef6edd8c56a5017ead7279f601", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="000000000000000000000f0000000c000100080000000005"], 0x1}}, 0x0) [ 1245.923021][ T3483] binder: send failed reply for transaction 465, target dead 14:21:59 executing program 1: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) accept$unix(r0, &(0x7f0000000140)=@abs, &(0x7f0000000040)=0x6e) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1246.082992][T27020] binder_alloc: 27016: binder_alloc_buf, no vma [ 1246.092402][T27020] binder: 27016:27020 transaction failed 29189/-3, size 0-0 line 3148 [ 1246.103747][T27021] binder: BINDER_SET_CONTEXT_MGR already set 14:21:59 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1246.142686][T27021] binder: 27019:27021 ioctl 40046207 0 returned -16 14:21:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:21:59 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfsB', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1246.254511][T27085] binder_alloc: 27073: binder_alloc_buf, no vma [ 1246.276739][T27076] FAT-fs (loop1): bogus number of reserved sectors 14:21:59 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000066310400000000080"], 0x0, 0x0, 0x0}) 14:21:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1246.306857][T27076] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1246.332031][T27089] hfs: can't find a HFS filesystem on dev loop0 14:21:59 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) read$alg(0xffffffffffffffff, 0x0, 0x0) 14:21:59 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1246.479380][T27143] input: syz1 as /devices/virtual/input/input8 [ 1246.511581][T27155] binder: 27142:27155 unknown command 1074815750 [ 1246.533343][T27166] binder: BINDER_SET_CONTEXT_MGR already set [ 1246.555192][T27155] binder: 27142:27155 ioctl c0306201 20000680 returned -22 [ 1246.563610][T27166] binder: 27151:27166 ioctl 40046207 0 returned -16 14:21:59 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:21:59 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x400044, 0x0) ioctl$BLKSECTGET(r0, 0x1267, &(0x7f0000000000)) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000040)={0x3, 0x100, 0x100000000}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x8144bc2b8a) 14:21:59 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) read$alg(0xffffffffffffffff, 0x0, 0x0) [ 1246.625196][T27273] hfs: can't find a HFS filesystem on dev loop0 14:21:59 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000076310400000000080"], 0x0, 0x0, 0x0}) 14:21:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1246.721680][T27273] hfs: can't find a HFS filesystem on dev loop0 [ 1246.751105][T27457] input: syz1 as /devices/virtual/input/input10 14:21:59 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1246.836200][T27459] FAT-fs (loop1): bogus number of reserved sectors [ 1246.847595][T27461] hfs: can't find a HFS filesystem on dev loop3 [ 1246.858951][T27520] binder: 27518:27520 unknown command 1074815751 14:21:59 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) read$alg(0xffffffffffffffff, 0x0, 0x0) [ 1246.885052][T27521] binder_alloc: 27518: binder_alloc_buf, no vma [ 1246.892604][T27459] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1246.901684][T27520] binder: 27518:27520 ioctl c0306201 20000680 returned -22 14:22:00 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1246.980460][T27461] hfs: can't find a HFS filesystem on dev loop3 [ 1247.015846][T27636] input: syz1 as /devices/virtual/input/input11 14:22:00 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:00 executing program 1: r0 = semget(0x3, 0x0, 0x418) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f0000000140)=""/4096) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x4002, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x7}, &(0x7f0000001180)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000001380)={0x2, 0x2, 0x2, 0x3, 0x100000000, 0x8001, 0x401, 0x80000001, 0x0}, &(0x7f0000001200)=0x20) getsockopt$inet_sctp6_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000001240)={r2, 0x7, 0x100000001, 0xfffffffffffffffc, 0x7, 0x4, 0xffffffff, 0x1000, {r3, @in6={{0xa, 0x4e23, 0x1ff, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x1}}, 0x400, 0xfffffffffffffff7, 0xa96e, 0x5, 0x100}}, &(0x7f0000001300)=0xb0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000001140)='/dev/sequencer\x00', 0x840, 0x0) r4 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) ioctl$NBD_DISCONNECT(r4, 0xab08) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000096310400000000080"], 0x0, 0x0, 0x0}) [ 1247.047734][T27617] hfs: can't find a HFS filesystem on dev loop0 14:22:00 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1247.148362][T27617] hfs: can't find a HFS filesystem on dev loop0 14:22:00 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) read$alg(0xffffffffffffffff, 0x0, 0x0) [ 1247.191510][T27678] binder: 27676:27678 BC_ACQUIRE_DONE u0000008000000000 no match [ 1247.205585][T27681] hfs: can't find a HFS filesystem on dev loop3 14:22:00 executing program 1: r0 = openat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x40, 0x20) getsockopt$inet6_buf(r0, 0x29, 0x2c, &(0x7f0000000180)=""/165, &(0x7f0000000240)=0xa5) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x2a0010, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x0, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)={[{0x2d, 'io'}, {0x2d, 'memory'}, {0x2d, 'cpu'}, {0x2f, 'io'}]}, 0x15) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc028ae92, &(0x7f0000000040)={0x42, 0x3}) 14:22:00 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1247.293032][T27681] hfs: can't find a HFS filesystem on dev loop3 14:22:00 executing program 4: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000000a6310400000000080"], 0x0, 0x0, 0x0}) 14:22:00 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfsP', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1247.335625][T27790] input: syz1 as /devices/virtual/input/input12 14:22:00 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x101000, 0x0) ioctl$KVM_GET_FPU(r0, 0x81a0ae8c, &(0x7f0000000140)) [ 1247.443739][T27896] binder: 27892:27896 unknown command 1074815754 [ 1247.469618][T27896] binder: 27892:27896 ioctl c0306201 20000680 returned -22 14:22:00 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) [ 1247.491433][T27893] hfs: can't find a HFS filesystem on dev loop0 14:22:00 executing program 4: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000000b6310400000000080"], 0x0, 0x0, 0x0}) [ 1247.552094][ C0] net_ratelimit: 27 callbacks suppressed [ 1247.552102][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1247.563739][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1247.584724][T27893] hfs: can't find a HFS filesystem on dev loop0 [ 1247.632084][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1247.638002][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1247.644023][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1247.649848][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1247.655752][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1247.661605][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1247.667554][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1247.673392][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:22:00 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1247.740043][T27994] FAT-fs (loop1): bogus number of reserved sectors [ 1247.778059][T27994] FAT-fs (loop1): Can't find a valid FAT filesystem 14:22:00 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfsM', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1247.796012][T28052] input: syz1 as /devices/virtual/input/input13 [ 1247.813686][T28088] binder: 28056:28088 unknown command 1074815755 14:22:00 executing program 4: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1247.852496][T28088] binder: 28056:28088 ioctl c0306201 20000680 returned -22 14:22:00 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) 14:22:01 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000000c6310400000000080"], 0x0, 0x0, 0x0}) 14:22:01 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x20000, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0xf) r1 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x80, 0x0) syz_open_dev$mice(&(0x7f00000001c0)='/dev/input/mice\x00', 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000140)={0x2, 0x0, 0x10003, 0x7}) ioctl$DRM_IOCTL_AGP_BIND(r1, 0x40106436, &(0x7f0000000180)={r2, 0x80}) setsockopt$inet6_tcp_int(r0, 0x6, 0x8, &(0x7f0000000040)=0x7, 0x4) [ 1247.971445][T28140] hfs: can't find a HFS filesystem on dev loop0 14:22:01 executing program 4: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1248.017602][T28225] input: syz1 as /devices/virtual/input/input14 [ 1248.048147][T28140] hfs: can't find a HFS filesystem on dev loop0 [ 1248.090613][T28232] binder: 28230:28232 unknown command 1074815756 14:22:01 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1248.132601][T28232] binder: 28230:28232 ioctl c0306201 20000680 returned -22 14:22:01 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) dup2(r0, r1) [ 1248.178746][T28231] FAT-fs (loop1): bogus number of reserved sectors [ 1248.230998][T28231] FAT-fs (loop1): Can't find a valid FAT filesystem 14:22:01 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfsT', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:01 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000000d6310400000000080"], 0x0, 0x0, 0x0}) 14:22:01 executing program 4: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1248.277507][T28442] input: syz1 as /devices/virtual/input/input15 [ 1248.308429][T28437] hfs: can't find a HFS filesystem on dev loop0 14:22:01 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) dup2(r0, r1) 14:22:01 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) truncate(&(0x7f0000000000)='./file0\x00', 0x7) syz_mount_image$minix(&(0x7f0000000040)='minix\x00', &(0x7f00000000c0)='./file0\x00', 0xffffffff, 0x4, &(0x7f00000004c0)=[{&(0x7f0000000140)="289068e3183487cd00c5340fb7b65fb5fdc98b38248eeb7661bc4b6102501754fa56065eb0faf7cef50ab7824a61926b0ba26e63b20ec98559b015332d380ab84c9f4f31a48be8ac21ded12d1e4bcadbe3e380c5f4321139f9953f3d06551b86d81cf4ff94df1568a970a46e8f8f813e63d3f93eb2566fe426ffa44c640fd7ed46cec31cece6e755cd3e3fe436afe97b2146484613d22e149bb4e916fe856e04670b2eebaf887e824ea9a3ccd989a0c356b0b8a79499b7eba91c313531256bf1176594a02364fc6b27a5a8e490ee93f57a8ca511dc2848c51a80b872b6413342ee0cf66f", 0xe4, 0x1ff}, {&(0x7f0000000240)="4350a7e2aa30b7ec677898bb5c37509f1c217cbbd6ea1d46a3cd6a31f23acbbb4ead8ffc1457a83844db35eeb24948834397828138e54f49c3a302aef948f0f0726675fceb26deb22b2eda2e558e700d8487205017dcd545f45eaea5567bcf374d981de6bf1066b32373a28a40547b63c23b00b29478b835cccb93df98e0c5610cbed77e0f97ad0449217ecc8b0b719287237f5b59e0e01c6c1a6ff2605565b3702a0a960b5094dd9188c4385a7f4d17c09815dff1b3aec23b4ed8595a01199ec36acbdde7356d6b1e00673736f40329c147ab74157af063f76859d77a22041759e277425ffd62f3aa599c0ba1ee", 0xee}, {&(0x7f0000000340)="1fa7520440621aa2fbffc2cd9bf3e35d1d994adf563ae4f8891539d35fb3b8e31256ca979d77ccb0303143f423acd6f0d1bc9d444e4f1981ddd14a70b47d0e9c9f47bfd6e11a01582357a01c25c8634784b727cd0b60316ac079d16561fabd7ce2d37c66edb073aac0651b1220a03075d1d7d0325886749e510831c0ad4ea3289b3af17367bf4f0b31c37838c93dcd9c4621422c4f2af9e2157961b92e856d47a8fb181689830d55d225f22f21cabc92efe6", 0xb2, 0x6}, {&(0x7f0000000400)="bd2976a9e63cf520c53da9a20a889d98e29c7bf95fb6a7e0d474476e9898086fb94a42e7d2e7c94c8187a9d7dca48393aaffab7e6d532d46d2db8f597cc78713ee462945057be949daff26db4b86257018471e6d352e49854dbcedb929791927690429d9c9df92e59c1c9889fa07be8229d88f84185a4d7cc94173b3ceadfed59b225b5ab74df955cd27c4eaf733aa6f70c6c4fc5a8eebc5e70dda569a", 0x9d, 0xfff}], 0x10000, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) ioctl$SIOCAX25GETINFO(r0, 0x89ed, &(0x7f0000000540)) [ 1248.430596][T28449] binder: 28445:28449 unknown command 1074815757 [ 1248.458256][T28449] binder: 28445:28449 ioctl c0306201 20000680 returned -22 14:22:01 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:01 executing program 4: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1248.499999][T28482] input: syz1 as /devices/virtual/input/input16 14:22:01 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000000e6310400000000080"], 0x0, 0x0, 0x0}) [ 1248.614366][T28550] FAT-fs (loop1): bogus number of reserved sectors 14:22:01 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) dup2(r0, r1) 14:22:01 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfsS', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1248.672947][T28550] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1248.680438][T28590] hfs: can't find a HFS filesystem on dev loop0 14:22:01 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1248.738568][T28621] binder: 28607:28621 unknown command 1074815758 [ 1248.751470][T28621] binder: 28607:28621 ioctl c0306201 20000680 returned -22 [ 1248.772900][T28642] input: syz1 as /devices/virtual/input/input17 14:22:01 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mISDNtimer\x00', 0x200001, 0x0) [ 1248.812673][T28590] hfs: can't find a HFS filesystem on dev loop0 [ 1248.828060][T28670] binder: BINDER_SET_CONTEXT_MGR already set [ 1248.852350][T28670] binder: 28656:28670 ioctl 40046207 0 returned -16 14:22:01 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xff', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:01 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, 0xffffffffffffffff) 14:22:02 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000106310400000000080"], 0x0, 0x0, 0x0}) [ 1248.985780][T28853] FAT-fs (loop1): bogus number of reserved sectors [ 1249.016417][T28853] FAT-fs (loop1): Can't find a valid FAT filesystem 14:22:02 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:02 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1249.050898][T28888] input: syz1 as /devices/virtual/input/input18 14:22:02 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, 0xffffffffffffffff) [ 1249.173172][T28989] binder: 28988:28989 unknown command 1074815760 [ 1249.198356][T28995] binder: BINDER_SET_CONTEXT_MGR already set [ 1249.210196][T28989] binder: 28988:28989 ioctl c0306201 20000680 returned -22 14:22:02 executing program 1: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_crypto(0x10, 0x3, 0x15) ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f0000000000)={'eql\x00', {0x2, 0x4e21, @local}}) 14:22:02 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1249.222707][T28993] hfs: can't find a HFS filesystem on dev loop3 [ 1249.232561][T28995] binder: 28991:28995 ioctl 40046207 0 returned -16 [ 1249.257106][T28997] input: syz1 as /devices/virtual/input/input19 14:22:02 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, 0xffffffffffffffff) [ 1249.320445][T28993] hfs: can't find a HFS filesystem on dev loop3 14:22:02 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1249.397455][T29100] hfs: can't find a HFS filesystem on dev loop0 [ 1249.404603][T29106] FAT-fs (loop1): bogus number of reserved sectors 14:22:02 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000116310400000000080"], 0x0, 0x0, 0x0}) 14:22:02 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1249.445826][T29106] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1249.463733][T29265] input: syz1 as /devices/virtual/input/input20 [ 1249.479608][T29100] hfs: can't find a HFS filesystem on dev loop0 14:22:02 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) [ 1249.511296][T29297] binder: 29272:29297 unknown command 1074815761 [ 1249.534387][T29297] binder: 29272:29297 ioctl c0306201 20000680 returned -22 14:22:02 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xff', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:02 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) getresuid(&(0x7f0000000680)=0x0, &(0x7f00000006c0), &(0x7f0000000700)) r1 = getuid() syz_mount_image$xfs(&(0x7f0000000300)='xfs\x00', &(0x7f0000000380)='./file0\x00', 0x0, 0x4, &(0x7f0000000600)=[{&(0x7f00000003c0)="5dfde64c26c0f03d568cd662d684327f3821b4a2c3718bba1eb87b42430af831", 0x20, 0xffffffffffff0001}, {&(0x7f0000000400), 0x0, 0x8}, {&(0x7f0000000440)="27d41cb4f9d883cc388fdb2f740091db7f7453baf82c4f8f1f757c95b65de6b29ee1586b3640631aa4d6457fecfe297abc8a04e9da7d91fb4f05a578b78b64f1bc85fefd629f5ef28b282e3fdf2606940e766898c116f28d4121a5d95b8daacd676531bed0b9515c5b7ace8784e8849fc8fb6ba63acf677e3108a3ec86dfa482c37e1086faaa3cd7bc253bbb3178b0eb84d9f2e2090bb4a0602500e8f9f3899662cd5571a2ee8c101a59a480707026286b30cc8f55b6505e9aea2d818f0c5081f5d37e5b19f56f4931a5ff4f99c385ef61d3", 0xd2, 0x1}, {&(0x7f0000000540)="71f1a0cb5d137aa3402d4ac6c2778beb24a1feae5003b51431ea5c1061a44e86816539c9f6590661d095999db23a712c4dfae20bdad7e064f0269a34e5ebf1cc8cc4be7cac0b4806da79b10969c6b1d2ed652b77305523ab7c16ee0590bb35badd589f1789e432a8e39924cdcb026521644e60bbd068f6269e970d34ad5044f5def8ab3d10a5d0695b1b67a17e5ad7b15b107cab1fe563e0cd2088d8105d01c68fe0a73fe65ef0367ba79fb2e7627f6a7f4615280e9600a7f7011dff50", 0xbd, 0x8}], 0x1010000, &(0x7f0000000740)={[{@largeio='largeio'}], [{@subj_type={'subj_type', 0x3d, 'user'}}, {@fowner_lt={'fowner<', r0}}, {@euid_gt={'euid>', r1}}]}) setxattr$security_selinux(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000040)='security.selinux\x00', &(0x7f00000000c0)='system_u:object_r:bin_t:s0\x00', 0x1b, 0x1) r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_G_STD(r2, 0x80085617, &(0x7f00000007c0)) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x800, 0x0) openat(r3, &(0x7f00000001c0)='./file0\x00', 0x200080, 0x4) fcntl$getown(r3, 0x9) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000009c0)={r3, &(0x7f00000008c0)="ba4cef1917ec73ac6754df4e5df9142d91c8527e7fecf56d005334e34d370ab72a5b040000000000008baf5556099e3c81a532130e5d74a8fcc0f04ae3cbd3137e4c4dc7243ee6605ccd1576566306f79c09082f520139a247bf538734c4e95ef76977d74e3f8879c0ae73b1fc206298490866b7cf695fec9290fb7fb6122e236fa28fca435390e5b87989d3d10e6cacceec2445bc161494f00e7a4c2df0c6d992d2834463bc5d42a4f5383857c93c2b02d70c0ecc", &(0x7f0000000a00)="e17af83df8dd34959a597ad19f38815a989de6092d260f20e4f084d3261548ba4318dd9135e2110e364bb1e50353cf7dfd307fc9d54ca5ff08bd44e52319eed6d2c457b81265ba571a40a4af693365d8b861756c97b3ac330cad93171869607b025adc8f2534820c78556f8fa545d867846a35e7e48067c975c3ffbcc2322ecc193e3a59025e1680986aaef20aae8fd531440ad68438432e1e68f89ff99f260683bffb8f33b5e38f513e142f01366e4cabe4a196242d4c51fa27", 0x2}, 0x20) fremovexattr(r2, &(0x7f0000000180)=@known='trusted.overlay.impure\x00') [ 1249.649886][T29369] binder_alloc: 29355: binder_alloc_buf, no vma [ 1249.682721][T29369] binder_transaction: 4 callbacks suppressed [ 1249.682788][T29369] binder: 29355:29369 transaction failed 29189/-3, size 0-0 line 3148 14:22:02 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000126310400000000080"], 0x0, 0x0, 0x0}) 14:22:02 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) [ 1249.706996][T29364] hfs: can't find a HFS filesystem on dev loop3 [ 1249.858708][T29364] hfs: can't find a HFS filesystem on dev loop3 [ 1249.866896][T29498] FAT-fs (loop1): bogus number of reserved sectors [ 1249.869441][T29543] binder: BINDER_SET_CONTEXT_MGR already set 14:22:02 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1249.903090][T29543] binder: 29527:29543 ioctl 40046207 0 returned -16 [ 1249.903760][ T5] binder: undelivered TRANSACTION_ERROR: 29189 [ 1249.919316][T29498] FAT-fs (loop1): Can't find a valid FAT filesystem 14:22:03 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) 14:22:03 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:03 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xff', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:03 executing program 1: io_setup(0x59f95026, &(0x7f00000000c0)=0x0) io_getevents(r0, 0x0, 0x9, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], &(0x7f0000000300)={0x0, 0x1c9c380}) syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xfffffffffffffead, 0x0, 0x0, 0x0) r1 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x3fd, 0x101000) ioctl$VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000140)={0xbb4, 0x7, 0x4, 0x2, {0x0, 0x7530}, {0x1, 0x0, 0x1, 0x81, 0x72c2, 0x4, 'Oj7M'}, 0x6, 0x3, @planes=&(0x7f0000000080)={0x2, 0x6, @userptr=0x1, 0x5}, 0x4}) [ 1250.012818][T29688] binder_alloc: 29656: binder_alloc_buf, no vma [ 1250.043078][T29688] binder: 29656:29688 transaction failed 29189/-3, size 0-0 line 3148 14:22:03 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) 14:22:03 executing program 1: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000040)={0x1, 0x8}) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:03 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="04630440000000002f6310400000000080"], 0x0, 0x0, 0x0}) [ 1250.133154][T29774] hfs: can't find a HFS filesystem on dev loop3 14:22:03 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1250.193093][ T5] binder: undelivered TRANSACTION_ERROR: 29189 [ 1250.224988][T29774] hfs: can't find a HFS filesystem on dev loop3 [ 1250.259638][T29850] FAT-fs (loop1): bogus number of reserved sectors [ 1250.271055][T29850] FAT-fs (loop1): Can't find a valid FAT filesystem 14:22:03 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) [ 1250.301830][T29856] binder_alloc: 29854: binder_alloc_buf, no vma [ 1250.327077][T29857] binder: BINDER_SET_CONTEXT_MGR already set [ 1250.337441][T29856] binder: 29854:29856 transaction failed 29189/-3, size 0-0 line 3148 [ 1250.342299][T29857] binder: 29853:29857 ioctl 40046207 0 returned -16 14:22:03 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:03 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1250.371567][T29857] binder: 29853:29857 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 1250.395170][T29857] binder: 29853:29857 unknown command 1074815791 [ 1250.410537][T29857] binder: 29853:29857 ioctl c0306201 20000680 returned -22 14:22:03 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xff', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:03 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) 14:22:03 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000546310400000000080"], 0x0, 0x0, 0x0}) 14:22:03 executing program 1: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x0, 0x0) flock(r0, 0xe) readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/42, 0x2a}, {&(0x7f0000000140)=""/182, 0xb6}, {&(0x7f00000000c0)=""/17, 0x11}, {&(0x7f0000000200)=""/23, 0x17}, {&(0x7f0000000240)=""/204, 0xcc}, {&(0x7f0000000340)=""/121, 0x79}], 0x6) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000480)='/dev/sequencer2\x00', 0x2000, 0x0) ioctl$KIOCSOUND(r1, 0x4b2f, 0x4) finit_module(r0, &(0x7f0000000440)='msdos\x00', 0x2) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$getown(r0, 0x9) openat$rtc(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/rtc0\x00', 0x0, 0x0) [ 1250.519552][T30005] hfs: can't find a HFS filesystem on dev loop3 [ 1250.549592][T30056] binder_alloc: 30030: binder_alloc_buf, no vma [ 1250.579900][T30056] binder: 30030:30056 transaction failed 29189/-3, size 0-0 line 3148 [ 1250.605582][T30005] hfs: can't find a HFS filesystem on dev loop3 14:22:03 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:03 executing program 5: ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) dup2(0xffffffffffffffff, r0) [ 1250.641524][T30083] binder: BINDER_SET_CONTEXT_MGR already set [ 1250.673914][T30083] binder: 30067:30083 ioctl 40046207 0 returned -16 [ 1250.744892][T30165] FAT-fs (loop1): bogus number of reserved sectors 14:22:03 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:03 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000006340400000000080"], 0x0, 0x0, 0x0}) [ 1250.785909][T30165] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1250.808983][ T3483] binder: undelivered TRANSACTION_ERROR: 29189 [ 1250.826619][T30262] hfs: can't find a HFS filesystem on dev loop3 14:22:03 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xff', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:03 executing program 5: ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) dup2(0xffffffffffffffff, r0) 14:22:04 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x2, 0x0) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x911fc, 0x0) ioctl$ION_IOC_HEAP_QUERY(r0, 0xc0184908, &(0x7f0000000140)={0xff, 0x0, &(0x7f0000000040)}) [ 1250.959938][T30390] binder: 30381:30390 got transaction to context manager from process owning it [ 1250.971205][T30262] hfs: can't find a HFS filesystem on dev loop3 [ 1250.977810][T30389] binder_alloc: 30381: binder_alloc_buf, no vma [ 1250.992297][T30389] binder: 30382:30389 transaction failed 29189/-3, size 0-0 line 3148 14:22:04 executing program 5: ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) dup2(0xffffffffffffffff, r0) [ 1251.010110][T30390] binder: 30381:30390 transaction failed 29201/-22, size 0-0 line 2986 [ 1251.041746][ T5] binder: undelivered TRANSACTION_ERROR: 29201 14:22:04 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xc0', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:04 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) 14:22:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000016340400000000080"], 0x0, 0x0, 0x0}) [ 1251.172687][ T5] binder: undelivered TRANSACTION_ERROR: 29189 [ 1251.203727][T30552] FAT-fs (loop1): bogus number of reserved sectors [ 1251.210280][T30552] FAT-fs (loop1): Can't find a valid FAT filesystem 14:22:04 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xff', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1251.268323][T30693] binder: 30683:30693 transaction failed 29189/-22, size 0-0 line 2995 14:22:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1251.334407][T30709] binder: 30708:30709 got reply transaction with no transaction stack [ 1251.358895][T30709] binder: 30708:30709 transaction failed 29201/-71, size 0-0 line 2900 14:22:04 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x0f', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:04 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ceph(&(0x7f0000000000)='ceph\x00', &(0x7f0000000040)='./file0\x00', 0xfffffffffffffffe, 0x7, &(0x7f0000001480)=[{&(0x7f0000000140)="ae2a152c9bb85f60a78ecc3fe3a0fd96f823e20091446f5ef052d767744bc5de1a29bb2801942270984e6a45ae99e28a967609925a044cda935d562f3f332e90a66d39995b8e8120871010a471f13c5e2d97611b690eda744684af1b82bd56e1949ce583ca048e7a1db888e622514322bb512cc2f7a8a3f43baa664bc850355c518165e24eea8f869c7923cf491ea786334aff94005f0890fd1699a729a9f63c639651e9e90a948ddb8be2e12be14ca3ad2b846fb470883867c802f28237bb82cd0cd17655ff45c481eb39333495a64950118ddd6d5cca4bee9dd14820027ba09a66e6649660ff6f9829f4e20b2a2849c4ad99d37ae4450b03696966b09cd83ecf6e8993a703923fcf0aa3e2c8f52b3ae8265347a0d51a0cde50507790ccbe0ccbed3a18eaea36bec8289f406e8672ca9b63a454460a8e7277193f48cd246a8cd1ac0e991d73bc64cd921bc44fbd8ed0710e1f930153be389e876b37e25875ae440cc60d41be98747d45990e4ecfdcffe6ab6f5637980d12a110d63b0f335ee55b3f3e8441e516ba8e54d40689497c5668f9161ad29ded5a5e08934bce7c4a66db40e7680615891106b4163bb8278c0e11ef62b5eb62d5c670cc4b77c70bf8a8232f4564cb77ef2367168e81de843cb8ae6c2c9d9ee3fcc5492a138a1b2c4b3386b2e320cbbf1f87e236b0fba6f2598ba3ace4bdc8e842ccda92c4d99fac573791173a3a5852a1894a62b6a886993698d3dc60c4ec5545a63d8778a43dc98e14186ce15db2eb348165f98bd762d9428b7058ebef8a56e85a2141bc6050715989193c78f201e260d689a2d81687b26851ad6e24ad2145967daa129314d5b6fa3dfb863bbb4b60b465c66bc64ed7e0ee6ed2270c5852b01c89c654ac0d5a14aef629a1d371ea5a08a5600b5685d5f2bef55c64d199888ebfaa17e483143ab7da22c4a19272a954bd756a6fad043c0ada77fd3d5c5077e08ad096b6cf99f90e0921aaf6732dba79ddf37ef9b26ec80a2eb3fa50f23d0d6e6c2acdce6157d114e08d39144f7b872d69993e6df95ca9c3b37f7e8647e47fd3501d9d7cddd9a49d2fbd21f596cdc85c761d58bd73efbbec5005631586eeabe18b08524d5538e0411c04a5a453b5c3321ac69177baad3ae313de26a6494eba7c37221f3742abdade79ddf256bc82508ac680841624c88b79bb1e37b20ff2d647ed633ff30888b35ff038c03701ccb1b38465874df55c0901f1e3644ecddb91656d92b616e2571b95ecba5b0c3ff742896fe5b166951b94ccde4959cdf6197c78cc7fbe9f5323aa3f7e90a16afeee0d45f28d3d33a9d2d1c8884b31e43593c5678c5cfcd6a6905db2b91f84c44b9d0f0f5507152fc41e68d50eefcc1a4dabc5c78b7e035435c2a127f089f239d433222429fa7ea2d4eaa14e6a4886502e21187588c8a2d2b8c7d9f3298fc066ee4df909e556d2b3b7960131ab41ac84aa81309d23e7e9a3343afbb3957434a97a52669a05f21fe1ce33bc1dfaca71d141f198c0f764f0a401d6da85179a9109c6150dd9031a59cf32e89e33691d89d614846a9256a01249efc474e3b04c3571ed684578d038c6f69c8f21e9f8c41420fbee21f65ac1ec00f232259715094f45ac7fc6c5e7d28c41ed44305d215c1247fcca4e2be490276dc6e58dee56f785d2bff8fcdc4f562297b5dbd512902cfec6181f33a3c29da0d0477f89cc0683d16c9f81f47acd52c7c3247d704c208b46911c9d4e2c981b5cc23c1e3217cb37919f8b3705cd6dec8959d90ab4601c4ceec3d25dc1e2ce40de02b60ea27b712fea18c2d775d6eaf3374fd6f5d2b36b27cc1cb7652d83d97c0ca14db0a50a52563820b165fb0d90a1e09b11fd4529678fc426e687c1d2c4d3c08138a0489daa33dfc04dc91f025936d1ea01ab998d049520d8ee46e95df7a09637a9d786cdf08a1220a4dce1e1b0ae5e8639abb0c4e81461bb5f984ad08123861b2e7dd13dee9d6967d6bf213cbdec39a7ad2c1538753caf989366fbfde80609ceedc722aa3a13b3cec94d5414ab68a64b36515f480c8daa95c5963fea408e4a2b1f683ac64a50630092c9d3b8084aea952d50807baf6ad19e4730e6610c8468aa1a3f135c067c9885885f26bd114981f1ddd1eb1160250588b907b0d24c2c8bdd7d834932f0beb7ecb2dfa3b46f0b7388d587d72bc6a2141fac883f0133e7c9dddf33a78bd2f0ec17b9c675828befabd1c0b686b3f91e7085cc762d868c93f6155db32436b359c8995a09abeacc4375956cd9efb3e530830de1653ea7cafb0889b2da9fc31dc4fc0e25e74fceb3c9544eceaa08310f9d0ebda2d47a04c89a5292c1345f46391cbddc0ec6324fc3a004554feb9acb085f6eab596f7f19a0ae913a7d88b12cd3064576ada040fe1841d63cb78bfb8cc7c4e9c85334e0abb5beb19610aa340f9441ff97fe0a0e10230685e6ba4052328a5f715eefb4c02e7af54addc752e79684ffaf7e1e0ef5ce3499c556ee4b9d34b919c49550d78a0a4d38b748d76bbf4109e6f8c580b5e4ff296fc341b95396da5fef84cf0ce682655110dcbb075f54ddae970eb3a0a1020c53fbaaed5b507fc817198109b508f30e9ee7b1e8f0f2cd52eb8bbefbbcd1449a7316edd01f11134182a11d9af71ceb7a2bab462ca30e5460e2d04946e5563c299b024bdf7e858e0bebeae0b374536b294bc06ba1ff73b45b8747bec0229de20aa5a835638f065ec6d5fd43a364d098f72383213cf5978844ffe71fbc747871d84f719893e61616b6c2f3de33bc97fe379fae797f143d59ec16dae58ea53415915a1344eb42c16f1c24f6fd5f3049db8f34a921b4638c7e40d0f3c7471d10f07d1bb39df80add8b5dd2349743e41a0cded43d67b31e11f5d7476de88ee2a5eb3673f484ed9a36b3cbceb47cbd5bc0a0248e739ae3aaf419e12bc2f01799e09e8bb03ca5090b88da0347803656e487030e90bca5c52d6ead8644af9f0a69dbc5045820d88fb9db042d78f11377036ca491c7fff46a53694404ff3a8ecf7a9ad05b859f331cb47b391a02f6f0f6ce24586f1064df2b13261061fbd7029a7aead6f618f6912b578527ae79f8cc8a374f246e9e9cbd9316b43c11209d979dad0fba653b98188d15e44a6e7582f50022b2203cd458fb4b6e85da337abe02041b0c66b201f4fd47291c6f6889259787621f39dd2baca6051fa107a839e1d20b2563999e2f38fe719ffe5787a03e9e20b69d29912cacee1a80bc095e6418ab45e32419241faa7a1f3e199dbd9c31353bc2c351a1f4258b9598cf46480dce4b7bc769d1c32a13595424fd27a4419d21dfcc5a0f1981fb196d5cf31e5f02f7fe5564da5537a856139410caa3669f0845efe2f4e6133d1069affa791c0d1470b6942de76ccd008b41adbdea44a3f484099bb5fd00216b625a3a7b0858e8b211aa9197d031ac6abb523b7b92ee287a7de0b7a26df874ddcade811e24d7133938f4895c7bea97848b6cdda52af5bfb33e388eb9988ae61082c5bc9c6a452d3ebfc8da575edcbb3e20377ad0fc90c51d5a7277578635b1726d95fcbade78f7af48e6ba25442adf85600f350c7d68dda67c8537dbbd5bbc225174f4082743566ebffb139928767903c440d5319672cc52434c68dce25cb8d298298e5c9705b49781bfda70d854abb43810cd5608ec6a3e0a2d7cc4a3f9056c4bc7bde0a23ef79708e53ff0bdd82acd1ef3244ae751f1949a3ae36f70b82a75100a31a605a2ebd388972795cd2a5907c2fd03e6ae44ebc1902d1155cd0bfa409a6eeba1d7cc7066e49ca37c5489b05e116b66c3550ca069e9678e189bdfc268108080aa281933d81988499367725195b65a985d225250044daff7f6010db19778f6c047ea2ef5f9420eb32889f41085439e7937d68548242fb597feafceec1f1e4b4aa0e05e8c9c20f5ec612e7d4ea70398ed81e28cf2ef7cd31d0a4ab3c87b43f426e9488f897b3e1a3247962297553bdf8ad85396b8d964bf1dc5b9644ad1fe0fae5b0bcaec8a5447687443945eaccfdf53abcc008fda2f0822f9a9b57f575b3e2f6e5eb0254b111652df5d41283e6bbd67bc3829de3636299bdc194e04d7bc3974e05446b50a40e01e088994d8d4ef2f484b44c33e1c09c359ebe66e1e7f925796d22cf651b90d0cf57b2691350e9aef92e9c87b0d0d87c368fd8b6e0aac787ec759e2b50f97673ecc696ed287197ca4904a4d8fb93c1d096a3d7a7baf61fe6655117a3066c0bbe1dddf62ce0e3dd825b4aa8b8d237a03dec3b028ab6072e07e198190be3759cec04d672f5b39a77259c7dd8f09d8097dd8975a5aa35b198685b71259f5c52ae4052f99f4e13854e7219a50df0843c7b3ccd3cbd17d33191af77cf41e80d578a23e167ba175a36b0879e0abebd0e847fccb9fefaaf406cb42cc9a3123c3b0d8c0e92e6724883be067904aadd73b57a2d048f2103a19647ab25fc58eff8e989d3149c2c4529352c917916a0b522098f856a8bd0064416770fe7e8ce051f95ac0dce334313f9123578f60ae9ebe97355ce789d099742cfe81d558d03527bf1315f2c6b325d6b53b29a09cc8afaad349aad14bae3c2198479723ad4b96ed386341d3449e3868d483725f024c035665f1f7eecd36abeb5c0fa8abc3c78b76fcf40716a75a183ad90971de46416f8e302721c15dd8e946f1c44927f204f0f6c2e1f291c76bffccab3811731fe3da64aafa12d9dcfb30a6a679b04ba768847fd40286d567f55dbfe10376b7932f527966a4042e393dc5498e95c1b6531ac009786d083ce92ccd6cf99c0a642f4e7cbd15b32cabdef3781aec047fd48d7a933d60b695bc028f8933d16e9f593d381825b868fc5d4e0f7c299d6450d8c5ec75d63fabed40bf1d0094c3ee3750522958e1e1d38ac9ffdddde7bee97e95bfce0d4fe4e2467239692eda9d6a693e3c14095e05f54a3e8ea3cd74da8df862147c1cf660de898aef5337d1f96d37c76bf98f592c556c042c2f85a7865315caf5d579faa81fff04e4485d3c216aa9983dad8f0783097bcb7fa5e587448582efa6a024259dc78f608dc647bbce0a40eeb83d517fb0fefefcfc05e67a7c0c3777c8305d0acb6ab5f4b6bb5effb4e351d6ff52f412a24e066499171e092053e3f5d115c011b1bf73c47ba06d218235071b7e30a9cae281eae0d4448771c71222901b42a872833f9732db77e85a5241eba06fdd599c81286a6290ce600666eb8997d5325699fa300a3b74c9b1f1cc086dcab870d846be86a8b8dfaec8f59b8e3103eb834d1c91b99473f7660166229f500fe06ca649a786b38e644aa4483f171dc904cb1398f7a326940153f660c6a3a489cd20cf3d8f58353248efb779386a6cb5534c4b88b4ed324f385e6f17cadde276789493102f040689d47dbd893ba340016972d44f1a99fc427fa47b9bc26e251eb8564bf76f4899da0ecae8e003652eee394f2a8ae2f1d2439b346dbafdee6b3ac4cc87c2fcc359822a61a7ba0e5d8f159d8ac8f106aa65adbeb251f7139131293741a4f039d281d09d65e75fe5cc5df91f6e276babd413b24cd41032a9d9864173f6a6526c9619732d0c1e8fd3038c9309f35d2e9e07fdd157ed8d4209dda21cc728acbc3efe5e43783a1340878ebfc0e4797a50b3c7c391e5ad1ac291a5f36151674162cfbe6473677081ee6aa274dd8a73aa06003c43b61eee7d76b7de715b011df1cc00f40075a37e7c93c5177c6a7642f60ee87c98f45049847b686fbbbedeac2d2c5c3eb6312d16452d004973a14586e378f3757740", 0x1000, 0x8}, {&(0x7f0000001140)="7d1672d1da4564d88ae54c195528bad13a9ad54cabd6f9d2882e469be24d3a2d99e7c8a857e04ef6ff7320dbf30d13b8610f3ec630e2fcc73dcb879ec825b8f6cdc22d914cfa8175e453a339967d9581d8ca5b6641b8c9320e97e420b56a25ba153771edd76aaad110b7324f8d3ee1514f72d00072bd218bd02f8c0bd37324da8ce5fe05ff7ca46b97e975f6ae95ecd3743287395d7cb1c3dae4e55b96758ea93ef18d445cd29ea797d66c1ee2d5b4360ea3f9d9c5a267f03feb50cad42f5643e3bbe30f2b2e6b9fd3847ef4e4614075478d57b7ebfc0b2f753f5570499c32e135db", 0xe2, 0xffff}, {&(0x7f00000000c0)="3e1f099a73a6412bc8bfe5f1b2ae982f7d68cd5159530eeb", 0x18, 0x6}, {&(0x7f0000001240)="974b9772116ee6492a0ac97d6cf8d9dddbaddff8cc449e5a6912dc040b2b1b78e6bfd34cb9ef80e632505d44129e2f5de237a6d1ef8931f5a34ef634e9859cba8911d96b66ba5f3f967dace5f7c4f489ce3efc05a3b33a2e1553d58a51a441d980c4231b9813f36462fbd0c83ded6c4424ec4d7baa1b151bfa93fd3516a4b532d6461a3102397816adef", 0x8a, 0x8}, {&(0x7f0000001300)="6d093fc7160ab5d6787330fd82603fcc444063d388c9ac18f9ef31e650f46be69ec8bb5bf5a9054a4c465cbcda1e4b0adf9dd7bce94cd61811ad32", 0x3b}, {&(0x7f0000001340)="c1045c3c6f3914f5ea5a4ea8af5295f7d75cf3c5af559f3c7c57221a26bddacfc5fcfbc40d838e987d4a641a1e191de70b412ee3c7b8f2cfc7425e22ca070d0275e46c6f043af60bbe7ee19c575a6f72f67537bae15177fb589cff7b64fc6128430877cd2d135fac9cfb43cc46a31038ef4591ceb7d81b426bac29789f13e4057e4ee4d0d21171c211bd81aa40a32466b7d6dd4e0f7ac029cf5ddad2877462125d4832fbbc0db9db1ebf3c608c1f17f960340b2b53e22a75f9fd53703dd09f6cd227cffba6a8faea8d1ec7a5cd83d2ea9fc19fe0651c18303c630c19455f81ae651de8bf3a9af0649902f60726bb73ddaa0caa687a06bc0967e78c0aaa", 0xfd, 0xe1f}, {&(0x7f0000001440)="8e529ec4266bb7c057ea94798ec4a99790a6ad35338d0a", 0x17, 0x9}], 0x14, &(0x7f0000001540)='msdos\x00') [ 1251.432684][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 1251.447592][T30717] binder: 30710:30717 transaction failed 29189/-22, size 0-0 line 2995 14:22:04 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) 14:22:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000116348400000000080"], 0x0, 0x0, 0x0}) 14:22:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1251.595686][T30826] binder: 30822:30826 got transaction to context manager from process owning it [ 1251.632503][T30826] binder: 30822:30826 transaction failed 29201/-22, size 0-0 line 2986 14:22:04 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) [ 1251.657856][T30829] FAT-fs (loop1): bogus number of reserved sectors [ 1251.674136][ T5] binder: undelivered TRANSACTION_ERROR: 29201 14:22:04 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xff', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1251.706722][T30829] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1251.736456][T30968] binder: 30921:30968 got reply transaction with no transaction stack 14:22:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000126348400000000080"], 0x0, 0x0, 0x0}) 14:22:04 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:04 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) 14:22:04 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0xf2fc, 0x10000) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e24, @rand_addr=0x975}}, [0x2, 0x52, 0x56, 0xffffffffffffffff, 0x3ff, 0x6, 0xffffffff7fffffff, 0x1, 0x2, 0x3a, 0x9, 0x5, 0x1, 0xfff, 0x20]}, &(0x7f0000000040)=0x100) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e20, 0x2, @mcast1, 0x543}}, [0x6056182d, 0x81, 0x5, 0x84, 0x7f, 0x3, 0x3, 0x0, 0x9, 0xfffffffffffffff8, 0x0, 0x100000000, 0x80000001, 0x6, 0x3f]}, &(0x7f00000000c0)=0x100) [ 1251.909905][T31044] binder: 31043:31044 got reply transaction with no transaction stack [ 1251.941658][T19087] binder: undelivered TRANSACTION_ERROR: 29201 [ 1251.961728][T31053] binder: 31045:31053 got reply transaction with no transaction stack 14:22:05 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) [ 1252.023935][T31099] FAT-fs (loop1): bogus number of reserved sectors [ 1252.060081][T31099] FAT-fs (loop1): Can't find a valid FAT filesystem 14:22:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:05 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000080a10400000000080"], 0x0, 0x0, 0x0}) 14:22:05 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xff', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1252.083606][T31080] hfs: can't find a HFS filesystem on dev loop3 14:22:05 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) [ 1252.224405][T31261] binder: 31259:31261 got reply transaction with no transaction stack [ 1252.234918][T31262] binder: BINDER_SET_CONTEXT_MGR already set 14:22:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:05 executing program 1: r0 = add_key(&(0x7f0000000140)='user\x00', &(0x7f0000000180)={'syz', 0x2}, &(0x7f00000001c0)="7b69989d5968a8a68264aea73b5f6e72e168bd7bbb3d888f4f8f0269c7f519ab181eb72c5f58ac562a5d489352bb1ded203b835c3967f1e8996d0fa7eebaf56079926bb6568a301daf613476dc4e196f8bb7431af62c8db908f93189343e54fcb52e7ab91dd8eae5440b88f73922dd542959b75d5a2103e5669c63fc54f4987336ae6ba00a48b6e2c1ff5bb22c5afc1ce1e57874cd5bdb118a78dee8fa5a440c692392f176a88e83fdef737cdb8f7f5e443725f7d008762574e0384a969134", 0xbf, 0xffffffffffffffff) add_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="1dc78e280d74ffd24b4dde0e4a47fd4ce3e3582b185bdf250d5b0b79a511e90a2da4eeda8bd6594a86c50a279bfa02d884164d775cd7f562bcad749f", 0x3c, r0) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1252.279158][T31080] hfs: can't find a HFS filesystem on dev loop3 [ 1252.307453][T31262] binder: 31260:31262 ioctl 40046207 0 returned -16 14:22:05 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) 14:22:05 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:05 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000082310400000000080"], 0x0, 0x0, 0x0}) [ 1252.402118][T31342] binder: 31309:31342 ioctl c0306201 0 returned -14 [ 1252.431581][T31342] binder: 31309:31342 got reply transaction with no transaction stack 14:22:05 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) 14:22:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1252.511163][T31373] FAT-fs (loop1): bogus number of reserved sectors [ 1252.547223][T31373] FAT-fs (loop1): Can't find a valid FAT filesystem 14:22:05 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xff', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1252.573174][T31380] binder: 31379:31380 unknown command 1074799368 [ 1252.606772][T31380] binder: 31379:31380 ioctl c0306201 20000680 returned -22 14:22:05 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) [ 1252.631876][T31382] hfs: can't find a HFS filesystem on dev loop3 [ 1252.659552][T31409] binder: 31386:31409 ioctl c0306201 0 returned -14 [ 1252.690607][T31409] binder: 31386:31409 got reply transaction with no transaction stack [ 1252.709298][T31382] hfs: can't find a HFS filesystem on dev loop3 14:22:05 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x8000, 0x0) ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f00000000c0)={0x10002, 0x0, &(0x7f0000ffa000/0x4000)=nil}) r1 = dup(0xffffffffffffff9c) setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000140)={0x2f, @multicast1, 0x4e23, 0x0, 'dh\x00', 0x4, 0x101, 0x6d}, 0x2c) setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f0000000000), 0x4) 14:22:05 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000082510400000000080"], 0x0, 0x0, 0x0}) 14:22:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:05 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:05 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) 14:22:05 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1252.897231][T31600] binder: 31599:31600 unknown command 1074799880 [ 1252.912470][T31597] FAT-fs (loop1): bogus number of reserved sectors [ 1252.947554][T31635] binder: BINDER_SET_CONTEXT_MGR already set [ 1252.957669][T31597] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1252.971839][T31600] binder: 31599:31600 ioctl c0306201 20000680 returned -22 [ 1252.980257][T31653] hfs: can't find a HFS filesystem on dev loop3 [ 1252.996144][T31635] binder: 31618:31635 ioctl 40046207 0 returned -16 14:22:06 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) 14:22:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000082a10400000000080"], 0x0, 0x0, 0x0}) 14:22:06 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x24f, 0x0, 0x0, 0x0) [ 1253.104107][T31677] hfs: can't find a HFS filesystem on dev loop0 [ 1253.126979][T31653] hfs: can't find a HFS filesystem on dev loop3 14:22:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:06 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) 14:22:06 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1253.205380][T31677] hfs: can't find a HFS filesystem on dev loop0 14:22:06 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x48401) setsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, &(0x7f0000000040)={0x5, 0x1f, 0x7, 0x400000}, 0xfffffffffffffcc0) [ 1253.266454][T31919] binder: 31917:31919 unknown command 1074801160 [ 1253.277391][T31920] binder: BINDER_SET_CONTEXT_MGR already set [ 1253.300590][T31920] binder: 31918:31920 ioctl 40046207 0 returned -16 14:22:06 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xf9', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1253.310337][T31919] binder: 31917:31919 ioctl c0306201 20000680 returned -22 [ 1253.318067][T31920] binder: 31918:31920 got reply transaction with no transaction stack 14:22:06 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(0x0, 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) 14:22:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000082b10400000000080"], 0x0, 0x0, 0x0}) [ 1253.453054][T31933] hfs: can't find a HFS filesystem on dev loop3 [ 1253.469426][T31937] FAT-fs (loop1): bogus number of reserved sectors [ 1253.507371][T32100] input: syz1 as /devices/virtual/input/input36 [ 1253.515673][T32106] binder: 32090:32106 got reply transaction with no transaction stack [ 1253.525310][T31937] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1253.545288][T31933] hfs: can't find a HFS filesystem on dev loop3 14:22:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1253.591075][T32140] binder: BINDER_SET_CONTEXT_MGR already set 14:22:06 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:06 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(0x0, 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) [ 1253.647194][T32140] binder: 32138:32140 ioctl 40046207 0 returned -16 14:22:06 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuset.effective_mems\x00', 0x0, 0x0) setsockopt$packet_int(r0, 0x107, 0xde378206df3f8df6, &(0x7f0000000040)=0x8, 0x4) 14:22:06 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xfc', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1253.730469][T32194] binder: 32182:32194 got reply transaction with no transaction stack 14:22:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000082d10400000000080"], 0x0, 0x0, 0x0}) 14:22:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1253.792664][T32249] input: syz1 as /devices/virtual/input/input37 [ 1253.802054][ C0] net_ratelimit: 26 callbacks suppressed [ 1253.802062][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1253.813620][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1253.831035][T32239] hfs: can't find a HFS filesystem on dev loop3 [ 1253.872049][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1253.877975][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1253.884160][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1253.889969][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1253.895871][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1253.901741][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1253.907715][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1253.913603][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:22:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:07 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(0x0, 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) 14:22:07 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x8, 0x1) epoll_ctl$EPOLL_CTL_DEL(r0, 0x2, r0) ioctl$CAPI_GET_MANUFACTURER(r0, 0xc0044306, &(0x7f0000000040)=0x8) [ 1253.978374][T32239] hfs: can't find a HFS filesystem on dev loop3 [ 1253.988694][T32361] binder: BINDER_SET_CONTEXT_MGR already set [ 1254.011192][T32361] binder: 32348:32361 ioctl 40046207 0 returned -16 14:22:07 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:07 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xfd', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1254.158812][T32450] input: syz1 as /devices/virtual/input/input38 [ 1254.193500][T32452] FAT-fs (loop1): bogus number of reserved sectors [ 1254.201104][T32445] hfs: can't find a HFS filesystem on dev loop3 14:22:07 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000082e10400000000080"], 0x0, 0x0, 0x0}) 14:22:07 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) [ 1254.233583][T32452] FAT-fs (loop1): Can't find a valid FAT filesystem 14:22:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:07 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1254.374728][T32582] input: syz1 as /devices/virtual/input/input39 [ 1254.391676][T32583] binder: BINDER_SET_CONTEXT_MGR already set [ 1254.447454][T32583] binder: 32579:32583 ioctl 40046207 0 returned -16 14:22:07 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0x5, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x8, 0x40001) getsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f00000000c0), &(0x7f0000000100)=0x10) [ 1254.491199][ T5] binder: release 32624:32672 transaction 545 out, still active [ 1254.518494][ T5] binder: undelivered TRANSACTION_COMPLETE 14:22:07 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) 14:22:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:07 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000083010400000000080"], 0x0, 0x0, 0x0}) [ 1254.568520][ T5] binder: send failed reply for transaction 545, target dead [ 1254.620138][T32690] hfs: can't find a HFS filesystem on dev loop3 [ 1254.651385][ T5] binder: release 32693:32697 transaction 547 out, still active 14:22:07 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x7f', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1254.670352][ T5] binder: undelivered TRANSACTION_COMPLETE [ 1254.697734][T32700] input: syz1 as /devices/virtual/input/input40 [ 1254.713559][T32715] binder: BINDER_SET_CONTEXT_MGR already set 14:22:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1254.737223][T32690] hfs: can't find a HFS filesystem on dev loop3 [ 1254.748463][T32698] FAT-fs (loop1): bogus number of reserved sectors [ 1254.759539][ T5] binder: send failed reply for transaction 547, target dead [ 1254.767607][T32715] binder: 32699:32715 ioctl 40046207 0 returned -16 [ 1254.775369][T32698] FAT-fs (loop1): Can't find a valid FAT filesystem 14:22:07 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000085810400000000080"], 0x0, 0x0, 0x0}) 14:22:08 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:08 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) [ 1254.943869][T19087] binder: release 441:443 transaction 549 out, still active [ 1254.956254][T19087] binder: undelivered TRANSACTION_COMPLETE 14:22:08 executing program 1: r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x2, 0x2) ioctl$RTC_WIE_OFF(r0, 0x7010) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) write$FUSE_NOTIFY_POLL(r0, &(0x7f0000000040)={0x18, 0x1, 0x0, {0x400}}, 0x18) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x61, 0x0, 0x0, 0x0) [ 1254.995692][ T445] binder: BINDER_SET_CONTEXT_MGR already set [ 1255.009947][ T445] binder: 444:445 ioctl 40046207 0 returned -16 [ 1255.033908][ T445] binder: 444:445 unknown command 1074812936 14:22:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 1255.037497][T19087] binder: send failed reply for transaction 549, target dead [ 1255.054963][ T445] binder: 444:445 ioctl c0306201 20000680 returned -22 [ 1255.095738][ T454] input: syz1 as /devices/virtual/input/input41 14:22:08 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086410400000000080"], 0x0, 0x0, 0x0}) [ 1255.193985][ T554] binder: 551:554 ioctl c0306201 0 returned -14 14:22:08 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) dup2(r0, r1) 14:22:08 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0x2, 0xcad8d8c084758fa8, 0x0, 0x0, 0x0) 14:22:08 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x8c', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1255.239149][ T553] hfs: can't find a HFS filesystem on dev loop3 [ 1255.267631][ T5] binder: release 551:554 transaction 552 out, still active [ 1255.279328][ T5] binder: undelivered TRANSACTION_COMPLETE 14:22:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 1255.300623][ T558] binder: BINDER_SET_CONTEXT_MGR already set [ 1255.343595][ T558] binder: 557:558 ioctl 40046207 0 returned -16 [ 1255.350204][ T5] binder: send failed reply for transaction 552, target dead [ 1255.421714][ T553] hfs: can't find a HFS filesystem on dev loop3 [ 1255.455578][ T604] input: syz1 as /devices/virtual/input/input42 14:22:08 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:08 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086910400000000080"], 0x0, 0x0, 0x0}) 14:22:08 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) dup2(r0, r1) [ 1255.618113][ T669] binder: 663:669 ioctl c0306201 0 returned -14 [ 1255.636973][ T668] binder: BINDER_SET_CONTEXT_MGR already set 14:22:08 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_dev$sg(&(0x7f00000004c0)='/dev/sg#\x00', 0x4, 0x208000) syz_mount_image$nfs4(&(0x7f0000000040)='nfs4\x00', &(0x7f00000000c0)='./file0\x00', 0x6fad, 0x4, &(0x7f0000000400)=[{&(0x7f0000000100)="e32d642c49a6bd3094cfd331d19cb680bbd65c710da66baafec6f96a74c2a4537e63e4e92e19568ed9c4f26ac2477e581647bbbd54c7d58e9f001e4aedfbdbd8793904419f4a71cbcdd72030ec4fe3a35e88661c6f0025d3b01888a71e04c94585e47e1a3c72bae74632bc11c713b03565b1789789e6671095bcbd96c21ecb1a77aa1539", 0x84, 0x9}, {&(0x7f00000001c0)="c0e0fdc5da5546c3e051a29ced5966b7234f7f1ce3bc7f20c306e713bf3392062ca8b6d9d6527497eefc21497b6afd59b3fc40b300b5bbd56f1ae0e30181e7bbf40013343698e629604df7c4c0560b0c7aac9419e6058cc993df1e5daeed8df6d5427ef89eb241f9d76a94bdd82d1e1cc254b1d9da79a7418590a73abfc6f48c55203ed367091570c9295d93bc02ec26763f569401b240d5238b814aa7aece7b8da57ce67187e87872cd87505380ed34262d448af50ebd79df61adf5750ab6bc96f8586e7e856267b4d2422438a4cc1f87a9180e04d155dcefb02f19a7c19395122a942e", 0xe4, 0x2}, {&(0x7f00000002c0)="65183d4df8b09b86b6c142b665352460a4a62f84f68c179e7b23393fd5914f11887c1041b0394a3f4fe41ddfc54d5c97cfb7858d07e05d14a7bc2ab1c4c2767709d09b0c0e834ca8572a8c2a1c790a8f4aab0d647d24ab9537acaa280f1dbb941d12fff3947aa38766c291c255abe5933c95ebff75556958b34f8f769ccad183ea18ff0896e31f6216c6f3b3102dda1b9263755e8239c7f7d350b3e444311c770ea1d3674d710857b8c5b4f6042deb64fa0f0b6346e7df42f53764037d004bfea2450d10e5c474", 0xc7, 0x81}, {&(0x7f00000003c0)="d070e8e1114c49aabc2ce557d0615a90373fc4e700f0eaf5dc", 0x19, 0x2f8dfb5b}], 0x100000, &(0x7f0000000480)='\x00') [ 1255.678817][ T668] binder: 665:668 ioctl 40046207 0 returned -16 [ 1255.680246][ T5] binder: release 663:669 transaction 554 out, still active [ 1255.708363][ T677] input: syz1 as /devices/virtual/input/input43 [ 1255.718769][ T675] hfs: can't find a HFS filesystem on dev loop3 [ 1255.727537][ T5] binder: undelivered TRANSACTION_COMPLETE 14:22:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 1255.757820][T19087] binder: send failed reply for transaction 554, target dead 14:22:08 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086c10400000000080"], 0x0, 0x0, 0x0}) [ 1255.811574][ T675] hfs: can't find a HFS filesystem on dev loop3 14:22:08 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) dup2(r0, r1) 14:22:08 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xeb', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1255.881806][ T785] binder: 782:785 ioctl c0306201 0 returned -14 [ 1255.902302][ T783] FAT-fs (loop1): bogus number of reserved sectors 14:22:09 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1255.930973][ T783] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1255.943636][ T5] binder: release 782:785 transaction 556 out, still active [ 1255.957899][ T5] binder: undelivered TRANSACTION_COMPLETE [ 1255.957964][ T823] binder: BINDER_SET_CONTEXT_MGR already set [ 1255.989225][ T825] input: syz1 as /devices/virtual/input/input44 [ 1256.007407][ T823] binder: 821:823 ioctl 40046207 0 returned -16 14:22:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x70c000, 0x0}) [ 1256.029633][T19087] binder: send failed reply for transaction 556, target dead 14:22:09 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$kcm(0x29, 0x5, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{&(0x7f0000000000)=@caif, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)=""/166, 0xa6}], 0x1}, 0xfffffffffffffffd}], 0x1, 0x40000002, &(0x7f0000000240)) [ 1256.133050][T19087] binder: release 978:987 transaction 558 out, still active [ 1256.133060][T19087] binder: undelivered TRANSACTION_COMPLETE [ 1256.162228][ T967] hfs: can't find a HFS filesystem on dev loop3 14:22:09 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086f10400000000080"], 0x0, 0x0, 0x0}) 14:22:09 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(0xffffffffffffffff, r1) 14:22:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x70c000, 0x0}) [ 1256.213938][T19087] binder: send failed reply for transaction 558, target dead 14:22:09 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xf4', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:09 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1256.301176][ T1002] FAT-fs (loop1): bogus number of reserved sectors [ 1256.333691][ T1002] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1256.342961][ T5] binder: release 1099:1103 transaction 560 out, still active [ 1256.352281][ T5] binder: undelivered TRANSACTION_COMPLETE [ 1256.366217][ T1114] input: syz1 as /devices/virtual/input/input45 [ 1256.374024][ T1116] binder: BINDER_SET_CONTEXT_MGR already set [ 1256.382164][ T1116] binder: 1100:1116 ioctl 40046207 0 returned -16 14:22:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x70c000, 0x0}) [ 1256.398042][ T1116] binder: 1100:1116 unknown command 1074818824 [ 1256.415632][ T5] binder: send failed reply for transaction 560, target dead [ 1256.423283][ T1116] binder: 1100:1116 ioctl c0306201 20000680 returned -22 14:22:09 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/qat_adf_ctl\x00', 0x440000101000, 0x0) inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0x10000000) 14:22:09 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(0xffffffffffffffff, r1) [ 1256.521012][ T5] binder: release 1218:1225 transaction 563 out, still active [ 1256.537137][ T5] binder: undelivered TRANSACTION_COMPLETE [ 1256.554691][ T1123] hfs: can't find a HFS filesystem on dev loop3 14:22:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x69, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0], 0x0, 0x70c000, 0x0}) 14:22:09 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000087010400000000080"], 0x0, 0x0, 0x0}) [ 1256.584889][ T5] binder: send failed reply for transaction 563, target dead [ 1256.664328][ T1243] FAT-fs (loop1): bogus number of reserved sectors [ 1256.670878][ T1243] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1256.679727][ T1282] binder: 1269:1282 got reply transaction with bad transaction stack, transaction 565 has target 1269:0 14:22:09 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1256.710909][ T1303] input: syz1 as /devices/virtual/input/input46 [ 1256.720601][ T1302] binder: BINDER_SET_CONTEXT_MGR already set [ 1256.738776][ T1282] binder_transaction: 12 callbacks suppressed [ 1256.739254][ T1282] binder: 1269:1282 transaction failed 29201/-71, size -4768638923315878836--7003144407383321141 line 2915 [ 1256.759430][ T1302] binder: 1284:1302 ioctl 40046207 0 returned -16 14:22:09 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xf5', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1256.801002][T19087] binder: release 1269:1282 transaction 565 out, still active [ 1256.814254][T19087] binder: undelivered TRANSACTION_COMPLETE [ 1256.823144][T19087] binder: undelivered TRANSACTION_ERROR: 29201 14:22:09 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000080)='/dev/capi20\x00', 0x0, 0x0) socket$tipc(0x1e, 0x2, 0x0) ioctl$CAPI_SET_FLAGS(r0, 0x80044324, &(0x7f0000000300)) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x61, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6"], 0x0, 0x70c000, 0x0}) 14:22:09 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(0xffffffffffffffff, r1) 14:22:09 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000087310400000000080"], 0x0, 0x0, 0x0}) [ 1256.851861][ T1423] hfs: can't find a HFS filesystem on dev loop3 [ 1256.865562][ T5] binder: send failed reply for transaction 565, target dead [ 1256.990540][ T1423] hfs: can't find a HFS filesystem on dev loop3 [ 1257.020190][ T1469] binder: 1465:1469 unknown command 1074819848 [ 1257.027299][ T1471] input: syz1 as /devices/virtual/input/input47 [ 1257.036575][ T1469] binder: 1465:1469 ioctl c0306201 20000680 returned -22 14:22:10 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1257.061196][ T1472] binder: BINDER_SET_CONTEXT_MGR already set [ 1257.078515][ T1472] binder: 1468:1472 ioctl 40046207 0 returned -16 [ 1257.093853][ T1472] binder: 1468:1472 transaction failed 29189/-22, size 0-0 line 2995 [ 1257.116605][T19087] binder: undelivered TRANSACTION_ERROR: 29189 [ 1257.130498][ T1470] FAT-fs (loop1): bogus number of reserved sectors 14:22:10 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x61, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6"], 0x0, 0x70c000, 0x0}) 14:22:10 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, 0xffffffffffffffff) [ 1257.160687][ T1470] FAT-fs (loop1): Can't find a valid FAT filesystem 14:22:10 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xf6', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:10 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000087510400000000080"], 0x0, 0x0, 0x0}) [ 1257.271535][ T1616] binder: 1594:1616 got reply transaction with bad transaction stack, transaction 571 has target 1594:0 [ 1257.292150][ T1616] binder: 1594:1616 transaction failed 29201/-71, size -4768638923315878836--7003144407383321141 line 2915 [ 1257.320617][ T1530] hfs: can't find a HFS filesystem on dev loop3 [ 1257.331297][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 1257.340980][ T1700] binder: BINDER_SET_CONTEXT_MGR already set 14:22:10 executing program 1: syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x800, 0xffffffffffffff7d, 0x0, 0x800, 0x0) getresuid(&(0x7f0000000340)=0x0, &(0x7f0000000380), &(0x7f00000003c0)) syz_mount_image$jfs(&(0x7f0000000040)='jfs\x00', &(0x7f0000000080)='./file0\x00', 0x1a3c, 0x7, &(0x7f0000001900)=[{&(0x7f0000000480)="96e71171f52ea2c092dd853a3dc11ed925cd55b701d23a1bc61fe8fa37e0f649bf1d3242de0655b3f6266ea22d701fcabb3dbf0da62d9777ba049903ef82a89d0915592a68a732a9e20eec94a6e07a0bb836498f217dc6ae00cb55fe651e3c79386f5c1e3734c3607d61134d92f9f03bd15c3893816937a70973b7a9d6be", 0x7e, 0x378592ad}, {&(0x7f0000000500)="69aa02ab4d23296cb2cca781fec4c06fbaa856d4ccf30fbd", 0x18, 0x101}, {&(0x7f0000000540)="6d7769f850a7c0b3c0cf4881063930ee33bd6f4f415a196fb5de91c8a937b2f4e4e4d045fc9ef8d57ef4ee2a7b7cecf732ad4a597b39a7e75ba45bc213f3831a21bcebcdb69b66841e1d828d18ffae3b989e833b2e9f5e2fe85fac94dc976bbe331c9eea8cc6647f2fb4f8b06f10557203f3a5e5baf405362339b883e027a647fdbd61294ff0432201f97ed578510bbb18c15a2e69a0ed2ff5dac23d604c7b0379466856acd5b16f36b8e47cd25b8d38f5075c402917a8b43f03eb6f3be72241053c", 0xc2, 0x7}, {&(0x7f0000000640)="6ffdf5ceac4eaab3c38f0660fe894279374849b7b744d816b7e7f4f76e1c4536f22dbf0fecc1abdb5a1d66020154263c4d8f73228a54c8bf54f36e9b97709b2c2ca36a0bf60c9b6a7c6b980ac82bdebcc0a43381254d32776fa3d19551aaa9dcfb28c01162a813ec4cc5da06a83661bd837f475eaa83357ddb0a5cb4e495b825c5022d364c0d9c731a940304da00e94764966a1129db1a8537bb8c3986784a45b6dfea83a2e4f370cf6cac105d5f302bebf521640f75c13d647ce1fd9cac4494c2c87633d46b012a3523ff5b82d13f75d0b4961d9736f13065a485e86a9a0e93d2550f9e6e2d4535840fa6d542bcc2e02ce7873d6539127232c87b194fe4fd6c40d5268a01060b3c3c1cfbb3f62911d9a57652a9c5d3bd4de134afd11b3b484f1f65e0c072bcdddb053990920084756f9e995f68f1fbad3f813b9771bb389eb65ecb56222255aac625732fe8d307cdba636167ca89581fe8fd765cd4dc2563713d2adbdb8a9904db4d2d0bcad7041dfe1fc8af6029cb53169799e803735b02093f824308ce642c8b52a7fd6c711c0448deaa5688b50f7b14dd12e5aac48dc1b88fe69ca341170ed8f486fce752f52d28d67f89213696c8d74014694a0932de241916709e5006a86f87bdf71aa58407e9f085dc69b6ef8dbe1603da9bc207f05cf85dcd95cbd2cf90b3a1d225469a826e406631a60a2d6062d46f9b6d3ac1eb77d8dd579793d73d061817836f1f85073724c4b64d314903c89e666becf7182b0a577aefa3b580eb7ea70f9e4fbe4a3123115dc52c3c753523445ce5654370ba2e541b6cbbf62af0b59cc265af1a6f77a1a1ce063d45645be6cc8faa3cc66acd3db7592f1319330ce37703d65a5d1e9f9bb987e1931f63afbbc2422579e61d3a102bded79c21d5a7ae33fe9cea589a975099b2a5ce5c9624807ec04295dd0d4831ec49b54d955079f87f751daed5a249825dc367c2f1738e7e7cc61c4e92fcd229519790ecca4983159c1b1b11806aef62a461741a2286848379e472dbb05eaacdeb1dbb29775262a7531907b49bab4e54f2636ef671e657064b40da599d91df394d2aead48bfd9d30cf8180f8cc6bedd76cfa41660d5514a182f915201c6419ca009af78ab9337439ec9dc2eebe368efbbfee9786daa7b051232cf709eacdde037921fc335a81abba32ea3228210650e615db58d1f5089d237d17dcb59317dbb777c759084450a19803c843a166d84472b30a03f4e7d681ed1827d4f196a66dbf009948534ffd3eb5f552d426fd5b8cd9a98b47c997cf1529eacb6f5722f650f61befd5c823065d49f3aea8169daac8ac9253143ea6b538766edb4af9d3381487ac399ef25bf54edcac8791f453affaf1f100f7bab81d601bae851f8f6c83742ee4e769427f4e12d62a7750e4f7b5a6897742a67138f2673fba38c4cb415d64de3a8f06af0d80be4c8d48272d4ecbb9b5b8d74c206a54d4dd4438cc892bab9007eddd98916db6c49c5f7a13bba4234d0a50dd04ad7946f18b3cc63984f5ae9387598c846359a93764f2f6523ea36c3b1f6aaac80661bae47f29ce576cea0d7e29c46d73eba8320fb53b0187fb3a9b4f007b2d158a5248193ffe6fb43ab991e39beda2adb975d35528fcb776933bc7c97f1cc5c684c985208312dbb81896b88ae1f515473df48884b2eb507a89c69998f2c4222c1a2c7eed29d89eeb6f816ae78006c1672d72b299b07a4535a71773d4cd0e8dcdbe550bb1111ed10177118ebf26d0c99d18905fcc93194a6f772904d40de189b5c5d9a3cf91966d0d2df240e693d22d8f3cc2b2ebe6b5d7e6996d8adfc2a2a252f8239bfe3a13aa97b92920f40b4d49c3176aed6971f9604a4df31a0d346862f8bb18f1393e81d255c4194ef039270c067b00dced44a5437bd430430386eac782f54ab1b083a5cd4fefcf83a6894a547f5403feebb401a9c624d8d7e5eb2405d48140bdd491af5021a35f5466509b72b7cebdc78106ddc05d7271488da3898529886026247855f4c060601acb42a118f92006743f536d4403da1fe79f9fbc4de63c4691ab02cac7050da1a2510fb91d2b716ace16f1f11b3f5148c5dd9b8a0ab64e03f39fb2d74f36cb4d8432d46757e11cbb94c0a764f2f8fed39e6869b1189234e7a588b65e89a1926e7afbf0fcb651d9cc36ecc2403f84aad8bbec79e6e66c36f2fb285ac2ffd0bad281118bfc4194aeed7278abc2a49eeb692412e60c44037c34ca0817f618f0b7d16749f11cd1a577092ac864b5d1b74d79c0d7687bce7d3f6e671ca87d690ebc3195223e16f077907608fd3ecbccfb9dba89395f619675e9a8d8dc30eccd32f1cf68ded2c9bd974137055a340bc30cc6c7ad5eb62d9f203115af52bdcd1645522105cfe6300ee88232978a176ea73264cd9c3936ed691e5bdbebf46921c5b1ede79d11630d30398f6e5547e70351c33fa9f1a3cd3dcfa87db9830d1560a556f9e32b61cb3d38c32c21591c9c694ee2729316044f9a2ddbaaa2dc17d3821c0b8eb65d7f5d7ff95587bd6b587406d912682c076cbf1229d07e58b95fc5612baf0615c03bf33b4e14dee88baca39ff8a7e72da64f2019c9ffe9b99f83967dc31cb079294ae2afa95d94dc015e2262669019bca5752a7bd2967e1bd8bb5fd2c2ffaa8d5f53aa950b0b40f1594ed17f63037c461157c4e168e89a2c754311e8638624beaf9586a824aedfd71149d590371a260cdc9c4635c178af337043db0661872614b7e686c3341b210e03f4f80148eb7696258bb9aeb2033333e21a2fe5bd9702e77326838a6cbd2259c69ff512e8e989c5cc893568e1b1794d43e6f73825f522940f413e40f59e65453a89ead6be17c84271cfeb5067c0235246d171902aaf438c5f59a567944de21fe22f841786f62a7656fd3baa65369b19696e223c0be6b40a7d1726dd3e9a3b4c6faa51e1a17df7ccf25bc5fdf19d18d2883d84f2d6c4f46c5f7bb777fbe6bb7e7a46e88975c2f04ee192fcfa42de443964b7bdab03f8ff94b79571e1ccab62b5079bfc9e566dd7657ad83a900141fd3b1ab310d1501ed5fe589c53057516d60da42006b5874eef49d095a1caaca1e3aae02840ee81efeb8e55ceb818da3982dafcd5f8adbeaf00e7ec206155417389892aab716210041c0bb963a1aa26437a3b3121e6fce05b528c21d3871aff5665fa35f68cc245dab8f2a49f52f3ff22e87ea777f2ba44ebbcd0f2c66ede6026b31597f856001c1039cd1157fff939eaf3badc5e4019c38f7ce0c695470e86ef28cd134b514ac974dec787b90a6ce3f5a4f160507174ff4b90a5ad4a54f585bb54be59840bf6379a60232dbd99fec01dbe71ef25a7d2d548580b70af15e453a58897954dc9049403794dcd3e11f650ca9bb092d9bd96be6c24060076a89bb24b041c15ccfc274e5c8298a06d1389a5e02a89e7bd530878374b7b4e79b61d055fd076913b9dc9d137c81894b2454b27407de408028aa77f9aab910380498aaf59545a965ba7bbac683d603b96b66d618164e3d7fc2ad5658d4b2d637e450a93c16fef7f4209498205190121a77bacc8df2d77440b87c3dd6be6958eebd4136baf5659c1827e54416aff74b67989a2f98234b60990f99eeb92a75e59cb06b2fd6c1ed5d50c43feb1c677f0064920b4cca848ef6c085e39335339aa51bd22eb1d5d42e8d75888966922df9fe6ec8a4994eb008e48445ac90effdcd1f2190e00bfe36f054361b6d18219d5b7651516a93236c56bc71a654ffbbf7acf4b09e9772cece3051eb415c87d7277a21d2654e636ed9773c766ad9ea5452974f3666a0526bdb3b2c76bb029cd6da4abf705f0b103c0dd4abd79c5128bc185a9ab90ad88296c7ae29bc6ad8e9f7e2f622775621636120e5bf692fafd2884cdb7387527b8ae5ebc7f97e8ce7bf33a8ba3cab784ba216ace141085f89097724ee997c372284dab8a0d9f85fa08b2c8f93c634703af4ded89522eba303c034252eb9418cfcb16830b5e627af20aa3089e60c2fb762cf577a84ff6bb09235a035298c48d64200a32a37ee6f8cba313ec45dd4aa3b0220e05dce95fca12cc8125f2d26655cbeb70470098879f4477d948cdee29f21247eab29d4c63847a7961fff99b4dac249d995b03d8b618642ec3d98702895675cd6cd1dd4455902815130d1824ec721cd9a28aacf1f8d25de538056956328c642b23e42fa3d86e3e86712578145a0ce944578c587398867e5916050f53e8bc87fd52c51d0cbb585c6bfac4852fd9cf1014623a2e2428f3ba485aaa1d6e254cffcc98d8e8a43ceaf147b23eb6da1c80d4891af1e15f4fad4fcac8608be29cdc0f9a68cb8f93102a2c79a35d59fcbdadd1b209a14820aed675dda540a28d824b85304c7b66e35b8d505797ee3601df07050aed6567279200048c287304743f3f3a2c0038a9e78a6dbca80efa81d3c81fb71cd1655f9e6cde1e5437819aa94beff8c46ea4fe0929813e300981a626ba30a40fb408887259a6822c3fd8ef00e56d60f146e14a70e115519881fd83d8bfab41932aaeb9b59cdd279237f3adff1177bbb0c4a319f535539b6be515d75c6f418d240e93ea72048e40c09f47dcde2a71b61c7b1cf71f8dfdd6791890d45a5cd233b3e935ca3cc1d121d9de7166a2562db64702f9aef58ad6915f8e831f10d4905225894c8baf10ed13beb456eaaddf0d32d84af83b9ed914c0db8b4e0936734a643906e3ad2a59bdb9ccf7d2c080721fc408c417fd3eb2a8d49e6273f8da03a903348f09fafdcb29084392239101b963c22674bc7977ad8b919cfe765d9b38b26787d88a46496c84766e710836e51acbce040a5bb88e589d1b2196896d2fc11aba0e487a0360841b8be139a7e26921315c9a875c587f2e63cadc2f9270b38e498d6b23e9603068adb86584c6dace7c70cd50990798197faeaaa8b72ac51355dc632bf8c53ca1947aca75b3b204014e828977d6ace04df67f07a1bf99e3298a4f0e4f777ef4ae37f12b9a529f935db1d29fa084c77920cce9e635e7f6965315720759d2afeba6c8e7bbc965f7da529c39bb760ab9ef631e4f7385e32d6b44bac9528964a26bd325576ed7e09ba1f2f2fa47b7fe24ef6983b529b4907d01995083342643f33c25326cf02f497fe11d2702759c0c77ae37e8bc70bb8248fdae818eeddd18561bc925fd5559fc8a59fa78474cd052671d567499fe19cccb05f492ec7ed7a6537b6664ce7ac0613817ef7a474b0789af5d5fedd57223cf6fa9c170263b4affef84eb7f33eff2503307b0f3c8768ea3cdd1ea9e2555c75f069aa3ed338d9fb6f8a505f79d03e22a52d311034da1d1d0f6ce6522d2abd3f65ad9bf31f2923d805e1e3af379ab477aaf99c897eb415531c2efd6c38989ad97d6785208f265ca4f3d7c16fef37b1e2994f6a8cad023ccfceba420f96353a1df3d534a932a5ec90af42bf3f15e1012ccc00b96b570e5cda55cc1f8d1fcd08768b5f6fec426ad31edc960b13aa58f0726f72058c707ca3720f1e8c6fbc3cc7eb3688fb6ae7a27ffe89827be24fb7b24116cf6dcbbb36637d553f4f5dee6d9e1a806c0cc44dd8053b4009276142d65f6ec8d4c771457f442efa3922e0f396ddc3359131a987d7bda1184ad2988f618054661706325334db0067966327611cfee69aecf3f635b4f4e18e9163d6f1494c7cf96ebb56fbb3897fa6e86fea212bf996c9781952cbe5ce94bd4575380aeb3e47bd9c3faf08e8d1a9ad9de4d9dbe56dadaeb6327122556653e91f257837cee0e7471a4f4c3d643", 0x1000, 0x4}, {&(0x7f0000001640)="9c3348eea84b842efc1b91388c389bc3d90753e43ea2cc1ca13475ea412273f900d0acafea96e6c4bf5d4c9a0af9eafc962227fb13a7d163c632f966e92d9a21da77febc4a35cacf609ce60b97b1aeb78d31768dba2cf069f031b8d8fc450e97815f527db1b0a60e3dcbd940271a4c4cbdb97c49f8b2c78c947f77a469152c3de1f673ee279dfa497d38352bc9c49bff68b65c15773b1c0d198851bfbb95e6f8b19b4d440ff2f11210", 0xa9, 0xd741}, {&(0x7f0000001700)="a84787af2ca2b536408ad76d2e6193d58b7ea2ed93dfeb76d5ebcd1cd221d18387fbdd77c5e699a9334528f3d18353249a34212cd88c091ec45e808db0a70ee19c57ef88b3fa320f7c917dd9434e140f1491285075f9f776ed4e99c78bc7851b00ab9825ffcc125f9eaf0a4696d0622ca370945f5922939425359c1e417b7f457881812719f01f3b70ce8274aa2df89f4e1b9a372d166f757ce721163f030bf5651505ee9b5d888a2c901502586c6ec9d84d564e33fb26e3cbeea41eaa4d1f5d146620", 0xc3}, {&(0x7f0000001800)="171dd4256f7348bdd975be8149d855a4babc4508ed9346efa5c5809d291ef2c587677e1b1eebcb26b5440d0220797edf91611dc3074321cba65749e6b9fb17207208ac13d3388fec250802e0a247ad54b83c631aeedf4c9fd5973083827da4e4243af9067be49e1f785851d66a46d2bb3b41f818e4c487bf676edcdf056f503b6f507b1a55de20ffb23fd6cce4494deba511a013e500c4844d60e870687e758f605961f85e06b12c69f50f4ba06ab31e5dbe2a12a9252794ff2179f3fb71e2c2f3f2f91b66e36d8aa7d88c58821293f34a71821e9f9d9311f2dd36fefec6714190be4a87f2b440e94301092c9614c3c853ee09ac51ad6ca4", 0xf8, 0x80000001}], 0x2188002, &(0x7f0000000400)={[{@noquota='noquota'}], [{@smackfsdef={'smackfsdef', 0x3d, '\\#)'}}, {@func={'func', 0x3d, 'FIRMWARE_CHECK'}}, {@euid_eq={'euid', 0x3d, r0}}]}) 14:22:10 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x0, 0x70c000, 0x0}) [ 1257.365005][ T1702] input: syz1 as /devices/virtual/input/input48 [ 1257.375282][ T1700] binder: 1688:1700 ioctl 40046207 0 returned -16 [ 1257.391903][ T1530] hfs: can't find a HFS filesystem on dev loop3 14:22:10 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:10 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, 0xffffffffffffffff) 14:22:10 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) rt_sigtimedwait(&(0x7f0000000000)={0xfffffffffffffffd}, &(0x7f0000000140), &(0x7f0000000040)={0x0, 0x989680}, 0x8) 14:22:10 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000087810400000000080"], 0x0, 0x0, 0x0}) 14:22:10 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x0, 0x70c000, 0x0}) 14:22:10 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xfb', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1257.640534][ T1817] hfs: can't find a HFS filesystem on dev loop3 [ 1257.658953][ T1823] input: syz1 as /devices/virtual/input/input49 [ 1257.675562][ T1819] FAT-fs (loop1): bogus number of reserved sectors [ 1257.684795][ T1825] binder: 1822:1825 unknown command 1074821128 [ 1257.694417][ T1817] hfs: can't find a HFS filesystem on dev loop3 [ 1257.703384][ T1819] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1257.711409][ T1825] binder: 1822:1825 ioctl c0306201 20000680 returned -22 [ 1257.711621][ T1841] binder: BINDER_SET_CONTEXT_MGR already set 14:22:10 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:10 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086302400000000080"], 0x0, 0x0, 0x0}) 14:22:10 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, 0xffffffffffffffff) [ 1257.804486][ T1841] binder: 1839:1841 ioctl 40046207 0 returned -16 14:22:10 executing program 1: syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0xfffffffffffffe59, 0x0, 0x0, 0x0) [ 1257.877979][ T2046] binder: 2035:2046 unknown command 1073898248 [ 1257.902416][ T2048] hfs: can't find a HFS filesystem on dev loop3 [ 1257.910011][ T2046] binder: 2035:2046 ioctl c0306201 20000680 returned -22 [ 1257.920436][ T2093] input: syz1 as /devices/virtual/input/input50 14:22:11 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:11 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x0, 0x70c000, 0x0}) 14:22:11 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) getpeername(0xffffffffffffff9c, &(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, &(0x7f00000000c0)=0x80) recvfrom$unix(r0, &(0x7f0000000140)=""/244, 0xf4, 0x1, 0x0, 0x0) [ 1258.004796][ T2048] hfs: can't find a HFS filesystem on dev loop3 14:22:11 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) read$alg(0xffffffffffffffff, 0x0, 0x0) 14:22:11 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086303400000000080"], 0x0, 0x0, 0x0}) 14:22:11 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:11 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0, 0x70c000, 0x0}) [ 1258.148569][ T2250] hfs: can't find a HFS filesystem on dev loop0 [ 1258.187792][ T2273] input: syz1 as /devices/virtual/input/input51 [ 1258.198045][ T2253] FAT-fs (loop1): bogus number of reserved sectors [ 1258.212920][ T2253] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1258.230842][ T2321] binder: 2297:2321 unknown command 1073963784 [ 1258.245996][ T2250] hfs: can't find a HFS filesystem on dev loop0 [ 1258.266598][ T2321] binder: 2297:2321 ioctl c0306201 20000680 returned -22 [ 1258.289836][ T2365] binder: BINDER_SET_CONTEXT_MGR already set [ 1258.318632][ T2365] binder: 2351:2365 ioctl 40046207 0 returned -16 14:22:11 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000140)='./file0\x00', 0x3, 0x0, 0x0, 0x2000010, 0x0) 14:22:11 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:11 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) read$alg(0xffffffffffffffff, 0x0, 0x0) [ 1258.382848][ T2362] hfs: can't find a HFS filesystem on dev loop3 14:22:11 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086304400000000080"], 0x0, 0x0, 0x0}) 14:22:11 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0, 0x70c000, 0x0}) [ 1258.482285][ T2519] FAT-fs (loop1): bogus number of reserved sectors [ 1258.494390][ T2362] hfs: can't find a HFS filesystem on dev loop3 [ 1258.497817][ T2519] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1258.509263][ T2582] input: syz1 as /devices/virtual/input/input52 14:22:11 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1258.566922][ T2586] binder: 2585:2586 unknown command 1074029320 [ 1258.582142][ T2586] binder: 2585:2586 ioctl c0306201 20000680 returned -22 14:22:11 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) read$alg(0xffffffffffffffff, 0x0, 0x0) [ 1258.611671][ T2584] hfs: can't find a HFS filesystem on dev loop0 [ 1258.647086][ T2519] FAT-fs (loop1): bogus number of reserved sectors [ 1258.673243][ T2519] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1258.683560][ T2584] hfs: can't find a HFS filesystem on dev loop0 14:22:11 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0, 0x70c000, 0x0}) 14:22:11 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086305400000000080"], 0x0, 0x0, 0x0}) 14:22:11 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1258.735680][ T2703] input: syz1 as /devices/virtual/input/input53 14:22:11 executing program 1: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vsock\x00', 0x101005, 0x0) ioctl$ASHMEM_GET_PROT_MASK(r0, 0x7706, &(0x7f0000000200)) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x200, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000002c0)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x2, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x28}}, 0x8}]}, &(0x7f0000000340)=0x10) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000380)=@sack_info={r2, 0x1, 0x7000000}, &(0x7f00000003c0)=0xc) getsockopt$bt_hci(r1, 0x0, 0x1, &(0x7f0000000140)=""/36, &(0x7f0000000180)=0x24) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000240)=0x250) getsockopt$inet_sctp_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f0000000040), &(0x7f0000000280)=0x8) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f00000001c0)=0x8, 0x4) [ 1258.803169][ T2676] hfs: can't find a HFS filesystem on dev loop3 14:22:11 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x31, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744"], 0x0, 0x70c000, 0x0}) 14:22:11 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) [ 1258.875234][ T2713] binder: BINDER_SET_CONTEXT_MGR already set [ 1258.881283][ T2713] binder: 2708:2713 ioctl 40046207 0 returned -16 [ 1258.910085][ T2713] binder: 2708:2713 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 1258.925505][ T2711] hfs: can't find a HFS filesystem on dev loop0 [ 1258.940458][ T2676] hfs: can't find a HFS filesystem on dev loop3 [ 1258.948022][ T2713] binder: 2708:2713 unknown command 1074094856 [ 1258.965602][ T2713] binder: 2708:2713 ioctl c0306201 20000680 returned -22 [ 1258.974961][ T2718] binder: 2715:2718 got reply transaction with bad transaction stack, transaction 590 has target 2715:0 [ 1258.979309][ T2719] Unknown ioctl 30470 [ 1259.007281][ T2720] input: syz1 as /devices/virtual/input/input54 [ 1259.019790][ T2718] binder: 2715:2718 transaction failed 29201/-71, size -4768638923315878836-292177794507 line 2915 14:22:12 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:12 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086306400000000080"], 0x0, 0x0, 0x0}) [ 1259.055265][T19087] binder: undelivered TRANSACTION_ERROR: 29201 [ 1259.073415][ T2711] hfs: can't find a HFS filesystem on dev loop0 [ 1259.094021][ T2719] FAT-fs (loop1): bogus number of reserved sectors 14:22:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x1, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01"], 0x0, 0x70c000, 0x0}) [ 1259.103405][ T2719] FAT-fs (loop1): Can't find a valid FAT filesystem 14:22:12 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:12 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1259.199033][ T2913] binder: 2892:2913 unknown command 1 [ 1259.206326][ T2922] binder: BINDER_SET_CONTEXT_MGR already set [ 1259.207315][ T2913] binder: 2892:2913 ioctl c0306201 20000100 returned -22 [ 1259.245953][ T2886] hfs: can't find a HFS filesystem on dev loop3 [ 1259.255452][ T2922] binder: 2901:2922 ioctl 40046207 0 returned -16 14:22:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x1, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01"], 0x0, 0x70c000, 0x0}) 14:22:12 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) vmsplice(r0, &(0x7f00000008c0)=[{&(0x7f00000001c0)="a2a597f2387c1c4ad73facea7b75646b14e4d7541fc8cf1f8f6f863f53218c39fc679100891d227cb7168820cd9095564486510900334eae9d541bf5e24a891bbe7bd52f819092874db4dd9ea7abe5518d8cf37a1390cf0985f9feb49da5d3ad82d2b52b2591678d6d8704afe5", 0x6d}, {&(0x7f0000000240)="795deac24f4bf53ddd447b5383cfdbc13d77b4b7bfa96573ef230458ca77aec91b66573261c3286ecf99b855428edd405851e85aa2a97b76006e1fdaa07d80db41dc9d7e459941f43e856ff57ed79d4cdd4bbb18c46404382c44a7175703a8a9f61e76917cf8a7cc08130f92cb051b6dfc55e937d5330dc7989b6bcc8043d8fa51a319fa37d6398c80b9fdede4031acfbf9bed0bc5b0cc7e75", 0x99}], 0x2, 0xc) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1ff, 0x4680) ioctl$EVIOCRMFF(r1, 0x40044581, &(0x7f0000000940)=0x140000000000023) ioctl$TIOCEXCL(r1, 0x540c) syz_mount_image$ceph(&(0x7f0000000140)='ceph\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x9, &(0x7f0000000780)=[{&(0x7f0000000300)="43361c6550ceb833aceb4949f5d1ffcad758821d352e5e40898c66128e206d0552bf05afd949b2ec2f04ebe3f86ab4c39ff2a9b0c86a21307f525422d39e26112dc282ac8f91195bc7d22b295582a3ab92a252421c280715d375377190c74640337b6b1c6fb6f9d8e6536c10f81b8a1c881f80d07d48095490a400611c8b58c16e0a3ae5", 0x84, 0x4}, {&(0x7f00000003c0)="ad6c1d13a9142a3e4b9fe0bb0f46bc93984e083efde54922ff19f37f79f144dd909c3f097f1e434a20e1c8b4fc487bb3896297c58db5215b7368c37d3d3c020cd56da1c9b4b0703a9a1589dedc20d85808f1981a5ed3665b6db608beec09d85675638b0449d954673bff0df3b5c0266a564cc11f6f4a9ea5a9cee1d5b5aacf54c9b8fcf0b84bd222397096f3fcf2b0ad01e6ac85f12dd39735e8f31e445e8a7903fcb5d775bb3c08271c7bef4ade6880072ed0a961ad1b670e1bdd4ef8859e1b2341620dad5181e30e", 0xc9, 0x81}, {&(0x7f00000004c0)="0d992ccc5f33e79961af591fd3a986202e1b623515c6f4372e31cf0767e4ff9745d068ba2fca65220bd4fccfa434d06aa18556750caf0d93e632fd42f7a1313ad9a41859f91e46e4183da5d1960889d62b4db9516918fec0566a3331b0ee43048b630dd8e8baf8e9fc2f0b2fa93edbf731317ee2f8af39b3c0146698dfab884b6d0fe88f50edba75567a7b5a65719afc301d8953523ef9ba94547a05cd3d5bad8fd0957b635e", 0xa6, 0x5}, {&(0x7f0000000580)="1f122354d52e0216a4c017ca36bfed7f03619150985b84cc16fb34c23a0df72a86e78d666683de11d6b204a88f0b4f233b458271deb351967f26babe07", 0x3d, 0x100000000}, {&(0x7f00000005c0)="77db430feeb96d19d1686012cd09e651e36ee633dd9ec0a696a69ae520a5d771844f7d6816f7", 0x26, 0x1}, {&(0x7f0000000600)="8d346d213bc49f3de91a61d4f24bdc694c08705a64e093d0433b534f23c7086e91b3b319f7b83e9fac42f9d06e21f7b4de8537baab3c3b6fec2e101b090798501c6b8135bc8588b4ba2f50879dc0e75e8fa7ec2c58b93841f251bfb02f0a5a6750f29f881cdd1498fbd7e676618c18a65f172313ce9c8d9a3166c038eefec0a33b2e02d2765157ec390e46bfe35ed99bb70feed9c5834055848f4ee5fac781a9e8e28a4f5d89", 0xa6, 0xf2c}, {&(0x7f00000006c0)="5a05", 0x2, 0x6}, {&(0x7f0000000040)="9e5ae64f33787fa8c53ae93a7f8dbbc39498", 0x12c, 0x3ff}, {&(0x7f0000000740)="b9d27e34ae73c8", 0x7, 0x7}], 0x800, &(0x7f0000000880)='/dev/vcsa#\x00') [ 1259.291257][ T2959] input: syz1 as /devices/virtual/input/input55 [ 1259.342169][ T2886] hfs: can't find a HFS filesystem on dev loop3 [ 1259.360219][ T3005] hfs: can't find a HFS filesystem on dev loop0 14:22:12 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086307400000000080"], 0x0, 0x0, 0x0}) [ 1259.385242][ T3038] binder: 3014:3038 unknown command 1 [ 1259.398877][ T3038] binder: 3014:3038 ioctl c0306201 20000100 returned -22 14:22:12 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:12 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x1, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01"], 0x0, 0x70c000, 0x0}) [ 1259.484675][ T3043] FAT-fs (loop1): bogus number of reserved sectors [ 1259.488711][ T3005] hfs: can't find a HFS filesystem on dev loop0 [ 1259.514529][ T3043] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1259.524846][ T3097] binder: 3095:3097 unknown command 1074225928 [ 1259.532772][ T3097] binder: 3095:3097 ioctl c0306201 20000680 returned -22 [ 1259.555344][ T3131] input: syz1 as /devices/virtual/input/input56 [ 1259.586100][ T3182] binder: 3142:3182 unknown command 1 [ 1259.592919][ T3182] binder: 3142:3182 ioctl c0306201 20000100 returned -22 14:22:12 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xff', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1259.603802][T19087] binder_thread_release: 8 callbacks suppressed [ 1259.603860][T19087] binder: release 3142:3182 transaction 599 out, still active 14:22:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x19, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e4"], 0x0, 0x70c000, 0x0}) 14:22:12 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:12 executing program 1: syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = accept4$nfc_llcp(0xffffffffffffff9c, 0x0, &(0x7f0000000000), 0x80800) writev(r0, &(0x7f0000000480)=[{&(0x7f0000000140)="1f454de4c48f27c66c7ea196fbb1bcb6e68a36b86b9d582d2ef7611bf7bddb4316ef2164e5ff75fceca768ac372a71fbcaf819de1893c6f14b77701d321481a6d7d638564077d4ecf0f4806beb7412ad566d3ff7ae266364fec4e8d793be6d3d848fbef723d6bfb3da66c482ff963dcd99faa1526d83a0de12439599ba78dc82fe8df9c058e930a99c31198c28333922103e99662102472ea11c371b", 0x9c}, {&(0x7f0000000200)="103918ba064bddb2b374b3bfef69dd9cdc28835c98eb88c369a81946fe3a01dc1a04de91dddd2b35e8f82975161ccf890dea408b23ffa30b54cb31548629511d9f22329431db325fc63c3a2591ced260b6de380d29527d141252cd21731a31e33c8c3fee45e5a5dc6cddbf8fa11455aacc3e572ad3cafb36b5fadaa0dd5b9befa5d1485f29034807a4369e52c5fc8a8e1f7f6a3e442bee6d07b09fc0606476ca1d3d", 0xa2}, {&(0x7f00000002c0)="ff1047a47782321c596d846dd4e8f1415ed8c8f157712a3cf07429cddca7f4ddb79585f20beaf04091cc00608f4440ed027d3d0fa67aeee160142f39a5807102de852900f63657633647120de8bfc5e7be188c6bd89f048fde7f1f733056fd7dc5fa9dfe3e90f5fd9fa69c269f87fdb5cdcc879a95ff031c79756230e59b4557ed5c8a1e6ff0e6", 0x87}, {&(0x7f0000000380)="86eeb85fc4e11156abddad3212af96aa8a4ca2832432bd9e74911083390d58a885cb13eb5d5fc03ad1e38316ff4216e0c32425f720345b6c8cd2d484f1281b72fcb4d73f9632ec67378203e205ac257ab1de073e1b885cace7b5b8ea84ca403cb71bd9cb11", 0x65}, {&(0x7f0000000400)="f51b52ec2a1438f9fbad5b405ca98b3459ea45b5d4be6602416375dc0f8944c61595afc91920b02e0aa3b222ccb5d1869f3470f90826eeac2a1058135f607a10c2b4e96d06e7fe6d0f164fb0a926ec787a2ab60e27250bd10ff932bf5e8995a577747867538978b7edeae42016055e93047d60580bf004f12c76e06f4d", 0x7d}], 0x5) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000540)='/dev/rfkill\x00', 0x40, 0x0) openat$vimc1(0xffffffffffffff9c, &(0x7f0000000640)='/dev/video1\x00', 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000580)={0x0, 0x0}, &(0x7f00000005c0)=0xc) getgroups(0x6, &(0x7f0000000600)=[0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xee01]) fchown(r0, r1, r2) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$IOC_PR_REGISTER(r3, 0x401870c8, &(0x7f0000000500)={0x100, 0x6, 0x1}) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x404000) [ 1259.654028][ T3155] hfs: can't find a HFS filesystem on dev loop3 14:22:12 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086308400000000080"], 0x0, 0x0, 0x0}) [ 1259.702346][T19087] binder_release_work: 8 callbacks suppressed [ 1259.702352][T19087] binder: undelivered TRANSACTION_COMPLETE [ 1259.729674][T19087] binder_send_failed_reply: 8 callbacks suppressed [ 1259.729688][T19087] binder: send failed reply for transaction 599, target dead [ 1259.760607][ T3316] input: syz1 as /devices/virtual/input/input57 [ 1259.769218][ T3315] binder: 3314:3315 got reply transaction with bad transaction stack, transaction 601 has target 3314:0 14:22:12 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1259.822962][ T3315] binder: 3314:3315 transaction failed 29201/-71, size 0-0 line 2915 [ 1259.830686][ T3322] FAT-fs (loop1): bogus number of reserved sectors [ 1259.851754][T19087] binder: release 3314:3315 transaction 601 out, still active [ 1259.866417][ T3327] binder: BINDER_SET_CONTEXT_MGR already set 14:22:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x1, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01"], 0x0, 0x70c000, 0x0}) [ 1259.872443][T19087] binder: undelivered TRANSACTION_COMPLETE [ 1259.872460][T19087] binder: undelivered TRANSACTION_ERROR: 29201 [ 1259.892012][ T3322] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1259.912221][ T3327] binder: 3318:3327 ioctl 40046207 0 returned -16 14:22:12 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:12 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1259.919134][T19087] binder: send failed reply for transaction 601, target dead [ 1259.985040][ T3404] input: syz1 as /devices/virtual/input/input58 [ 1259.991849][ T3360] hfs: can't find a HFS filesystem on dev loop3 [ 1259.998639][ T3424] binder: 3394:3424 unknown command 1 [ 1260.018527][ T3424] binder: 3394:3424 ioctl c0306201 20000100 returned -22 [ 1260.032042][ C0] net_ratelimit: 26 callbacks suppressed [ 1260.032050][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1260.043638][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1260.074080][ T5] binder: release 3394:3424 transaction 604 out, still active 14:22:13 executing program 1: r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_ENUMINPUT(r0, 0xc050561a, &(0x7f0000000140)={0x2, "777ef8e799afd9e5696aaf269f46abb86729eeef4a3fcea36322f52e2133f255", 0x1, 0x2, 0x3, 0x0, 0x20000, 0x2}) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x3f, 0x604882) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$cgroup_type(r1, &(0x7f00000000c0)='cgroup.type\x00', 0x2, 0x0) [ 1260.083634][ T3525] hfs: can't find a HFS filesystem on dev loop0 [ 1260.089818][ T5] binder: undelivered TRANSACTION_COMPLETE [ 1260.095230][ T3360] hfs: can't find a HFS filesystem on dev loop3 [ 1260.112100][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1260.118032][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1260.123989][ C1] protocol 88fb is buggy, dev hsr_slave_0 14:22:13 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086309400000000080"], 0x0, 0x0, 0x0}) 14:22:13 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x1, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01"], 0x0, 0x70c000, 0x0}) 14:22:13 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1260.128151][ T5] binder: send failed reply for transaction 604, target dead [ 1260.130485][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1260.143906][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1260.149757][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1260.155684][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1260.161469][ C1] protocol 88fb is buggy, dev hsr_slave_1 14:22:13 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:13 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1260.268097][ T3548] binder: 3545:3548 unknown command 1 [ 1260.274415][ T3550] binder: BINDER_SET_CONTEXT_MGR already set [ 1260.289435][ T3548] binder: 3545:3548 ioctl c0306201 20000100 returned -22 [ 1260.297825][ T3550] binder: 3549:3550 ioctl 40046207 0 returned -16 [ 1260.317042][ T5] binder: release 3545:3548 transaction 606 out, still active [ 1260.326413][ T3552] FAT-fs (loop1): bogus number of reserved sectors [ 1260.342504][ T5] binder: undelivered TRANSACTION_COMPLETE 14:22:13 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x1, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01"], 0x0, 0x70c000, 0x0}) 14:22:13 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1260.368338][ T3552] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1260.387042][ T3601] hfs: can't find a HFS filesystem on dev loop3 [ 1260.397164][ T3637] hfs: can't find a HFS filesystem on dev loop0 [ 1260.408621][ T5] binder: send failed reply for transaction 606, target dead 14:22:13 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="046304400000000008630a400000000080"], 0x0, 0x0, 0x0}) [ 1260.515458][ T3601] hfs: can't find a HFS filesystem on dev loop3 [ 1260.540846][ T3776] binder: 3775:3776 unknown command 1 [ 1260.554112][ T3776] binder: 3775:3776 ioctl c0306201 20000100 returned -22 14:22:13 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) write$binfmt_misc(r0, &(0x7f00000011c0)=ANY=[@ANYBLOB="73797a31f38492da18a078f92bc76a6b61e19d9d06e6a07e0d6f6d39e8cfdc3880086d44c5e09e35d58edd39642acd848c24af72f8b811cb34db01a0d6e49f8b33fb7d5af456f8b083a88f3e161c7d35c71505dc04d88d9b656665d2bd230f1c37fb18f45334031547b326dc21a8da261e71b07807992743e078d67a33f2d50c30f2035b8fe678246c3e345cd69f6ec6320e972d004b2813d7b7c6010f4bf5260eddc69c1236217d0f2875a0b30ba5e49e49b0729d2a7a3562f780741600000000"], 0xc1) write$binfmt_misc(r0, &(0x7f0000000080)={'syz1', "5e36b3d6b93deded92802aadf431ac9550b0cf7c653f30c45896e73191ba444ba400f641f6757c524799c35851e425cff27d64753805ac461e513a8b5e204f19fd2c098d2520ceabdcc84cc2b2ad58a2c837233f418ed64a9cb3d9363c3b361768052d5c7260fb8b97ce59e0de49cafe2f3f0b900df2f3f4534b18e431927a43bfcaa38fb11da3739a1df038bffbbba06fb21dd43add9c984d0954d0251ef797c597c5ee688a4def95f9b9447685f10af579990782bdb99b79ce02489fd9e81b03fe19a8b3f5260bf9acb141d9b79ad7b858b2715b2d7a4b7aa3905faa6e1ca239211abfb30ea294"}, 0xec) r1 = syz_open_dev$dmmidi(&(0x7f0000000180)='/dev/dmmidi#\x00', 0xffffffff, 0x100) ioctl$VIDIOC_TRY_EXT_CTRLS(r1, 0xc0205649, &(0x7f0000000200)={0xbf0004, 0x800, 0x6, [], &(0x7f00000001c0)={0x9909e0, 0x4, [], @ptr=0x206c00000}}) syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x23c, 0x1000bfffc) 14:22:13 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1260.569063][T19087] binder: release 3775:3776 transaction 608 out, still active [ 1260.595124][T19087] binder: undelivered TRANSACTION_COMPLETE [ 1260.609932][ T3779] binder: BINDER_SET_CONTEXT_MGR already set 14:22:13 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:13 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0xd, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d19115"], 0x0, 0x70c000, 0x0}) [ 1260.621137][ T3779] binder: 3778:3779 ioctl 40046207 0 returned -16 [ 1260.635123][ T3779] binder: 3778:3779 unknown command 1074422536 [ 1260.653659][ T3779] binder: 3778:3779 ioctl c0306201 20000680 returned -22 [ 1260.657938][T19087] binder: send failed reply for transaction 608, target dead 14:22:13 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:13 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1260.776523][ T3852] binder: 3814:3852 got reply transaction with bad transaction stack, transaction 611 has target 3814:0 [ 1260.788725][ T3852] binder: 3814:3852 transaction failed 29201/-71, size 0-0 line 2915 [ 1260.814976][T19087] binder: release 3814:3852 transaction 611 out, still active 14:22:13 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="046304400000000008630b400000000080"], 0x0, 0x0, 0x0}) [ 1260.827726][T19087] binder: undelivered TRANSACTION_COMPLETE [ 1260.853101][ T3905] hfs: can't find a HFS filesystem on dev loop3 [ 1260.871063][ T3950] hfs: can't find a HFS filesystem on dev loop0 14:22:13 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:13 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x1, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01"], 0x0, 0x70c000, 0x0}) [ 1260.889312][T19087] binder: undelivered TRANSACTION_ERROR: 29201 [ 1260.899046][ T3997] binder: BINDER_SET_CONTEXT_MGR already set [ 1260.923647][ T3997] binder: 3996:3997 ioctl 40046207 0 returned -16 [ 1260.930601][T19087] binder: send failed reply for transaction 611, target dead 14:22:14 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1260.942770][ T3997] binder: 3996:3997 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 1260.967349][ T3950] hfs: can't find a HFS filesystem on dev loop0 [ 1260.979203][ T3905] hfs: can't find a HFS filesystem on dev loop3 [ 1260.993399][ T3997] binder: 3996:3997 unknown command 1074488072 [ 1261.010785][ T4003] input: syz1 as /devices/virtual/input/input63 [ 1261.016342][ T3997] binder: 3996:3997 ioctl c0306201 20000680 returned -22 [ 1261.027538][ T4004] binder: 4001:4004 unknown command 1 14:22:14 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1261.055272][ T4004] binder: 4001:4004 ioctl c0306201 20000100 returned -22 14:22:14 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:14 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="046304400000000008630c400000000080"], 0x0, 0x0, 0x0}) 14:22:14 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1261.119014][ T5] binder: release 4001:4004 transaction 614 out, still active [ 1261.137498][ T5] binder: undelivered TRANSACTION_COMPLETE 14:22:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x1, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01"], 0x0, 0x70c000, 0x0}) [ 1261.188447][ T5] binder: send failed reply for transaction 614, target dead [ 1261.196441][ T4207] binder: 4195:4207 unknown command 1074553608 14:22:14 executing program 5: ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) 14:22:14 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1261.232392][ T4207] binder: 4195:4207 ioctl c0306201 20000680 returned -22 [ 1261.262958][ T4213] binder: BINDER_SET_CONTEXT_MGR already set [ 1261.292365][ T4213] binder: 4212:4213 ioctl 40046207 0 returned -16 [ 1261.312826][ T4213] binder: 4212:4213 transaction failed 29189/-22, size 0-0 line 2995 [ 1261.322955][ T4215] hfs: can't find a HFS filesystem on dev loop3 [ 1261.331077][ T5] binder: undelivered TRANSACTION_ERROR: 29189 14:22:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x1, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01"], 0x0, 0x70c000, 0x0}) [ 1261.344047][ T4269] input: syz1 as /devices/virtual/input/input66 [ 1261.376735][ T4228] hfs: can't find a HFS filesystem on dev loop0 [ 1261.391941][ T4215] hfs: can't find a HFS filesystem on dev loop3 14:22:14 executing program 5: ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) 14:22:14 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) 14:22:14 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="046304400000000008630d400000000080"], 0x0, 0x0, 0x0}) 14:22:14 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:14 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1261.522370][ T4325] binder: 4324:4325 unknown command 1 [ 1261.533643][ T4325] binder: 4324:4325 ioctl c0306201 20000100 returned -22 [ 1261.549897][ T5] binder: release 4324:4325 transaction 619 out, still active 14:22:14 executing program 5: ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) [ 1261.584921][ T5] binder: undelivered TRANSACTION_COMPLETE [ 1261.590719][ T4330] binder: BINDER_SET_CONTEXT_MGR already set [ 1261.606799][ T4330] binder: 4329:4330 ioctl 40046207 0 returned -16 [ 1261.616503][ T4330] binder: 4329:4330 unknown command 1074619144 [ 1261.626966][ T5] binder: send failed reply for transaction 619, target dead 14:22:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x7, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232"], 0x0, 0x70c000, 0x0}) 14:22:14 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) [ 1261.638170][ T4330] binder: 4329:4330 ioctl c0306201 20000680 returned -22 14:22:14 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1261.698864][ T4334] hfs: can't find a HFS filesystem on dev loop0 [ 1261.707301][ T4342] binder: 4339:4342 got reply transaction with bad transaction stack, transaction 622 has target 4339:0 [ 1261.732781][ T4360] hfs: can't find a HFS filesystem on dev loop3 [ 1261.752488][ T4409] input: syz1 as /devices/virtual/input/input68 [ 1261.765519][ T4342] binder: 4339:4342 transaction failed 29201/-71, size 0-0 line 2915 14:22:14 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="046304400000000008630e400000000080"], 0x0, 0x0, 0x0}) [ 1261.802862][ T5] binder: release 4339:4342 transaction 622 out, still active [ 1261.810588][ T5] binder: undelivered TRANSACTION_COMPLETE 14:22:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x1, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01"], 0x0, 0x70c000, 0x0}) 14:22:14 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1261.852568][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 1261.859237][ T4360] hfs: can't find a HFS filesystem on dev loop3 [ 1261.887213][ T5] binder: send failed reply for transaction 622, target dead 14:22:14 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:15 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1261.903179][ T4486] binder: 4475:4486 unknown command 1074684680 [ 1261.928510][ T4486] binder: 4475:4486 ioctl c0306201 20000680 returned -22 14:22:15 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:15 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) [ 1261.993039][ T4569] binder: 4555:4569 unknown command 1 [ 1262.014554][ T4569] binder: 4555:4569 ioctl c0306201 20000100 returned -22 14:22:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086311400000000080"], 0x0, 0x0, 0x0}) [ 1262.065753][ T5] binder: release 4555:4569 transaction 627 out, still active [ 1262.076640][ T4629] hfs: can't find a HFS filesystem on dev loop0 [ 1262.090155][ T5] binder: undelivered TRANSACTION_COMPLETE [ 1262.099280][ T4657] hfs: can't find a HFS filesystem on dev loop3 14:22:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x1, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01"], 0x0, 0x70c000, 0x0}) [ 1262.114446][ T4660] input: syz1 as /devices/virtual/input/input69 [ 1262.126574][ T5] binder: send failed reply for transaction 627, target dead [ 1262.172969][ T4664] binder: 4662:4664 unknown command 1074881288 [ 1262.179212][ T4664] binder: 4662:4664 ioctl c0306201 20000680 returned -22 14:22:15 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:15 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup2(r0, r1) [ 1262.251568][ T4673] binder: 4666:4673 unknown command 1 [ 1262.268135][ T4673] binder: 4666:4673 ioctl c0306201 20000100 returned -22 [ 1262.275458][ T4657] hfs: can't find a HFS filesystem on dev loop3 14:22:15 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:15 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x1, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01"], 0x0, 0x70c000, 0x0}) 14:22:15 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1262.341816][ T4745] input: syz1 as /devices/virtual/input/input71 14:22:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086312400000000080"], 0x0, 0x0, 0x0}) 14:22:15 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1262.463312][ T4778] binder: 4774:4778 unknown command 1 [ 1262.481025][ T4778] binder: 4774:4778 ioctl c0306201 20000100 returned -22 14:22:15 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1262.518615][ T4777] hfs: can't find a HFS filesystem on dev loop0 [ 1262.530034][ T4781] binder: BINDER_SET_CONTEXT_MGR already set 14:22:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040"], 0x0, 0x70c000, 0x0}) [ 1262.566202][ T4781] binder: 4780:4781 ioctl 40046207 0 returned -16 [ 1262.583748][ T4785] input: syz1 as /devices/virtual/input/input73 14:22:15 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1262.615637][ T4784] hfs: can't find a HFS filesystem on dev loop3 [ 1262.623496][ T4777] hfs: can't find a HFS filesystem on dev loop0 [ 1262.643508][ T4829] binder: 4810:4829 got reply transaction with bad transaction stack, transaction 635 has target 4810:0 [ 1262.656509][ T4829] binder: 4810:4829 transaction failed 29201/-71, size 0-0 line 2915 14:22:15 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:15 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1262.716858][T19087] binder: undelivered TRANSACTION_ERROR: 29201 [ 1262.731038][ T4784] hfs: can't find a HFS filesystem on dev loop3 14:22:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x1, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01"], 0x0, 0x70c000, 0x0}) 14:22:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="046304400000000008632f400000000080"], 0x0, 0x0, 0x0}) 14:22:15 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:15 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1262.867091][ T4896] hfs: can't find a HFS filesystem on dev loop0 [ 1262.899611][ T4902] binder: 4899:4902 unknown command 1 [ 1262.908329][ T4904] binder: BINDER_SET_CONTEXT_MGR already set [ 1262.920117][ T4902] binder: 4899:4902 ioctl c0306201 20000100 returned -22 [ 1262.928623][ T4900] input: syz1 as /devices/virtual/input/input76 [ 1262.939790][ T4904] binder: 4901:4904 ioctl 40046207 0 returned -16 14:22:16 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1262.968481][ T4896] hfs: can't find a HFS filesystem on dev loop0 14:22:16 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x1, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01"], 0x0, 0x70c000, 0x0}) 14:22:16 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086354400000000080"], 0x0, 0x0, 0x0}) [ 1263.043288][ T4957] hfs: can't find a HFS filesystem on dev loop3 14:22:16 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:16 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:16 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1263.187340][ T5115] binder: 5113:5115 unknown command 1 [ 1263.221857][ T5115] binder: 5113:5115 ioctl c0306201 20000100 returned -22 [ 1263.236554][ T5116] hfs: can't find a HFS filesystem on dev loop0 [ 1263.246188][ T5118] binder: BINDER_SET_CONTEXT_MGR already set [ 1263.255933][ T5120] input: syz1 as /devices/virtual/input/input79 [ 1263.259730][ T5118] binder: 5112:5118 ioctl 40046207 0 returned -16 14:22:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x1, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01"], 0x0, 0x70c000, 0x0}) [ 1263.290473][ T5118] binder: 5112:5118 unknown command 1079272200 [ 1263.317079][ T5116] hfs: can't find a HFS filesystem on dev loop0 [ 1263.326735][ T5118] binder: 5112:5118 ioctl c0306201 20000680 returned -22 14:22:16 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:16 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:16 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1263.395369][ T5124] hfs: can't find a HFS filesystem on dev loop3 14:22:16 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310540000000080"], 0x0, 0x0, 0x0}) [ 1263.447300][ T5224] binder: 5204:5224 unknown command 1 [ 1263.462511][ T5224] binder: 5204:5224 ioctl c0306201 20000100 returned -22 [ 1263.471111][ T5230] input: syz1 as /devices/virtual/input/input81 14:22:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="016340"], 0x0, 0x70c000, 0x0}) 14:22:16 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:16 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:16 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1263.572897][ T5236] binder: 5234:5236 unknown command 1410360072 [ 1263.579109][ T5236] binder: 5234:5236 ioctl c0306201 20000680 returned -22 [ 1263.617791][ T5237] hfs: can't find a HFS filesystem on dev loop0 [ 1263.654571][ T5246] binder: 5239:5246 unknown command 4219649 [ 1263.665014][ T5246] binder: 5239:5246 ioctl c0306201 20000100 returned -22 14:22:16 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(0x0, 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="016340"], 0x0, 0x70c000, 0x0}) 14:22:16 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:16 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310401000000000"], 0x0, 0x0, 0x0}) [ 1263.722278][ T5237] hfs: can't find a HFS filesystem on dev loop0 [ 1263.729775][ T5261] hfs: can't find a HFS filesystem on dev loop3 14:22:16 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1263.855151][ T5351] input: syz1 as /devices/virtual/input/input85 [ 1263.885802][ T5261] hfs: can't find a HFS filesystem on dev loop3 [ 1263.892891][ T5356] binder: 5353:5356 BC_INCREFS_DONE u0000000000000010 no match 14:22:16 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1263.898953][ T5357] binder: BINDER_SET_CONTEXT_MGR already set [ 1263.930614][ T5357] binder: 5354:5357 ioctl 40046207 0 returned -16 14:22:17 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(0x0, 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:17 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:17 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310400200000080"], 0x0, 0x0, 0x0}) [ 1264.003640][ T5488] hfs: can't find a HFS filesystem on dev loop0 14:22:17 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="016340"], 0x0, 0x70c000, 0x0}) [ 1264.065962][ T5488] hfs: can't find a HFS filesystem on dev loop0 [ 1264.085858][ T5564] input: syz1 as /devices/virtual/input/input88 [ 1264.101642][ T5568] binder: 5550:5568 BC_INCREFS_DONE u0000008000000002 no match 14:22:17 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:17 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(0x0, 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:17 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310400300000080"], 0x0, 0x0, 0x0}) [ 1264.233407][ T5669] binder: 5641:5669 unknown command 4219649 [ 1264.258792][ T5654] hfs: can't find a HFS filesystem on dev loop3 [ 1264.276665][ T5669] binder: 5641:5669 ioctl c0306201 20000100 returned -22 14:22:17 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1264.302774][ T5678] input: syz1 as /devices/virtual/input/input90 14:22:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x110) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:17 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:17 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1264.372772][ T5654] hfs: can't find a HFS filesystem on dev loop3 [ 1264.379585][ T5685] binder: 5682:5685 BC_INCREFS_DONE u0000008000000003 no match [ 1264.395605][ T5679] hfs: can't find a HFS filesystem on dev loop0 14:22:17 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1264.491661][ T5679] hfs: can't find a HFS filesystem on dev loop0 [ 1264.513484][ T5717] binder: 5689:5717 got reply transaction with bad transaction stack, transaction 657 has target 5689:0 [ 1264.525581][ T5789] input: syz1 as /devices/virtual/input/input93 14:22:17 executing program 1: ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) 14:22:17 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310400400000080"], 0x0, 0x0, 0x0}) 14:22:17 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1264.543310][ T5717] binder: 5689:5717 transaction failed 29201/-71, size -4768638923315878836--7003144407383321141 line 2915 14:22:17 executing program 1: ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) 14:22:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x110) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1264.627758][ T5795] hfs: can't find a HFS filesystem on dev loop3 [ 1264.640923][ T5799] binder: BINDER_SET_CONTEXT_MGR already set 14:22:17 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1264.677509][ T5799] binder: 5796:5799 ioctl 40046207 0 returned -16 [ 1264.724286][ T5801] hfs: can't find a HFS filesystem on dev loop0 [ 1264.734540][ T5795] hfs: can't find a HFS filesystem on dev loop3 14:22:17 executing program 1: ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) [ 1264.773759][ T5881] input: syz1 as /devices/virtual/input/input94 14:22:17 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:17 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310400500000080"], 0x0, 0x0, 0x0}) [ 1264.821321][ T5886] binder: 5848:5886 got reply transaction with bad transaction stack, transaction 660 has target 5848:0 14:22:17 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1264.865164][ T5886] binder: 5848:5886 transaction failed 29201/-71, size -4768638923315878836--7003144407383321141 line 2915 [ 1264.902304][T19087] binder_thread_release: 9 callbacks suppressed [ 1264.902315][T19087] binder: release 5848:5886 transaction 660 out, still active 14:22:18 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x110) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:18 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1264.977155][ T5] binder_send_failed_reply: 9 callbacks suppressed [ 1264.977163][ T5] binder: send failed reply for transaction 660, target dead 14:22:18 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1265.029699][ T5922] binder: 5913:5922 BC_INCREFS_DONE u0000008000000005 no match [ 1265.043855][ T5917] hfs: can't find a HFS filesystem on dev loop3 [ 1265.051854][ T5919] hfs: can't find a HFS filesystem on dev loop0 [ 1265.063695][ T5925] input: syz1 as /devices/virtual/input/input95 [ 1265.101542][ T5933] binder: 5924:5933 got reply transaction with bad transaction stack, transaction 665 has target 5924:0 [ 1265.113598][ T5933] binder: 5924:5933 transaction failed 29201/-71, size -4768638923315878836--7003144407383321141 line 2915 [ 1265.143356][ T5] binder: release 5924:5933 transaction 665 out, still active [ 1265.176008][ T5919] hfs: can't find a HFS filesystem on dev loop0 [ 1265.185263][ T5917] hfs: can't find a HFS filesystem on dev loop3 14:22:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x110) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:18 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310400600000080"], 0x0, 0x0, 0x0}) 14:22:18 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:18 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) [ 1265.209549][T19087] binder: send failed reply for transaction 665, target dead 14:22:18 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:18 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1265.300312][ T6032] input: syz1 as /devices/virtual/input/input96 [ 1265.334253][ T6035] binder: 6033:6035 BC_INCREFS_DONE u0000008000000006 no match 14:22:18 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:18 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) [ 1265.379345][ T6038] binder_transaction: 3 callbacks suppressed [ 1265.379376][ T6038] binder: 6034:6038 got reply transaction with no transaction stack [ 1265.423031][ T6038] binder: 6034:6038 transaction failed 29201/-71, size -4768638923315878836--7003144407383321141 line 2900 14:22:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x110) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:18 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310400700000080"], 0x0, 0x0, 0x0}) 14:22:18 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1265.483028][ T6131] hfs: can't find a HFS filesystem on dev loop0 [ 1265.492919][ T6145] input: syz1 as /devices/virtual/input/input97 [ 1265.517457][ T6135] hfs: can't find a HFS filesystem on dev loop3 14:22:18 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) [ 1265.581627][ T6131] hfs: can't find a HFS filesystem on dev loop0 [ 1265.648980][ T6154] binder: 6151:6154 got reply transaction with no transaction stack [ 1265.664422][ T6156] binder: BINDER_SET_CONTEXT_MGR already set [ 1265.670721][ T6156] binder: 6152:6156 ioctl 40046207 0 returned -16 [ 1265.684868][ T6154] binder: 6151:6154 transaction failed 29201/-71, size -4768638923315878836--7003144407383321141 line 2900 14:22:18 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:18 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:18 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1265.703151][ T6158] input: syz1 as /devices/virtual/input/input100 14:22:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x110) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:18 executing program 5: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1265.812296][ T6218] hfs: can't find a HFS filesystem on dev loop0 [ 1265.828752][ T6230] hfs: can't find a HFS filesystem on dev loop3 14:22:18 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:18 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310404800000080"], 0x0, 0x0, 0x0}) [ 1265.908649][ T6270] binder: 6267:6270 got reply transaction with no transaction stack [ 1265.920937][ T6270] binder: 6267:6270 transaction failed 29201/-71, size -4768638923315878836--7003144407383321141 line 2900 14:22:19 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1265.972578][ T6269] hfs: can't find a HFS filesystem on dev loop5 [ 1265.972936][ T6230] hfs: can't find a HFS filesystem on dev loop3 [ 1266.006370][ T6276] binder: BINDER_SET_CONTEXT_MGR already set 14:22:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x110) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:19 executing program 5 (fault-call:4 fault-nth:0): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1266.030163][ T6276] binder: 6272:6276 ioctl 40046207 0 returned -16 [ 1266.039468][ T6276] binder: 6272:6276 BC_INCREFS_DONE u0000008000000048 no match 14:22:19 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:19 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xff', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1266.127594][ T6286] hfs: can't find a HFS filesystem on dev loop0 [ 1266.150770][ T6320] input: syz1 as /devices/virtual/input/input104 14:22:19 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1266.185142][ T6355] binder: 6322:6355 transaction failed 29189/-22, size 0-0 line 2995 [ 1266.188559][ T6320] FAULT_INJECTION: forcing a failure. [ 1266.188559][ T6320] name failslab, interval 1, probability 0, space 0, times 0 [ 1266.235192][ T6320] CPU: 0 PID: 6320 Comm: syz-executor.5 Not tainted 5.1.0-rc5+ #77 [ 1266.243121][ T6320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1266.243128][ T6320] Call Trace: [ 1266.243156][ T6320] dump_stack+0x172/0x1f0 [ 1266.243179][ T6320] should_fail.cold+0xa/0x15 [ 1266.243198][ T6320] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1266.243220][ T6320] ? ___might_sleep+0x163/0x280 [ 1266.243239][ T6320] __should_failslab+0x121/0x190 [ 1266.243253][ T6320] should_failslab+0x9/0x14 [ 1266.243274][ T6320] __kmalloc_track_caller+0x2d8/0x740 [ 1266.271294][ T6320] ? pointer+0xa30/0xa30 [ 1266.271325][ T6320] ? __lock_acquire+0x548/0x3fb0 [ 1266.300073][ T6320] ? kasprintf+0xbb/0xf0 [ 1266.304339][ T6320] kvasprintf+0xc8/0x170 [ 1266.308600][ T6320] ? bust_spinlocks+0xe0/0xe0 [ 1266.313336][ T6320] ? debug_check_no_obj_freed+0x200/0x464 [ 1266.319080][ T6320] kasprintf+0xbb/0xf0 [ 1266.323182][ T6320] ? kvasprintf_const+0x190/0x190 [ 1266.328302][ T6320] ? input_default_getkeycode+0x520/0x520 [ 1266.334032][ T6320] input_devnode+0x4c/0x90 [ 1266.338498][ T6320] device_get_devnode+0x175/0x2e0 [ 1266.343527][ T6320] ? refcount_sub_and_test_checked+0x154/0x200 [ 1266.349736][ T6320] devtmpfs_delete_node+0xaa/0x1a0 [ 1266.352041][ C1] net_ratelimit: 26 callbacks suppressed [ 1266.352048][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1266.354846][ T6320] ? devtmpfs_create_node+0x250/0x250 [ 1266.354899][ T6320] ? __device_link_free_srcu+0x120/0x120 [ 1266.354919][ T6320] ? refcount_dec_and_test_checked+0x1b/0x20 [ 1266.360672][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1266.366227][ T6320] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1266.366240][ T6320] ? kobject_put+0x84/0xe0 [ 1266.366258][ T6320] ? __device_link_free_srcu+0x120/0x120 [ 1266.366272][ T6320] ? klist_children_put+0x4a/0x60 [ 1266.366287][ T6320] ? klist_put+0xdc/0x180 [ 1266.371791][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1266.377266][ T6320] device_del+0x8b4/0xc40 [ 1266.377286][ T6320] ? __device_links_no_driver+0x250/0x250 [ 1266.377305][ T6320] ? mark_held_locks+0xa4/0xf0 [ 1266.383355][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1266.389661][ T6320] ? _raw_spin_unlock_irq+0x28/0x90 [ 1266.396008][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1266.400277][ T6320] ? __input_unregister_device+0x153/0x4a0 [ 1266.406008][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1266.410882][ T6320] ? _raw_spin_unlock_irq+0x28/0x90 [ 1266.415347][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1266.420898][ T6320] cdev_device_del+0x1a/0x80 [ 1266.425289][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1266.430898][ T6320] evdev_disconnect+0x42/0xb0 [ 1266.435779][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1266.441341][ T6320] __input_unregister_device+0x200/0x4a0 [ 1266.446583][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1266.452218][ T6320] input_unregister_device+0xc5/0x110 [ 1266.452291][ T6320] uinput_destroy_device+0x1f4/0x250 [ 1266.452319][ T6320] uinput_ioctl_handler.isra.0+0x886/0x1cc0 [ 1266.523202][ T6320] ? tomoyo_domain+0xc5/0x160 [ 1266.527887][ T6320] ? uinput_request_submit.part.0+0x2d0/0x2d0 [ 1266.533961][ T6320] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1266.540212][ T6320] ? tomoyo_path_number_perm+0x263/0x520 [ 1266.545851][ T6320] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1266.551683][ T6320] ? __fget+0x35a/0x550 [ 1266.555862][ T6320] uinput_ioctl+0x4a/0x60 [ 1266.560194][ T6320] ? uinput_compat_ioctl+0x90/0x90 [ 1266.565394][ T6320] do_vfs_ioctl+0xd6e/0x1390 [ 1266.569989][ T6320] ? ioctl_preallocate+0x210/0x210 [ 1266.575097][ T6320] ? smack_file_ioctl+0x196/0x310 [ 1266.580123][ T6320] ? smack_inode_rename+0x2d0/0x2d0 [ 1266.585523][ T6320] ? tomoyo_file_ioctl+0x23/0x30 [ 1266.590462][ T6320] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1266.596711][ T6320] ? security_file_ioctl+0x93/0xc0 [ 1266.601836][ T6320] ksys_ioctl+0xab/0xd0 [ 1266.606004][ T6320] __x64_sys_ioctl+0x73/0xb0 [ 1266.610600][ T6320] do_syscall_64+0x103/0x610 [ 1266.615203][ T6320] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1266.621175][ T6320] RIP: 0033:0x458c29 14:22:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x110) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1266.625068][ T6320] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1266.644679][ T6320] RSP: 002b:00007fadaf654c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1266.653102][ T6320] RAX: ffffffffffffffda RBX: 00007fadaf654c90 RCX: 0000000000458c29 [ 1266.661180][ T6320] RDX: 0000000000000000 RSI: 0000000000005502 RDI: 0000000000000003 [ 1266.669164][ T6320] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1266.677492][ T6320] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fadaf6556d4 14:22:19 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310404c00000080"], 0x0, 0x0, 0x0}) [ 1266.685825][ T6320] R13: 00000000004c349c R14: 00000000004d6950 R15: 0000000000000005 [ 1266.714771][ T6286] hfs: can't find a HFS filesystem on dev loop0 [ 1266.759940][ T6394] binder: 6392:6394 BC_INCREFS_DONE u000000800000004c no match [ 1266.761368][ T6395] binder_alloc: 6392: binder_alloc_buf, no vma [ 1266.776234][ T6395] binder: 6391:6395 transaction failed 29189/-3, size 0-0 line 3148 14:22:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x110) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:19 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:19 executing program 5 (fault-call:4 fault-nth:1): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:19 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:20 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:20 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310406000000080"], 0x0, 0x0, 0x0}) 14:22:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1266.951496][ T6503] input: syz1 as /devices/virtual/input/input106 [ 1266.959400][ T6497] binder: 6456:6497 transaction failed 29189/-22, size 0-0 line 2995 [ 1266.980691][ T6503] FAULT_INJECTION: forcing a failure. [ 1266.980691][ T6503] name failslab, interval 1, probability 0, space 0, times 0 [ 1266.992271][ T6505] hfs: can't find a HFS filesystem on dev loop0 [ 1267.037398][ T6503] CPU: 0 PID: 6503 Comm: syz-executor.5 Not tainted 5.1.0-rc5+ #77 [ 1267.046383][ T6503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1267.057490][ T6503] Call Trace: [ 1267.060782][ T6503] dump_stack+0x172/0x1f0 [ 1267.065291][ T6503] should_fail.cold+0xa/0x15 [ 1267.070487][ T6503] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1267.077526][ T6503] ? ___might_sleep+0x163/0x280 [ 1267.083944][ T6503] __should_failslab+0x121/0x190 [ 1267.090882][ T6503] should_failslab+0x9/0x14 [ 1267.095473][ T6503] kmem_cache_alloc_trace+0x2d1/0x760 [ 1267.100832][ T6503] ? mutex_trylock+0x1e0/0x1e0 [ 1267.105597][ T6503] ? kasan_check_write+0x14/0x20 [ 1267.110528][ T6503] kobject_uevent_env+0x2fb/0x1030 [ 1267.116759][ T6503] ? wait_for_completion+0x440/0x440 [ 1267.122211][ T6503] kobject_uevent+0x20/0x26 [ 1267.127328][ T6503] device_del+0x758/0xc40 [ 1267.131772][ T6503] ? __device_links_no_driver+0x250/0x250 [ 1267.141387][ T6503] ? _raw_spin_unlock_irq+0x28/0x90 [ 1267.147909][ T6503] ? __input_unregister_device+0x153/0x4a0 [ 1267.153795][ T6503] ? _raw_spin_unlock_irq+0x28/0x90 [ 1267.160107][ T6503] cdev_device_del+0x1a/0x80 [ 1267.164690][ T6503] evdev_disconnect+0x42/0xb0 [ 1267.169733][ T6503] __input_unregister_device+0x200/0x4a0 [ 1267.181180][ T6503] input_unregister_device+0xc5/0x110 [ 1267.192046][ T6503] uinput_destroy_device+0x1f4/0x250 [ 1267.197326][ T6503] uinput_ioctl_handler.isra.0+0x886/0x1cc0 [ 1267.203200][ T6503] ? tomoyo_domain+0xc5/0x160 [ 1267.207863][ T6503] ? uinput_request_submit.part.0+0x2d0/0x2d0 [ 1267.213922][ T6503] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1267.220140][ T6503] ? tomoyo_path_number_perm+0x263/0x520 [ 1267.225754][ T6503] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1267.231552][ T6503] ? __fget+0x35a/0x550 [ 1267.235697][ T6503] uinput_ioctl+0x4a/0x60 [ 1267.240005][ T6503] ? uinput_compat_ioctl+0x90/0x90 [ 1267.245276][ T6503] do_vfs_ioctl+0xd6e/0x1390 [ 1267.249852][ T6503] ? ioctl_preallocate+0x210/0x210 [ 1267.254942][ T6503] ? smack_file_ioctl+0x196/0x310 [ 1267.259957][ T6503] ? smack_inode_rename+0x2d0/0x2d0 [ 1267.265160][ T6503] ? tomoyo_file_ioctl+0x23/0x30 [ 1267.270081][ T6503] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1267.276303][ T6503] ? security_file_ioctl+0x93/0xc0 [ 1267.281403][ T6503] ksys_ioctl+0xab/0xd0 [ 1267.285565][ T6503] __x64_sys_ioctl+0x73/0xb0 [ 1267.290144][ T6503] do_syscall_64+0x103/0x610 [ 1267.294720][ T6503] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1267.300595][ T6503] RIP: 0033:0x458c29 [ 1267.304473][ T6503] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1267.324069][ T6503] RSP: 002b:00007fadaf654c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1267.332462][ T6503] RAX: ffffffffffffffda RBX: 00007fadaf654c90 RCX: 0000000000458c29 [ 1267.340414][ T6503] RDX: 0000000000000000 RSI: 0000000000005502 RDI: 0000000000000003 [ 1267.348451][ T6503] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1267.356403][ T6503] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fadaf6556d4 [ 1267.364358][ T6503] R13: 00000000004c349c R14: 00000000004d6950 R15: 0000000000000005 14:22:20 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:20 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:20 executing program 5 (fault-call:4 fault-nth:2): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1267.495297][ T6614] hfs: can't find a HFS filesystem on dev loop3 [ 1267.505443][ T6616] binder: 6610:6616 got reply transaction with bad transaction stack, transaction 682 has target 6610:0 [ 1267.520694][ T6613] binder: BINDER_SET_CONTEXT_MGR already set [ 1267.522167][ T6616] binder: 6610:6616 transaction failed 29201/-71, size -4768638923315878836--7003144407383321141 line 2915 [ 1267.535494][ T6613] binder: 6612:6613 ioctl 40046207 0 returned -16 [ 1267.549688][ T6613] binder: 6612:6613 BC_INCREFS_DONE u0000008000000060 no match [ 1267.578294][T19087] binder: release 6610:6616 transaction 682 out, still active [ 1267.608902][ T6614] hfs: can't find a HFS filesystem on dev loop3 [ 1267.628609][ T6678] input: syz1 as /devices/virtual/input/input108 [ 1267.640221][ T6657] hfs: can't find a HFS filesystem on dev loop0 14:22:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1267.658739][ T5] binder: send failed reply for transaction 682, target dead 14:22:20 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:20 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xff', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:20 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310406800000080"], 0x0, 0x0, 0x0}) [ 1267.699861][ T6678] FAULT_INJECTION: forcing a failure. [ 1267.699861][ T6678] name failslab, interval 1, probability 0, space 0, times 0 [ 1267.736192][ T6657] hfs: can't find a HFS filesystem on dev loop0 [ 1267.750581][ T6678] CPU: 0 PID: 6678 Comm: syz-executor.5 Not tainted 5.1.0-rc5+ #77 [ 1267.758519][ T6678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1267.758526][ T6678] Call Trace: [ 1267.758557][ T6678] dump_stack+0x172/0x1f0 [ 1267.758579][ T6678] should_fail.cold+0xa/0x15 [ 1267.758599][ T6678] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1267.758619][ T6678] ? ___might_sleep+0x163/0x280 [ 1267.758638][ T6678] __should_failslab+0x121/0x190 [ 1267.758653][ T6678] should_failslab+0x9/0x14 [ 1267.758668][ T6678] __kmalloc+0x2dc/0x740 [ 1267.758686][ T6678] ? kobject_uevent_env+0x2fb/0x1030 [ 1267.786696][ T6678] ? rcu_read_lock_sched_held+0x110/0x130 [ 1267.786713][ T6678] ? kobject_get_path+0xc4/0x1b0 [ 1267.786731][ T6678] kobject_get_path+0xc4/0x1b0 [ 1267.786748][ T6678] kobject_uevent_env+0x31f/0x1030 [ 1267.786763][ T6678] ? wait_for_completion+0x440/0x440 [ 1267.786787][ T6678] kobject_uevent+0x20/0x26 [ 1267.786804][ T6678] device_del+0x758/0xc40 14:22:20 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310406c00000080"], 0x0, 0x0, 0x0}) [ 1267.786823][ T6678] ? __device_links_no_driver+0x250/0x250 [ 1267.786838][ T6678] ? _raw_spin_unlock_irq+0x28/0x90 [ 1267.786857][ T6678] ? __input_unregister_device+0x153/0x4a0 [ 1267.803072][ T6729] binder: 6728:6729 BC_INCREFS_DONE u0000008000000068 no match [ 1267.805337][ T6678] ? _raw_spin_unlock_irq+0x28/0x90 [ 1267.805361][ T6678] cdev_device_del+0x1a/0x80 [ 1267.805381][ T6678] evdev_disconnect+0x42/0xb0 [ 1267.805404][ T6678] __input_unregister_device+0x200/0x4a0 [ 1267.890357][ T6678] input_unregister_device+0xc5/0x110 [ 1267.895735][ T6678] uinput_destroy_device+0x1f4/0x250 [ 1267.901027][ T6678] uinput_ioctl_handler.isra.0+0x886/0x1cc0 [ 1267.906922][ T6678] ? tomoyo_domain+0xc5/0x160 [ 1267.911618][ T6678] ? uinput_request_submit.part.0+0x2d0/0x2d0 [ 1267.917974][ T6678] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1267.924070][ T6830] binder_alloc: 6725: binder_alloc_buf, no vma [ 1267.924229][ T6678] ? tomoyo_path_number_perm+0x263/0x520 [ 1267.936011][ T6678] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1267.940851][ T6830] binder: 6725:6830 transaction failed 29189/-3, size 0-0 line 3148 [ 1267.941941][ T6678] ? __fget+0x35a/0x550 [ 1267.941966][ T6678] uinput_ioctl+0x4a/0x60 [ 1267.941977][ T6678] ? uinput_compat_ioctl+0x90/0x90 [ 1267.941992][ T6678] do_vfs_ioctl+0xd6e/0x1390 [ 1267.942012][ T6678] ? ioctl_preallocate+0x210/0x210 [ 1267.942035][ T6678] ? smack_file_ioctl+0x196/0x310 [ 1267.980415][ T6678] ? smack_inode_rename+0x2d0/0x2d0 [ 1267.985735][ T6678] ? tomoyo_file_ioctl+0x23/0x30 [ 1267.990686][ T6678] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1267.996946][ T6678] ? security_file_ioctl+0x93/0xc0 [ 1268.002079][ T6678] ksys_ioctl+0xab/0xd0 [ 1268.006258][ T6678] __x64_sys_ioctl+0x73/0xb0 [ 1268.013046][ T6678] do_syscall_64+0x103/0x610 [ 1268.017942][ T6678] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1268.024447][ T6678] RIP: 0033:0x458c29 [ 1268.028433][ T6678] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 14:22:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:21 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(0x0, 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1268.049435][ T6678] RSP: 002b:00007fadaf654c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1268.058044][ T6678] RAX: ffffffffffffffda RBX: 00007fadaf654c90 RCX: 0000000000458c29 [ 1268.066465][ T6678] RDX: 0000000000000000 RSI: 0000000000005502 RDI: 0000000000000003 [ 1268.074462][ T6678] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1268.082443][ T6678] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fadaf6556d4 [ 1268.090440][ T6678] R13: 00000000004c349c R14: 00000000004d6950 R15: 0000000000000005 14:22:21 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 14:22:21 executing program 5 (fault-call:4 fault-nth:3): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1268.205841][ T6939] binder_alloc: 6935: binder_alloc_buf, no vma [ 1268.213028][ T6940] binder: BINDER_SET_CONTEXT_MGR already set [ 1268.229671][ T6941] input: syz1 as /devices/virtual/input/input110 [ 1268.233404][ T6940] binder: 6934:6940 ioctl 40046207 0 returned -16 [ 1268.243140][ T6939] binder: 6935:6939 transaction failed 29189/-3, size 0-0 line 3148 [ 1268.260595][ T6940] binder: 6934:6940 BC_INCREFS_DONE u000000800000006c no match [ 1268.315707][ T7033] input: syz1 as /devices/virtual/input/input111 [ 1268.354099][ T7033] FAULT_INJECTION: forcing a failure. 14:22:21 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(0x0, 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1268.354099][ T7033] name failslab, interval 1, probability 0, space 0, times 0 14:22:21 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xff', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1268.403157][ T7113] hfs: can't find a HFS filesystem on dev loop0 [ 1268.404546][ T7033] CPU: 0 PID: 7033 Comm: syz-executor.5 Not tainted 5.1.0-rc5+ #77 [ 1268.419007][ T7033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1268.429420][ T7033] Call Trace: [ 1268.429446][ T7033] dump_stack+0x172/0x1f0 [ 1268.429469][ T7033] should_fail.cold+0xa/0x15 [ 1268.441685][ T7033] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1268.447520][ T7033] ? ___might_sleep+0x163/0x280 [ 1268.452381][ T7033] __should_failslab+0x121/0x190 [ 1268.452397][ T7033] should_failslab+0x9/0x14 [ 1268.452412][ T7033] __kmalloc_track_caller+0x2d8/0x740 [ 1268.452428][ T7033] ? pointer+0xa30/0xa30 [ 1268.452445][ T7033] ? kasprintf+0xbb/0xf0 [ 1268.452461][ T7033] kvasprintf+0xc8/0x170 [ 1268.452478][ T7033] ? bust_spinlocks+0xe0/0xe0 [ 1268.486995][ T7033] ? pointer+0xa30/0xa30 [ 1268.491423][ T7033] kasprintf+0xbb/0xf0 [ 1268.495544][ T7033] ? kvasprintf_const+0x190/0x190 [ 1268.502071][ T7033] ? cleanup_uevent_env+0x50/0x50 [ 1268.507805][ T7033] ? input_default_getkeycode+0x520/0x520 [ 1268.515521][ T7033] input_devnode+0x4c/0x90 [ 1268.520367][ T7033] device_get_devnode+0x175/0x2e0 [ 1268.527667][ T7033] dev_uevent+0x3e8/0x580 [ 1268.533612][ T7033] ? device_get_devnode+0x2e0/0x2e0 [ 1268.540314][ T7033] ? kobject_uevent_env+0x2fb/0x1030 [ 1268.546574][ T7033] ? rcu_read_lock_sched_held+0x110/0x130 14:22:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1268.552311][ T7033] ? device_get_devnode+0x2e0/0x2e0 [ 1268.557523][ T7033] kobject_uevent_env+0x487/0x1030 [ 1268.562638][ T7033] ? wait_for_completion+0x440/0x440 [ 1268.567936][ T7033] kobject_uevent+0x20/0x26 [ 1268.572333][T19087] binder: undelivered TRANSACTION_ERROR: 29189 [ 1268.573324][ T7033] device_del+0x758/0xc40 [ 1268.573349][ T7033] ? __device_links_no_driver+0x250/0x250 [ 1268.573365][ T7033] ? _raw_spin_unlock_irq+0x28/0x90 [ 1268.573384][ T7033] ? __input_unregister_device+0x153/0x4a0 [ 1268.601076][ T7033] ? _raw_spin_unlock_irq+0x28/0x90 [ 1268.607254][ T7033] cdev_device_del+0x1a/0x80 [ 1268.611851][ T7033] evdev_disconnect+0x42/0xb0 [ 1268.616549][ T7033] __input_unregister_device+0x200/0x4a0 [ 1268.623762][ T7033] input_unregister_device+0xc5/0x110 [ 1268.629223][ T7033] uinput_destroy_device+0x1f4/0x250 [ 1268.635728][ T7033] uinput_ioctl_handler.isra.0+0x886/0x1cc0 [ 1268.641821][ T7033] ? tomoyo_domain+0xc5/0x160 [ 1268.646520][ T7033] ? uinput_request_submit.part.0+0x2d0/0x2d0 [ 1268.652874][ T7033] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1268.659575][ T7033] ? tomoyo_path_number_perm+0x263/0x520 [ 1268.665574][ T7033] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1268.671402][ T7033] ? __fget+0x35a/0x550 [ 1268.676103][ T7033] uinput_ioctl+0x4a/0x60 [ 1268.680456][ T7033] ? uinput_compat_ioctl+0x90/0x90 [ 1268.685761][ T7033] do_vfs_ioctl+0xd6e/0x1390 [ 1268.691401][ T7033] ? ioctl_preallocate+0x210/0x210 [ 1268.697032][ T7033] ? smack_file_ioctl+0x196/0x310 [ 1268.702156][ T7033] ? smack_inode_rename+0x2d0/0x2d0 [ 1268.707485][ T7033] ? tomoyo_file_ioctl+0x23/0x30 [ 1268.712445][ T7033] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1268.718730][ T7033] ? security_file_ioctl+0x93/0xc0 [ 1268.724735][ T7033] ksys_ioctl+0xab/0xd0 [ 1268.730262][ T7033] __x64_sys_ioctl+0x73/0xb0 [ 1268.735847][ T7033] do_syscall_64+0x103/0x610 [ 1268.742462][ T7033] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1268.749226][ T7033] RIP: 0033:0x458c29 14:22:21 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(0x0, 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1268.753236][ T7033] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1268.773202][ T7033] RSP: 002b:00007fadaf654c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1268.782412][ T7033] RAX: ffffffffffffffda RBX: 00007fadaf654c90 RCX: 0000000000458c29 [ 1268.791480][ T7033] RDX: 0000000000000000 RSI: 0000000000005502 RDI: 0000000000000003 14:22:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310407400000080"], 0x0, 0x0, 0x0}) [ 1268.800593][ T7033] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1268.808767][ T7033] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fadaf6556d4 [ 1268.816843][ T7033] R13: 00000000004c349c R14: 00000000004d6950 R15: 0000000000000005 14:22:22 executing program 5 (fault-call:4 fault-nth:4): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:22 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1268.997888][ T7255] binder: 7254:7255 BC_INCREFS_DONE u0000008000000074 no match [ 1269.006266][ T7260] binder: BINDER_SET_CONTEXT_MGR already set [ 1269.029133][ T7273] input: syz1 as /devices/virtual/input/input112 [ 1269.038256][ T7260] binder: 7257:7260 ioctl 40046207 0 returned -16 14:22:22 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310407a00000080"], 0x0, 0x0, 0x0}) [ 1269.055525][ T7274] input: syz1 as /devices/virtual/input/input113 [ 1269.074050][ T7260] binder: 7257:7260 transaction failed 29189/-22, size 0-0 line 2995 14:22:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:22 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1269.134922][ T7354] FAULT_INJECTION: forcing a failure. [ 1269.134922][ T7354] name failslab, interval 1, probability 0, space 0, times 0 [ 1269.161457][ T7354] CPU: 1 PID: 7354 Comm: syz-executor.5 Not tainted 5.1.0-rc5+ #77 [ 1269.169633][ T7354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1269.180240][ T7354] Call Trace: [ 1269.183565][ T7354] dump_stack+0x172/0x1f0 [ 1269.187885][ T7354] should_fail.cold+0xa/0x15 [ 1269.192465][ T7354] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1269.198257][ T7354] ? ___might_sleep+0x163/0x280 [ 1269.203209][ T7354] __should_failslab+0x121/0x190 [ 1269.208148][ T7354] should_failslab+0x9/0x14 [ 1269.212638][ T7354] kmem_cache_alloc_node+0x264/0x710 [ 1269.217905][ T7354] ? find_held_lock+0x35/0x130 [ 1269.222676][ T7354] __alloc_skb+0xd5/0x5e0 [ 1269.227489][ T7354] ? skb_trim+0x190/0x190 [ 1269.233648][ T7354] ? kasan_check_read+0x11/0x20 [ 1269.238507][ T7354] alloc_uevent_skb+0x83/0x1e2 [ 1269.243952][ T7354] kobject_uevent_env+0xa63/0x1030 [ 1269.249064][ T7354] ? wait_for_completion+0x440/0x440 [ 1269.255338][ T7354] kobject_uevent+0x20/0x26 [ 1269.261157][ T7354] device_del+0x758/0xc40 [ 1269.265907][ T7354] ? __device_links_no_driver+0x250/0x250 [ 1269.271641][ T7354] ? _raw_spin_unlock_irq+0x28/0x90 [ 1269.276843][ T7354] ? __input_unregister_device+0x153/0x4a0 [ 1269.282642][ T7354] ? _raw_spin_unlock_irq+0x28/0x90 [ 1269.287826][ T7354] cdev_device_del+0x1a/0x80 [ 1269.293613][ T7354] evdev_disconnect+0x42/0xb0 [ 1269.298289][ T7354] __input_unregister_device+0x200/0x4a0 [ 1269.303908][ T7354] input_unregister_device+0xc5/0x110 [ 1269.309425][ T7354] uinput_destroy_device+0x1f4/0x250 [ 1269.314800][ T7354] uinput_ioctl_handler.isra.0+0x886/0x1cc0 [ 1269.320797][ T7354] ? tomoyo_domain+0xc5/0x160 [ 1269.325459][ T7354] ? uinput_request_submit.part.0+0x2d0/0x2d0 [ 1269.331527][ T7354] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1269.337751][ T7354] ? tomoyo_path_number_perm+0x263/0x520 [ 1269.343402][ T7354] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1269.349315][ T7354] ? __fget+0x35a/0x550 [ 1269.353574][ T7354] uinput_ioctl+0x4a/0x60 [ 1269.357883][ T7354] ? uinput_compat_ioctl+0x90/0x90 [ 1269.363094][ T7354] do_vfs_ioctl+0xd6e/0x1390 [ 1269.367668][ T7354] ? ioctl_preallocate+0x210/0x210 [ 1269.372849][ T7354] ? smack_file_ioctl+0x196/0x310 [ 1269.378340][ T7354] ? smack_inode_rename+0x2d0/0x2d0 [ 1269.383987][ T7354] ? tomoyo_file_ioctl+0x23/0x30 [ 1269.389626][ T7354] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1269.396460][ T7354] ? security_file_ioctl+0x93/0xc0 [ 1269.406603][ T7354] ksys_ioctl+0xab/0xd0 [ 1269.411571][ T7354] __x64_sys_ioctl+0x73/0xb0 [ 1269.421315][ T7354] do_syscall_64+0x103/0x610 [ 1269.426503][ T7354] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1269.434828][ T7354] RIP: 0033:0x458c29 [ 1269.438991][ T7354] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1269.458929][ T7354] RSP: 002b:00007fadaf633c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1269.467527][ T7354] RAX: ffffffffffffffda RBX: 00007fadaf633c90 RCX: 0000000000458c29 [ 1269.481581][ T7354] RDX: 0000000000000000 RSI: 0000000000005502 RDI: 0000000000000003 [ 1269.491645][ T7354] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1269.501551][ T7354] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fadaf6346d4 [ 1269.509668][ T7354] R13: 00000000004c349c R14: 00000000004d6950 R15: 0000000000000004 14:22:22 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xff', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1269.584807][ T7312] hfs: can't find a HFS filesystem on dev loop0 [ 1269.615691][ T7374] input: syz1 as /devices/virtual/input/input114 14:22:22 executing program 5 (fault-call:4 fault-nth:5): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1269.638314][ T7375] binder: 7372:7375 transaction failed 29189/-22, size 0-0 line 2995 [ 1269.650392][ T7376] binder: 7373:7376 BC_INCREFS_DONE u000000800000007a no match 14:22:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1269.723686][ T7312] hfs: can't find a HFS filesystem on dev loop0 14:22:22 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310400003000080"], 0x0, 0x0, 0x0}) [ 1269.787776][ T7626] input: syz1 as /devices/virtual/input/input115 [ 1269.827022][ T7626] FAULT_INJECTION: forcing a failure. 14:22:22 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1269.827022][ T7626] name failslab, interval 1, probability 0, space 0, times 0 [ 1269.868393][ T7626] CPU: 0 PID: 7626 Comm: syz-executor.5 Not tainted 5.1.0-rc5+ #77 [ 1269.873586][ T7632] binder: 7631:7632 BC_INCREFS_DONE u0000008000000300 no match [ 1269.876536][ T7626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1269.876649][ T7626] Call Trace: [ 1269.898524][ T7626] dump_stack+0x172/0x1f0 [ 1269.903232][ T7626] should_fail.cold+0xa/0x15 [ 1269.908133][ T7626] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1269.914054][ T7626] ? ___might_sleep+0x163/0x280 [ 1269.918930][ T7626] __should_failslab+0x121/0x190 [ 1269.924318][ T7626] should_failslab+0x9/0x14 [ 1269.928835][ T7626] kmem_cache_alloc_node_trace+0x270/0x720 [ 1269.934673][ T7626] __kmalloc_node_track_caller+0x3d/0x70 [ 1269.940794][ T7626] __kmalloc_reserve.isra.0+0x40/0xf0 [ 1269.947321][ T7626] __alloc_skb+0x10b/0x5e0 [ 1269.951761][ T7626] ? skb_trim+0x190/0x190 [ 1269.956110][ T7626] ? kasan_check_read+0x11/0x20 [ 1269.961085][ T7626] alloc_uevent_skb+0x83/0x1e2 [ 1269.965953][ T7626] kobject_uevent_env+0xa63/0x1030 [ 1269.971083][ T7626] ? wait_for_completion+0x440/0x440 [ 1269.976926][ T7626] kobject_uevent+0x20/0x26 [ 1269.981455][ T7626] device_del+0x758/0xc40 [ 1269.985806][ T7626] ? __device_links_no_driver+0x250/0x250 [ 1269.991576][ T7626] ? _raw_spin_unlock_irq+0x28/0x90 [ 1269.997410][ T7626] ? __input_unregister_device+0x153/0x4a0 [ 1270.003224][ T7626] ? _raw_spin_unlock_irq+0x28/0x90 [ 1270.011831][ T7626] cdev_device_del+0x1a/0x80 14:22:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310400005000080"], 0x0, 0x0, 0x0}) 14:22:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1270.016689][ T7626] evdev_disconnect+0x42/0xb0 [ 1270.022242][ T7626] __input_unregister_device+0x200/0x4a0 [ 1270.028146][ T7626] input_unregister_device+0xc5/0x110 [ 1270.033817][ T7626] uinput_destroy_device+0x1f4/0x250 [ 1270.039396][ T7626] uinput_ioctl_handler.isra.0+0x886/0x1cc0 [ 1270.045321][ T7626] ? tomoyo_domain+0xc5/0x160 [ 1270.050030][ T7626] ? uinput_request_submit.part.0+0x2d0/0x2d0 [ 1270.056296][ T7626] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1270.062940][ T7626] ? tomoyo_path_number_perm+0x263/0x520 [ 1270.068659][ T7626] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1270.074496][ T7626] ? __fget+0x35a/0x550 [ 1270.078678][ T7626] uinput_ioctl+0x4a/0x60 [ 1270.083379][ T7626] ? uinput_compat_ioctl+0x90/0x90 [ 1270.088818][ T7626] do_vfs_ioctl+0xd6e/0x1390 [ 1270.096310][ T7626] ? ioctl_preallocate+0x210/0x210 [ 1270.101424][ T7626] ? smack_file_ioctl+0x196/0x310 [ 1270.107171][ T7626] ? smack_inode_rename+0x2d0/0x2d0 [ 1270.112394][ T7626] ? tomoyo_file_ioctl+0x23/0x30 [ 1270.118204][ T7626] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1270.124445][ T7626] ? security_file_ioctl+0x93/0xc0 [ 1270.131465][ T7626] ksys_ioctl+0xab/0xd0 [ 1270.135633][ T7626] __x64_sys_ioctl+0x73/0xb0 [ 1270.140237][ T7626] do_syscall_64+0x103/0x610 [ 1270.148532][ T7626] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1270.157639][ T7626] RIP: 0033:0x458c29 [ 1270.162088][ T7626] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1270.183187][ T7626] RSP: 002b:00007fadaf654c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1270.192909][ T7626] RAX: ffffffffffffffda RBX: 00007fadaf654c90 RCX: 0000000000458c29 [ 1270.203401][ T7626] RDX: 0000000000000000 RSI: 0000000000005502 RDI: 0000000000000003 [ 1270.211549][ T7626] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1270.219696][ T7626] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fadaf6556d4 [ 1270.227683][ T7626] R13: 00000000004c349c R14: 00000000004d6950 R15: 0000000000000005 14:22:23 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1270.291280][ T7847] binder: 7845:7847 BC_INCREFS_DONE u0000008000000500 no match [ 1270.323700][ T7848] hfs: can't find a HFS filesystem on dev loop0 [ 1270.332355][ T7873] binder: 7850:7873 transaction failed 29189/-22, size 0-0 line 2995 14:22:23 executing program 5 (fault-call:4 fault-nth:6): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310400006000080"], 0x0, 0x0, 0x0}) 14:22:23 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xff', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1270.459387][ T8067] input: syz1 as /devices/virtual/input/input116 [ 1270.485976][ T8094] input: syz1 as /devices/virtual/input/input117 14:22:23 executing program 4: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1270.504600][ T7848] hfs: can't find a HFS filesystem on dev loop0 [ 1270.519309][ T8095] binder: 8092:8095 BC_INCREFS_DONE u0000008000000600 no match [ 1270.530068][ T5] binder: undelivered TRANSACTION_ERROR: 29189 14:22:23 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1270.554590][ T8067] FAULT_INJECTION: forcing a failure. [ 1270.554590][ T8067] name failslab, interval 1, probability 0, space 0, times 0 [ 1270.598343][ T8067] CPU: 0 PID: 8067 Comm: syz-executor.5 Not tainted 5.1.0-rc5+ #77 14:22:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310400007000080"], 0x0, 0x0, 0x0}) [ 1270.606307][ T8067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1270.616820][ T8067] Call Trace: [ 1270.620333][ T8067] dump_stack+0x172/0x1f0 [ 1270.624687][ T8067] should_fail.cold+0xa/0x15 [ 1270.629295][ T8067] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1270.636632][ T8067] ? ___might_sleep+0x163/0x280 [ 1270.642206][ T8067] __should_failslab+0x121/0x190 [ 1270.647319][ T8067] should_failslab+0x9/0x14 [ 1270.651837][ T8067] kmem_cache_alloc_node_trace+0x270/0x720 14:22:23 executing program 4: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1270.657668][ T8067] __kmalloc_node_track_caller+0x3d/0x70 [ 1270.663769][ T8067] __kmalloc_reserve.isra.0+0x40/0xf0 [ 1270.669457][ T8067] __alloc_skb+0x10b/0x5e0 [ 1270.673874][ T8067] ? skb_trim+0x190/0x190 [ 1270.678203][ T8067] ? kasan_check_read+0x11/0x20 [ 1270.683045][ T8067] alloc_uevent_skb+0x83/0x1e2 [ 1270.687903][ T8067] kobject_uevent_env+0xa63/0x1030 [ 1270.693632][ T8067] ? wait_for_completion+0x440/0x440 [ 1270.699541][ T8067] kobject_uevent+0x20/0x26 [ 1270.704232][ T8067] device_del+0x758/0xc40 [ 1270.708603][ T8067] ? __device_links_no_driver+0x250/0x250 [ 1270.714555][ T8067] ? _raw_spin_unlock_irq+0x28/0x90 [ 1270.719750][ T8067] ? __input_unregister_device+0x153/0x4a0 [ 1270.725550][ T8067] ? _raw_spin_unlock_irq+0x28/0x90 [ 1270.732149][ T8067] cdev_device_del+0x1a/0x80 [ 1270.736743][ T8067] evdev_disconnect+0x42/0xb0 [ 1270.741429][ T8067] __input_unregister_device+0x200/0x4a0 [ 1270.747059][ T8067] input_unregister_device+0xc5/0x110 [ 1270.752413][ T8067] uinput_destroy_device+0x1f4/0x250 [ 1270.757698][ T8067] uinput_ioctl_handler.isra.0+0x886/0x1cc0 [ 1270.763586][ T8067] ? tomoyo_domain+0xc5/0x160 [ 1270.768260][ T8067] ? uinput_request_submit.part.0+0x2d0/0x2d0 [ 1270.774349][ T8067] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1270.780585][ T8067] ? tomoyo_path_number_perm+0x263/0x520 [ 1270.786849][ T8067] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1270.792755][ T8067] ? __fget+0x35a/0x550 [ 1270.797493][ T8067] uinput_ioctl+0x4a/0x60 [ 1270.801823][ T8067] ? uinput_compat_ioctl+0x90/0x90 [ 1270.806943][ T8067] do_vfs_ioctl+0xd6e/0x1390 [ 1270.811828][ T8067] ? ioctl_preallocate+0x210/0x210 [ 1270.817135][ T8067] ? smack_file_ioctl+0x196/0x310 [ 1270.822241][ T8067] ? smack_inode_rename+0x2d0/0x2d0 [ 1270.827790][ T8067] ? tomoyo_file_ioctl+0x23/0x30 [ 1270.832731][ T8067] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1270.838968][ T8067] ? security_file_ioctl+0x93/0xc0 [ 1270.844086][ T8067] ksys_ioctl+0xab/0xd0 [ 1270.848249][ T8067] __x64_sys_ioctl+0x73/0xb0 [ 1270.852829][ T8067] do_syscall_64+0x103/0x610 [ 1270.857407][ T8067] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1270.863387][ T8067] RIP: 0033:0x458c29 [ 1270.867470][ T8067] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1270.887266][ T8067] RSP: 002b:00007fadaf654c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1270.898795][ T8067] RAX: ffffffffffffffda RBX: 00007fadaf654c90 RCX: 0000000000458c29 [ 1270.909695][ T8067] RDX: 0000000000000000 RSI: 0000000000005502 RDI: 0000000000000003 [ 1270.918421][ T8067] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1270.926491][ T8067] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fadaf6556d4 [ 1270.934814][ T8067] R13: 00000000004c349c R14: 00000000004d6950 R15: 0000000000000005 14:22:24 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 14:22:24 executing program 4: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:24 executing program 5 (fault-call:4 fault-nth:7): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 1271.083870][ T8225] binder: 8223:8225 BC_INCREFS_DONE u0000008000000700 no match [ 1271.122052][ T8220] hfs: can't find a HFS filesystem on dev loop0 14:22:24 executing program 3: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\xff', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1271.129060][ T8254] input: syz1 as /devices/virtual/input/input118 14:22:24 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310400020000080"], 0x0, 0x0, 0x0}) [ 1271.186135][ T8220] hfs: can't find a HFS filesystem on dev loop0 [ 1271.223522][ T8351] input: syz1 as /devices/virtual/input/input119 14:22:24 executing program 4: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) 14:22:24 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1271.294052][ T8351] FAULT_INJECTION: forcing a failure. [ 1271.294052][ T8351] name failslab, interval 1, probability 0, space 0, times 0 14:22:24 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) [ 1271.352009][ T8359] binder: 8355:8359 BC_INCREFS_DONE u0000008000002000 no match [ 1271.365899][ T8351] CPU: 1 PID: 8351 Comm: syz-executor.5 Not tainted 5.1.0-rc5+ #77 [ 1271.373840][ T8351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1271.384033][ T8351] Call Trace: [ 1271.387335][ T8351] dump_stack+0x172/0x1f0 [ 1271.391678][ T8351] should_fail.cold+0xa/0x15 [ 1271.396366][ T8351] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1271.404008][ T8351] ? ___might_sleep+0x163/0x280 [ 1271.408959][ T8351] __should_failslab+0x121/0x190 [ 1271.414338][ T8351] should_failslab+0x9/0x14 [ 1271.419106][ T8351] kmem_cache_alloc_trace+0x2d1/0x760 [ 1271.424482][ T8351] ? kasan_check_write+0x14/0x20 [ 1271.429431][ T8351] kobject_uevent_env+0x2fb/0x1030 [ 1271.434545][ T8351] ? wait_for_completion+0x440/0x440 [ 1271.439841][ T8351] kobject_uevent+0x20/0x26 [ 1271.444345][ T8351] device_del+0x758/0xc40 [ 1271.448686][ T8351] ? __device_links_no_driver+0x250/0x250 [ 1271.454500][ T8351] ? trace_hardirqs_on+0x67/0x230 [ 1271.459541][ T8351] __input_unregister_device+0x3a4/0x4a0 [ 1271.465180][ T8351] input_unregister_device+0xc5/0x110 [ 1271.470550][ T8351] uinput_destroy_device+0x1f4/0x250 [ 1271.475949][ T8351] uinput_ioctl_handler.isra.0+0x886/0x1cc0 [ 1271.484807][ T8351] ? tomoyo_domain+0xc5/0x160 [ 1271.489486][ T8351] ? uinput_request_submit.part.0+0x2d0/0x2d0 [ 1271.495992][ T8351] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1271.502320][ T8351] ? tomoyo_path_number_perm+0x263/0x520 [ 1271.508043][ T8351] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1271.513866][ T8351] ? __fget+0x35a/0x550 [ 1271.518051][ T8351] uinput_ioctl+0x4a/0x60 [ 1271.522377][ T8351] ? uinput_compat_ioctl+0x90/0x90 [ 1271.527579][ T8351] do_vfs_ioctl+0xd6e/0x1390 [ 1271.532435][ T8351] ? ioctl_preallocate+0x210/0x210 [ 1271.537542][ T8351] ? smack_file_ioctl+0x196/0x310 [ 1271.542571][ T8351] ? smack_inode_rename+0x2d0/0x2d0 [ 1271.547789][ T8351] ? tomoyo_file_ioctl+0x23/0x30 [ 1271.552729][ T8351] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1271.559235][ T8351] ? security_file_ioctl+0x93/0xc0 [ 1271.564359][ T8351] ksys_ioctl+0xab/0xd0 [ 1271.568528][ T8351] __x64_sys_ioctl+0x73/0xb0 [ 1271.573496][ T8351] do_syscall_64+0x103/0x610 [ 1271.578188][ T8351] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1271.584857][ T8351] RIP: 0033:0x458c29 [ 1271.588761][ T8351] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1271.608360][ T8351] RSP: 002b:00007fadaf654c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1271.616773][ T8351] RAX: ffffffffffffffda RBX: 00007fadaf654c90 RCX: 0000000000458c29 [ 1271.625349][ T8351] RDX: 0000000000000000 RSI: 0000000000005502 RDI: 0000000000000003 [ 1271.633318][ T8351] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1271.641290][ T8351] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fadaf6556d4 14:22:24 executing program 4: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01634040f54232335007d191150293ba4609085fac1ac900e400c99f7b33b9039ee34f744ce4a7212a64d2bdcb55270744d5cf9e60304d4e615ed1543d6f75e4b902cef267a7135bedf317bfe29dd1a5aab77bba7c5f87861e825a995d0f64dca6", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x39f, 0x70c000, 0x0}) [ 1271.649453][ T8351] R13: 00000000004c349c R14: 00000000004d6950 R15: 0000000000000005 [ 1271.718225][ T8346] ================================================================== [ 1271.726714][ T8346] BUG: KASAN: use-after-free in string+0x208/0x230 [ 1271.733214][ T8346] Read of size 1 at addr ffff8880a5088800 by task syz-executor.5/8346 [ 1271.741610][ T8346] [ 1271.743951][ T8346] CPU: 1 PID: 8346 Comm: syz-executor.5 Not tainted 5.1.0-rc5+ #77 [ 1271.751823][ T8346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1271.763198][ T8346] Call Trace: [ 1271.766488][ T8346] dump_stack+0x172/0x1f0 [ 1271.771626][ T8346] ? string+0x208/0x230 [ 1271.775905][ T8346] print_address_description.cold+0x7c/0x20d [ 1271.782584][ T8346] ? string+0x208/0x230 [ 1271.786742][ T8346] ? string+0x208/0x230 [ 1271.790903][ T8346] kasan_report.cold+0x1b/0x40 [ 1271.795668][ T8346] ? string+0x208/0x230 [ 1271.799823][ T8346] __asan_report_load1_noabort+0x14/0x20 [ 1271.805450][ T8346] string+0x208/0x230 [ 1271.809433][ T8346] ? widen_string+0x2e0/0x2e0 [ 1271.814268][ T8346] ? console_unlock+0x68b/0xed0 [ 1271.819116][ T8346] ? find_held_lock+0x35/0x130 [ 1271.823908][ T8346] vsnprintf+0xbfc/0x1af0 [ 1271.828242][ T8346] ? pointer+0xa30/0xa30 [ 1271.832572][ T8346] ? string+0x1cc/0x230 [ 1271.836735][ T8346] add_uevent_var+0x14d/0x310 [ 1271.841412][ T8346] ? cleanup_uevent_env+0x50/0x50 [ 1271.846430][ T8346] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1271.852675][ T8346] ? input_dev_uevent+0x110/0x890 [ 1271.857719][ T8346] input_dev_uevent+0x163/0x890 [ 1271.862562][ T8346] ? input_add_uevent_bm_var+0x150/0x150 [ 1271.868192][ T8346] dev_uevent+0x312/0x580 [ 1271.872514][ T8346] ? device_get_devnode+0x2e0/0x2e0 [ 1271.877715][ T8346] ? kobject_uevent_env+0x2fb/0x1030 [ 1271.882997][ T8346] ? rcu_read_lock_sched_held+0x110/0x130 [ 1271.888719][ T8346] ? kobject_uevent_env+0x37d/0x1030 [ 1271.893999][ T8346] ? device_get_devnode+0x2e0/0x2e0 [ 1271.899193][ T8346] kobject_uevent_env+0x487/0x1030 [ 1271.904297][ T8346] ? release_nodes+0x548/0x9c0 [ 1271.909063][ T8346] kobject_uevent+0x20/0x26 [ 1271.913563][ T8346] kobject_put.cold+0x177/0x2ec [ 1271.918410][ T8346] ? evdev_handle_set_keycode_v2+0x140/0x140 [ 1271.924384][ T8346] put_device+0x20/0x30 [ 1271.928534][ T8346] evdev_free+0x51/0x70 [ 1271.932687][ T8346] device_release+0x7d/0x210 [ 1271.937279][ T8346] kobject_put.cold+0x28f/0x2ec [ 1271.942561][ T8346] cdev_default_release+0x41/0x50 [ 1271.947579][ T8346] kobject_put.cold+0x28f/0x2ec [ 1271.952429][ T8346] cdev_put.part.0+0x39/0x50 [ 1271.957013][ T8346] cdev_put+0x20/0x30 [ 1271.960987][ T8346] __fput+0x6df/0x8d0 [ 1271.964972][ T8346] ____fput+0x16/0x20 [ 1271.968949][ T8346] task_work_run+0x14a/0x1c0 [ 1271.973543][ T8346] exit_to_usermode_loop+0x273/0x2c0 [ 1271.978832][ T8346] do_syscall_64+0x52d/0x610 [ 1271.983426][ T8346] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1271.989313][ T8346] RIP: 0033:0x4129e1 [ 1271.993201][ T8346] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1272.014022][ T8346] RSP: 002b:00007ffccc08ec60 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1272.022426][ T8346] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000004129e1 [ 1272.030388][ T8346] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 1272.038349][ T8346] RBP: 000000000073c900 R08: 000000009195fc90 R09: 000000009195fc94 [ 1272.046310][ T8346] R10: 00007ffccc08ed30 R11: 0000000000000293 R12: 0000000000000001 [ 1272.054276][ T8346] R13: 000000000073c900 R14: 00000000001365da R15: 000000000073bf0c [ 1272.062254][ T8346] [ 1272.064624][ T8346] Allocated by task 8351: [ 1272.068955][ T8346] save_stack+0x45/0xd0 [ 1272.073109][ T8346] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1272.078733][ T8346] kasan_kmalloc+0x9/0x10 [ 1272.083054][ T8346] __kmalloc_track_caller+0x158/0x740 [ 1272.088419][ T8346] kstrndup+0x5f/0xf0 [ 1272.092394][ T8346] uinput_dev_setup+0x1d4/0x310 [ 1272.097234][ T8346] uinput_ioctl_handler.isra.0+0x12b8/0x1cc0 [ 1272.103200][ T8346] uinput_ioctl+0x4a/0x60 [ 1272.107525][ T8346] do_vfs_ioctl+0xd6e/0x1390 [ 1272.112108][ T8346] ksys_ioctl+0xab/0xd0 [ 1272.116260][ T8346] __x64_sys_ioctl+0x73/0xb0 [ 1272.120841][ T8346] do_syscall_64+0x103/0x610 [ 1272.125432][ T8346] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1272.131968][ T8346] [ 1272.134297][ T8346] Freed by task 8351: [ 1272.138276][ T8346] save_stack+0x45/0xd0 [ 1272.142425][ T8346] __kasan_slab_free+0x102/0x150 [ 1272.147354][ T8346] kasan_slab_free+0xe/0x10 [ 1272.151857][ T8346] kfree+0xcf/0x230 [ 1272.155663][ T8346] uinput_destroy_device+0xf8/0x250 [ 1272.160863][ T8346] uinput_ioctl_handler.isra.0+0x886/0x1cc0 [ 1272.166747][ T8346] uinput_ioctl+0x4a/0x60 [ 1272.171068][ T8346] do_vfs_ioctl+0xd6e/0x1390 [ 1272.175657][ T8346] ksys_ioctl+0xab/0xd0 [ 1272.179806][ T8346] __x64_sys_ioctl+0x73/0xb0 [ 1272.184390][ T8346] do_syscall_64+0x103/0x610 [ 1272.188974][ T8346] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1272.194864][ T8346] [ 1272.197187][ T8346] The buggy address belongs to the object at ffff8880a5088800 [ 1272.197187][ T8346] which belongs to the cache kmalloc-32 of size 32 [ 1272.211059][ T8346] The buggy address is located 0 bytes inside of [ 1272.211059][ T8346] 32-byte region [ffff8880a5088800, ffff8880a5088820) [ 1272.224057][ T8346] The buggy address belongs to the page: [ 1272.229687][ T8346] page:ffffea0002942200 count:1 mapcount:0 mapping:ffff88812c3f01c0 index:0xffff8880a5088fc1 [ 1272.239826][ T8346] flags: 0x1fffc0000000200(slab) [ 1272.244768][ T8346] raw: 01fffc0000000200 ffffea00024f82c8 ffffea0002a27fc8 ffff88812c3f01c0 [ 1272.253347][ T8346] raw: ffff8880a5088fc1 ffff8880a5088000 000000010000003e 0000000000000000 [ 1272.261916][ T8346] page dumped because: kasan: bad access detected [ 1272.268317][ T8346] [ 1272.270636][ T8346] Memory state around the buggy address: [ 1272.276262][ T8346] ffff8880a5088700: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc [ 1272.284318][ T8346] ffff8880a5088780: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 1272.292545][ T8346] >ffff8880a5088800: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 1272.300684][ T8346] ^ [ 1272.304757][ T8346] ffff8880a5088880: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 1272.312810][ T8346] ffff8880a5088900: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc 14:22:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = dup2(r1, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x11, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0463044000000000086310400048000080"], 0x0, 0x0, 0x0}) [ 1272.321063][ T8346] ================================================================== [ 1272.329290][ T8346] Disabling lock debugging due to kernel taint [ 1272.347669][ T8450] input: syz1 as /devices/virtual/input/input120 [ 1272.392622][ T8346] Kernel panic - not syncing: panic_on_warn set ... [ 1272.399879][ T8346] CPU: 1 PID: 8346 Comm: syz-executor.5 Tainted: G B 5.1.0-rc5+ #77 [ 1272.402716][ T8431] hfs: can't find a HFS filesystem on dev loop0 [ 1272.409439][ T8346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1272.409444][ T8346] Call Trace: [ 1272.409465][ T8346] dump_stack+0x172/0x1f0 [ 1272.409487][ T8346] panic+0x2cb/0x65c [ 1272.437946][ T8346] ? __warn_printk+0xf3/0xf3 [ 1272.442568][ T8346] ? string+0x208/0x230 [ 1272.446737][ T8346] ? preempt_schedule+0x4b/0x60 [ 1272.451938][ T8346] ? ___preempt_schedule+0x16/0x18 [ 1272.457950][ T8346] ? trace_hardirqs_on+0x5e/0x230 [ 1272.463075][ T8346] ? string+0x208/0x230 [ 1272.467503][ T8346] end_report+0x47/0x4f [ 1272.472118][ T8346] ? string+0x208/0x230 [ 1272.476440][ T8346] kasan_report.cold+0xe/0x40 [ 1272.481220][ T8346] ? string+0x208/0x230 [ 1272.485475][ T8346] __asan_report_load1_noabort+0x14/0x20 [ 1272.491102][ T8346] string+0x208/0x230 [ 1272.495084][ T8346] ? widen_string+0x2e0/0x2e0 [ 1272.499754][ T8346] ? console_unlock+0x68b/0xed0 [ 1272.504601][ T8346] ? find_held_lock+0x35/0x130 [ 1272.509365][ T8346] vsnprintf+0xbfc/0x1af0 [ 1272.513955][ T8346] ? pointer+0xa30/0xa30 [ 1272.518279][ T8346] ? string+0x1cc/0x230 [ 1272.522439][ T8346] add_uevent_var+0x14d/0x310 [ 1272.527291][ T8346] ? cleanup_uevent_env+0x50/0x50 [ 1272.532571][ T8346] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1272.538822][ T8346] ? input_dev_uevent+0x110/0x890 [ 1272.543845][ T8346] input_dev_uevent+0x163/0x890 [ 1272.548691][ T8346] ? input_add_uevent_bm_var+0x150/0x150 [ 1272.554404][ T8346] dev_uevent+0x312/0x580 [ 1272.558725][ T8346] ? device_get_devnode+0x2e0/0x2e0 [ 1272.563916][ T8346] ? kobject_uevent_env+0x2fb/0x1030 [ 1272.569281][ T8346] ? rcu_read_lock_sched_held+0x110/0x130 [ 1272.575018][ T8346] ? kobject_uevent_env+0x37d/0x1030 [ 1272.580296][ T8346] ? device_get_devnode+0x2e0/0x2e0 [ 1272.585488][ T8346] kobject_uevent_env+0x487/0x1030 [ 1272.590592][ T8346] ? release_nodes+0x548/0x9c0 [ 1272.595353][ T8346] kobject_uevent+0x20/0x26 [ 1272.599880][ T8346] kobject_put.cold+0x177/0x2ec [ 1272.604837][ T8346] ? evdev_handle_set_keycode_v2+0x140/0x140 [ 1272.610818][ T8346] put_device+0x20/0x30 [ 1272.614967][ T8346] evdev_free+0x51/0x70 [ 1272.619118][ T8346] device_release+0x7d/0x210 [ 1272.623702][ T8346] kobject_put.cold+0x28f/0x2ec [ 1272.628563][ T8346] cdev_default_release+0x41/0x50 [ 1272.633581][ T8346] kobject_put.cold+0x28f/0x2ec [ 1272.638862][ T8346] cdev_put.part.0+0x39/0x50 [ 1272.643876][ T8346] cdev_put+0x20/0x30 [ 1272.647866][ T8346] __fput+0x6df/0x8d0 [ 1272.651859][ T8346] ____fput+0x16/0x20 [ 1272.655838][ T8346] task_work_run+0x14a/0x1c0 [ 1272.660426][ T8346] exit_to_usermode_loop+0x273/0x2c0 [ 1272.665708][ T8346] do_syscall_64+0x52d/0x610 [ 1272.670310][ T8346] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1272.678120][ T8346] RIP: 0033:0x4129e1 [ 1272.682008][ T8346] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1272.702759][ T8346] RSP: 002b:00007ffccc08ec60 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1272.711185][ T8346] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000004129e1 [ 1272.719320][ T8346] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 1272.727645][ T8346] RBP: 000000000073c900 R08: 000000009195fc90 R09: 000000009195fc94 [ 1272.735609][ T8346] R10: 00007ffccc08ed30 R11: 0000000000000293 R12: 0000000000000001 [ 1272.745833][ T8346] R13: 000000000073c900 R14: 00000000001365da R15: 000000000073bf0c [ 1272.755050][ T8346] Kernel Offset: disabled [ 1272.759414][ T8346] Rebooting in 86400 seconds..